Professional Work History

[13 years]

Within the ISEC team, included are the IAM [Identity and Access Management] team, the GRC [Governance, Risk, and Compliance] team, and the SecOps [Security Operations] team, to develop and execute financial services industry-tailored cyber security strategies for our organization. As an Engineer, this involves overseeing the implementation of asset security measures, engineering solutions and providing guidance to the SecOps team for managing day-to-day security operations and incident response. Additionally, I actively mentor team members across these divisions, empowering them to further develop their skills and effectively contribute to our cyber security goals.

2017 - Present [7 years] Industry: Financial Services	2011 - 2017 [6 years] Industry: Manufacturing
Cyber Security [CyberSec] Engineer	Information Security [InfoSec] Analyst
• Vulnerability Management	• Security Operations Center [SOC] Analyst
• Secure Email Administrator	• SAP Change Management
• Cross Training & Mentoring	• Identity & Access Management [IAM]
• Cyber Security Awareness Content Creator	• Technical Writing for SOP's and Runbooks

Vendor Experience

Implemented and optimized Tenable One’s suite of solutions, reducing critical vulnerabilities, automating scheduled workflows to improve scanning times, and researching and providing vulnerability mitigations for PCI ASV security audits, as well as Web App Scanning and Cloud Security.

Tenable One Administrator Setup Multi-Scan Automation Tag and Recasting as needed Provide Critical Dashboard

Secure Email Gateway [SEG]

Administered Proofpoint several cybersecurity solutions, integrating auto-encryption, advanced data loss prevention to harden email security, with a focus on managing phishing assessment and ensuring comprehensive protection against cyber risks.

Email Security & Protection Data Loss & Prevention Advanced Threat Protection Security Awareness Training

Cloud Security
Developed AWS security strategies, leveraging Inspector, Macie, EC2, S3 and Config as well as other services, to fortify cloud security, conduct vulnerability management assessment, and enforce compliance, ensuring a more secure environment.
Secondary Administrator Use Inspector for daily reviews Leverage Security Hub for logs CloudTrail for Splunk dashboards Verify all Config asset settings

Endpoint Detection & Response [EDR]

Assisted with SentinelOne endpoint protection solutions, enhancing cybersecurity posture by verifying advanced threat detection, automated response mechanisms, and ensuring comprehensive endpoint security against evolving cyber threats.

Secondary Administrator Verify newly added hardware Update agents as needed on all assets Set up alerts for specific incidents Create a network kill switch

Automated Security Validation

Assisted with the integration of Pentera into our infrastructure to simulate cyber attacks via automated internal penetration tests and continuous security validation.

Tertiery Administrator Oversaw installation of main node and attack nodes Liaison with Pentera Support for upgrades & training Assisted with black, white, and grey testing scenarios Upgraded Ubuntu OS platforms & licensing as needed

Skillset
Vulnerability Management	Secure Email Gateway [SEG]
Cloud Based Security	Cross-Training & Mentoring Team members
OSINT Researching	Security Information & Event Management [SIEM] Analyst
Project Management Methodology	Polyglot [English, Spanish, Portuguese]

Certifications

CompTIA: CyberSecurity Professional Career Pathway • ISO 17024 standards compliant & ANSI accredited • Meets DoD Directive 8140/8570.1-M requirements CompTIA Certifications Achieved: CompTIA Security+ | CompTIA PenTest+ | Certified Network Vulnerability Professional

Project Management Methodologies

Fundamentals of Agile and Predictive Project Management provide essential understanding of their processes and terminology including:

• Building a team	• Setup kanban board	• Sprint planning
• Create project charter	• Identify all Stakeholders	• Review Project Plan

Capture The Flag [CTF]

Participated in CTF’s covering challenges in the following categories:

Binary Exploitation Cryptography

Cyber Range Forensics

OSINT Reverse Engineering

Web Exploitation Other

Tools used during a CTF event include:
Kali, ParrotOS, and CSI Linux distributions John The Ripper password hash cracker WFuzz web application brute forcing tool	Used bash, powershell, and python scripting Used Wireshark and Burp Suite tools Used site scrapers to created wordlist payloads

Participated in the following Capture The Flag events: 2024 TryHackMe Advent of Cyber 2024 SANS Holiday Hack Challenge 2024: Snowmaggedon Ransomware Reverse Engineering Hardware Hacking Web App Hacking with MQTT and Video Feed Manipulation Video Game Hacking Threat Hunting with KQL SIM/SEM Analysis Mobile App Penetration Testing OSINT via Drone Path Analysis Web Exploration with cURL PowerShell for Cyber Defense Dragos DISC 2024 ICS/OT CTF

2023 TCM Security 1st Annual TCM Invitational CTF SANS Holiday Hack Cyber Security Challenge & KringleCon TryHackMe Advent of Cyber 2023

Volunteer

Currently in the volunteer & public sectors, I am a member of:
• FBI’s Infragard citizen-liaison division
• Local Information Systems Security Assocation [ISSA] and BSides chapters
• Investigator with the Broken Link Foundation whcih is dedicated to providing support, resources, and advocacy for those who’ve gone missing or have been trafficked.

Testimonials

“Charlie Rivera leaves a mark. A positive mark. You know when you have been around Charlie, you are vitalized, encouraged, and ready to take on the world!”

FRANK KECK – Empowerment Speaker | Author

“Charlie is one of those rare individuals with a creative flair who is not afraid to think outside of the box … he was integral in creating a brand for our team and then went above and beyond …”

CHRISTOPHER LEACH – CISO & Founder | CISO Tool Box