PATRICK EJUMU

Cybersecurity Analyst with extensive experience at Ecs Solutions, specializing in incident response and vulnerability assessment. Successfully implemented security measures that mitigated risks and improved disaster recovery plans. Demonstrated ability to enhance operational resilience and ensure compliance with industry standards through effective team collaboration.

ISC2

Cisco Certified Network Professional

CompTIA PenTest+ in progress

CompTIA CySA+

• Risk Assessment: Identify, analyze, and evaluate cybersecurity risks to organizational operations and assets.
• Compliance Management: Ensure adherence to standards (e.g., NIST 800-53, ISO 27001, GDPR, HIPAA, FedRAMP).
• Policy and Procedure Development: Create and maintain security policies, standards, guidelines, and procedures.
• Third-Party Risk Management: Assess and monitor vendors’ cybersecurity posture.

• Security Monitoring: Use SIEM tools (e.g., Splunk, QRadar) to detect threats in real-time.
• Incident Detection and Response:
  Triage alerts and analyze incidents.
  Execute playbooks and response plans.
  Report and remediate threats.
• Threat Intelligence: Gather and analyze threat data to anticipate and respond to emerging threats.
• Log Management: Collect, store, and analyze logs from systems and applications for forensic and compliance purposes.

• Vulnerability Scanning: Use tools (e.g., Nessus, Qualys) to scan systems for weaknesses.
• Patch Deployment: Apply OS and software patches to eliminate known vulnerabilities.
• Configuration Management: Harden systems by configuring securely (e.g., disabling unused ports/services).

• User Access Provisioning/Deprovisioning: Grant and revoke access based on role changes.
• Multi-Factor Authentication (MFA): Implement MFA for critical systems.
• Privileged Access Management (PAM): Secure and audit access to administrat
• Access Reviews and Audits: Periodically verify appropriate access levels for all users.

• Firewall Configuration and Management: Define rules to control network traffic.
• Intrusion Detection and Prevention Systems (IDS/IPS): Monitor and block malicious activity.
• VPN Management: Secure remote access with virtual private networks.
• Segmentation and Zoning: Isolate network zones (e.g., DMZ, internal, guest).

• Antivirus and EDR Deployment: Install and manage tools like CrowdStrike or SentinelOne.
• Application Whitelisting/Blacklisting: Control which apps can run on systems.
• Secure SDLC: Integrate security in software development life cycle (code reviews, static/dynamic analysis).
• Web Application Firewalls (WAF): Protect web apps from threats like SQL injection and XSS.

• Data Classification and Labeling: Identify and tag sensitive data.
• Encryption: Apply encryption to data in transit and at rest.
• Data Loss Prevention (DLP): Monitor and restrict unauthorized data transfers.
• Backup and Recovery: Maintain secure and tested backup systems.

• Phishing Simulations: Test user susceptibility to phishing attacks.
• Annual Security Training: Educate staff on best practices and compliance requirements.
• Role-Based Training: Provide specialized training for users handling sensitive systems or data.

• Business Impact Analysis (BIA): Identify critical systems and their recovery needs.
• DR Plan Development and Testing: Maintain plans and test them regularly.
• Failover and Redundancy Planning: Ensure availability through high-availability setups and

• Penetration Testing: Simulate real-world attacks to find exploitable weaknesses.
• Security Control Assessments (SCA): Validate that implemented controls meet requirements.
• Continuous Monitoring (ConMon): Ongoing validation of system security posture.

• NIST Cybersecurity Framework (CSF) (2014):
  Provided a standardized, risk-based approach to managing and improving cybersecurity posture, widely adopted in both public and private sectors.
• ISO/IEC 27001 Standard:
  Established international best practices for information security management systems (ISMS).
• CIS Controls (formerly SANS 20):
  Created a prioritized list of actionable security controls to reduce risk.
• Security Information and Event Management (SIEM) Systems:
  Tools like Splunk, QRadar, and ArcSight transformed log analysis and real-time threat detection.
• Extended Detection and Response (XDR) & Endpoint Detection and Response (EDR):
  Solutions like CrowdStrike and SentinelOne drastically improved endpoint threat visibility and mitigation.
• AI/ML in Threat Hunting:
  Machine learning is now used to identify anomalies and predict threats proactively.
• Operation Tovar (2014):
  A global effort that dismantled the Gameover Zeus botnet and disrupted Cryptolocker ransomware.
• NotPetya and WannaCry Response (2017):
  Highlighted vulnerabilities in outdated systems and triggered global patching efforts and public-private coordination.
• Formation of International Coalitions:
  Groups like the Cybersecurity and Infrastructure Security Agency (CISA) and INTERPOL Cybercrime Unit now coordinate global incident responses.
• GDPR Enforcement (2018):
  Elevated data protection globally and influenced data privacy laws worldwide.
• Executive Orders on Cybersecurity (e.g., U.S. EO 14028, 2021):
  Mandated zero trust architecture and software bill of materials (SBOM) for federal systems.
• National Cybersecurity Strategies:
  Countries like the U.S., UK, and Australia now maintain national-level plans to secure infrastructure.