Christopher Hickernell

Over a period of six months and in partnership with the Senior Security Manager, we conducted security assessments for 17 Mitsubishi Heavy Industries (MHI) companies in North America. I was solely responsible for completion of 10 out of the 17 assessments. I worked with the Senior Security Manager to develop a custom assessment methodology--combining requirements and best practices from MHI IT Policy, NIST Cybersecurity Framework, and Center for Internet Security. Each assessment comprised… Show more

Over a period of six months and in partnership with the Senior Security Manager, we conducted security assessments for 17 Mitsubishi Heavy Industries (MHI) companies in North America. I was solely responsible for completion of 10 out of the 17 assessments. I worked with the Senior Security Manager to develop a custom assessment methodology--combining requirements and best practices from MHI IT Policy, NIST Cybersecurity Framework, and Center for Internet Security. Each assessment comprised of a multi-day onsite visit at each company; an analysis and risk assessment; and delivery of an Executive Summary presentation and Findings Report. During the onsite visit, I conducted interviews, network scanning, and artifact gathering to assess the company's security capabilities in 28 different Control Families. Following the onsite visit, I conducted analysis of the findings, completed a risk assessment, and formulated recommended remediation actions. Each company was given maturity ratings in five major security functions--Identify, Protect, Detect, Respond, and Recover. At the close of each assessment, an Executive Summary was presented to representatives from the company and parent organizations. The presentation highlighted the company's security strengths, high priority items, and areas for improvement. Upon completion of the project, my employer presented me with a President's Award for my outstanding achievement and performance. Show less

Implemented a Governance, Risk, and Compliance (GRC) system that centralized evidence gathering, improved documentation, and simplified the management of Compete's Information Security Program and security control framework. Through the Redmine ticketing software, the implementation and execution of security controls are tracked, evidenced, and alerted.

Implemented work-flow management software (Integrify), developed processes, and conducted training for Application Custodians that… Show more

Implemented a Governance, Risk, and Compliance (GRC) system that centralized evidence gathering, improved documentation, and simplified the management of Compete's Information Security Program and security control framework. Through the Redmine ticketing software, the implementation and execution of security controls are tracked, evidenced, and alerted.

Implemented work-flow management software (Integrify), developed processes, and conducted training for Application Custodians that improved traceability and simplified execution of Access Termination activities. Traceability is improved, because actions are automatically recorded and timestamped by Integrify. Execution is simplified, because custodians are able to respond using only a few mouse clicks and customized forms. Show less

Led the effort to formalize CNIC’s certification & accreditation activities. Personally authored the Standard Operating Procedure (SOP) that CNIC’s IA workforce would use to develop, review, and submit accreditation packages through the DoD IA Certification process. As part of the SOP, I documented roles and responsibilities, defined protocols for communication, and developed template forms. The SOP was approved by CNIC’s IA Program Manager.

Solved the challenge of implementing a paperless telephone billing system to service University departments. Developed a database system that accepted inputs from various systems, analyzed call detail records, and produced and delivered electronic invoices by email. The system produced the necessary SAP transactions that enabled automatic cross-charging of University departments for telephony services.

Re-engineered the wireless network infrastructure to expand wireless services, centralize administration, simplify configurations, and increase security. I implemented WPA2 authentication with AES encryption to activate the network's 802.11n capabilities. I diagrammed and modeled the wireless access point deployment for all campus facilities. I conducted site surveys, assessed wireless coverage patterns, and relocated access points to improve performance. I developed wireless user guides… Show more

Re-engineered the wireless network infrastructure to expand wireless services, centralize administration, simplify configurations, and increase security. I implemented WPA2 authentication with AES encryption to activate the network's 802.11n capabilities. I diagrammed and modeled the wireless access point deployment for all campus facilities. I conducted site surveys, assessed wireless coverage patterns, and relocated access points to improve performance. I developed wireless user guides, communications, and configuration utilities. Show less