Sandon Nachmann

Raleigh, NC · sandon321@gmail.com

A security leader with 20 years of experience and a proven track record for leading and developing Security, IT, and Risk Management departments and programs according to NIST, ISO, and CIS CSC guidelines.

Most importantly I work hard and play harder. I'm constantly pushing myself and those around me to think outside the box, achieve the impossible, and never settle for status quo!

Visits:


Experience

Manager Cloud Security

Ernst & Young
  • Direct EY client engagement team through implementation of Zscaler ZIA for Secure Web Gateway traffic inspection, and Zscaler ZPA for zero-trust remote application access to a Top 4 multinational pharmaceutical company consisting of 200K+ endpoint devices across 100+ countries and a VMWare VeloCloud SDWAN infrastructure
  • Delivered network security architecture review for top tier US bank which included Data Center network security architecture assessment, SASE delivery and SDWAN capabilities review, network security tools review, cloud & container (k8s) network architecture development, and detailed future state designs recommendations for all
  • Lead client engagement team through Zero-Trust design strategy for Top Tier electric-car manufacturer which included current state maturity assessment, mapping transaction flows, architecting ZTA network, identifying and recommending candidate technology solutions, and creating a prioritized roadmap for deployment across Cloud, Enterprise, and OT Networks
  • Conducted a full mapping and gap assessment across Data Center Palo Alto NGFW deployment to eliminate redundant appliances and reliance on additional tooling for SSL decryption, packet capture (pcap), and malware analysis with a defined focus decentralizing security tooling and traffic for top tier US bank
  • Manage scoping pricing engagements, develop SOW’s, ensure successful project delivery & quality management
March 2022 - Present

Global Cloud Network Security Manager

Syngenta
  • Direct the technical global cloud network and global cloud network security strategy which consists of large (300+) AWS multi-account deployments and 150+ Panorama managed VM-Series Palo Alto firewalls
  • Manage a team of 3 geo-distributed security engineers and architects across multiple time zones, in addition to an MSSP of 15 global engineers responsible for our firewall incidents
  • Manage 10 globally distributed backbone network HUBs which interconnect Syngenta sites and cloud resources
  • Oversee carrier connectivity (AT&T, GTT), cloud connectivity (Megaport), and hardware/software management of network HUB devices (Palo Alto VM-Series, PA-5250, Cisco Nexus 9K switches, Meraki MX450, Cisco UCS, Cisco SAE)
  • Define configuration of AWS cloud network infrastructure components such as Gateway Load Balancer, Transit Gateway Routing, Direct Connect Gateway, VPN, Peering, ALB/NLB, & Security Groups
  • Overhauled Palo Alto firewall security policies implementing globally approved App-ID Categories and Security Profiles as well as AWS VPC specific business policies based on AWS Tagging and Palo Alto VM Information Sources
  • Managed deployment of Palo Alto GlobalProtect remote access solution to 40K users globally
January 2021 - March 2022

Information Security Officer & Network Manager

NCSEAA
  • Create and execute the vision and strategic roadmap for the Information Security and Network Infrastructure team in order to ensure the confidentiality, integrity, and availability of all information at NCSEAA.
  • Administer the NCSEAA security program, and coordinate with agency staff during annual Federal FISMA Audit to ensure compliance with all NIST 800-53 standards.
  • Manage $500K department budget, ensuring sufficient resources are available and allocated to projects.
  • Operate Azure Cloud Infrastructure via ExpressRoute connected VNET with 35 VM’s, load balanced Barracuda firewall cluster, and Barracuda WAF.
  • Oversee administration of Barracuda Firewalls, Cisco Firepower IPS, AlienVault SIEM, Cisco Umbrella Web/URL filtering, Cisco AMP. As well as Qualys, Imperva, Veracode, & Titania Nipper Vulnerability Scanning program.
  • Perform penetration testing on custom Dev web app servers using Kali Linux, ensuring OWASP best practices.
December 2019 - January 2021

Security Consultant

MCNC
  • Provide guidance and direction to 300 K-12, University, College, and Charter schools in North Carolina to achieve compliance with laws and regulations (HIPAA, PCI, FERPA, GLBA).
  • Evaluate customer cybersecurity program effectiveness against industry accepted frameworks (ISO 27002:2013, NIST 800-53, NIST 800-171, NIST Cybersecurity Framework, CIS Critical Security Controls).
  • Lead the design and execution of security engagements, review assessment findings, and present mitigating controls in detailed reports to optimize information security controls.
  • Act as “virtual CISO” working alongside school leadership to provide guidance and expertise in all areas of security.
  • Provide Palo Alto system/threat monitoring. Respond to system wide security events & provide incident response.
  • Review AWS VPC network segmentation, EC2 Security groups, NACL’s, and route tables for least privileged access. Assess public facing EC2 instances and S3 access controls.
July 2018 – December 2019

Director Strategic Projects

Coastal Credit Union
  • Coordinated project deliverables throughout 1-year merger and acquisition of Freedom credit union, having a total project budget of approximately $2.5M.
  • Managed 6-month RFP for the selection of new core credit card processing system which consisted of contract reviews, pro-forma cost analysis, vendor demo’s, and recommendations to senior management.
  • Developed corporate project management training program which set the standards for managing projects across all business units. Taught program to 80 personnel inclusive of VP’s, Mgr.’s, & PM’s.
  • Directed team of 15 BA’s, Engineers, Developers, and SME’s through the implementation of Interactive Intelligence’s CIC phone dialer solution. This provided predictive dialing, real-time account lookup, and interactive recording of agent calls for collection department consisting of 50 personnel.
March 2015 - July 2018

IT Project Manager

MBM Customized Foodservice
  • Managed the deployment of SelectorPro warehouse selecting technology at 35 distribution centers throughout the country, having a total budget of approximately $15M.
  • Executed the rollout of RF Warehouse Scanning devices to distribution centers throughout the country. This resulted in real-time visibility into inventory, reduced labor expense, and improved accuracy and efficiency.
  • Served as liaison between non-technical business units and IT, communicating technical information and plans.
  • Worked with Clarizen and MS Project, project portfolio management tools.
  • Defined project scope, milestones and deliverables that support business goals in collaboration with senior management and stakeholders.
April 2014 – March 2015

IT Integration Manager

Teachers Federal Credit Union
  • Implemented Docusign eSignature suite on an enterprise level for member and employee-based documents. This led to increased efficiency, paper cost savings, and member level satisfaction.
  • Utilized advanced knowledge of SQL, SSRS, Crystal Reports, MS Access, and Excel for managing systems development, maintenance, and enhancements.
  • Researched and implemented new technologies, development tools, and commercial software products to enhance organizational efficiency and functionality.
  • Development of technology products, service standards and other efforts that impact lending operations for a $5.4-billion-dollar credit union.
August 2012 – April 2014

Security / Business Continuity Manager

Teachers Federal Credit Union
  • Performed comprehensive risk assessments on all aspects of security inclusive of IT Security Testing, Physical security, and regulatory compliance (PCI-DSS, FFIEC, GLBA).
  • Establishment of Board of Director approved Information Technology Policy that complied with federal regulations and best practices, and provided security for the credit union and its members data.
  • Conducted all forms of BCP testing including call trees, tabletops, as well as oversee and evaluate bi-annual HP-UX mainframe failover testing to company hot-backup site.
  • Utilized Kali Linux, Armitrage, Nmap, Nessus, and Aircrack-ng to validate security controls in place.
October 2008 – August 2012

PC / Project Technician

Teachers Federal Credit Union
  • Installed and configured OS software and upgrades on the 50+ Windows and Unix-variant servers (OpenBSD, FreeBSD, HP-UX), as well as the 800+ user desktop pc’s.
  • System administration of Cisco routers, Cisco ASA, Nortel switches, Snort IDS, Sendmail, DNS (bind).
  • Maintained and updated corporate Apache web site using Dreamweaver and Photoshop.
  • Managed a team of eight SME’s to implement a corporate CRM solution using Harland’s Touché Sales & Service.
  • Met with IT Manager reporting the status of current projects, identifying issues and assessing their impact, and proactively recommending solutions.
August 2000 – October 2008

Education

Dowling College

Master of Business Adminsitration
Corporate Finance

Dowling College

Bachelor of Science
Computer Science

Certifications

Zscaler Internet Access (ZIA) Certified Administrator

Zscaler
#PAJG2YO456ZD
Sept 2022

Zscaler Private Access (ZPA) Certified Administrator

Zscaler
#3QG39R8P3Y63
June 2022

AWS Certified Advanced Networking Specialty

Amazon Web Services
#FXTV2N8L32B41V5Q
April 2022

Palo Alto Networks Certified Network Security Administrator (PCNSA)

Palo Alto Networks
#ZM3K0KG1DMR41R5G
May 2021

Certified Ethical Hacker (CEH)

EC-Council
#ECC7209158364
August 2020

AWS Certified Solutions Architect Associate

Amazon Web Services
#2TKTT9W2MBQEQV3P
August 2019

AWS Certified Cloud Practitioner

Amazon Web Services
#81TH0GK2JEVQQZ92
May 2019

Certified ScrumMaster

SCRUM Alliance
#722932
November 2017

LEAN Six Sigma Green Belt Certified

Purdue University
#PU595GB146711X
January 2015

Interests

Cloud Resume Challenge

This resume is being developed as part of the https://cloudresumechallenge.dev.

The Cloud Resume Challenge covers a wide area of topics that includes full-stack software development, version control, infrastructure as code, automation, continuous integration and delivery, cloud services and “serverless”, application security, and networking.

As of now the challenge is not yet complete. My cloud resume and this page is still a work in progress!