Ray Mahannah

Ray Mahannah

IT Security - IT Risk Management - IT Security Controls and Compliance Professional
  • Windham, Maine
  • November 12, 2018

Seeking a position in the IT - Information Security field as an engineer/analyst/technician with a well  established company that will benefit from my education, experience and skill sets while offering me a chance to continue my passion of learning and growing in this critical, and constantly evolving industry.

I possess professional experience in the Information Security INFOSEC field building, implementing or revising a risk based key control framework down to the system and device level; security engineering conducting SIEM log analysis, correlation and building alerts, vulnerability assessment, scanning and remediation utilizing the Rapid7 Nexpose Enterprise tool with Metasploit Enterprise, and malware analysis and response on server platforms, end user desktop/laptop architecture/image management utilizing SCCM/SCEP including uninstalling of malicious or vulnerable software, and developing formal INFOSEC policies and standards. I have 23 years of honorable service with both the United States Navy and Coast Guard with the last 5 years serving in a personnel and program management level position, priding myself in being rewarded throughout my career for my Good Conduct, Integrity, and observing strict accordance with the Core Values of Honor, Respect and Devotion to Duty. My professional experience gives me a unique knowledge pool which drives my passion for INFOSEC that includes the technical, physical, administrative, and government/legal mandated areas of security controls along with the security risk awareness that ensures the enterprise IT architecture controls are designed and continuously adapted to counter malicious activity while being constantly vigilant for signs of advanced persistent threat, intrusion or ex-filtration of sensitive, and proprietary information. My background is strongly enhanced with the completion of my B.S. in Information Technology specializing in Information Assurance and Security at Capella University graduating in June 2010 receiving High Honors (Summa Cum Laude). I am highly skilled in oral, written and technical communications in diverse environments, and I have the mature, and unique successful ability to present and market my ideas and proposals both to my superiors and subordinates and achieve positive results. My traits of high technical aptitude, knowledge and sound organizational abilities have served me well and offer an exceptional value to my prospective employers. I am quite adaptable to required travel for employment reasons, and a watch standing environment such a Security Operations Center. My most recent position a Field Service Engineer in the INFOSEC realm allowed me to gain additional experience with frequent travel to work with many customers in the Power Generating Station industry installing, implementing and configuring a proprietary Information Security Suite. I also recently earned the SANS GIAC GCCC+ certification adding to my professional portfolio.

Phone Number


Bachelor of Science in IT - Information Assurance and Security Graduated with High Honors (Summa Cum Laude) @ Capella University
Jan 2006 — Jun 2010

Major Coursework in Ethics, Technical Writing, Fundamentals of Project Management, System Assurance and Security, Enterprise Architecture, Network and Security Architecture, Hardware and Operating System Architecture, Operating Systems Security, Cyber Defense and Countermeasures, Fundamentals of Software Architecture, Cyber Attack and Ethical Hacking, Applications Security, Organizational Security, Computer Forensics, Security Management and Policies.


Field Service Engineer (INFOSEC) @ Emerson Automation Solutions (Randstad Technologies)
Nov 2017 — Mar 2018

Provided hardware installation, configuration, customization, and engineering support and services for the company's proprietary Power and Water Cyber Security Suite project initiative at power generating stations, and water treatment facilities within the continental United States.

Accurately read, understood, and carried out complex written instructions to customize Windows OS, software installation configuration of McAfee ePO and related modules (AV, Threat Prevention, Device and Application Control, and ANSA Patch Management), McAfee ESM SIEM (linux), Acronis Backup and Restore. Installed and customized configuration files for Cisco 2960 Switch and Cisco 5500x Series ASA with FirePower, and intrusion prevention module in accordance with power plant and/or NERC/CIP requirements

Provide outstanding, professional customer support when requested to resolve on site networking or other custom configuration and/or troubleshooting and researching issues that may arise, while developing strong team player bonds with other field engineers that offered a wealth of information contributing to my professional growth.

Current CCS (Safesite) card holder, #452985.

Senior Controls and Compliance Analyst @ Delhaize America
Sep 2015 — Sep 2017

Highly dedicated team member consisting of myself and one additional Senior Analyst to lead the execution of related risk and compliance activities focusing on policies, standards, procedures, and controls based on NIST SP800-37 rev. 1, and .SP800-53 rev. 4. Expertly maintain a large, complex inventory of known compliance issues and tracking remediation coordination within Archer GRC. Frequently integrate with Business and IT teams to assist with design, build, and implementation devices, systems, and applications being added to the secure enterprise architecture. Lead internal control maintenance, update, and writing of additional new controls for the key control framework (KCF), policies, standards and procedures. Lead internal documentation of compliance, working with management on remediation and follow-up of activities including Exceptions to Policy, and Memorandum of Risk Acceptance. Conduct risk based control evidence assessments to ensure that the control remains effective, and work with control performers to update controls as changes to the environment occur. Prepare reporting and metrics related to compliance posture and submit to Information Security program leadership. Review and assist with vulnerability remediation activities for compliance issues, audit findings and observations, and act as a security liaison to assist Business Owners/Performers with mitigation and remediation of vulnerabilities. Recently completed a highly complex analysis and rewrite of the controls contained in the Enterprise Key Control Framework, which included the Vendor Information Security Program in order to ensure it was appropriate going forward as we completed a large corporate merger with the Ahold Corporation. Through extensive research, complex analysis, and painstaking attention to detail, it was possible to efficiently combine several similar control standards into fewer, and in some cases a single control with standardized control procedures, which greatly reduced the number of overall controls in the framework, and eased the burden of workload involved for the Control Owners/Performers in each Business Unit.

Privacy & Security Specialist - Associate Security Engineer @ Maine Medical Center - MaineHealth
Aug 2011 — Sep 2015

Experienced working as a member of the Security Engineering Team in the Privacy and Security Department to design, implement and maintain a Privacy and Information Security Program addressing and meeting HIPPA/HITECH/FISMA/PCI and other NIST standards for all Information Systems. This involves extensive security auditing, analysis, scanning and monitoring of network traffic on a very large, complex, and dynamic Enterprise network architecture scale that is a host for several applications, databases, and operating systems. In addition to this, I performed monthly, quarterly, and annual Risk Assessments/Vulnerability Scanning and Penetration Testing utilizing the Rapid 7 Enterprise scanning tool on the network, and provide detailed reports to system managers and organization directors along with providing assistance with remediation of vulnerabilities discovered, and conducting remediation scans to ensure patches, updates, and upgrades addressed the vulnerabilities that were discovered. This tool also included Metasploit Enterprise that was used to simulate different types of attacks and show system/business owners first hand what the results of this attack provided to the attacker. I am responsible for initiating and tracking antivirus system alerts, and ensuring isolation of infected endpoints from the network, uninstalling malicious or vulnerable tools and software, and validating complete remediation of detected threats prior to reconnecting a previously infected endpoint device to the network in a Security Operations Center type environment. I worked as a member of the McAfee/Intel SIEM, Symantec DLP, and ProofPoint proof of concept and implementation team. I continued with writing event correlation alerts using SIEM device logging and signature information from these systems that include CheckPoint firewall, BlueCoat proxy, and McAfee ePO. I have designed security and compliance controls based on NIST framework for a federally funded grant program from the ground up. I provide professional telephone, email, and in person customer support for not only technically proficient individuals, but also provided basic troubleshooting guidance to those that have no technical training, but need access to a system that they are having issues with. Additional tools that I worked with on a Daily Basis: Bit9 (System Admin), Lansweeper (System Admin), Microsoft System Center Configuration Manager-SCCM with Microsoft System Center Endpoint Protection (SCEP Antivirus), FairWarning (System Admin).

Level 3 Technical Support Representative @ Time Warner Cable (Now Spectrum)
Dec 2010 — Aug 2011

Assist Time Warner Cable customers and field technicians with resolving technical and troubleshooting issues with Digital Cable, Broadband Internet Access, and Digital Phone, and other IT related compatibility issues including but not limited to: Billing system coding issues, Broadband modem, router and cable converter box troubleshooting, including investigating and troubleshooting broadband bandwidth issues relating to internet theft, and modem flashing to remove bandwidth caps, Email account and 3rd party software and hardware administration settings and modifications.

Chief Telecommunications/Operations Specialist @ United States Coast Guard
Jan 1994 — Oct 2010

Responsible for leadership, training, supervision, counseling and evaluation of 6 personnel and managing all Command Center department related items with no less than 5 additional collateral duty and project/program management assignments at a time in a high operations tempo environment. Experienced working with secure critical and tactical communications, and computer/messaging systems (SIPRnet) along with administration and account management/audit duties ensuring that information assurance and data integrity principles were followed in both underway at sea and ashore duty stations. Qualified Electronic Key Management System Manager, Qualified Command Duty Officer for USCGC Reliance (WMEC-615), and Sector Northern New England Command Center. Qualified Search and Rescue Controller for 8 years. Worked as a Project Manager in 2008-2009 for successfully designing, installing and implementing a jointly administrated and monitored computer network integrated port security and waterways surveillance camera system with the cities of Portland Maine, and Portsmouth New Hampshire to provide greatly enhanced Maritime Domain Awareness capabilities and infrastructure security for these two ports. Designed and coordinated the purchase and installation of a badly needed computer workstation suite upgrade for the purpose monitoring and tracking all resources and operations in our Area of Responsibility including drafting the proper system usage and administration procedures for this stand-alone system. Served as Chief Operations/Communications Specialist In Charge while underway ensuring all radio, satellite, and information system communications remained on-line, and secure at all times.

Operations Specialist 2nd Class (CIC HF-UHF Data Link Tracking Supervisor) @ United States Navy
Jan 1987 — Jan 1994

Stationed on board USS Scott (DDG-995), Homeport Norfolk, Virginia. Responsible for the supervision of 15 shipboard qualified Combat Information Center watch station personnel directly involved in the safe operation, navigation and operational mission effectiveness of the ship’s communications, data systems, radar systems, and weapon systems and capabilities in both peace and wartime steaming conditions. Qualified HF-UHF Data Link 11 Tracking Supervisor. This included ensuring all mandated training and personnel qualification requirements were kept up to date and in good standing with the Commanding Officer. It was one of my primary duties to protect all operational and communications based classified material, and supervise new crypto changes for HF, VHF, UHF, and SATCOM secure communications network. Qualified Anti-Submarine Aircraft Controller with over 220 safe positive control hours of rotary and fixed-wind anti submarine warfare aircraft during peace time, and wartime steaming.

Selected by special nomination to lead a shipboard technical system research, development and testing team for the new combat system installation on board my ship USS SCOTT (DDG-995) that required a high demonstrated degree of technical aptitude, problem solving and organizational abilities in a professional technical team environment.

Earned a Navy Letter of Commendation for Superior Performance of Duty relating to my strong ability to Train, Mentor, Motivate and Lead Cross-Functional Teams to Meet and Exceed Operational Goals and Objectives during my service in Operation Desert Shield in 1990.

Contact Candidate