Nathan Bishop

I am an IT Support Associate II with 4 years of experience at amazon, assisting customers with account and equipment issues. My greatest strength is remaining calm in high stress situations, homing in on what the customers objective or goal is and finding the best way to achieve this and I have a talent for communicating technical issues to customers and finding creative solutions. I am passionate about learning and growing in IT, specifically cybersecurity. I value asking questions, collaboration and growth.

I am furthering my training and experience by taking courses and studying for CISSP - Certified Information Systems Security Professional, AWS Cloud Practitioner, Qualys: Vulnerability Management Foundation, Splunk Core Certified User. I am also training by using MetaCTF Cyber Range, HTB Academy and TryHackMe.

Deep dive current training material for program, provide feedback for improvements, and work directly with program stakeholders to dial in the material.

Ensuring adherence to security-related policies. Reducing and mitigating security risks for the customer, the company, our partners, and employees. Documenting/Filing all security risks that is not mitigated, in ASR and accepting (at a sufficiently high managerial level). Use Design Inspector for threat modeling and vulnerability identification in application development. Use Burp Suite to find vulnerability detection. Use Fortify for automated code review, verifying flagged vulnerabilities.

Conducting audits on server room physical security; recording testing method, alarm and security team response. Performing audits using an Amazon built SOAR tool to verify end user equipment compliance with required OS, software, driver and third party updates. Also verifying device encryption, firewall, antivirus and Qualys status. Troubleshooting issues with devices out of compliance, pushing needed updates and removing deprecated software. Providing information, awareness, guidance and updates on cybersecurity best practices and threats to other support teams and senior leadership.

Responsibilities include, ordering, maintaining, auditing, provisioning and deploying equipment from inventory. Tracking equipment status and location through tickets, vendor contacts and shared documents with my team.

My responsibilities included being consistently on time for my shift, conducting audits on palletized product ensuring accuracy and correcting any issues or mismatch with product labeling or virtual location. Troubleshooting product that was incorrectly received, missing and/or found. Using tools available to me to look up product information, shipping information and correcting product virtual locations. operating my PIT with safety and efficiency, loading and unloading trucks and pallets, relocating pallets.

Duties included setting-up, troubleshooting and doing diagnostics on client’s devices, tv's, routers and wifi networks, printers and computers. I was also responsible for pulling product for delivery from the warehouse and speaking to customers, confirming orders and delivery details. I would also manage the inventory of my work vehicle, achieving a 100 percent accounting for all items consistently

completed hands on projects using Linux, MySQL, tcpdump, Wireshark and Python. Also learned about NIST frameworks, CIA triad, OWASP top 10.

Attended webinars and completed labs. Labs involved working in windows and kali VMs. Creating and exploiting vulnerabilities and analyzing and patching them. Practiced using tools Metasploit and meterpreter, bluespawn, atomic red team.

The BHIS/Antisyphon Cyber Range was created as an affordable, hands-on environment for security professionals to learn and practice new skills. The challenges cover a wide range of categories and difficulty levels.

Explain what GRC is and how it relates to cybersecurity. Articulate what governance is and who is responsible for it. Describe the challenges of building a GRC program. Distinguish between the various frameworks to use for a GRC program. Describe the certifications a GRC professional should pursue.

how to build an ISO 27001-2022-compliant cybersecurity program. Learn what this standard is and discover why it is used around the world as the guidebook for constructing information security programs that work. Dive into how the standard is organized and get a description of the certification process. Explore a step-by-step plan that you can follow if you want to build a cybersecurity program that complies with the ISO 2700-2022 standard. Additionally, go over gaps and criticisms of the standard and examine ways to fill those gaps.

an in-depth overview of all the hard and soft skills required to successfully align the needs of your organization and develop a GRC program that works for you. Learn how to properly communicate with engineers, write policies-as-code, integrate agility into your risk management process, infuse automation into your compliance program, and more.

Created a static website to host my resume online. Used Route 53 to reserve my domain name. Used S3 to create a bucket to host my site HTML, CSS, JS and image files. Used ACM to setup SSL/TLS certificate, applied certificate to a CloudFront distribution that points to my S3 bucket. Setup Billing and Cost Management, creating cost limits and notifications. Setup multi factor authentication for root user and created admin user and admin permission group. I replaced the index.html file and trying top force an update I invalidated the deployment in cloudfront to force an update and display the updated page. I added work mail to my domain and broke my site, page was no longer reachable. In troubleshooting I deleted and recreated services, rebuilt every service from the beginning. I realized I had not verified my email when registering the domain name and it was suspended.

I have worked on multiple projects to further my Python coding skills and experience. I have uploaded some of them to my GitHub account, (https://github.com/nathanb404). These projects included creating an algorithm for sorting IP addresses, data analysis, calculator, games and adlib programs. I am continuing to work on projects to grow my skills and experience with python.

I built a homelab consisting of security cameras, NVR (network video recorder), wireless access points, separate vlan for IoT devices, a server running SEIM and IDS/IPS services (Wazuh, Splunk, Surricata). DNS filtering (Pihole), media streaming service (Jellyfin).