Resume

Stanley M. Hammond
Cape Cod, MA

Certification:

  • Network+ (CompTIA Certified Network Technician)
  • CIW Security Analyst
  • SANS GIAC (GSEC)
  • SANS GIAC (GISP)
  • SANS GIAC (GCCC)
  • SANS GIAC (GEVA)
  • SANS GIAC (GPEN)
  • SANS Security Awareness Professional (SSAP)
  • SANS GIAC (Computer and Network Security Awareness)
  • SANS GIAC (Mastering Packet Analyst)
  • CISSP (Certified Information Systems Security Professional)
  • HCISPP (HealthCare Information Security and Privacy Practitioner)
  • CISA (Certified Information Systems Auditor)
  • CDPSE (Certified Data Privacy Solutions Engineer)
  • ISACA CSX-P (Cybersecurity Practitioner)
  • CCSK (Certificate of Cloud Security Knowledge – v4)
  • CompTIA PenTest+
  • AWS Certified Solutions Architect – Associate
  • CISM (Certified Information Security Manager)
  • CCSP (Certified Cloud Security Professional)

Experience:

5/2024 – present

Mass General Brigham
Somerville, MA

Information Security Officer

  • More information to come. For specifics, please contact me.

6/2016 – 5/2024

Cape Cod Healthcare
Hyannis, MA

Information Security Engineer

  • Investigate security incidents including determining violations of internal and regulatory policies (HIPAA). Regarding potential HIPAA violations, determine where, when and how the disclosure took place using workstation, server and application logs. Work with different IT groups that administer specific applications to retrieve logs and data. Compile a report and pass along to appropriate senior level staff (Director of Information Security, Director of Clinical and Research Compliance).
  • Perform regular risk assessments on servers and workstations. Assessments are done using vulnerability assessment tools (Nessus). Determine current state of PC and confirm that systems are complying based on the risk appetite of the organization and conforms to the patch management policy.
  • Implement new information security tools and applications to increase the security posture of the organization. Tools include desktop antivirus management, file analysis using virtual workstations, web content filtering, two-factor authentication (2FA) and cloud security measures in Microsoft 365.
  • Evaluate third-party vendors that are used for new technology implementations. Evaluate that third-party vendors comply with federal and state regulations. Evaluate that third-party vendors will comply with organization policies regarding information security.

5/2010 – 3/2017

Woods Hole Research Center
Falmouth, MA

UNIX/Linux System Administrator

  • Manage Linux computing cluster environment: Support institution’s UNIX/Linux servers and data storage clusters running Red Hat Enterprise Linux, Sun Solaris, and Windows Server 2003.  Perform user account management for the Linux servers, software maintenance and perform regular backups using Symantec Backup Exec and Retrospect.  Maintain Raspberry Pi’s that are used to monitor energy consumption.
  • Troubleshoot system issues: Monitor cluster usage and performance using open source tools (Ganglia, Sun Graphical Accounting Engine).  Analyze user code written in different languages (Python, R) to determine performance issues and resolve compilation or run-time errors.
  • Provide technical support to scientific and administrative end users: Serve as systems administrator for Windows 2008 domain and VMWare ESX environment.  Administer Windows Servers running versions 2003, 2008 and 2012.  Provide technical support to end users running MacOS and Windows (XP, Windows 7 and 8).  Manage Cisco backbone connecting computing cluster environment to company’s main network.  Manage internal HP backbone for network connectivity.
  • Manage cloud computing resources: Setup and create cloud computing instances within Amazon Web Services (AWS).  Maintain access to instances and perform periodic updates to software packages contained within the instances.

1/2010 – 5/2010

Cape Cod Community College (Commonwealth of Massachusetts)
West Barnstable, MA

Adjunct Instructor

  • Serve as an instructor with the Business department teaching Operating Systems essentials in preparation for the CompTIA A+ Exam.

8/2007 – 5/2010

Cape Cod Community College (Commonwealth of Massachusetts)
West Barnstable, MA

Information Security Specialist

  • Technical lead for heading up information security initiative: Served as the college’s first Information Security Manager.  First task was to analyze the existing infrastructure and determine what areas either already comply or needed to comply with federal, state and industry laws and regulations. Recommend any additions or changes that should be made to the Technical Director and CIO, and then implementing them.
  • Maintain the integrity of host and network resources: Implement a network intrusion detection using open source tools (Snort, Prelude IDS) for monitoring network traffic.  Implement host intrusion detection system using open source tool, OSSEC, to monitor authorized and unauthorized access to critical servers housing student and staff data.  Evaluate and implement Cisco ASA appliance to handle perimeter network monitoring for the main network entry point.  Use IPCop to handle perimeter network monitoring on two segregated networks.
  • Maintain the confidentiality and availability of host resources: Administer the college’s existing SSL VPN system (SSL Explorer).  Evaluated, recommended and implemented a new SSL VPN solution for remote access.  Working with the Technical Director, CIO and Vice President of Administration and Finance, managed the authorized user accounts for the VPN system.  Maintain the tracking software solution that was used on the college issued laptops for the staff.  Evaluate encryption software as a more cost effective solution for college issued laptops.  Administer the college’s Windows 2003 domain and virtual machines running in VMWare ESX.
  • Maintain system/network infrastructure: Assist with administering, maintaining and troubleshooting network backbone comprised of Cisco routers, switches and access points. Serve as system administrator for Windows 2003 Active Directory domain and Exchange 2003 server.
  • Stay current with the latest developments in information security: Became familiar with federal (FERPA, HIPAA, FISMA), state (MGL chap. 93H, 93I, 201 CMR 17.00) and industry (PCI) regulations as they pertain to the college.  Attend trade conferences to identify areas of interest that would apply to the college.  Read articles (paper and internet posted) and blogs on information security topics that are affecting other institutions.  Maintain contact on mailing list for information security issues that affected educational institutions.

4/2007 – 8/2007

VeriSign
Providence, RI

Security Analyst (third shift)

  • Monitor and investigate customer systems for suspicious activity: Investigate security incident reports generated by deployed intrusion detection systems (IDS).  Analyze contents retrieved from network devices using both open source (Tcpdump, Wireshark) and proprietary tools.  Document incident analysis and steps taken in the investigation.  Escalate confirmed security incidents to customers per service level agreement (SLA).  Respond to customer’s request for information on an incident via the telephone and/or email.

12/2006 – 4/2007

Department of Revenue (Commonwealth of Massachusetts)
Chelsea, MA

Security Engineer

  • Maintain the confidentiality and integrity of end user data: Provide support for tax filers using secure shell (SSH), including analyzing system logs to verify authorized logins and successful or failed file transfers.  Update the existing SSH/LDAP infrastructure used by the tax filers to authenticate their user accounts.
  • Maintain the existing infrastructure in accordance to DOR standards: Perform regular maintenance updates and upgrades on Symantec firewalls and Google search appliances.  Setup new Linux servers for corporate applications, applying patches, hardening them using Bastille (including creating custom modules that comply with DOR and IRS standards) and integrating them into Active Directory.  Wrote custom Perl scripts to perform account maintenance on Exchange server and transfer data between DOR and Massachusetts Information Technology Division (ITD).

4/2002 – 12/2006

Woods Hole Oceanographic Institution
Woods Hole, MA

Information Systems Assistant III

  • Maintain the availability of network resources: Monitor network traffic for suspicious activity using open source tools (Snort) for intrusion detection.  Implement systems to analysis and audit network traffic using open source tools (IPAudit).  Process firewall request for end users (including organizations that had network service provided by the institution) that need their systems to be accessible from outside the institution.
  • Investigate security incidents: Handle investigations for compromised Linux and Windows host, which included determining what files were compromised and preserving evidence for further analysis.  Investigate RIAA and DMCA notices to determine if incidents occurred within the institution’s address space and responded promptly to request with detailed information to assist in the investigation.
  • Educate end users on security best practices: Create and present content to educate end user community on security best practices for keeping their servers and data secure.  
  • Provide support to both the end users and technicians: Provide first and second level telephone and email support for institution’s end users (1000+ users) running Windows, Linux and Mac systems.  Serve as lead help desk technician, assisting and mentoring new help desk personnel.  Serve as systems administrator for issue tracking system (Footprints).  Serve as secondary Windows support technician, setting up new user PC’s according to department recommendations.  Serve as Linux system administrator for Linux systems used in department’s classroom.  Research and procure equipment maintained by help desk (laptops).

4/1998 – 4/2003

Woods Hole, Martha’s Vineyard & Nantucket Steamship Authority
Woods Hole, MA

Management Information Systems (MIS) Technician

  • Provided end user technical support: Maintain the hardware and network infrastructure for the company’s eight (8) locations and nine (9) ferries.  Serve as system administrator for company’s IBM AS400 mainframe and issue tracking system (Track-It). Setup PC’s and laptop for new employees and existing end users in accord with what the user needed to accomplish their job (mandatory access controls).  Perform user account management (creation and revocation) for domain access, email access and internet access.  Work with external vendors to maintain telecommunication connectivity between the central office and remote offices.

Education:

University of Massachusetts – Lowell
Associates of Science
Major: Information Technology

University of Illinois
Certificate of Professional Development: UNIX/ Linux System Administration

Conference Presentations:

“Did You Get Our Message? How to Maintain Email Availability”, SecureWorld Healthcare Virtual Conference, April 2023
“Leveraging AI to Create Your Organization’s Security Policies”, SecureWorld Boston 2024, March 2024

Professional Development:

MGT433: Securing the Human: How to Build, Maintain and Measure a High-Impact Awareness Program
SEC580: Metasploit Kung Fu for Enterprise Pen Testing
SEC583: Crafting Packets
SEC541: Cloud Security Monitoring and Threat Detection
SEC474: Building A Healthcare Security & Compliance Program
AIS247: AI Security Essentials for Business Leaders
NIST Cyber Security Professional (NCSP) Foundation
AZ-900 Azure Fundamentals Training
SC-900 Microsoft Security, Compliance, and Identity Fundamentals Training
AZ-500 Microsoft Azure Security Technologies Training

Professional Associations:

  • Member of ISACA – New England Chapter: 2009 and 2012 – 2024
  • Member of ISACA – Rhode Island Chapter: 2010 and 2011
  • Member of ISSA – Information Systems Security Association: 2018 – 2021, 2023 – 2024
  • Member of GIAC Advisory Board
  • Member of IEEE Computer Society: 2014-2017
  • Member of Project Management Institute: 2014, 2023 – 2024