Joshua Neuman
Verified Expert in Engineering
IT Security Developer
Lubbock, TX, United States
Toptal member since November 23, 2022
Joshua is a seasoned cybersecurity professional with deep experience and knowledge in governance, risk, compliance (GRC), auditing, vulnerability management, network security, and network engineering. He has consulted for both the US government and the private sector. Joshua's previous roles include lead network defense security engineer, product owner and stakeholder, voice over IP (VOIP) engineer, and information assurance lead.
Portfolio
Experience
- Information Technology - 20 years
- Network Security - 16 years
- Cisco - 16 years
- IT Systems Management - 16 years
- Network Engineering - 10 years
- Information Assurance - 8 years
- Risk & Compliance - 8 years
Availability
Preferred Environment
Cisco, Qualys, BMC Remedy, Compliance, Risk Management, Customer Support, IT Governance, Risk Analysis, Python, Security, Risk Assessment, Windows, IT Security, Cybersecurity, SSL Certificates, C++, NIST, Vulnerability Assessment, CISSP, Policies & Procedures Compliance, Security Policies & Procedures, Blockchain, Information Security, Linux, Firewalls, Stakeholder Management, Configuration Management, IT Deployments, Incident Response, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, VPN, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits, Enterprise Risk Management (ERM), Azure
The most amazing...
...impact I have had is developing an enterprise vulnerability management program and associated policy in a dynamic tactical environment.
Work Experience
Consultant
IT Consultant
- Developed and co-launched cryptocurrency projects.
- Implemented various ITGC Controls such as multifactor authentication, business continuity, and disaster recovery plans.
- Reviewed and audited solidity-based cryptocurrency contracts.
Product Owner and Stakeholder
Axiom Codex Pty Ltd
- Provided guidance and support as a product owner to the software development team in creating a cryptocurrency portfolio management platform in an agile environment.
- Developed and managed GRC efforts for the organization and platform (e.g., business continuity, disaster recovery planning, GRC framework compliance, etc.).
- Audited security controls on the platform, such as ensuring integrity through encryption and hashing of API keys.
- Provided daily customer support and training on platform capabilities and use from alpha through beta pre-launch stages.
Theater IA Network Engineer (GRC SME) and Lead Network Defense Security Engineer (Multi-role)
Trace Systems
- Provided risk management support and guidance to designated approving authority (CISO), which included third-party risk management concerning hundreds of external programs of record-managed systems.
- Developed and implemented the enterprise infrastructure auditing plan.
- Maintained and tracked C&A NIST compliance documentation and status for all enterprise strategic networks.
Voice Over IP (VOIP) Engineer and Information Assurance (IA) Lead
INX Inc. (Purchased by Presidio)
- Led system engineering, implementation, and IA accreditation effort for the Cisco Certified Operations Manager (CUOM) for Enterprise Networks.
- Addressed IA issues related to network security, auditing, and compliance of the VOIP network infrastructure.
- Managed VOIP infrastructure across multiple enterprise networks, including all regional data centers across the country.
Regional Information Assurance Network Engineer (IANE)
Raytheon
- Audited and reported site network devices for security vulnerability and NIST regulatory compliance.
- Developed and implemented change control documentation for site network devices.
- Performed network and physical security site survey inspections, and reviewed disaster recovery and business continuity plans.
Experience
PCI-DSS Case Study
https://github.com/jtneuman/PCI-DSS-Case-Study/blob/main/PCIDSS-CaseStudy.pdfThis was a "snapshot" assessment covering CDE scoping, network architecture changes to enable compliance, and an actual PCI Compliance scan against an Azure network that I built to simulate a CDE. Vulnerabilities and recommended remediations are presented, in addition to addressing each of the 12 PCI requirements per PCI-DSS v3.21 with some v4.0 recommendations where appropriate.
Education
Bachelor of Science Degree in Cybersecurity
UMUC Global - Maryland, USA
Certifications
Certified Ethical Hacker (CEH)v7
EC-Council
Microsoft Certified Systems Engineer 2003 (MCSE 2003)
Microsoft
Certified Infromation Systems Security Professional (CISSP)
ISC2
Cisco Certified Network Professional (Enterprise/Security)
Cisco Systems
Skills
Tools
VPN, Nessus, BMC Remedy
Industry Expertise
Network Security, Cybersecurity
Platforms
Windows, Linux, Windows Server, Blockchain, Azure
Languages
Python, C++
Paradigms
Penetration Testing, HIPAA Compliance
Other
Network Engineering, Cisco, Risk Management, GRC, Information Technology, Information Assurance, Compliance, IT Governance, Security, IT Security, Security Architecture, CISSP, Communication, Risk & Compliance, Information Security, Firewalls, Certified Information Systems Security Professional, IT Systems Management, Business Continuity & Disaster Recovery (BCDR), IT Project Management, Incident Response, Customer Support, Cryptocurrency, Risk Analysis, Information Audits, Risk Assessment, NIST, Vulnerability Assessment, Architecture, IT Management, Policy Development, Policies & Procedures Compliance, Security Policies & Procedures, Identity & Access Management (IAM), Security Analysis, Stakeholder Management, Configuration Management, IT Deployments, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits, Enterprise Risk Management (ERM), PCI DSS, Qualys, Digital Forensics, Ethical Hacking, Microsoft Servers, Cryptocurrency APIs, SSL Certificates, PCI, Assets, Security Engineering
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring