Joshua Neuman, Developer in Lubbock, TX, United States
Joshua is available for hire
Hire Joshua

Joshua Neuman

Verified Expert  in Engineering

IT Security Developer

Location
Lubbock, TX, United States
Toptal Member Since
November 23, 2022

Joshua is a seasoned cybersecurity professional with deep experience and knowledge in governance, risk, compliance (GRC), auditing, vulnerability management, network security, and network engineering. He has consulted for both the US government and the private sector. Joshua's previous roles include lead network defense security engineer, product owner and stakeholder, voice over IP (VOIP) engineer, and information assurance lead.

CiscoSecurityInformation SecurityFirewallsGRCSecurity ArchitectureNetwork SecurityCybersecuritySystem AdministrationCertified Ethical Hacker (CEH)Vulnerability ManagementNISTSecurity Policies & ProceduresCryptocurrencyIdentity & Access Management (IAM)Network Access Control (NAC)Nessus

Portfolio

IT Consultant
Cryptocurrency, Cryptocurrency APIs, Customer Support, GRC...
Axiom Codex Pty Ltd
Business Continuity & Disaster Recovery (BCDR), Communication, Network Security...
Trace Systems
Assets, Business Continuity & Disaster Recovery (BCDR), Customer Support, GRC...

Experience

Information Technology - 20 yearsNetwork Security - 16 yearsCisco - 16 yearsIT Systems Management - 16 yearsNetwork Engineering - 10 yearsInformation Assurance - 8 yearsRisk & Compliance - 8 years

Availability

Full-time

Preferred Environment

Cisco, Qualys, BMC Remedy, Compliance, Risk Management, Customer Support, IT Governance, Risk Analysis, Python, Security, Risk Assessment, Windows, IT Security, Cybersecurity, SSL Certificates, C++, NIST, Vulnerability Assessment, CISSP, Policies & Procedures Compliance, Security Policies & Procedures, Blockchain, Information Security, Linux, Firewalls, Stakeholder Management, Configuration Management, IT Deployments, Incident Response, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, VPN, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits

The most amazing...

...impact I have had is developing an enterprise vulnerability management program and associated policy in a dynamic tactical environment.

Work Experience

Consultant

2021 - 2022
IT Consultant
  • Developed and co-launched cryptocurrency projects.
  • Implemented various ITGC Controls such as multifactor authentication, business continuity, and disaster recovery plans.
  • Reviewed and audited solidity-based cryptocurrency contracts.
Technologies: Cryptocurrency, Cryptocurrency APIs, Customer Support, GRC, Information Assurance, Information Technology, Risk Management, Risk & Compliance, Network Security, Network Engineering, IT Systems Management, Communication, Risk Analysis, IT Project Management, Security, Risk Assessment, Windows, IT Security, Cybersecurity, NIST, Vulnerability Assessment, Security Architecture, Architecture, IT Management, Policies & Procedures Compliance, Security Policies & Procedures, Blockchain, Security Analysis, Information Security, Linux, Firewalls, Stakeholder Management, Configuration Management, IT Deployments, Certified Information Systems Security Professional, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, VPN, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits

Product Owner and Stakeholder

2017 - 2020
Axiom Codex Pty Ltd
  • Provided guidance and support as a product owner to the software development team in creating a cryptocurrency portfolio management platform in an agile environment.
  • Developed and managed GRC efforts for the organization and platform (e.g., business continuity, disaster recovery planning, GRC framework compliance, etc.).
  • Audited security controls on the platform, such as ensuring integrity through encryption and hashing of API keys.
  • Provided daily customer support and training on platform capabilities and use from alpha through beta pre-launch stages.
Technologies: Business Continuity & Disaster Recovery (BCDR), Network Security, Communication, Cryptocurrency, Customer Support, GRC, Cryptocurrency APIs, Information Assurance, Information Technology, Risk Management, Risk & Compliance, NIST, Network Engineering, IT Systems Management, IT Governance, Risk Analysis, Microsoft Servers, IT Project Management, Information Audits, Windows Server, Security, Risk Assessment, Windows, IT Security, Cybersecurity, IT Management, Policy Development, Security Policies & Procedures, Blockchain, Identity & Access Management (IAM), Security Analysis, Information Security, Linux, Stakeholder Management, Configuration Management, IT Deployments, Certified Information Systems Security Professional, Disaster Recovery Plans (DRP), Monitoring, System Administration, Certified Ethical Hacker (CEH), IDS/IPS, Vulnerability Management

Theater IA Network Engineer (GRC SME) and Lead Network Defense Security Engineer (Multi-role)

2010 - 2014
Trace Systems
  • Provided risk management support and guidance to designated approving authority (CISO), which included third-party risk management concerning hundreds of external programs of record-managed systems.
  • Developed and implemented the enterprise infrastructure auditing plan.
  • Maintained and tracked C&A NIST compliance documentation and status for all enterprise strategic networks.
Technologies: Assets, Business Continuity & Disaster Recovery (BCDR), Customer Support, GRC, Information Assurance, Information Technology, Compliance, Risk Management, Risk & Compliance, Network Security, Network Engineering, IT Systems Management, Communication, IT Governance, Risk Analysis, Microsoft Servers, IT Project Management, Information Audits, Windows Server, Security, Risk Assessment, Windows, IT Security, Cybersecurity, NIST, Vulnerability Assessment, Security Architecture, Architecture, IT Management, HIPAA Compliance, CISSP, Policy Development, Policies & Procedures Compliance, Security Policies & Procedures, Identity & Access Management (IAM), Security Analysis, Information Security, Firewalls, Configuration Management, IT Deployments, Certified Information Systems Security Professional, Incident Response, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, VPN, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits

Voice Over IP (VOIP) Engineer and Information Assurance (IA) Lead

2008 - 2009
INX Inc. (Purchased by Presidio)
  • Led system engineering, implementation, and IA accreditation effort for the Cisco Certified Operations Manager (CUOM) for Enterprise Networks.
  • Addressed IA issues related to network security, auditing, and compliance of the VOIP network infrastructure.
  • Managed VOIP infrastructure across multiple enterprise networks, including all regional data centers across the country.
Technologies: Cisco, Customer Support, GRC, Information Assurance, Information Technology, Compliance, Risk Management, Risk & Compliance, Network Security, Network Engineering, IT Systems Management, Communication, IT Governance, Risk Analysis, Microsoft Servers, IT Project Management, Information Audits, Windows Server, Security, Risk Assessment, Windows, IT Security, Cybersecurity, NIST, Vulnerability Assessment, Security Architecture, Architecture, IT Management, CISSP, Policy Development, Policies & Procedures Compliance, Security Policies & Procedures, Security Analysis, Information Security, Firewalls, Configuration Management, IT Deployments, Certified Information Systems Security Professional, Incident Response, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, VPN, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits

Regional Information Assurance Network Engineer (IANE)

2007 - 2008
Raytheon
  • Audited and reported site network devices for security vulnerability and NIST regulatory compliance.
  • Developed and implemented change control documentation for site network devices.
  • Performed network and physical security site survey inspections, and reviewed disaster recovery and business continuity plans.
Technologies: Business Continuity & Disaster Recovery (BCDR), Cisco, GRC, Information Assurance, Information Technology, Compliance, Risk Management, Risk & Compliance, Network Security, Network Engineering, IT Systems Management, Nessus, Communication, IT Governance, Risk Analysis, Microsoft Servers, IT Project Management, Information Audits, Windows Server, Security, Risk Assessment, Windows, IT Security, Cybersecurity, NIST, Vulnerability Assessment, Security Architecture, Architecture, IT Management, CISSP, Policy Development, Policies & Procedures Compliance, Security Policies & Procedures, Security Analysis, Information Security, Firewalls, Configuration Management, IT Deployments, Certified Information Systems Security Professional, Incident Response, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, VPN, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits

PCI-DSS Case Study

https://github.com/jtneuman/PCI-DSS-Case-Study/blob/main/PCIDSS-CaseStudy.pdf
This project is a case study involving an eCommerce company (Timbuktu e-Group aka TeG) with a web-app front end running a pilot Azure cloud infrastructure. The company's legacy infrastructure uses a third-party payment processor, but they wish the host its own Cardholder Data Environment (CDE).

This was a "snapshot" assessment covering CDE scoping, network architecture changes to enable compliance, and an actual PCI Compliance scan against an Azure network that I built to simulate a CDE. Vulnerabilities and recommended remediations are presented, in addition to addressing each of the 12 PCI requirements per PCI-DSS v3.21 with some v4.0 recommendations where appropriate.
2013 - 2014

Bachelor of Science Degree in Cybersecurity

UMUC Global - Maryland, USA

AUGUST 2013 - SEPTEMBER 2020

Certified Ethical Hacker (CEH)v7

EC-Council

NOVEMBER 2006 - PRESENT

Microsoft Certified Systems Engineer 2003 (MCSE 2003)

Microsoft

AUGUST 2006 - PRESENT

Certified Infromation Systems Security Professional (CISSP)

ISC2

JUNE 2006 - PRESENT

Cisco Certified Network Professional (Enterprise/Security)

Cisco Systems

Tools

VPN, Nessus, BMC Remedy

Industry Expertise

Network Security, Cybersecurity

Languages

Python, C++

Platforms

Windows, Linux, Windows Server, Blockchain

Paradigms

Penetration Testing, HIPAA Compliance

Other

Network Engineering, Cisco, Risk Management, GRC, Information Technology, Information Assurance, Compliance, IT Governance, Security, IT Security, Security Architecture, CISSP, Communication, Risk & Compliance, Information Security, Firewalls, Certified Information Systems Security Professional, IT Systems Management, Business Continuity & Disaster Recovery (BCDR), IT Project Management, Incident Response, Customer Support, Cryptocurrency, Risk Analysis, Information Audits, Risk Assessment, NIST, Vulnerability Assessment, Architecture, IT Management, Policy Development, Policies & Procedures Compliance, Security Policies & Procedures, Identity & Access Management (IAM), Security Analysis, Stakeholder Management, Configuration Management, IT Deployments, Incident Management, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Monitoring, Networking, Network Access Control, System Administration, Certified Ethical Hacker (CEH), Antivirus Software, IDS/IPS, Vulnerability Management, Security Audits, PCI DSS, Qualys, Digital Forensics, Ethical Hacking, Microsoft Servers, Cryptocurrency APIs, SSL Certificates, PCI, Assets, Security Engineering

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring