Jason R. Hall

Cybersecurity Specialist

US (Remote) πŸ“§ jsnryhl@gmail.com Β·

Professional Summary

Accomplished cybersecurity operations leader with over 20 years in IT and 15+ years of experience in security operations, vulnerability management, and secure configuration management across cloud and hybrid environments, including AWS, Azure, and Google Cloud Platform.

Proficient in implementing and optimizing security frameworks and standards such as NIST SP 800-53, NIST CSF, NIST RMF, CIS Controls & Benchmarks, DISA STIGs/SCAP, PCI-DSS, SOX, FFIEC, NYDFS, SOC 2, and FedRAMP. Demonstrated expertise in vulnerability discovery, risk-based prioritization, remediation governance, and audit readiness.

Skilled in developing and enforcing configuration baselines, continuous monitoring, security compliance, and posture management. Experienced in deploying and automating security tooling with Qualys VMDR, Tenable/Nessus, Rapid7, Splunk, CIS-CAT, and SCAP-based tools. Adept in security automation and scripting using Ansible, Terraform, Python, PowerShell, and Bash.

Professional Experience

Cybersecurity Specialist

Security Engineering & Compliance (Independent)
Jan 2025 – Present Β· Remote

Independent security engineering role focused on compliance automation, secure configuration management, and risk-based vulnerability management across cloud and hybrid environments.

  • Translate security frameworks into enforceable, repeatable technical controls aligned to NIST SP 800-53, NIST CSF/RMF, CIS Controls & Benchmarks, DISA STIGs/SCAP, and PCI-DSS
  • Design automation-supported workflows for continuous control validation, audit-ready evidence generation, and remediation tracking
  • Apply risk-based prioritization and threat modeling to focus remediation on highest-impact exposures
  • Produce executive- and regulator-ready security standards, policies, and technical documentation

Senior Cybersecurity Engineer

Truist
Mar 2020 – Jan 2025 Β· Richmond, VA

Enterprise security engineering role supporting regulated financial services operations.

  • Led enterprise vulnerability management programs including discovery, prioritization, remediation tracking, and executive reporting
  • Directed secure configuration baseline enforcement aligned to CIS Benchmarks and DISA STIGs/SCAP across cloud and hybrid environments
  • Owned compliance automation workflows supporting continuous control validation and audit readiness
  • Governed remediation using risk acceptance, exception handling, and compensating control analysis

Cybersecurity Engineer

Capital One
Jan 2012 – Mar 2020 Β· Richmond, VA

Progressive cybersecurity engineering role contributing to the maturation and scaling of enterprise security programs.

  • Supported enterprise vulnerability management and secure configuration initiatives
  • Contributed to audit readiness through control validation, evidence generation, and remediation verification
  • Standardized vulnerability assessment and reporting workflows to improve consistency and visibility
  • Partnered with engineering and compliance teams to translate findings into defensible risk decisions

Systems Engineer, Security Analyst

Northrop Grumman
Sept 2008 – Jan 2012 Β· Richmond, VA

Security engineering role supporting defense and government-aligned systems.

  • Enforced DISA STIG and SCAP-based configuration standards across mission-critical systems
  • Conducted vulnerability assessments and configuration validation in regulated environments
  • Supported DoD audit readiness through evidence collection, reporting, and remediation validation

Key Achievements

  • Delivered sustained risk reduction by operationalizing risk-based vulnerability management and secure configuration governance
  • Improved remediation efficiency through structured prioritization, SLA governance, and validation workflows
  • Strengthened audit readiness by shifting from point-in-time evidence collection to continuous control validation
  • Reduced configuration drift through standardized baseline enforcement aligned to CIS Benchmarks and DISA STIGs/SCAP
  • Enhanced executive visibility into security posture through clear, decision-oriented reporting

Professional Certification Equivalencies (Experience-Based)

The following represent experience-based professional equivalencies derived from extensive hands-on practice and leadership responsibility. These are not vendor-issued certifications.

  • CISSP (Experience-Based Equivalent) – Enterprise security architecture, risk management, vulnerability management, and security operations
  • CISM (Experience-Based Equivalent) – Security program governance, executive reporting, and risk-based decision-making
  • CISA (Experience-Based Equivalent) – Audit readiness, control validation, evidence generation, and compliance reporting
  • CCSP (Experience-Based Equivalent) – Cloud security architecture and compliance alignment across AWS, Azure, and GCP

Professional Affiliations

  • CIS – Community Contributor
  • ISACA – Professional Member
  • OWASP – Community Contributor

Education

Bachelor’s Degree – Information Systems
Richmond, VA Β· 2004 – 2007