Nicholas Mercurio

Designed, planned, and implemented a comprehensive vulnerability management program covering both endpoint and cloud environments, ensuring effective detection and remediation of security vulnerabilities.
Built and scaled an incident response program, including on-call schedules and automated incident paging through PagerDuty, improving the team's ability to respond to incidents swiftly and efficiently.
Served as the IT & Security Subject Matter Expert for SOC2 and SOX audits, providing essential knowledge and guidance to meet regulatory compliance standards.
Identified security gaps during audit preparation, recommending and implementing efficiency improvements to streamline processes for future audits and reduce time-to-completion.
Collaborated with cross-functional teams to align security practices with industry standards, driving a culture of continuous improvement and strengthening the organization’s security posture.

Developed and taught comprehensive cybersecurity curriculum, covering critical topics such as GRC, malware analysis, and risk management.
Prepared students for real-world security challenges by incorporating practical case studies and hands-on labs focused on threat detection and incident response.
Instructed students on industry-standard security tools and frameworks, equipping them with the skills needed to succeed in cybersecurity roles.

Taught application security in the software development program, focusing on OWASP Top 10, DevSecOps, and secure coding practices.
Developed course materials and lab exercises that emphasized secure design principles, ensuring students understand how to integrate security throughout the software development lifecycle.
Promoted awareness of modern authentication and authorization models (AuthN/AuthZ), teaching best practices for safeguarding user data and systems.

Monitored and analyzed security alerts from various sources
Assisted in the development of security policies and procedures
Conducted security awareness training for employees
Led the transformation of the information security function, building a cohesive security engineering unit to align with organizational goals and improve threat mitigation.
Drove compliance efforts for SOC2 and HIPAA, enhancing privacy and security controls across the organization.
Modernized information security policies and implemented vulnerability management strategies, including DAST and SAST, to improve security posture.
Collaborated with auditors and internal teams to ensure ongoing regulatory compliance and secure public filings, minimizing cybersecurity risks.
Spearheaded risk assessments for new projects and integrated security practices across non-technical departments, embedding security into the company culture.

Led the successful transition to DevSecOps, integrating security controls early in the development lifecycle, reducing vulnerabilities and improving software security.
Directed a team of security engineers and IT professionals to improve endpoint security, identity management, and threat detection across the organization.
Automated SOX compliance processes using Okta Identity Governance, streamlining user access reviews and improving operational efficiency.
Orchestrated tabletop incident response exercises aligned with MITRE ATT&CK, training the team to effectively address real-world security incidents.
Managed relationships with penetration testing vendors, leveraging their assessments to bolster security measures and resolve identified vulnerabilities.

Enhanced endpoint security by deploying Crowdstrike and Intune across 350+ devices, significantly reducing the organization's exposure to cyber threats.
Rolled out Okta for comprehensive identity and access management (IAM), implementing MFA and streamlining user provisioning to protect sensitive data.
Developed and implemented an automated alerting system for security systems, ensuring rapid response and efficient ticketing for incident triage.
Collaborated with the incident response team to investigate and resolve security incidents, ensuring business continuity and protecting organizational assets.
Led the implementation of security best practices, ensuring compliance with industry standards and improving the company’s overall security posture.

Implemented Kandji across a fleet of 100+ MacBooks, providing centralized management and security configuration for a previously unmanaged environment.
Developed SOPs and SLAs for the Security Operations team, establishing clear processes for managing security incidents and minimizing downtime.
Contributed to the ongoing security management of the organization's infrastructure, including patch management, access control, and vulnerability scanning.

Conducted security assessments for non-profit organizations, identifying and addressing vulnerabilities to help organizations improve their security posture.
Led security awareness campaigns, educating employees and stakeholders on best practices to mitigate common threats such as phishing and malware.
Provided tailored recommendations to improve security controls, policies, and incident response processes for organizations with limited IT security resources.

Conducted vendor risk assessments for new projects, ensuring that third-party relationships adhered to the company’s security requirements.
Assisted in developing and implementing security policies, contributing to the overall security framework of the organization.
Participated in the analysis and mitigation of security risks associated with IT infrastructure, helping improve the company's threat management capabilities.

Managed IT systems and provided technical support to ensure smooth operations across the organization, focusing on securing and optimizing critical infrastructure.
Implemented regular system updates and security patches, minimizing vulnerabilities in the company’s hardware and software.
Worked with the IT team to monitor and resolve issues related to system security, uptime, and performance.

Nicholas Mercurio, CISSP