Get to Know Our Team: Our Cybersecurity Experts

In a digital landscape teeming with threats, our cybersecurity experts stand as the linchpin, orchestrating the defense that protects your sensitive data. In this blog, we highlight five of Aspis Consulting’s brilliant cybersecurity experts and explore the indispensable roles they play in the safety of our clients’ digital assets. 

Quinda Burns

Quinda Burns has been with Aspis Consulting since January of 2023. She is a Cybersecurity Analyst III—a more senior and experienced role within the field of cybersecurity. The responsibilities and duties of a Cybersecurity Analyst III can vary depending on the organization and its specific needs, but generally, they involve advanced-level tasks related to securing and protecting an organization’s information systems, networks, and data. 

Here are some common tasks and responsibilities that Quinda may handle at Aspis Consulting: 

1. Incident Response:

• Lead and participate in incident response activities to investigate and mitigate cybersecurity incidents such as breaches, intrusions, malware infections, and data breaches.
• Analyze logs, network traffic, and other forensic data to identify the root cause and extent of the incident.

2. Threat Hunting:

• Proactively search for signs of advanced threats or suspicious activity within the organization’s networks and systems.
• Use advanced threat intelligence sources, security analytics tools, and techniques such as behavioral analysis to identify and mitigate potential threats before they escalate.

3. Security Architecture Review:

• Assess the organization’s existing cybersecurity architecture, policies, and procedures to identify weaknesses and recommend improvements.
• Evaluate network designs, access controls, encryption methods, and other security measures to ensure they align with industry best practices and regulatory requirements.

4. Security Tools Management:

• Manage and optimize security technologies such as intrusion detection/prevention systems (IDS/IPS), firewalls, endpoint protection platforms (EPP), security information and event management (SIEM) systems, and other cybersecurity tools.
• Configure, tune, and update these tools to enhance their effectiveness in detecting and preventing threats.

5. Security Awareness Training:

• Develop and deliver cybersecurity training and awareness programs for employees to educate them about security best practices, common threats, and their role in maintaining a secure computing environment.
• Conduct phishing simulations, create educational materials, and organize training sessions.

6. Vulnerability Management:

• Identify, assess, and prioritize security vulnerabilities in the organization’s networks, systems, and applications.
• Use vulnerability scanning tools, conduct penetration tests, and coordinate with system owners and vendors to remediate vulnerabilities in a timely manner.

7. Policy and Compliance:

• Develop, review, and enforce cybersecurity policies, procedures, and standards to ensure compliance with relevant laws, regulations, and industry frameworks (e.g., GDPR, HIPAA, NIST, ISO 27001).
• Conduct audits, risk assessments, and gap analyses to measure compliance and identify areas for improvement.

8. Security Research and Analysis:

• Stay informed about the latest cybersecurity threats, trends, and technologies through research, industry publications, and participation in professional forums and conferences.
• Keep the organization’s security posture up-to-date and effectively mitigate emerging threats.

9. Collaboration and Communication:

• Work closely with other members of the cybersecurity team, as well as IT staff, management, and other stakeholders, to communicate security risks, coordinate response efforts, and advocate for security best practices throughout the organization.

Sarah Cummins

Sarah Cummins is Aspis Consulting’s second Cybersecurity Analyst, having been with us since February of 2023. A Cybersecurity Analyst I typically represents an entry-level position in the field of cybersecurity. Individuals in this role are often responsible for foundational tasks and activities related to securing an organization’s information systems and data. 

Here are some common responsibilities and duties that Sarah may be involved in: 

1. Security Monitoring: 

• Monitor security alerts and events using security information and event management (SIEM) tools. 
• Analyze basic security event data to identify potential security incidents. 

2. Incident Triage and Response: 

• Assist in the initial assessment and triage of security incidents. 
• Follow predefined incident response procedures and escalate incidents as necessary. 

3. Vulnerability Assessments: 

• Participate in routine vulnerability assessments to identify and report security weaknesses. 
• Work with more experienced team members to remediate identified vulnerabilities. 

4. Security Awareness: 

• Contribute to security awareness programs for employees. 
• Provide basic security training to end-users and colleagues. 

5. Security Documentation: 

• Document security procedures, configurations, and incident response activities. 
• Maintain accurate and up-to-date records of security incidents. 

6. Access Control Management: 

• Assist in managing user access controls and permissions. 
• Review and validate user access requests to ensure compliance with security policies. 

7. Security Patching: 

• Support the implementation of security patches and updates on systems and applications. 
• Work with system administrators to ensure timely patching of vulnerabilities. 

8. Security Tool Management: 

• Assist in the maintenance and configuration of security tools, such as antivirus and intrusion detection/prevention systems. 
• Monitor the effectiveness of security controls and report any anomalies. 

9. Log Analysis: 

• Review and analyze security logs to detect and respond to security incidents. 
• Work with more experienced analysts to investigate suspicious activities. 

10. Collaboration and Training: 

• Collaborate with other IT and cybersecurity team members. 
• Participate in training programs to enhance technical and cybersecurity skills. 

11. Compliance Support: 

• Contribute to compliance efforts by following security policies and procedures. 
• Assist in preparing documentation for compliance audits. 

Les Morse

An Information Systems Security Analyst I typically represents an entry-level position focused on ensuring the security and integrity of an organization’s information systems and data. Since 2020, Les Morse has been Aspis Consulting’s invaluable Information Systems Security Analyst I. 

The responsibilities of an Information Systems Security Analyst I may vary depending on the organization, but here are common tasks and duties associated with this role: 

1. Security Monitoring: 

• Monitor security alerts and events using security information and event management (SIEM) tools. 
• Review system logs to identify and respond to potential security incidents. 

2. Incident Response: 

• Assist in the investigation and resolution of security incidents. 
• Follow predefined incident response procedures and escalate issues as necessary. 

3. Access Control Management: 

• Help manage user access controls and permissions. 
• Review and validate user access requests to ensure adherence to security policies. 

4. Vulnerability Assessments: 

• Participate in routine vulnerability assessments to identify and report security weaknesses. 
• Collaborate with more experienced team members to remediate identified vulnerabilities. 

5. Security Documentation: 

• Document security configurations, procedures, and incident response activities. 
• Maintain accurate records of security incidents and resolutions. 

6. Security Awareness: 

• Contribute to security awareness programs for employees. 
• Assist in providing basic security training to end-users. 

7. Security Tool Management: 

• Assist in the configuration and maintenance of security tools, such as antivirus and intrusion detection/prevention systems. 
• Monitor the effectiveness of security controls and report any anomalies. 

8. Collaboration: 

• Collaborate with IT and other security team members to address security concerns. 
• Participate in regular security meetings and contribute to discussions on security improvements. 

9. Compliance Support: 

• Follow security policies and procedures to ensure compliance. 
• Assist in preparing documentation for security audits and compliance assessments. 

10. Security Incident Documentation: 

• Document security incidents, including their nature, impact, and remediation steps taken. 
• Prepare reports for management summarizing security incidents and responses. 

Karen Sifford

An IT Security Specialist IV typically represents a senior-level position within the field of information security. Individuals in this role are expected to have extensive experience and expertise in securing and protecting an organization’s information systems, networks, and data. Karen Sifford was hired in this role at Aspis Consulting in March of 2021. 

The specific duties and responsibilities can vary depending on the organization and its requirements, but here are common tasks associated with the role: 

1. Security Architecture and Design: 

• Lead the design and implementation of secure network and system architectures. 
• Evaluate and recommend advanced security technologies, tools, and processes. 

2. Incident Response Leadership: 

• Provide leadership in incident response activities, guiding junior team members during security incidents. 
• Lead investigations into complex security incidents and coordinate response efforts. 

3. Threat Intelligence Analysis: 

• Conduct in-depth analysis of threat intelligence to understand advanced and persistent threats. 
• Implement threat intelligence into security monitoring and incident response strategies. 

4. Advanced Vulnerability Management: 

• Oversee and perform advanced vulnerability assessments and penetration testing. 
• Develop and implement strategies for proactive vulnerability management. 

5. Security Policy and Procedure Development: 

• Develop, update, and enforce comprehensive cybersecurity policies and procedures. 
• Ensure alignment with industry regulations, standards, and best practices. 

6. Security Awareness and Training Programs: 

• Develop and lead advanced security awareness programs for employees. 
• Provide specialized security training to IT and non-IT staff. 

7. Security Audits and Assessments: 

• Lead and conduct security audits to assess the effectiveness of security controls. 
• Collaborate with internal and external auditors to ensure compliance with security standards. 

8. Security Governance: 

• Play a key role in establishing and maintaining security governance frameworks. 
• Participate in security risk assessments and develop risk mitigation strategies. 

9. Security Research and Development: 

• Stay abreast of emerging cybersecurity trends and technologies. 
• Lead research and development efforts to enhance the organization’s security posture. 

10. Security Incident Documentation and Reporting: 

• Oversee the documentation of security incidents, response actions, and lessons learned. 
• Prepare and present detailed reports to executive management on the state of cybersecurity. 

11. Collaboration and Mentorship: 

• Collaborate with cross-functional teams to address security concerns. 
• Provide mentorship and guidance to junior security team members. 

12. Strategic Planning: 

• Contribute to the development of long-term strategic plans for information security. 
• Provide input into budgeting and resource allocation for security initiatives. 

Aspis Consulting’s dedication to defending your company’s private data would not be possible without our cybersecurity experts. They work tirelessly to ensure your firewalls are impenetrable, your employees are prepared, and your assets are monitored. We are grateful to have such an intelligent, motivated team supporting our growing business—and yours.  

Who is Aspis Consulting?

Aspis Consulting is a Kansas City-based IT professional services firm specializing in cybersecurity and management consulting. Our core values are integrity, community, and diversity, and our vision is to democratize cybersecurity. Furthermore, we provide accessible enterprise cybersecurity solutions and services to organizations of all sizes, including medium-sized businesses, Fortune 500 enterprises, non-profits, and government agencies. We hold various certifications, including being an Independent Small Business, Certified HUBZone Small Business Concern, Certified LGBT Business Enterprise, Self-Certified Small Disadvantaged Business, Certified Virginia Values Veterans, and Better Business Bureau accreditation. For more information, visit our website at  https://aspis.consulting and follow us on LinkedIn, Facebook, and Instagram  for cybersecurity news and company updates.