please hire

ANDREW KIM

DOT COM

Air Force Veteran and accomplished Information Security & Privacy Leader with 15+ years of experience driving security strategy, regulatory compliance, and GRC initiatives across public and private sectors. Proven ability to elevate security awareness, safeguard sensitive data, and lead cross-functional teams through complex projects. Holds a Master’s in Cybersecurity and Information Assurance, along with CISSP, CISM, and PMP certifications. Trusted to lead enterprise efforts in privacy risk management, cyber resilience, and third-party governance.


Sacramento/SF Bay Area · me@pleasehireandrew.com · 5109261209

Experience

Privacy and Risk Management Administrator

California Highway Patrol

Advise leadership and cross-functional teams as the Department’s privacy administrator, providing expertise in privacy compliance and risk management to promote alignment with California privacy laws and regulations, State Administrative Manuals (SAM), and State Information Management Manual Standards (SIMMs).

Conducted Generative AI risk assessments across departmental business use cases, identifying compliance, security, privacy, and ethical risks and ensuring alignment with organizational policies and governance standards.

Transformed the Department’s Privacy Threshold and Impact Assessment processes by embedding privacy-by-design principles earlier into project management, third-party risk management, procurement, and technology initiatives.

Strengthened interagency data sharing by facilitating MOUs and ISAs with multiple allied agencies, streamlining workflows, implementing secure, compliant frameworks for sensitive information exchange, and enabling more efficient, collaborative operations

Manage and coordinate privacy incident response activities, leading investigations, notifications, and remediation efforts in alignment with state and federal privacy laws.

Develop, implement, and enforce privacy policies, procedures, and training initiatives to cultivate a strong culture of information protection and risk mitigation throughout the division.

April 2025 - Present | Sacramento, CA

GRC Analyst III

Clorox

Managed the Human Risk Reduction program, leading security awareness initiatives to enhance employee cyber hygiene and mitigate risks from social engineering, phishing, and insider threats.

Program manager and primary liaison to the Managed Service Provider (MSP), overseeing key project milestones, deliverables, and performance metrics.

Guided the team through Agile project execution, facilitating daily standups, tracking progress, and ensuring security awareness initiatives remained on schedule and aligned with business priorities.

Managed the company’s KnowBe4 administration team, overseeing phishing simulations, role-based training, and risk assessments to address organizational security gaps.

Authored and distributed timely internal communications, including fast-response articles and threat alerts, based on current cyber trends and real-world phishing attempts.

January 2025 - March 2025 | Pleasanton, CA

Information Security Manager

23d Combat Communications Squadron, USAF

Developed tailored security policies and procedures to better align organization’s security operations with applicable governance requirements, organizational goals, and risk tolerance to ensure the protection of sensitive data, systems, and assets.

Championed security awareness and education programs, reducing instances of data leaks, security breaches, and unauthorized disclosure by educating both technical and non-technical staff.

Developed unit security strategies and policies in alignment with organizational objectives, risk tolerance, and compliance with governing directives to effectively safeguard sensitive information, assets, and systems.

Oversaw access management program through ongoing monitoring, assessment, and validation of personnel security clearances in accordance with DoD Directives and NIST 800-171 principles.

Conducted and developed security program audits, gap analyses, and remediation plans that were directly credited for the organization’s 20% improvement during the subsequent year’s information security inspection.

June 2018 - December 2024 | Travis AFB, CA

Quality Assurance Analyst

23d Combat Communications Squadron, USAF

Standardized processes across 6 cross-functional teams, integrating audit findings into actionable strategies and remediation plans using DoD Cyberspace quality assurance methodologies, assessment protocols, and frameworks.

Reduced operational discrepancies and security vulnerabilities by 15% through targeted QA inspections, improving compliance with Air Force cyber operations standards and policies.

Conducted root cause analysis on systemic cyber quality failures, creating corrective actions that improved long-term performance and resilience.

Led root cause analysis investigations for quality issues, developing and implementing effective solutions to prevent recurrence.

Maintained continuous metrics reporting and analysis, supporting readiness and compliance for cyber operational inspections and evaluations.

January 2016 - June 2018 | Travis AFB, CA

Senior RF Transmissions Supervisor

23d Combat Communications Squadron, USAF

Oversaw multiple deployments of mobile communication systems, managing the entire system lifecycle from planning to implementation, ensuring timely delivery of IT solutions.

Commended by external auditors for asset management processes, effectively tracking over 200 classified, high-value cryptographic information system assets.

Led response efforts for RF incidents, including signal interference and intrusions, collaborating with higher-level spectrum agencies to restore system functionality and minimize disruptions.

Directed a team of 15 technicians in the deployment and optimization of RF systems, ensuring 100% system uptime and seamless signal coverage.

Developed and implemented training programs for technicians, enhancing their skills in RF system maintenance and troubleshooting.

Conducted regular system diagnostics and preventive maintenance, reducing downtime and extending equipment lifespan.

January 2010 - December 2015 | Travis AFB, CA

Education

Western Governors University

Master of Science
Cybersecurity and Information Assurance
2024

University of California, Berkeley

Bachelor of Arts
Sociology
2012

Projects

Cyber Attack Range
  • Designed, built, configured, and deployed a cybersecurity attack range to run sandboxed cybsecurity exercises. This lab was designed to execute controlled cyber attacks and evaluate detection and response capabilities of various security monitoring and administration tools.

    The lab environment consisted of virtualized Windows and Linux systems, a fully provisioned Active Directory domain, Snort for intrusion detection and prevention, Splunk for centralized log aggregation and analysis, and Tenable Nessus for vulnerability scanning.

    Simulated attacks were conducted using Kali Linux and Atomic Red Team to emulate reconnaissance and adversary behaviors aligned with the MITRE ATT&CK framework. These exercises supported comprehensive analysis of system resilience, threat visibility, and response effectiveness.
Cloud-Based Attack Range
  • The original attack range was re-architected and redeployed in AWS to improve scalability, resilience, and segmentation. Public and private subnets were configured using VPC endpoints and IAM roles to isolate internal traffic from public access.

    Additional features included a VNS3 firewall for segmented control between internal components, FSx for managed domain file sharing, and AWS Elastic Load Balancers for availability and failover support.
Training Record Automation Tool
  • Built a self-contained web application to digitize and manage Air Force training qualification records (AFJQS and DAF 797s), with no server or backend services required.

    Developed using JavaScript and HTML, the tool allows users to import folders of standardized training forms, select multiple records, and convert them into a streamlined, editable interface. It includes bulk-fill functionality for fields such as training dates, trainee initials, trainer names, and certifiers—reducing manual input and improving consistency across documents.

    This solution was designed as a proposed local training management system to address capability gaps left by the decommissioning of the Air Force’s official Training Business Area (TBA), specifically to support automated tracking of AFJQS and DAF 797 records not currently managed in the new MyTraining system.
Instagram Unfollower (Link coming soon)
  • Developed a script in Python to automate unfollowing profiles on Instagram that are not following you back.

    The script leverages Selenium and XPath to log in to a user's Instagram page, navigate to the user's 'Following' list, and identify page elements to determine whether a follow is mutual. If the profile is not following your account, the script automatically unfollows them.
The Cloud Resume Challenge
  • PleaseHireAndrew.com was created using Forrest Brazeal's Cloud Resume Challenge blueprint.

    The resume was designed to leverage AWS services and tools such as S3, Route53, Amplify, Cloudfront, Lambda, and CI/CD pipelines through Git-based source control.

Coursework

Coursework: Network Design
  • Applied vulnerability analysis and industry best practices to design secure physical and logical network architectures, configure network devices, and implement network segmentation strategies.
Coursework: Security Operations
  • Implemented Security Information Event Management (SIEM), XDR tools, Intrusion Detection and Prevention Systems (IDS/IPS) platforms, and vulnerability scanners to detect threats, automate, ingest and interpret data, identify and address vulnerabilities, and remediate compromised hosts to respond and recover from cybersecurity incidents.
Coursework: Penetration Testing
  • Leveraged a comprehensive suite of security tools (Kali, Nmap, Metasploit, Nikto, OpenVAS, Nessus, Wireshark, Burp Suite) to conduct reconnaissance, enumeration, vulnerability assessments, and exploitation for identifying enterprise vulnerabilities.
Coursework: Governance, Risk, and Compliance
  • Applied frameworks (NIST 800-37, NIST 800-171, CIS Critical Security Controls) to establish risk management plans and align organizational information security programs to regulatory requirements (FISMA, PCI-DSS, HIPAA) and strategic business objectives.
Coursework: Cybersecurity Architecture and Engineering
  • Assessed enterprise-wide solutions and cybersecurity readiness in alignment with organizational policy to protect data, evaluate cloud and virtualization solutions, analyze threats and vulnerabilities, and respond to incidents.

Certifications