please hire

ANDREW KIM

DOT COM

Air Force Veteran and accomplished Information Security & Privacy Leader with 15+ years of experience driving security strategy, regulatory compliance, and GRC initiatives across public and private sectors. Proven ability to elevate security awareness, safeguard sensitive data, and lead cross-functional teams through complex projects. Holds a Master’s in Cybersecurity and Information Assurance, along with CISSP, CISM, and PMP certifications. Trusted to lead enterprise efforts in privacy risk management, cyber resilience, and third-party governance.


Sacramento/SF Bay Area · me@pleasehireandrew.com · 5109261209

Experience

Data Privacy and Risk Manager

California Highway Patrol

Lead and oversee all privacy functions for California Highway Patrol, serving as the agency authority on privacy compliance, risk management, and data governance.

Direct and execute Privacy Threshold Analyses (PTA) and Privacy Impact Assessments (PIA) to assess and mitigate privacy risks for new and ongoing systems, programs, procurement, and technologies.

Ensure strict alignment with California Privacy laws, State Administrative Manuals (SAM), and State Information Management Manual Standards (SIMMs) to maintain regulatory compliance and data protection.

Provide strategic guidance and collaborate with executive leadership, IT, legal, and operational teams to embed privacy requirements into all facets of information management, including software procurement processes and the formalization of data-sharing arrangements through MOUs and ISAs with external organizations.

Manage and coordinate privacy incident response activities, leading investigations, notifications, and remediation efforts in alignment with state and federal privacy laws.

Develop, implement, and enforce privacy policies, procedures, and training initiatives to cultivate a strong culture of information protection and risk mitigation throughout the division.

April 2025 - Present | Sacramento, CA

GRC Analyst III

Clorox

Oversaw the company’s Human Risk Reduction initiative, managing a security awareness program focused on improving employee cyber hygiene and reducing risk from social engineering, phishing, and insider threats.

Program manager and primary liaison to the Managed Service Provider (MSP), overseeing key project milestones, deliverables, and performance metrics.

Led the team’s transition from traditional Waterfall to Agile project management, facilitating daily standups, sprint planning, and retrospectives to improve team collaboration and keep security awareness initiatives aligned with evolving business needs.

Administered company’s KnowBe4 platform, delivering phishing simulations, role-based training, and risk assessments tailored to address organizational security gaps.

Authored and distributed timely internal communications, including fast-response articles and threat alerts, based on current cyber trends and real-world phishing attempts.

January 2025 - March 2025 | Pleasanton, CA

Information Security Manager

23d Combat Communications Squadron, USAF

Developed tailored security policies and procedures to better align organization’s security operations with applicable governance requirements, organizational goals, and risk tolerance to ensure the protection of sensitive data, systems, and assets.

Championed security awareness and education programs, reducing instances of data leaks, security breaches, and unauthorized disclosure by educating both technical and non-technical staff.

Developed unit security strategies and policies in alignment with organizational objectives, risk tolerance, and compliance with governing directives to effectively safeguard sensitive information, assets, and systems.

Oversaw access management program through ongoing monitoring, assessment, and validation of personnel security clearances in accordance with DoD Directives and NIST 800-171 principles.

Conducted and developed security program audits, gap analyses, and remediation plans that were directly credited for the organization’s 20% improvement during the subsequent year’s information security inspection.

June 2018 - December 2024 | Travis AFB, CA

Quality Assurance Analyst

23d Combat Communications Squadron, USAF

Standardized processes across 6 cross-functional teams, integrating audit findings into actionable strategies and remediation plans using DoD Cyberspace quality assurance methodologies, assessment protocols, and frameworks.

Reduced operational discrepancies and security vulnerabilities by 15% through targeted QA inspections, improving compliance with Air Force cyber operations standards and policies.

Conducted root cause analysis on systemic cyber quality failures, creating corrective actions that improved long-term performance and resilience.

Led root cause analysis investigations for quality issues, developing and implementing effective solutions to prevent recurrence.

Maintained continuous metrics reporting and analysis, supporting readiness and compliance for cyber operational inspections and evaluations.

January 2016 - June 2018 | Travis AFB, CA

Senior RF Transmissions Supervisor

23d Combat Communications Squadron, USAF

Oversaw multiple deployments of mobile communication systems, managing the entire system lifecycle from planning to implementation, ensuring timely delivery of IT solutions.

Commended by external auditors for asset management processes, effectively tracking over 200 classified, high-value cryptographic information system assets.

Led response efforts for RF incidents, including signal interference and intrusions, collaborating with higher-level spectrum agencies to restore system functionality and minimize disruptions.

Directed a team of 15 technicians in the deployment and optimization of RF systems, ensuring 100% system uptime and seamless signal coverage.

Developed and implemented training programs for technicians, enhancing their skills in RF system maintenance and troubleshooting.

Conducted regular system diagnostics and preventive maintenance, reducing downtime and extending equipment lifespan.

January 2010 - December 2015 | Travis AFB, CA

Education

Western Governors University

Master of Science
Cybersecurity and Information Assurance
2024

University of California, Berkeley

Bachelor of Arts
Sociology
2012

Projects

Cyber Attack Range
  • Designed, built, and configured a simulated enterprise Security Operations Center (SOC) to practice system administration, execute controlled cyber attacks, and evaluate detection and response capabilities including logging, alerting, and incident analysis.

    The lab environment consisted of virtualized Windows and Linux systems, a fully provisioned Active Directory domain, Snort for intrusion detection and prevention, Splunk for centralized log aggregation and analysis, and Tenable Nessus for vulnerability scanning.

    Simulated attacks were conducted using Kali Linux and Atomic Red Team to emulate reconnaissance and adversary behaviors aligned with the MITRE ATT&CK framework. These exercises supported comprehensive analysis of system resilience, threat visibility, and response effectiveness.
Cloud-Based Attack Range
  • The original attack range was re-architected and redeployed in AWS to improve scalability, resilience, and segmentation. Public and private subnets were configured using VPC endpoints and IAM roles to isolate internal traffic from public access.

    Additional features included a VNS3 firewall for segmented control between internal components, FSx for managed domain file sharing, and AWS Elastic Load Balancers for availability and failover support.
Training Record Automation Tool
  • Built a self-contained web application to digitize and manage Air Force training qualification records (AFJQS and DAF 797s), with no server or backend services required.

    Developed using JavaScript and HTML, the tool allows users to import folders of standardized training forms, select multiple records, and convert them into a streamlined, editable interface. It includes bulk-fill functionality for fields such as training dates, trainee initials, trainer names, and certifiers—reducing manual input and improving consistency across documents.

    This solution was designed as a proposed local training management system to address capability gaps left by the decommissioning of the Air Force’s official Training Business Area (TBA), specifically to support automated tracking of AFJQS and DAF 797 records not currently managed in the new MyTraining system.
Instagram Unfollower (Link coming soon)
  • Developed a script in Python to automate unfollowing profiles on Instagram that are not following you back.

    The script leverages Selenium and XPath to log in to a user's Instagram page, navigate to the user's 'Following' list, and identify page elements to determine whether a follow is mutual. If the profile is not following your account, the script automatically unfollows them.
The Cloud Resume Challenge
  • PleaseHireAndrew.com was created using Forrest Brazeal's Cloud Resume Challenge blueprint.

    The resume was designed to leverage AWS services and tools such as S3, Route53, Amplify, Cloudfront, Lambda, and CI/CD pipelines through Git-based source control.

Coursework

Coursework: Network Design
  • Applied vulnerability analysis and industry best practices to design secure physical and logical network architectures, configure network devices, and implement network segmentation strategies.
Coursework: Security Operations
  • Implemented Security Information Event Management (SIEM), XDR tools, Intrusion Detection and Prevention Systems (IDS/IPS) platforms, and vulnerability scanners to detect threats, automate, ingest and interpret data, identify and address vulnerabilities, and remediate compromised hosts to respond and recover from cybersecurity incidents.
Coursework: Penetration Testing
  • Leveraged a comprehensive suite of security tools (Kali, Nmap, Metasploit, Nikto, OpenVAS, Nessus, Wireshark, Burp Suite) to conduct reconnaissance, enumeration, vulnerability assessments, and exploitation for identifying enterprise vulnerabilities.
Coursework: Governance, Risk, and Compliance
  • Applied frameworks (NIST 800-37, NIST 800-171, CIS Critical Security Controls) to establish risk management plans and align organizational information security programs to regulatory requirements (FISMA, PCI-DSS, HIPAA) and strategic business objectives.
Coursework: Cybersecurity Architecture and Engineering
  • Assessed enterprise-wide solutions and cybersecurity readiness in alignment with organizational policy to protect data, evaluate cloud and virtualization solutions, analyze threats and vulnerabilities, and respond to incidents.

Certifications