Maxine Jones Portfolio

Professional Experience

Cyber Resilience Fellow — West Virginia University CRRC

August 2024 – Present

Develops and delivers cybersecurity compliance training for small businesses, nonprofits, and local governments across West Virginia critical infrastructure, including SOC 2 Compliance Awareness and Account Takeover courses aligned to NIST CSF, SOC 2 Trust Services Criteria, and CISA guidance.
Builds security awareness programs covering phishing, MFA, password security, privacy operations, and social engineering for non-technical audiences of 50+ member organizations.
Translates regulatory and security requirements into plain-language policies, guidance, and training materials, contributing to documentation for security standards aligned to CISA best practices.

CRM Systems Analyst Intern & Project Lead — Bridle Paths

January 2025 – Present | Leesburg, VA (Remote)

Leads a six-person team implementing a 54-module Zoho CRM platform for a HIPAA-regulated therapeutic riding nonprofit, serving as primary project manager and compliance lead.
Conducted an end-to-end compliance audit of the platform, authoring the engagement's first audit plan, assessing 1,100+ fields against the HIPAA compliance specification, and identifying 10 control gaps before go-live.
Documented findings with risk ratings and remediation recommendations, coordinating corrective actions to closure and producing governance documentation and automated dashboards as audit evidence.

Risk Analyst Intern (Vulnerability Management) — United Airlines

May 2024 – August 2024

Triaged 10,000+ Qualys vulnerability findings against NIST SP 800-53, scoring each by likelihood and business impact to risk-rank remediation across high-criticality assets.
Translated scan data into risk-based remediation plans mapped to asset owners and maintained POA&M-style tracking within the ISO 27001 framework to support a quarterly audit cycle.
Developed compliance documentation and dashboards aligned to NIST 800-53 control families to communicate compliance posture to leadership.

Cybersecurity Hackathon Organizer — Chicago State University

January 2025 – April 2025

Organized cybersecurity hackathon for 50+ high school students.
Coordinated logistics, faculty collaboration, and event materials.

Technical Skills

GRC & Compliance

NIST 800-53, ISO 27001, SOC 2, HIPAA, Risk Assessment, Control Testing, Evidence Collection, Policy Development, POA&M

Identity & Access Management

Microsoft Entra ID, RBAC, MFA, Conditional Access, Least Privilege, Zero Trust

Vulnerability Management

Qualys, Risk Prioritization, Patch Analysis, Remediation Tracking

SIEM & Detection

Splunk, Wazuh, Log Analysis

Incident Response

Threat Investigation, Endpoint Analysis, MITRE ATT&CK

Programming

Python, Bash, SQL

Maxine Jones

About Me

Experience

Education

Experience

Professional Experience

Cyber Resilience Fellow — West Virginia University CRRC

CRM Systems Analyst Intern & Project Lead — Bridle Paths

Risk Analyst Intern (Vulnerability Management) — United Airlines

Cybersecurity Hackathon Organizer — Chicago State University

Technical Skills

GRC & Compliance

Identity & Access Management

Vulnerability Management

SIEM & Detection

Incident Response

Programming

Projects

Featured Cybersecurity Projects

Enterprise GRC Program & Risk Management Framework

Azure AD Incident Response & Zero Trust Lab

Layered Network Security Monitoring & Fusion Detection Framework

Endpoint Incident Response & Lateral Movement Analysis

TPOT-CIC Fusion Intrusion Detection System

Academic Projects

Network Traffic Risk Assessment Using Simulated Attacks

Quantitative Risk Assessment

IT Audit Planning Project

Security Reports & Deliverables

Security Incident Report — Azure AD Credential Compromise

MDR Executive Report — Endpoint Malware & Lateral Movement

Resume & Certifications

Resume

Certification

Contact Me