Portfolio of Hector Acosta
Work Experience
2025 -
Present
InfoSec Leader
Spearhead enterprise-level cybersecurity operations for Arista Enterprise’s Virtual Engineer platform, ensuring security and compliance across all cloud-native environments. Champion the implementation of robust frameworks and governance programs aligned with NIST CSF 2.0, ISO/IEC 27001, SOC 2, and GDPR, driving regulatory adherence and stakeholder confidence. Author and maintain critical documentation including the Information Security Policy, Phishing Simulation Strategy, and Vulnerability Management Program, embedding security best practices across the development and production lifecycles.
Collaborate cross-functionally with engineering, DevOps, and executive leadership to embed security into CI/CD pipelines and multi-tenant SaaS architecture. Chair the Vulnerability Remediation Control Board (VRCB), leading the lifecycle of security findings—from triage and prioritization to remediation, evidence review, and closure—ensuring a repeatable and auditable approach to risk management.
Lead threat modeling exercises and oversee security assessments across development, staging, and production environments, proactively identifying gaps and enforcing mitigation strategies. Establish clear security baselines and workflows to support audit readiness and incident response efficiency. Elevate team capabilities by fostering a culture of accountability, technical excellence, and continuous improvement in all facets of platform security.
2015 -
Present
Foreman
Spearhead the enhancement of machine shop operations, emphasizing the importance of information security and regulatory compliance. Foster a culture of excellence, with a keen focus on optimizing resource utilization, establishing robust external partnerships for machinery maintenance, and rigorously enforcing safety and quality standards. Utilize a proactive approach to developing a structured training program that significantly uplifts the skillset of the team, boosting productivity, and ensuring adherence to the highest industry standards. Efficiently manage inventory and leverage technology for work orders and employee scheduling, streamlining operations, contributing to the organization’s overarching objectives. Collaborate with management, HR, and team members to aligning production schedules with the company’s strategic goals, underpinning commitment to excellence in every facet of operations.
2013 -
2015
Computer Numerical Control Machinist
Specialized in operating and programming cutting-edge machinery, including Haas CNC mill machines, Puma CNC lathe machines, and prototrack machines. Expertise in setting up machinery, creating efficient programs, and conducting precise machine adjustments was instrumental in meeting and surpassing production requirements. Leveraged SolidWorks programming to significantly optimize manufacturing processes, demonstrating strong commitment to enhancing operational efficiency and product quality. Ability to quickly adapt to new technologies and implement improvements in the manufacturing process underscored dedication to excellence and continuous learning in the field of information security and regulatory compliance
Production Supervisor
2011 -
2013
As a production supervisor at AJM Packaging, my role was to direct the machine operators and packers, schedule production changes, and ensure the quantity and quality of the products.
Skills & Expertise
-
I bring a strong foundation in cybersecurity leadership, with a proven ability to develop, document, and implement security governance strategies aligned with industry standards such as NIST CSF 2.0, ISO/IEC 27001, SOC 2, and GDPR. I am skilled in decision-making and cross-functional coordination, and I thrive in collaborative environments where I can align technical solutions with stakeholder expectations.
-
My hands-on experience includes managing threat detection and response processes in a simulated SOC environment, where I’ve used enterprise-grade tools like Splunk, SecurityOnion, Palo Alto Networks, Suricata, and the Elastic Stack to conduct log analysis, malware investigations, and incident triage. I’ve also developed reverse engineering and forensic skills through structured cyber range engagements.
-
In addition to my blue team expertise, I possess strong documentation and policy writing capabilities, having authored vulnerability management programs, phishing simulation strategies, and information security policies for cloud-native SaaS platforms.
-
On the technical side, I am proficient with Linux systems and command-line operations. I can navigate and manage Linux directories, manipulate files and permissions, install and manage packages, and troubleshoot services using CLI tools. I am also familiar with scripting in Python and JavaScript, and I’ve used tools like Wireshark, Volatility, and Kali Linux to perform detailed security analysis and testing.
-
Moreover, my background in operational leadership has equipped me with the ability to train others, manage resources effectively, and implement structured process improvements — all while embedding security and quality compliance into day-to-day workflows.
Education
2025 to Present
Cybersecurity and Networking Associates
The program teaches strategies for protecting information, infrastructure, and brands from cyberattacks. It includes courses that prepare for relevant cyber security certifications such as CompTIA A+, Cloud+, LINUX+, NETWORK+, PenTest+, Security+, EC Council Certified Ethical Hacker, and Certified Network Defender.Ø Currently enrolled in a Cybersecurity and Networking Associate with DeVry University, with 95% of coursework completed and a maintained 4.0 GPA.
Completed 2025
Certification in Cybersecurity
The program teaches strategies for protecting information, infrastructure, and brands from cyberattacks. It includes courses that prepare students for relevant cybersecurity certifications, such as CompTIA A+, Cloud+, Linux+, Network+, PenTest+, Security+, EC-Council Certified Ethical Hacker, and Certified Network Defender. Completed a Cyber Security certificate program with DeVry University, coursework completed, with a 4.0 GPA.
2024
Cousera
Learning Linux for LFCA Certification In this specialization, I have learned about the Linux operating system, services available, major distributions, how to manage and link files, combining commands for automatons, and creating new tools. I also explored different cloud computing models, managing virtual machines, using the Git version control system, DevOps and replicating environments. I also delved into security, applying permissions, authentication, local and remote system logging, connecting Linux computers together, managing users and devices, and installing application software on a Linux system.
​
Coursera
2024
Embarking on my networking journey, I delved into fundamental theory and terminology, exploring network components, node functions, and models like OSI and TCP/IP. Mastering Ethernet protocols, DHCP, DNS, and troubleshooting techniques, I gained hands-on experience with switches, routers, and packet sniffers. Culminating in a capstone project, I showcased my mastery of networking essentials and practical skills, setting the stage for further growth in this dynamic field.
2024
Cisco Networking Academy
Junior Cybersecurity Analyst Certification
​
Overview: I am proud to have completed the Junior Cybersecurity Analyst Career Path through Cisco Networking Academy. This comprehensive program has equipped me with a robust set of skills to enhance my proficiency in network security and risk management.
Key Competencies:
-
Network Protection Techniques: Proficient in implementing and managing firewalls, cloud security measures, and cryptographic techniques to ensure robust network defense.
-
Security Alerts and Governance: Skilled in monitoring and responding to security alerts, as well as understanding and applying security governance frameworks.
-
Vulnerability Assessment and Risk Management: Experienced in conducting thorough network vulnerability assessments and creating detailed risk management plans to mitigate potential threats.
-
Forensic Investigations and Incident Response: Adept at performing forensic investigations and planning effective incident responses to address security breaches.
Coursera
2023
I received my Google Cybersecurity Certificate I have completed eight courses, developed by Google, that include hands-on, practice-based assessments and are designed to prepare them for entry-level roles in cybersecurity. They are competent in beginner-level Python, Linux, SQL, Security Information and Event Management (SIEM) tools, and Intrusion Detection Systems (IDS). They know how to identify common cybersecurity risks, threats, and vulnerabilities, as well as the techniques to mitigate them.