Y's Job Search STAR Stories

Story:

Remote Endpoint Compliance Scans

(for Windows / macOS / Linux)

---

- Automation

- Risk Assessment for Vendor Access

- Endpoint Compliance Enforcement (Strongest AT&T story)

S: Remote‑access endpoints needed strict compliance.

T: Ensure only secure devices connected.

A: Scanned Windows/macOS/Linux for OS patch level, AV, automated readiness checks, enforced remediation.

R: Reduced risk, improved consistency across 200,000+ endpoints.

Story:

BSOD Incident

---

• Root Cause Analysis (RCA) (AT&T loves this)

• Leading through a Challenge

S: Vendor BSOD due to conflicting VPN clients.

T: Restore access and prevent recurrence.

A: Troubleshot with RAS‑IS, fixed issue, created new pre‑check process.

R: No repeat incidents; smoother installations.

Story:

Wrote and Maintained the Service Manager Handbook

(for SM onboarding and Audit)

---

• Leadership

• Standardizing Documentation (AT&T values operational maturity)

S: Service Managers lacked consistent guidance.

T: Improve onboarding and reduce escalations.

A: Revised and maintained the Service Manager Handbook.

R: Became the primary training resource.

Story:

Built custom least privilege solutions for secure remote connections

All solutions:

• Full VPN to network

• Connect to a virtual controlled access network

• Connect to a physical controlled access network

• Connect to a Citrix server with hosted applications

• Connect to a virtual PCTIAA‑Focused STAR Stories (Architecture, Collaboration, Risk)

---

• Architecture

• Collaboration

• Risk

• Designing Secure Remote‑Access Architecture

S: LOBs needed secure VERA solutions.

T: Balance business needs with security.

A: Designed solutions, validated endpoint posture, documented workflows.

R: Faster onboarding, fewer escalations, consistent security posture.

DELETE ME

TIAA‑Focused STAR Stories (Architecture, Collaboration, Risk)

2. Risk Assessment for Vendor Access

S: Vendors needed access from unmanaged devices.

T: Assess and mitigate risk.

A: Checked OS patching, AV, DLP compliance; enforced remediation.

R: Reduced risk of compromised endpoints entering the network.

Story 1:

Matt contradicted me during the call

Story 2:

Jeff suggested reversing weeks of progress

---

Conflict Resolution With Engineers

Uncooperative Team Member

S: Engineer suggested reversing weeks of work.

T: Keep project on track.

A: Acknowledged suggestion on call, aligned privately afterward.

R: Project stayed on track; relationship improved.

Review / Revise:

"When a coworker contradicted me on a call, I stayed professional, addressed it privately, and aligned expectations. It improved our working relationship."

ADD: coaching, mentoring, or conflict‑resolution frameworks. Utilized coaching strategies to guide the engineer and employed conflict-resolution techniques to mediate the disagreement, fostering a collaborative work environment.

DELETE

Spoken‑Style Version

Uncooperative Team Member

"When a coworker contradicted me on a call, I stayed professional, addressed it privately, and aligned expectations. It improved our working relationship."

ADD: coaching, mentoring, or conflict‑resolution frameworks.

Story

Vendor Compromised System

---

Cyber Attack Experience

STAR

"We had an incident where a vendor's system was compromised by malware. We needed to isolate their connections and remove them from our network

Using group management we were able to not only immediately drop their VPN connection, we then prevented them from accessing our VPN till they proved they had resolved their malware issue.

Such rapid response potentially saved Wells Fargo millions of dollars in damage and remediation efforts had we gotten infected.

Created presentation and presented to team

Manager used my slides for his presentation to his managers

---

Collaborating With Business Leaders

STAR

"I worked closely with LOBs on VERA solutions. I translated their needs into secure technical requirements and created presentations that leadership still uses today."

DELETE

Leading Through a Challenge

"When a vendor hit a BSOD due to conflicting VPN clients, I coordinated troubleshooting, restored access, and then created a new process requiring pre‑checks and engineer involvement. It prevented repeat incidents."

Spoken‑Style Version

Threat Modeling / Networking

"I design networks the same way I designed secure remote‑access environments — segmentation, allow‑lists, identity‑aware access, and strong logging."

Spoken‑Style Version

Risk Assessment

"I regularly assessed risks for remote‑access solutions. For example, when onboarding vendors, I evaluated OS patch levels, AV status, and DLP compliance before granting access. My process is asset → threats → vulnerabilities → likelihood → impact → mitigation."

Spoken‑Style Version

IaC / Docker

"I haven't used Docker or Terraform directly, but the principles I've applied for years translate directly: secure baselines, automation, version control, and no drift. For Docker, I'd enforce minimal images and scanning. For Terraform, I'd embed security into modules and require code reviews."

Spoken‑Style Version

IAM (Hybrid / Multi‑Domain)

"My guiding principles are least privilege, MFA everywhere, and a single authoritative identity source. In multi‑domain environments, I standardize group structures, use federation, and ensure consistent authentication flows. I also validate endpoint posture before granting access — something I enforced heavily at Wells Fargo."

Spoken‑Style Version

Cloud Security (AWS / SaaS / Lambda)

"I approach cloud security the same way I approached securing 200,000+ endpoints — strong isolation, least privilege, and continuous validation. For a multi‑tenant SaaS app, I'd isolate tenants at the VPC or IAM boundary level, encrypt everything, and centralize logs. For Lambda, I'd keep permissions minimal, secure environment variables, and ensure all code is scanned and version‑controlled."

BEHAVIORAL (AT&T + TIAA)

Leading Through a Challenging Situation

BSOD incident with conflicting VPN clients.

You coordinated troubleshooting, restored access, and

created a new process to prevent recurrence.

BEHAVIORAL (AT&T + TIAA)

Collaborating With Business Leaders

VERA remote‑access solutions: you translated business needs into secure technical requirements.

Presented to my team and incorporated in the Service Manager handbook

Became the team process??? wording???

Your presentations became the standard for your manager future presentations

BEHAVIORAL (AT&T + TIAA)

Significant Cyber Attack Experience

You weren't SOC, but you protected the attack surface

by enforcing endpoint compliance (patching, AV, DLP).

This directly reduces lateral movement and credential‑based attacks.

REPLACE: "We had an incident where a vendor's system was compromised by malware. We needed to isolate their connections and remove them from our network

Using group management we were able to not only immediately drop their VPN connection, we then prevented them from accessing our VPN till they proved they had resolved their malware issue.

Such rapid response potentially saved Wells Fargo millions of dollars in damage and remediation efforts had we gotten infected.

BEHAVIORAL (AT&T + TIAA)

Uncooperative Team Member

Matt contradicted you on a customer call.

You stayed professional,

addressed it privately, aligned expectations, and improved the relationship.

ADD: coaching, mentoring, or conflict‑resolution frameworks.

TECHNICAL (AT&T + TIAA)

Cloud Security (AWS / SaaS / Lambda)

I'd follow this process:

Use strong tenant isolation (VPCs, IAM boundaries, per‑tenant encryption keys).

Enforce least privilege everywhere (roles, policies, API access).

Encrypt all data in transit and at rest.

Centralize logs (CloudWatch → SIEM).

For Lambda: least‑privilege roles, VPC‑attached functions when needed, encrypted environment variables, code scanning, version control.

TECHNICAL (AT&T + TIAA)

IAM (Hybrid + Multi‑Domain)

I'd follow this process:

Single authoritative identity source.

MFA everywhere.

Role‑based access, not user‑based.

Standardized group structures across domains.

Use federation (SAML/OIDC) for cross‑domain access.

Validate endpoint posture before granting access (your real‑world strength).

TECHNICAL (AT&T + TIAA)

IaC / Docker

You haven't used Docker/Terraform directly, but your principles transfer:

- Secure baselines

- Automated validation

- Version control

- No drift

Docker: minimal images, vulnerability scanning, no embedded secrets.

Terraform: code reviews, reusable secure modules, embedded guardrails.

TECHNICAL (AT&T + TIAA)

Risk Assessment

Identify asset → threats → vulnerabilities → likelihood → impact → mitigation.

Example from your history: vendor remote‑access risk assessment (patch level, AV status, DLP compliance).

Threat Modeling / Networking

Least privilege, segmentation, allow‑lists.

Identity‑aware access.

Logging + monitoring.

Same principles you used for remote‑access security.

8. Describe your experience with a recent, significant cyber attack and its implications.

"We had an incident where a vendor's system was compromised by malware. We needed to isolate their connections and remove them from our network

Using group management we were able to not only immediately drop their VPN connection, we then prevented them from accessing our VPN till they proved they had resolved their malware issue.

Such rapid response potentially saved Wells Fargo millions of dollars in damage and remediation efforts had we gotten infected.

9. Tell me about a time you faced an uncooperative team member and how you dealt with it.

"During a requirements meeting, a team member contradicted me during a customer call. I stayed professional during the call to avoid confusing the customer. Afterward, I contacted him privately, explained the impact, and we agreed to resolve disagreements offline. This improved our working relationship and prevented future issues."