SUMMARY:

Highly skilled network security analyst and IT expert with years of proven experience securing networks and data in corporate, government, and academic environments. Demonstrate expertise in identifying malicious code and traffic through traffic analysis, threat vectoring, honeypot traps, and classified means. Possess strong business experience and ability to mesh business objectives with IT resources. Design processes and system improvements to increase security while reducing costs. Work on Intrusion Detection Systems, Intrusion Prevention Systems /Forensics, and Malware Analysis for about 8 years. Fluent in English, Spanish, Chinese Mandarin and Chinese Taiwanese. Active Secret Clearance and prior DoJ Public Trust and NACI clearances.

TECHNICAL SKILLS:

Networking: TCP/IP, Ethernet, IPSEC, DES/3DES, SSH, OSPF, IPtables, Kerberos, NAT, Radius Protocol, Assymetrical PKI, Certifcate Authorities, Layer 2 (Arping, Arp Watching, Port Stealing), Layer 3 (Pf, Fragtest, traceroute, Sing, LFT, Etrace, Firewalk), Layer 4 (TCP fragroute), OWASP, BGP, EIGRP

Security Tools: Nmap, Retina Security Scanner, Superscan, Basic Analysis and Security Engine (BASE), SGUIL, SSA Ticketing System (CAPRS), Confidential Ticketing System (Mantis), Track - it, Nessus, Enterasys Dragon IDS, ArcSight ESM Logger/Console, Keystroke Logger, Encase, Forensic Toolkit, Backtrack/Auditor Security Auditing Tools, Handy PRO, Maltego, Airodump, Airmon-ng, shodan, CISCO FireSight, and CISCO AMP

Network Tools: Kismet, netcat, netcraft, hping, windump/tcpdump, netstat, WireShark/Ethereal

OS & Virtualization: Windows (32bit and 64bit), Linux (Red Hat, Fedora, Ubuntu, Debian), OSX, and VMware, Dameware

Languages: C++, Perl, Snort, PCRE, XHTML/HTML/CSS, SQL, PL/SQL, Python, Shell scripting, PowerShell, scapy

Enterprise Software: Microsoft Systems Management Server, Oracle Database, Microsoft Office

Hardware: PC Desktops, Laptops, Servers, Cisco 2600 Series Routers, Cisco 2600 Series Firewalls, CISCO ASA Firewall, Cisco PIX 500 Series Firewall

PROFESSIONAL EXPERIENCE:

Confidential, Washington D.C.

Sr. Cyber Threat Analyst

Responsibilities:

• Double checked making sure the alerts were true positive by checking the CISCO FireSight, and CISCO AMP endpoint Signature based - where the infection was originated and what process did it ran
• Made recommendation to tune out the alerts based on the signature and payload of the packet
• Made sure that after making the recommendation, the signatures alerts are not showing up again
• Made sure the noise of the sensor is tune to a minimum, but still generating alerts
• Gathered threat actors so the agency is aware of which hash value or Indicator of Compromise (IOC) to monitor
• Evaluated Oracle Identity Management (IdM), IBM Tivoli IdM, or CA IdM and made recommendation to customer the types of Identity Management tools to implement they should implement

Confidential, Washington D.C.

Information Assurance Specialist 3

Responsibilities:

• Double checked making sure the alerts were true positive by checking the CISCO SourceFire Signature based, and RNA on Microsoft Cloud
• Determined whether the Source IP, Threat Indicator, Indicator of Compromise (IOC) were legitimated by uploaded the file of the compromised machine were verified in VirusTotal
• Made sure the Tenable daily scheduled nightly Nessus scans were correctly performed
• Collaborated with DoC Computer Emergency Response Team (CERT) and US-CERT on the latest cyber threats, and performed intel/threat gathering using iSightPartners - now acquired by FireEye
• Performed SPLUNK searches on the logs to search source IP addresses or Indicator of Compromise (IOC), Pattern of Attacks (POA)
• Performed assembly language analysis on OllyDGB looking for any anomaly on the test lab

Confidential, Fort Meade, MD

Information Assurance Engineer/Security Engineer

Responsibilities:

• Installed, removed, and upgraded PVS 3.8.1 to PVS 4.0.3 on the Windows 2008 R2 (64bit)
• Installed Windows Snort IDS on the Windows 2008 R2 (64bit) and looked at the logs on the see if the logs were being recorded
• Looked for any malware or anything suspicious in FireEye, Carbon Black(endpoint), and checked to see if the malware is a false positive or false negative
• Performed daily scan result status checks ACAS Nessus scans and see if there were any failures on the scans

Confidential, Bethesda, MD

Information Assurance Engineer

Responsibilities:

• Gathered and looked for any malicious malware in FireEye for any system changes e.g. DLL changes that calls to another DLL processes that can change the registry entries, and looked for any suspicious abnormal changes in the system
• Looked for any anomaly behavior in the malware by checking if the repetitive traffic pattern by observing the traffic over a period time, in addition, performed some shell code analysis
• Gathered and looked up for any suspicious, and threatening on the site reputation, and comments
• Reviewed and searched for any traffic patterns for any deny and acceptance traffic at the CISCO ASA firewall, and as well as on the SYSLOG
• Performed and looked up at the spam/proxy to administer deny or accept traffic
• Performed and looked for any malicious and added blockage on the malicious site
• Performed SCAP Scan on machine for compliance
• Performed McAfee IntruShield IPS by looking at the Source, destination, and country of origin

Confidential, Dulles, VA

Information Assurance Specialist / Intel Analyst

Responsibilities:

• Gathered intelligence via social media, Internet chatter, and classified means to identify and classify potential threats
• Gathered intelligence for any APT, Hacktivists, or Hackers trying to take down the Agency for any malicious intent
• Reviewed Snort, and SourceFire events from ArcSight ESM Console to ensure sensor operability and further evaluated traffic events from Snortby for malicious traffic
• Scanned operating systems using Tenable Nessus and patched the application vulnerabilities using IBM BigFix
• Created incident tickets based on observations and forward to team for further action and personnel notification
• Created and currently maintain a Linux patch repository by creating a simple shell script to ensure systems are protected from known exploits. In addition, created simple python scripts to extract data from PCAP files
• Daily setup of the Video TeleConferencing (VTC) systems for the Cyber Operation Response Center (CORe) and Penetration Test Team
• Monitored and looked for suspicious traffic e.g. SQL injections, blind SQL injections, plaintext password, malware analysis, reverse engineer by looking at what kind of entry was loaded, and remove on the registry e.g. AEX, EBX, ECX, EDX and unauthorized access attempt to online applications -- by step into a function to examine the content, or step over a function and followed the OWASP guidelines for web app vulnerabilities
• Unpacking executable using the utility tool UPX, step over the code, and also look at various forensics tools such as EnCASE, and Process Explorer to monitor the processes running on the background
• Performed lookup using the “strings” command line tool to extract ASCII characters and search for indicators or by searching using a “grep” command on the log files for any Indicator of Compromise (IOC), or Pattern of Attacks (POA) based on the threat intel gathered

Confidential, Washington, DC

Desktop Scan and Remediation Expert

Responsibilities:

• Verified target connectivity; performed local scans; authenticated via LANMAN to scan remote machines
• Coordinated and scheduled time to remediate machines with identified vulnerabilities
• Patched and remediated application based patches such as SQL injection command shell exploits on the servers based on scanner recommendation, Information Assurance Vulnerability Alerts and Bulletins
• Hired through Convergez, LLC staffing agency

Confidential, Falls Church, VA

Tier III Junior Information Assurance Engineer

Responsibilities:

• Performed Security Test & Evaluations (ST&E)/upgrades for equipment to obtain authority to operate in the lab
• Tested end to end Tandberg video teleconferencing connections for stability and security
• Hardened Windows operating systems according to Security Technical Implementation Guidelines (STIG)
• Performed pen testing on laptops, and workstations
• Performed vulnerabilities scans and looked for any application vulnerabilities with the system
• Verified the stability of patches and patched Linux and Windows systems according to IAVA/IAVB notices

Confidential, Annapolis Junction, MD

Senior Consultant / Cyber Network Analyst

Responsibilities:

• Used tcpdump, WireShark, Access Control Matrix, and SNORT rules to analyze and classify traffic
• Charted traffic observations and reported abnormalities to supervisor for further action

Confidential, Fairfax, VA

Cyber Security/Network Intrusion Analyst

Responsibilities:

• Tracked malicious behavior based on watch officer instructions and traced traffic patterns to source IP
• Verified antivirus/malware findings with online analysis tools
• Attended briefings to maintain current on threats and vulnerabilities in collaboration with USCYBERCOM (Formerly known as JTF-GNO)
• Analyzed traffic patterns and looked for SQL injections, blind SQL injections and matched the signature with the payload

Confidential, Columbia, MD

QA/Network/Security Engineer

Responsibilities:

• Tested network performance with Tenable Nessus/Passive Vulnerabilities Scanning/Security Center 3 simulations
• Tested PVS, LCE, Security Center, and Nessus application to check to see the scanner had any application vulnerabilities
• Tested vulnerabilities of security verification and data protection protocols/systems
• Used Access Control Matrix to verify proper security models were implemented
• Tested information security configuration for issuing, defending, changing, and revoking passwords
• Created and tested simple bash script to run command line nessus scans

Confidential, Arlington, VA

Network Engineer II / Security Engineer II

Responsibilities:

• Checked switch status to verify all sensors were operating correctly at each remote location
• Analyzed traffic on peer to peer network and shut down traffic remotely using command prompts
• Analyzed log tcpdump, and looked at the SGUIL payload and compared it to the SourceFire signatures; looked up and modified Linux IPTables as necessary
• Utilized Microsoft Systems Management Server to identify machines operating with spyware or malware
• Analyzed code analysis by observing what kind of registry was entered in the shellcode or OllyDbg
• Hired through TMSI Staffing and promoted to CACI employee after seven months due to excellent performance

Confidential, Adelphi, MD

IT Support Associate

Responsibilities:

• Managed, maintained, and supported campus networks, peripheral equipment, software, services and devices
• Coordinated and implemented network security measures to protect data and hardware systems
• Installed or upgraded software/hardware, implemented UNIX file backup, restoration, password, shell, directory changes, and configured systems and/or applications
• Provided expertise to all users and answered queries or requests for support/training on systems and software
• Proactively monitored systems to identify problems and maintenance needs; repair systems and configurations
• Developed plans to safeguard data from accidental or unauthorized modification, disclosure, and destruction

Confidential, Adelphi, MD

Lab Assistant

Responsibilities:

• Performed risk assessments and executed tests of data processing system to ensure functioning of data processing activities and security measures
• Developed and modified, the snort, the intrusion detection systems for test laboratory environment
• Reviewed, edited documentations for the laboratory exercises
• Performed file integrity checking to ensure file accuracy and unaltered status