SUMMARY:

• Results driven, process oriented technical leader with 10 years of prior military service and over 12 years in the DoD, IC, and Civilian Federal Agencies working directly in, or in support of, Computer Network Defense and Information/Cyber Security efforts.
• Performing incident response, penetration testing, APT focused threat intelligence, IDS/IPS monitoring, and network/computer forensics.
• Supplemented technical experience with parallels roles in training and tradecraft instruction in multiple fields.
• Published and presented findings as technical and executive reports, influencing senior staff decisions, enterprise - wide security postures, and strategic alignments for Computer Network Operations.
• Often served as a liaison between various organizations or teams to improve communication and expedite operations.

TECHNICAL SKILLS:

Networking: IEEE802.1, TCP/IP, VPNs, SSH tunneling, FTP/SFTP servers, firewalls, network, and router concepts (DNS, DHCP), mobile communications (GSM, IMEI, IMSI,), PuTTY, Hyperterm, Proxies, Windows/Linux command lines.

Red Team: Kali, NMAP, NMAP NSE, Nikto, hping3, fping, enum4linux, Metasploit framework, Burp, ZAP, Armitage, Nessus, OpenVas, Mutillidae, DVWA, Netcat, nbtscan, Cobalt Strike, IDE Debugger, SQLMap

Blue Team: IDS/IPS systems (Snort, FireEye, Dragon, Tipping Point), logs analysis/audit systems/SIEMs (Splunk, ArcSight, RSA, Niksun, Lancope), Virtual Machines (VMWARE/Oracle VirtualBox), and other forensic tools (EnCase), and enterprise level appliances.

Basic Systems: Windows, Solaris, Linux (Mint, Ubuntu, Kali/Backtrack), Mac OS, Cisco IOS, Android, Microsoft Office Suite, Google cloud, Google Earth, Google Translate, Crypto Currencies (Bitcoin, etc.)

Languages: Fluent in Farsi (3/3), Dari (2+/3), and Spanish (heritage). Capable in Pashto (2/2). Familiar with Bash, Python, Powershell, HTML, SQL, Java, and C.

PROFESSIONAL EXPERIENCE:

Confidential

Principal Engineer, Penetration Tester

• Perform manual penetration tests of scoped systems/applications including, but not limited to, vulnerability assessments using automated tools (SQL Map, Metaspoit, BurpSuite, etc) and validate results. Document relevant exploits and the results of any engagement for remediation and final reporting. Report discoveries to assist in building on methodologies as promulgated by industry standards (NIST, ISO, etc.). Following industry best practices and methodologies, including the Open Web Application Security Project (OWASP) Testing Guide. Ensure that useful, measurable, and repeatable methods are applied in quantifying risk.
• Develop automation/scripts for replicating vulnerability validation and penetration tests. Verify security findings from other members of the penetration testing team. Cross-train other specialist security engineers, leveraging their assistance with assessments to further improve enterprise security posture. Research new threats, attack vectors, and risk for help in devising plans and scenarios for various types of penetration tests and in developing custom proof-of-concept exploits that illustrate exploitable vulnerabilities. Assist in scoping projects out and developing ground rules for engagements through Rules of Engagement (RoE) and Service Request Plan (SRP) statements.
• Select, install, and configure security testing platforms and tools. Develop tools, techniques, and procedures for engagements to support the monitoring, testing, and troubleshooting of cybersecurity issues. Work with other IT professionals providing quality assurance and security guidance for a centralized software testing environment; collaborating with Software Testers, Developers, and Systems Administrators to enable robust testing of applications in a virtualized environment.

Confidential

Watch Officer, Cyber SME

• Lead and manage integrated 24x7x365 Security and Network Operations Centers (SOC/NOC) as a direct representative of the Chief Information Security Officer (CISO), resolving issues by interfacing with senior government managers. Serve as the primary point of contact for enterprise incidents and change during the assigned shift to ensure that internal controls are in place and operating effectively.
• Direct, in real time, and in accordance with mission requirements: incident handling, forensic triage, network analysis, threat detection, trend analysis, metric development, and the dissemination of information on any critical system vulnerabilities and outages for agency wide coordination and situational awareness. Offering technical expertise while coordinating, and interpreting the efforts of team members engaged in technical analysis, strategies, and their implementations in the proactive defense of the Confidential network, its mission critical systems, sensitive data, and users.
• Performs data analysis and monitor vendor performance during the shift to quickly identify issues and take action if warranted; addressing difficult and complex developments while functioning under limited direction and providing content for cyber security and infrastructure program reviews that are used to brief senior management of the status and challenges with operations.
• Initiate, maintain, and revise policies and procedures for the Operations Center. Conduct long range planning to maintain continuity of operations, such as by developing and managing ITIL-based services using Service Operations, Service Transition and Continual Service Improvement methodologies. Promoting a comprehensive understanding of interdependencies and how areas collectively integrate and contribute towards achieving the Operation Center’s objectives.

Confidential

Fusion Analyst, Cyber Threat Intelligence Analyst

• Processed and evaluated raw intrusion data into timely assessments. Compiled relevant all source intelligence for in corporation into product briefings and IC reports presented to senior leaders and conferences. Extracted actionable information and indicators from intelligence reporting and articulated to network defenders to update network security posture. Ensured data flows are maintained between internal tools and the enterprise-wide reporting dashboard, investigating incidents through daily monitoring, intrusion analysis, and remediation using SIEM, IDS, IPS, Anti-Virus, and Forensics tools.
• Worked directly with incident handling to bridge the gap between the IT and IC, operated at every level of the security stack: monitored CVEs, tracked exploits and threat actors, and provided customers with timely reporting to help focus and allow for advantaged decisions. Summarized data captures triaged by volatility through using imaging systems to safely analyze intrusions without compromising evidence, use packet sniffer to investigate network traffic, and review audit logs for important information.
• Engaged in planning, directing, and managing of Computer Incident Response Team (CIRT) operations and utilized various open source and commercial analysis tools used for incident analysis (network and host based). Analyzed and identified relationships and trends between short term and long term incident patterns, providing trend analysis in quarterly and yearly trend analysis reports.

Confidential

Cyber Security Analyst, SOC

• Supported information assurance efforts by working with Intrusion Detection System (IDS) software and hardware, analyzing IDS data and PCAPs (packet captures), writing reports, briefing event details to clients and leadership, and coordinating remediation globally. Ensured data flows were maintained between internal tools and the enterprise reporting dashboard; investigated incidents through daily monitoring, intrusion analysis, and remediation using SIEM, NIDS, NIPS, HBSS, and Forensics.
• Coordinated with the malware analysis team once the processes and procedures have matured to build working relationships with other groups and effectively complete mission needs and respect stakeholder needs and requirements. Summarized data captures triaged by volatility through forensic imaging to safely analyze intrusions without compromising evidence, use packet sniffer to investigate network traffic, and review audit logs for important information.
• Handling security-related technologies including active directory, host-based firewalls, host and network based intrusion detection systems, application white listing, server configuration controls, logging and monitoring tools, antivirus tools, and network monitoring.
• Assist in performance of cyber investigations within SOC through the use of host based forensics, network forensics, log based forensics, mobile forensics, penetration testing, intrusion detection, reverse engineering, and malware analysis.

Confidential

Multi Source Support Specialist, SME

• Produced presentations, briefings, and reporting to provide customers and leadership with clear and concise assessments on the analysis of emerging and advanced persistent threats to assure a clear and comprehensible message is delivered to target audiences as well as a thorough understanding of any complex concepts regarding any adversary tools, techniques, and procedures.
• Characterized techniques such as using buffer overflows for DoS/DDoS attacks, Man-in-the-middle attacks, the creation of botnets, and privilege escalation as used by cyber threat actors, specifying attack vectors and the reasons each type might be employed. Communicated malware types such as trojans, rootkits, backdoors, worms, spoofers, and flooders to a wide customer base, highlighting their uses, common methods of propagation (droppers), and potential effects (payload).
• Liaison between software developers and end user analysts to communicate needs and deficiencies of numerous tools and database interfaces during lifecycle maintenance; coordinating with development teams, customers, and stakeholders to ensure smooth and effective execution of all steps in a project throughout its life cycle, aligning short and long term strategic intents and goals while maintaining metrics within scope by collaborating with separate teams and entities.
• Scanning and sorting cyber forensics data and foreign language materials to create and maintain operational working aids and databases, filling intelligence gaps, offering guidance on matters of computer networks operations, language translation, cyber security, and virtual/crypto currencies.

Confidential

Tradecraft/Language Instructor/Analyst

Responsibilities:

• Managed a team of instructors in the instruction and development of related coursework. Supplied tradecraft, global and cryptologic language, and cultural training to military and civilian personnel via traditional classroom instruction; offering materials and instruction through classroom technology such as Smartboard/Symposium, audio/video components, and other relevant computer applications in support of ongoing mission demands and contingency operations around the globe.
• Researched and integrated new language training technologies, software, and methodologies contributing to a team, known to excel, proving capable of consistently taking sub proficient linguists to a 2+ level or higher on the DLPT V.

Confidential

Cryptologic Linguist, Computer Network Operations

• Lead teams of over 160 individuals in performing various projects through planning, execution and close. Directed operations during live reconnaissance missions, managing multiple personnel in a live tactical communications environment. Supervised reporting and data analysis, ensuring accuracy and clarity of message, and timeliness of reports used by national level policy makers. Coordinated to keep projects on time, on budget, and within scope. Acted as liaison between multiple teams, collaborating to accomplish shared goals.
• Fused open source research with intelligence analysis to write threat assessments; providing technical and narrative inputs for inclusion in assessment reports. Performed mentorship, training, coursework development for professionals as the primary trainer on all tasks; from initial qualifications, to higher end mission specialization standards. Provided translation and language related services in a variety of forms including, but not limited to: instruction and training, transcripts, gists, reports, oral recordings, posters, and signs.