SUMMARY:

• Results - driven professional with ten years of intelligence analysis, cyber counterintelligence, and network telecommunications experience including all-source collection management and reporting, in-theater operations support, field services; systems planning, Cyber Forensics, installation, operation, troubleshooting and maintenance.
• Over 5 years of project management, sales engineering and account management experience as well.
• Possess excellent team leadership, customer and staff management skills.
• Confidential is also an experienced Native Arabic and French speaker with over 5 years of working linguistic/Intelligence analysis based contracts in Iraq and Qatar.
• Seeking managerial roles in the Cyber field or IT security sales positions.

TECHNICAL EXPERTISE:

Applications: FireEye, HbGary, ArcSight, CybberArk, Splunk, Nexpose, Cenzic, Lophtcrak, Nessus, Wireshark, Sourcefire, Checkpoint, Proofpoint, Bit9, FMS visualizer, infoblox, clearpass…

PROFESSIONAL EXPERIENCE:

Cyber Manager

Confidential, DC

Responsibilities:

• Implement and integrate next gen. SEMs (security events management) tools to upgrade the SOC to the latest applications on the Gartner report; follow up with vendors and proof of concept; grade vendors on options, pricing and demos.
• Work on all systems and/or projects within the organization responsible for providing Confidential Threat detection utilizing network and host based Computer Security tools, appliances and end point products.
• Perform analysis of all security systems log files, review and keep track of triggered events, research current and future cyber threats, reconcile correlated Confidential events, develop and modify new and current Confidential correlation rule sets, and operate security equipment and technology.
• Document security incidents as identified in the incident response rules and escalate to management as required.
• Monitor key security infrastructure elements, identify security events, perform analysis, and initiate response activities
• Maintain system baselines and configuration management items, including security event monitoring "policies" in a manner determined by the program management.
• Provide documentation and interaction with other analysts and Operations and Maintenance (O&M) personnel to ensure a complete and functioning system that meets requirements

Security Operation Center Manager

Confidential, Hanover, MD

Responsibilities:

• Built, lead, and motivated the team in a dynamic environment.
• Partnered with key customers of Confidential 's enterprise network to ensure security compliance across the entire enterprise domain.
• Supervised the development and maintenance of standard procedures related to the SOC by leading the functional Confidential 's Computer Incident Response Team (CIRT) and focused on identifying and countering cyber threats.
• Coordinated with other global offices related to security for escalation of issues.
• Managed the implementation of new technologies within the SOC and lead automation of monitoring administrative tools.
• Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers.
• Lead an operational team who conducts event analysis and triage, focusing on a range of unstructured events. Identify and hunt for related TTPs and IOCs across all internal/external repositories.
• Draft, edit, and review threat intelligence analysis from multiple sources.
• Managed and monitored the security logs.
• Provided assistance to core security and incident response teams.

Security Analyst

Confidential, NY

Responsibilities:

• Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management.
• Reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs, source codes).
• Deductive reasoning, critical thinking, problem solving, and prioritization skills.
• Assisting in the development and maintenance of tools, procedures, and documentation including the resolution of customer escalations, incident handling, and response.
• Using of IDS, IPS, and/or other signature matching technology by using tools such as Guardium, Peregrine, Conquest, ITSM and PSM.

Cyber Fusion Analyst

Confidential, MD

Responsibilities:

• Leads and directs diverse functional aspects in the operation of complex Confidential solutions to include: network defense infrastructure, security monitoring, event aggregation and correlation, incident management, vulnerability assessment and management using various ESM tools such as Arcsight.
• Advises senior leadership on security strategy, mission alignment, security architecture, and IT security solutions.
• Coordinates resolution of problems and tasks, selling new ideas in support of operational objectives. Interfaces with all areas affected by the project including end users, computer services and client services.

Senior Business Analyst

Confidential

Responsibilities:

• Serves as a technical advisor in ensuring Confidential standards are implemented to enable Confidential organizations to practice safe security techniques by following the DIACAP process.
• Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements on cross domain solutions.
• Set up periodic and other unscheduled briefings on the status of critical joint initiatives for Air Staff, SECAF, Joint Staff, and DoD key officials concerning enterprise network initiatives.
• Serves as an Confidential technical representative for IA at technical symposia, industry conferences, seminars, meetings, working groups (DSAWG), panels and advise on cross domain solutions issues.
• Prepares, facilitates, and provides post-event minutes and summaries for action officer, executive, and Congressional level hearings, meetings, seminars, conferences, boards and related activities.
• Facilitate the coordination of actions required to implement IT capabilities at the AF Enterprise level, analyze technology trends to support IT strategic planning using various ESM tools such as Arcsight.
• Author, review and edit policy documents, regulatory instructions, concepts of operation, and other formal documents as necessary to accomplish tasking and program execution.

Senior Consultant

Confidential

Responsibilities:

• Client Management including actively consulting with Federal sector clients on best practices and Confidential solutions, products implementation in the client networks and managing the planned expectations.
• Project Management which includes providing flexible strategies, creating deliverables in professional structure and providing detailed reports depicting the overall services provided.
• Planning client engagements and deliverable strategies along with resolving any internal department conflicts and identifying risks areas along with providing a proper solution.
• Provide mentoring to other consultants in the field of Confidential using various ESM tools such as Arcsight.

Enterprise Sensor Grid Manager & Lead Network Security Engineer

Confidential

Responsibilities:

• Act as the Agency’s sensor grid manager on the Department of Defense (DoD) Confidential operated Global Information Grid ( Confidential ) enterprise sensor grid. Prepares daily executive summary of the health of the Confidential enterprise sensor and presents the material, as required, to senior government leadership.
• Following Confidential SOPs, user guides and STIGs.
• Coordinate and assist Confidential NetOp Centers ( Confidential ), the SOC (watch floor) and Field Security Operations on enterprise sensor capabilities, Incident response, outages, and maintaining HIPAA (PII) guidelines.
• Used tools such as Arc sight ESM Logger/Connectors, Netcentrix, Trickler, Dscape and remedy to monitor the network intrusions and devices health such as Cisco routers and various switches.
• Participated in the continuous operations (Coop) exercise to maintain 24x7 coverage.
• Act as a Subject Matter Expert at DCITA (Defense Cyber Investigations Training Academy). Develop and deliver customized Network Investigations & Cyber CI trainings. Provide inputs for courseware, concerning new or existing security system procedures and/or programs to ensure compatibility with the customer's standard operating procedures.
• Develop detailed design courses using best of breed security & Forensics equipment including firewalls, incident response, intrusion detection systems (IDS) and access control servers. Also the use of various tools and software such as Encase, VMware, Netwitness, Forensic toolkit, Snagit, Pcap, Analyst Notebook, mobile Edit, Intrusion detection, Firewalls, TCP/IP, Routing/Switching, IP packets Analysis, intrusion analysis and pen testing.