SUMMARY

• Well - organized, Self-starter, Quick learner, Self-Motivated, Team player with analytical, technical and communication skills
• Completion of Department of Homeland Security BIRT/HIRT training program
• Technical reporting of OT PCAP Data Analysis for major critical infrastructure utilities
• Knowledgeable of the TTP (Tactics Techniques and Procedure) playbook for Incident Response adhering to the MITRE Industrial Control Systems attack matrix
• Perform manual searches from the gathered logs via Splunk
• Analyze log data from SIEM tools such as Splunk, and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents
• Knowledgeable of standard security and regulatory frameworks including ISO 27001/31000.
• Performed Gap Analysis for MITRE Attack evaluation for transferability to Industrial Control Systems environment
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices
• Applies current information assurance technologies to architecture, design, development, evaluation and integration of systems and networks infrastructure
• Experience with Security Information and Event Management Tools like Splunk, Elk and Gravwell
• Designing new IP schematics and list for isolated network environments
• Knowledgeable of Cisco Switches and Router Configurations and working CLI
• Wireshark and Cisco work to support troubleshooting issues
• Conducted vulnerability assessments mitigating risk through patch management.
• Coordinated and facilitated Contingency Plans and Exercises for general support systems.
• Developed and conducted the evaluation of Continuity of Operations (COOP) and Disaster Recovery (DR) operations during annual incident response training
• Work with Legal and Compliance teams and perform electronic discovery and computer forensics to support investigations
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices

TECHNICAL SKILLS

• MITRE ATT&CK
• Incident Response
• Industrial Control Systems
• Risk Management
• TCP/IP
• Blue Team
• Vulnerability Assessments
• Operational Technology
• Methodology
• Network Security
• Secure Network Administration Principles
• Mitigation and Countermeasures
• Disaster Recovery Planning
• Security Assessment and Testing
• NIST Standards and Best Practices
• Microsoft and Outlook environment
• Splunk
• Wireshark
• Security Matters- SilentDefense
• Service Now
• Linux
• STOTS
• Metasploit
• SolarWinds
• SNORT
• Nessus
• Netstat, Nslookup
• Kali Linux
• Nmap
• Splunk Machine Learning
• Gravwell
• SIEM
• Sysinternals
• Cisco
• SDLC
• PfSense
• Communication - written and verbal
• Team Player
• Leadership
• Documentation
• Planning
• Time Management

PROFESSIONAL EXPERIENCE

Confidential

CYBER SECURITY RESEARCHER

Responsibilities:

• Technical reporting of OT PCAP Data Analysis for major critical infrastructure utilities
• Hunted TTPs within the ICS Environment
• Creating Splunk Dashboards and efficient searches for specific data with Operation Technologies data
• Completion of Department of Homeland Security BIRT/HIRT training program
• Assisted in providing input on how to better optimize our current plan of analyzing OT data and ingestion within our SIEM solutions
• Assisting in architecture of a Splunk instance for the CyOTE Environment
• Conducted research, monitoring and analysis of current and emerging threats directed at network infrastructure targets from internal and external sources
• Created an asset inventory list of the CyOTE environment
• Theorized and organized in the assessment of critical infrastructure/OT systems and analyze network traffic in order to develop attack and defense methodologies for high risk
• Participated in the development and maintenance of custom code used to analyze and ingest network traffic and proprietary protocols, develop attack and defense methodology and code on high risk computer networks
• Analyzed log data from SIEM tools such as Splunk, and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents
• Assisted in presentation of the Data Analysis of Utility data to respected companies
• Created a TTP (Tactics Techniques and Procedure) playbook for Incident Response adhering to the MITRE ICS attack matrix
• Performed Gap Analysis for MITRE Attack evaluation for transferability to ICS environment
• Backup PCAP data from utilities to Synology NAS along with ESXi VMware
• Assisted in standing up the Splunk Forwarders, Indexers, and Search Heads
• Provided background and research on the difference between the ICS and Enterprise MITRE matrices
• Trained team members in how to work around the CyOTE environment along with briefing them in the current implemented Security tools
• Assisted in helping form the Security Policy within the CyOTE environment
• Assisted in providing information on a potential tool we could implement to better optimize our procedure and dataflow
• Provided maintenance and daily troubleshooting issues within the CyOTE environment
• Participated in Splunk conferences held in Idaho Falls

Confidential, Atlanta, Georgia

Senior Security Analyst

Responsibilities:

• Participated in the creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer
• Assisted I.T staff with understanding and resolving system vulnerabilities
• Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems
• Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions
• Completed tasks such as researching and identifying security vulnerabilities on the networks and systems
• Used Nessus to run scans on operating systems
• Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions
• Reviewed the PAOM in order to validate the items uploaded in the POAM tracking tools support the closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses
• Conducted system security evaluations and assessments, documented and reported security findings using NIST 800-53A guidance per the continuous monitoring requirements
• Researched emerging threats and vulnerabilities to aid in the identification of network incidents
• Provided scanning of range operating systems and test beds using SCAP compliance tool and Nessus vulnerability scanner for independent security analysis
• Implemented deep drive analyses on alerts received from Splunk and took actions on remediation process

Confidential, Houston, Texas

Cyber Security analyst

Responsibilities:

• Analyzed log data from SIEM tools such as Splunk, and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Monitored the general support system for vulnerabilities and threats including patch management, weak password settings, and weak configuration settings
• Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST and FISMA requirements and guidelines
• Reviewed and analyzing log files to report any unusual or suspect activities
• Worked with system data including but not limited to security event logs, system logs, proxy and firewall logs
• Reviewed provided or requested Artifacts and Plan of Action & Milestones (POAMs) to determine if controls are implemented correctly
• Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of system authorization
• Streamlined the phishing analysis to an almost analyst-free experience
• Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level
• Used High-Watermark from scans as a reference to categorize the risk level of the system

Confidential

Security Analyst

Responsibilities:

• Experience investigating, capturing, and analyzing events related to cyber incidents
• Documented and logged technical incident detail for future reference
• Developed and implemented a complete restructure of security groups to more effectively manage domain permissions to resources
• Assessed business process to identify potential risks
• Experience researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise
• Conducted above-core software reviews to ensure applications requested by users comply with requirements, guidelines, and standards before installed on systems
• Promoted awareness of information security issues among system owners and executive leadership to ensure they understand and adhere to systems security policies and procedures
• Defined, established and managed security risk metrics and track effectiveness
• Performed periodic reviews of process controls and technical controls to ensure continuous adherence to SOX compliance
• Supported day to day data security operations
• Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems
• Performed proactive network monitoring and threat analysis
• Recommended and addressed the acceptability of the software products for continuous monitoring project
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Assisted in planning, development and security of a system that aims to establish a security infrastructure
• Developed and maintained security implementation policies, procedures and data standards
• Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems