SUMMARY:

• Eight years’ experience in CIRT / Confidential incident response, SIEM, IDS, IPS alerts monitoring and incident handling
• Experienced in risk/vulnerability management best practices (CVE/CVSS scoring) and threat intelligence analysis
• Vulnerability scans in Rapid 7 Nexpose, IBM QRadar, Tenable Nessus, OpenVAS, and Qualys for OWASP top 10 issues s in forensics (CCFE), incident response (CHFI), ethical hacking/malware analysis (CEH, ECSA)
• Five years’ experience in setup/configuration/administration of Cisco/Juniper networks, Windows & Linux server systems
• Studied in - depth CCNA & CCNP methodologies and designs (excellent understanding of Visio technical diagrams)
• Experience with Cisco routers, switches, firewalls -- hardware hardening, access control lists, and configuration
• Excellent understanding of TCP/IP, network protocols, Windows Server 2012 R2, Windows 10 Administration, Configuration, Installation (DHCP, DNS, SNMP, SSL, Azure, TCP/IP, Group Policy, IPSec, TLS, SSH, IIS, BitLocker, Hyper-V, Active Directory, Clustering); VMware, PowerShell
• 1 year experience using Splunk 6.3 to create dashboards, reports, custom searches; added data and conducted anomaly/threat/event analysis; used several add-on apps pertaining to forensic investigations and time stamp analysis
• Incident Response / CSIRTBlueCoat, McAfee EPOVirusTotal, DNSStuff, WhoIs
• FireEye, Palo Alto WildfireQualys, Rapid7 NexposeNetwitness, Envision, ForeScout CounterAct
• Dell SecureWorks, ForcepointTripwire, Redline, LancopeLogRhythm, ArcSight, LogLogic, Nitro
• Sysinternals, Cascade/MazuWireshark, Fiddler, BroCygwin, Red Curtain, SAINT
• SOC / SIEM / IDS / IPSiLook, ProDiscover, Paladin X-Ways Forensics, WinHex, Memoryze
• EnCase 7& 8, FTK 5.5, X1 Carbon Black, VeraCryptNessus, OpenVAS, Nemesis, Metasploit
• QRadar 7.2.8 / 7.3Kali Linux, Splunk 6.3/6.4Linux Administration, Cisco Configuration

TECHNICAL SKILLS:

MS Windows Server 2012 R2 Installation, Configuration, and Administration

MS Windows 10 (Professional, Enterprise, Mobility) Installation, Configuration, and Administration

Kali Linux, Debian / Ubuntu Linux; VMware, Virtual Box, Hyper-V; TestDisk, MBRtool

MS Office 365, Skype for Business, OneDrive, GoogleDrive, iCloud, DropBox, Microsoft Intune

DHCP, DNS, TCP/IP, NAT, IPSec, TLS, SSL, SSH, FTP, SNMP, BitLocker, Active Directory, Group Policy

Splunk, Bluecoat, QRadar, Palo Alto Wildfire, Envision, Qualys, Rapid7 Nexpose, Netwitness, Nitro, VirusTotalForeScout CounterAct, Dell Secureworks, LogRhythm, Lancope, LogLogic, Wireshark, Fiddler, Bro, X1,CarbonBlackWebsense Triton / Forcepoint, X-Ways Forensics, EnCase 7 & 8, FTK 5.5, Solarwinds, LogicMonitor, SIFT, LogglyOpenVAS, Nemesis, Metasploit, VeraCrypt, NetCraft, DNSStuff, WhoIs, ARIN, APNIC, RIPE, LACNIC, AFRINIC

PROFESSIONAL WORK EXPERIENCE:

Confidential, South Orange, NJ

IT Systems Administrator and IT Trainer

Responsibilities:

• Trained faculty and students on Blackboard system (for class registration, assignments, projects, grading) and Win10
• Worked on various system issues -- password creation, password resets, account lock-outs, domain/workgroup/group policy issues, university email, Internet, Intranet, wireless connections, Skype for Business, Printers, Cloud storage
• Tested hardware, built system images, ran system updates in Windows 10; set up MS Office 360/365, MS Outlook Email and Intranet accounts, OneDrive/GoogleDrive/iCloud/DropBox (Cloud Storage), and Wireless Internet access
• Contract was originally for one month by special arrangement through NJ Workforce Program and KForce to help me gain IT Trainer credits to qualify for LIIT/Metrix Learning security (see above)
• Confidential team liked me and requested I stay for additional six weeks; I left on excellent terms with IT team and manager

Confidential, Union, NJ

Senior Security Operations Analyst

Responsibilities:

• Contracted as SME to evaluate Security Operations Center methods, policies, and tools and give recommendations
• Worked with team and management to help create/update SOC policies, procedures, guidelines in line with PCI v3
• Created better SOC incident management templates for team handling of incidents
• Helped contain/remediate security incidents using various tools including Netwitness, McAfee EPO, Dell Secureworks
• Analyzed various incidents/alerts using Netwitness and Secureworks tools
• Created metrics around incident management for executive management utilizing various security tools

Confidential, Springfield, MA

Incident Response & Forensics Lead

Responsibilities:

• Restructured Computer Security Incident Response Team ( Confidential ) by creating incident response plan processes and procedures per NIST rev.2 guidelines and ECSA/CHFI/CCFE
• Created documents and conducted network security for team
• Created better communication documents for Confidential functions; specifically, created contact lists of key persons in IT/Business/Legal/Compliance/HR/Management to be used in containment, eradication, and recovery phases
• Introduced newer, better, and proven tools in the space of incident response management for suspicious email header analysis, script analysis, deep-dive malware analysis, packet capture analysis, and zero day vulnerability analysis; trained staff on the use of these tools, and worked alongside staff utilizing tools in incident investigations
• Helped Vulnerability Assessment Team identify and analyze threats using QRadar Risk and Vulnerabilities features
• Conducted complex forensic investigations involving data theft and trading fraud for Legal departments under tight deadlines using EnCase 6, WinHex, X-Ways Forensics, Paraben’s forensic toolkit, and Tableau products
• Conducted live forensic investigations over network to retrieve/analyze live volatile/memory data from internal systems and determine use of malware for data theft
• Reviewed and tested Hitachi ID, Avecto, and CyberArk privilege escalation alert systems part of proof of concept

Confidential, NYC, NY

Senior Cyber Forensics Specialist

Responsibilities:

• Gathered forensic evidence using EnCase, WinHex, and X1tools to help lawyers determine if crimes were committed against several client networks/systems and if data theft was evident
• Received valuable hands-on experience using EnCase 7, X1, HB Gary Responder, FTK 4.2 & 5, Oxygen Suite tools
• Contract was for 6 months initially; ended almost 1 ½ years later; left in very good standing with team

Confidential, New York, NY

Senior Incident Response & Forensics Specialist

Responsibilities:

• Created various PowerPoint presentations for senior management pertaining to incident response metrics including vulnerabilities, threats, response times, and additional resources needed
• Responded to and analyzed various identity theft, spam, scam, phishing, spear phishing, and bank fraud incidents as member of Confidential (Red Team) using SIEM, IDS/IPS, firewall, and patch management reports to help protect bank data
• Conducted complex forensic investigations involving data theft and trading fraud for legal department under tight deadlines using EnCase 6, WinHex, X-Ways Forensics, Paraben’s forensic toolkit, Tableau products
• Conducted live forensic investigations over network using EnCase Enterprise, SMART, and ProDiscover to retrieve/analyze live volatile/memory data from internal systems and determine use of malware for data theft
• Researched and analyzed forensically imaged data including emails, pictures, and documents for Legal Department
• Performed forensic imaging on desktop/laptop/mobile devices using LogiCube, Tableau, and Paraben tools as well as data carving, registry analysis per Legal Department requests
• Created & maintained chain of custody documents, evidence reports for Legal department
• Performed vulnerability analysis using Rapid7 Nexpose, Qualys for OWASP vulnerabilities
• Blocked harmful websites using BlueCoat and harmful executable code using Bit9 Parity
• Contract ended after exactly 6 months; bank was in financial distress; many security professionals left and contractors were let go due to hiring freezes/budget restrictions; I was let go but left in good standing with team

Confidential, Mahwah, NJ

Senior Information Security Threat Analyst

Responsibilities:

• Worked with CISO and Cyber Threat Intelligence team to re-evaluate company-wide security policies, standards, and procedures, to re-align new, sensitive business operations segments with tighter information security policies and standards, and to set new control measures to keep up with changing threat landscape
• Conducted deep-dive analysis into ArcSight SIEM tool as proof-of-concept; determined tool did not work well with Confidential ’s legacy equipment and required endless patching/scripting to keep up with needs of Confidential security team
• Introduced and implemented several additional encryption tools for better security protection of sensitive data
• Reviewed operational, technical, and administrative access controls and made recommendations for necessary changes; helped guide creation of new standards and procedures to support access control changes
• Represented Security Department on Firewall Change Request Committee, with the authority to sign-off/deny firewall requests (propose alternatives) depending on risk severity of opening firewall/proxy ports; often would have to deny requests until ports were scanned/confirmed safe and sensitive data was sanitized
• Contract ended after 4 ½ months because my manager (CISO) was relocated to California, my position was outsourced to security management company; I left on very good terms with security team and HR

Confidential, Trumbull, CT

Senior Incident Response &Forensics Specialist

Responsibilities:

• Managed very high profile and complex cyber breach involving credit card company and Confidential
• Completed preliminary required advanced forensics analysis using EnCase v5, ProDiscover, SMART
• Used forensic and steganography tools to prove cyber gang from Europe had stolen massive credit card data
• Investigation had to be turned over to the FBI, Interpol, and the Connecticut State Cyber Security Investigations Unit after 1 month; contract ended abruptly due to scale and nature of breach and law enforcement involvement

Confidential, Franklin Lakes, NJ

Information Security Analyst

Responsibilities:

• Monitored and analyzed network traffic for security threats including botnets, worms, Trojans, viruses, and DoS/DDos using various security IDS (Riverbed Cascade / Mazu) and analysis tools on SOC Team
• Configured and implemented policies/signatures in Cascade IDS tool; ran reports and set up dashboards in tool to analyze top threats and specific top talkers; also configured various netflow devices and gathered data from routers, switches
• Completed ArcSight SIEM configuration; fine-tuned policies, created dashboards, and reports for security incident response team; prepared weekly and monthly SIEM reports for senior management
• Analyzed Cisco/Nortel router netflow and monitored L2TP VPN tunneled communications using Cascade network intrusion detection system, Solarwinds port scanner as part of Security Operations Center team
• Contract was for 3 months initially, then extended for another 3 months, then extended for two six-month terms; HR blocked further extensions and manager could not hire me permanently due to hiring freeze; I was let go, but I left on very good terms with management and team