EXPERIENCE

Confidential

• Conducts forensic examinations of infected media identified by incident response personnel.
• Uses all of the following forensic tools: Encase , FTK, NetAnalysis, Regripper, Event Log Explorer, IrfanView, and Hexview Hex Editor.
• Process includes determination of initial infection vector, damage done, data ex-filtrated, persistence mechanisms, extraction of malware files, analysis of the malware and determination of the source and type of malware.
• Evidence is handled and media acquired in a forensically and legally sound manner.
• Analyzes firewall logs, proxy logs, event logs, and Web logs to reconstruct network traffic.
• Analyzes malware by using Behavioral, Static and Dynamic Analysis and using open source resources, sandboxes like FireEye and other tools IdaPro and OllyDebug .
• Examined Windows workstation hard drives, Raid arrays from Windows servers and removable media.
• Provides comprehensive technical reports detailing findings and recommended remediation.

Cyber Security Duty Analyst

• Developed requirements for technical capabilities for cyber incident management.
• Recommended configuration changes to improve the performance, usability, and value of cyber analysis tools.
• Identified, analyzed, remediated, and reported on cyber security incidents.
• Interacted with cyber intelligence analysts conducting threat analysis operations as well as numerous IT professionals performing varying technical roles within the client organization.
• Provided verbal progress briefings to clients during cyber incidents.
• Analyzed malware to determine direct threat to client organization. Coordinated with US-CERT as necessary to convey incident information.
• Maintained detailed incident logs in an analysis database.

Security Engineer

• Implemented, analyzed and modified security policy in rule sets that control the flow of data through a Juniper Firewall and Intrusion Prevention System IPS which protected a Linux and Windows Virtual Machines which resided on EMC disk systems.
• Analyzed firewall and IDP logs.
• Remediated issues in the firewall and IPS.

Senior Consultant

• Converted two obsolete government systems to an Oracle GUI based system.
• Designed, built and administered the database for these systems.
• Designed and delivered training to clients.
• Software Engineering Institute Capability Maturity Model CMM trained assessor who participated in SPA assessments based on version 1 of the CMM.

System Administrator

• Conducted RETINA scans of the corporate network based in Windows Server 2003 using DoD STIGS and remedied deficiencies.
• Reviewed results of backups and server and firewall logs for problems. Applied solutions to problems found. Monitored server and firewall logs for an MS Server system. Performed helpdesk tasks for employees and remediated their issues.
• Conducted two forensic examinations of Windows OS systems that used the NTFS file system in support of an internal investigation.
• Provisioned and maintained laptops and other IT hardware.

MEDEX Forensics Technician

• Examined captured digital media, optical media, and cell phones for Military Intelligence.
• Conducted forensic examinations of captured media for data of value, wrote reports and submitted the reports to intelligence databases.
• Searched data using both the Roman and Arabic character sets.
• Searched Intelligence databases for data similar to what was seen in the field.
• Created and delivered formal briefings to civilian and military intelligence personnel on examination findings.
• Wrote formal reports that were uploaded to Harmony and CIDNE.
• Used standard forensic tools including Encase, FTK, Cellebrite and IsoBuster to examine Windows/NTFS hard drives, DOS formatted Micro SD Cards, Cell Phones, and CDs.
• Evidence was handled and media acquired in a forensically and legally sound manner.
• Identified malware found on captured media and protected lab systems.
• Identified malware and researched the best protection means possible.
• Trained government personnel on techniques to keep their systems protected from malware and served as a consultant on digital forensics, malware, and site exploitation crime scene processing .

Senior Manager

• On location in Cairo, Egypt, created a comprehensive information security policy for an Egyptian governmental agency while on a US Agency for International Development contract.
• Researched and wrote assessments of personnel security for several countries.

Teaching Assistant

• Taught classes and conducted lab sessions to graduate students in computer forensics, intrusion detection and cyber security.

Security Manager

• ormed, staffed and led a highly successful 4 person forensic and network monitoring team that reduced costs and risk for an NYSE listed company.
• Planned investigative strategies with C level executives, Legal and External Counsel and briefed them on results.
• The investigations worked were mainly of employee violations of acceptable use policy, theft of intellectual property, sexual harassment, and violations of state and federal law. Criminal violations were turned over to law enforcement once discovered.
• Used standard forensics tools Access Data FTK and WINHEX were sued to search Windows/NTFS systems and native Macintosh tools were used to search Mac OS systems.
• Evidence searched for and found included Outlook mail, Webmail, Internet activity and Office files.
• Assisted in implementing capturing and preserving evidence primarily Outlook email files in response to court orders and during the Discovery phase of legal proceedings.
• Wrote reports on the results of forensic examinations and briefed investigators, corporate counsel, external counsel and C level executives on the findings.
• Implemented and supervised a Vericept network monitoring and blocking solution that monitored employee behavior. The Vericept tool was used as an investigative tool to gather evidence.
• Participated as a member of the corporate incident response team in intrusions. Assisted both corporate IT personnel and government security personnel in finding and identifying malware that infected employee workstations.

McLean

• Managed eDiscovery services to the firm's attorneys in response to a subpoena from the US Department of Justice and the European Union.
• Served as liaison from the head or the ERP group to outside analyst organizations like Gartner and Metagroup.
• Developed the ES marketing budget and tracked spending against the budget.
• Developed and maintained various marketing presentations.
• Maintained database of business opportunities.
• Designed, built and tested interfaces between legacy systems and an Oracle Financial Applications system for a Federal Government client.
• Technical lead for a hardware upgrade for a retail management system. Created the evaluation plan, performed the evaluations and selected the servers to be used in the upgrade.
• Consistently met or exceeded revenue and profit goals.
• Hired, managed, and mentored consultants.