OBJECTIVE:

Senior IT Security Specialist (Vulnerability Analysis, Risk/Threat Management, Incident Response)

SUMMARY:

• 8 Years Incident Response Experience on CSIRT handling cyber breach/disaster investigations per NIST 800 guidelines
• 6 Years Malware Analysis Experience using advanced IR/forensics malware analysis tools
• 4 Years Cyber Forensics/eDiscovery Investigations Experience specifically with EnCase, FTK, X1, WinHex, ProDiscover
• 2 Years Mobile Forensic Investigations Experience for Android/Apple products using Paladin, Digital Intelligence tools
• Completed EnCase 7 (forensic and enterprise), FTK 5.5, FTK Imager 3.3, PRTK, and Registry Viewer training
• Completed CCFE Training (equivalent to SANS GCFE); CHFI certified (equivalent to SANS GCFA & GCIH) Forensics, Malware AnalysisIncident Response / CSIRTBlueCoat Reporter, QRadar FireEye, Palo Alto WildfireQualys, Rapid7 NexposeNetwitness, Envision, Archer ForeScout CounterAct Dell SecureWorksTripwire, Redline, LogRhythm, Lancope ArcSight, LogLogic, NitroSysinternals Suite, NUIX IRWireshark, Fiddler, Cygwin, Red Curtain SOC / SIEM / IDS / IPSiLook, ProDiscover, Paladin X - Ways Forensics, WinHex, Memoryze SMART, Oxygen, Backbone EnCase 7, FTK 5.5, X1 DLP (Lumension, Sophos), NIST 800, PCI v3

PROFESSIONAL WORK EXPERIENCE:

Confidential, NJ

Senior Information Security Specialist

Responsibilities:

• Contracted as SME to evaluate Security Operations Center methods, policies, and tools and give recommendations
• Worked with team and management to help create/update SOC policies, procedures, guidelines in line with PCI v3
• Created better SOC incident management templates for team handling of incidents
• Helped contain and remediate cyber security incidents using various security tools including QRadar and Dell Secureworks
• Analyzed various incidents/alerts using QRadar features such as Offenses, Log Activity, Forensics, and Reports
• Helped Vulnerability Assessment Team identify and analyze threats using QRadar Risk and Vulnerabilities features
• Created metrics around incident management for executive management utilizing various security tools; metrics were focused around open/closed incident tickets for various security incidents so team/management could get clear picture on how well security department was responding to incidents and how much ROI each vendor tool was providing
• Trained on latest FTK Toolkit (FTK Imager (3.3), FTK (5.5), PRTK, Registry Viewer)
• Trained on latest Certified Ethical Hacker (v8) and Computer Hacking Forensic Investigator (v8) techniques
• Studied PCI-DSS v3 compliance framework; independently trained on Microsoft Sysinternals forensic tools suite
• Did not work for any company during this time

Confidential, Springfield, MA

Incident Response & Forensics Lead

Responsibilities:

• Restructured Computer Security Incident Response Team (CSIRT) by creating incident response plan processes and procedures per NIST rev.2 guidelines and ECSA/CHFI/CCFE certification training
• Created and defined incident roles for team; helped management staff the roles
• Created training documents and conducted network security training for team
• Redefined events vs. alerts vs. incidents for the organization, and created incident classification, severity, and priority tables in line with company culture, team abilities, and threats/risks/vulnerabilities
• Created better communication documents for CSIRT functions; specifically, created contact lists of key persons in IT/Business/Legal/Compliance/HR/Management to be used in containment, eradication, and recovery phases
• Introduced newer, better, and proven tools in the space of incident response management for suspicious email header analysis, script analysis, deep-dive malware analysis, packet capture analysis, and zero day vulnerability analysis; trained staff on the use of these tools, and worked alongside staff utilizing tools in incident investigations
• Reviewed and tested Hitachi ID, Avecto, and CyberArk privilege escalation alert systems part of proof of concept
• Helped integrate CyberArk with Archer Incident Tracking System for faster incident response ticket management pertaining to privilege escalation and access violations; requested reports and first-tier analysis from SOC on privilege escalation issues to help CSIRT quickly contain/remediate access violations
• Trained digital forensic analysts in advanced features of FTK 5.1.1 and 5.2; FTK Imager; and EnCase 7.09.02
• Consulted on several forensics projects for HTCIA Northeast (New York) Chapter
• Work was not for hire and not for pay; compensation was through free unlimited live and online forensics training
• Provided guidance on forensics cases involving eDiscovery, fraud, criminal hacking
• Received valuable hands-on experience using EnCase 7, X1, HB Gary Responder, FTK 4.2 & 5, Oxygen Suite,Tableau, Paraben tools
• Helped write/customize evidence reports in EnCase and FTK for use by private investigators

Confidential, Woodlands, TX

Senior Incident Response & Forensics Specialist

Responsibilities:

• Led incident response team in cyber investigations of CSIRT alerts/breach incidents
• Created various PowerPoint presentations for senior management pertaining to incident response metrics including vulnerabilities, threats, response times, and additional resources needed
• Responded to and analyzed various identity theft, spam, scam, phishing, spear phishing, and bank fraud incidents as member of CSIRT (Red Team) using SIEM, IDS/IPS, firewall, and patch management reports to help protect bank data and employee/customer accounts
• Conducted complex forensic investigations involving data theft and trading fraud for legal department under tight deadlines using EnCase 6, WinHex, X-Ways Forensics, Paraben’s forensic toolkit, Tableau products
• Conducted live forensic investigations over network using EnCase Enterprise, SMART, and ProDiscover to retrieve/analyze live volatile/memory data from internal systems and determine use of malware for data theft
• Researched and analyzed forensically imaged data including emails, pictures, and documents for Legal Department
• Performed forensic imaging on desktop/laptop/mobile devices using LogiCube, Tableau, and Paraben tools as well as data carving, registry analysis per Legal Department requests
• Created & maintained chain of custody documents, evidence reports later used by Legal department
• Performed vulnerability analysis using Rapid7 Nexpose, Qualys for OWASP vulnerabilities
• Blocked harmful websites using BlueCoat and harmful executable code using Bit9 Parity
• Configured rules, dashboards, reports for ArcSight, FireEye, Netwitness, Palo Alto Wildfire, BlueCoat
• Worked with Firewall Change Management Review Committee on security matters including sanitization of sensitive data, scans of suspicious ports, recommendations for system malware patching, recommendations for alternative solutions to opening suspicious ports for business use
• Analyzed privilege escalation alerts using CyberArk integrated with ArcSight SIEM and ForeScout tool; created dashboards and reports, investigated unauthorized logon attempts, and managed password vault
• Completed 3-month intensive Advanced Ethical Hacker (ECSA) training program
• Trained on malware analysis

Confidential, Mahwah, NJ

Sr. Information Security Threat Analyst

Responsibilities:

• Worked with CISO and Cyber Threat Intelligence Team to re-evaluate company-wide security policies, standards, and procedures; to re-align new, sensitive business operations segments with tighter information security policies and standards; and to set new control measures to keep up with changing threat landscape
• Conducted deep-dive analysis into ArcSight SIEM tool as proof-of-concept; determined tool did not work well with UPS’s legacy equipment and required endless patching/scripting to keep up with needs of UPS security team
• Introduced and implemented several additional encryption tools for better security protection of sensitive data
• Performed on-going analysis of threats (using threat management matrices), risks (using qualitative and quantitative risk assessments), and vulnerabilities (using vulnerability assessments)
• Worked with data owners and security principals to re-classify certain old data/assets from Classified to Sensitive and from Sensitive to Internal; re-classified certain new data/assets from Sensitive to Classified based on business management and executive management value metrics
• Reviewed operational, technical, and administrative access controls and made recommendations for necessary changes; helped guide creation of new standards and procedures to support access control changes
• Represented Security Department on Firewall Change Request Committee, with the authority to sign-off/deny firewall requests (propose alternatives) depending on risk severity of opening firewall/proxy ports; often would have to deny requests until ports were scanned/confirmed safe and sensitive data was sanitized
• Budget cuts forced elimination of several security positions including mine
• Completed 3-month formalized training program to learn deep-dive cyber security investigation techniques
• Completed Computer Hacking Forensics Investigator (CHFIv6) certification and Certified Computer Forensics Expert (CCFE) training, and EnCase v5 training
• Did not work for any company during this time
• Managed very high profile and complex cyber breach involving American Express and Affinion Group
• Completed preliminary required advanced forensics analysis using EnCase v5, ProDiscover, SMART
• Used forensic and steganography tools to prove cyber gang from Europe had stolen massive credit card data
• Investigation had to be turned over to the FBI, Interpol, and the Connecticut Cyber Security Investigations Unit
• Contract ended abruptly due to the scale and nature of the breach and law enforcement involvement
• No permanent opportunity for SOC/incident response/forensics skillset; also had to return to family/home in NJ

Confidential, Franklin Lakes, NJ

Information Security Analyst

Responsibilities:

• Monitored and analyzed network traffic for security threats including botnets, worms, Trojans, viruses, and DoS/DDos using various security IDS and penetration tools on SOC Team
• Completed ArcSight SIEM configuration; fine-tuned policies, created dashboards, and reports for security incident response team; prepared weekly and monthly SIEM reports for senior management
• Analyzed Cisco/Nortel router netflow and monitored L2TP VPN tunneled communications using Cascade network intrusion detection system, Solarwinds port scanner as part of Security Operations Center team
• No permanent opportunity for my skillset due to budget cuts