SUMMARY

• Results - driven Security Professional with over 20 years in IT and IT Security and including years of Intelligence Analysis, Cyber Counterintelligence, Network Telecommunications, SOC Management, SIEM, Incident Response experience including all-Source Collection Management and Reporting, In-Theater Operations Support, Field Services; Systems Planning, Cyber Forensics, Installation, Security Operations Centers, Troubleshooting, Security Hardening and Maintenance.
• Built and managed SOCs (Security Operations Centers) with various organizations for over 6 years training the new teams, building the processes and procedures, working on the proof of concepts for the new acquired to old and demo them.
• Over 5 years of project management, sales engineering and account management experience as well. Possess excellent team leadership, customer and staff management skills. Also, an experienced Native Arabic and French speaker with over 5 years of working linguistic/Intelligence analysis-based contracts in Iraq and Qatar.
• Created Confidential LLC (www. Confidential - llc. com) a company that deals with Cyber Security for over 10 years, where he is the CEO and deals in all business aspects, from conferences attendance, dealing and generating leads, working with other companies to team up on contracts, presenting to CEOs and other C levels persons what the company does from strategies and solutions.

TECHNICAL SKILLS

• FireEye
• Varonis
• Microsoft Azure
• ArcSight
• Splunk ES/ITSI
• Nexpose
• Nessus
• Wireshark
• Sourcefire
• Checkpoint
• Proofpoint
• Bit9
• FMS visualizer
• Infoblox
• Clearpass
• Zscaler
• Anomali
• Bluecoat
• CyberReason
• DarkTrace

PROFESSIONAL EXPERIENCE

Confidential | Los Angeles, CA

Cyber Security Manager/Lead Consultant

Responsibilities:

• Focuses on the Security tools, SIEM monitoring and log source integrations Skills.
• Works with CIRT teams, experience in assessing and analyzing APT, DDoS, Phishing, Malicious Payloads, Malware etc.
• Deep understanding of advanced Security Analytics, Forensics, and Cybersecurity Frameworks, Critical Incident Response/ Breach Response etc.
• Strong analytical skills and efficient problem solving
• Review of the SOC processes and procedures regularly and update the documents.
• Using the capabilities of SIEM and Integrated Metrics to generate the needed reporting reports.
• Project and talent management

Confidential | Reston, VA

Senior Global Cyber Risk Defense Analyst

Responsibilities:

• Manages and executes multi-level responses and addresses reported or detected incidents.
• Collects, analyses, and enriches event information and perform threat or target analysis duties.
• Interprets, analyses, and reports all events and anomalies in accordance with Computer Network Directives, including initiating, responding, and reporting discovered events.
• Distributes directives, vulnerability, and threat advisories to identified consumers.
• Provides reporting and metrics around security monitoring by designing dashboards for asset owners and management consumption.

Confidential | Washington, DC

Cyber Threat Analyst/Manager

Responsibilities:

• Worked on next generation SEM
• Splunk integration and implementation
• Managed the proof of concept
• Dedicated resources on the project to upgrade the current SOC.
• Contacted the top right Gartner report cyber security vendors to plan the proof of concept and compare pricing and features of their tools.
• Participated in the ISO 27001/2 certifications process, gathering the process and procedures needed to submit to the auditor among other required documentation from various team members.
• Worked on all systems and/or projects within the organization responsible for providing Cyber Security Threat detection utilizing network and host-based Computer Security tools, appliances and end point products.
• Performed analysis of all security systems log files, review and keep track of triggered events
• Researched current and future cyber threats
• Reconciled correlated cyber security events
• Developed and modified new and current cyber security correlation rule sets
• Operate security equipment and technology.
• Documented security incidents as identified in the incident response rules and escalate to management as required.
• Monitored key security infrastructure elements, identify security events, perform analysis, and initiate response activities
• Maintained system baselines and configuration management items, including security event monitoring "policies" in a manner determined by the program management.
• Provided documentation and interaction with other analysts and Operations and Maintenance (O&M) personnel to ensure a complete and functioning system that meets requirements

Confidential | Hanover, MD

Security Operation Center Manager

Responsibilities:

• Built, led and motivated the team in a dynamic environment.
• Partnered with key customers of Confidential 's enterprise network to ensure security compliance across the entire enterprise domain.
• Supervised the development and maintenance of standard procedures related to the SOC by leading the functional Confidential 's Computer Incident Response Team (CIRT)
• Focused on identifying and countering cyber threats.
• Coordinated with other global offices related to security for escalation of issues.
• Managed the implementation of new technologies within the SOC and lead automation of monitoring administrative tools.
• Maintained current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers.
• Led an operational team who conducts event analysis and triage, focusing on a range of unstructured events. Identify and hunt for related TTPs and IOCs across all internal/external repositories.
• Drafted, edited, and reviewed threat intelligence analysis from multiple sources.
• Managed and monitored the security logs from SEM tools such as Splunk and FireEye.
• Provided assistance to core security and incident response teams.

Confidential | NY

Arcsight Security Analyst

Responsibilities:

• Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management.
• Reviewed raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs, source codes).
• Deductive reasoning, critical thinking, problem solving, and prioritization skills.
• Assisted in the development and maintenance of tools, procedures, and documentation including the resolution of customer escalations, incident handling, and response.
• Using of IDS, IPS, and/or other signature matching technology by using tools such as Guardium, Peregrine, Conquest, ITSM and PSM.

Confidential | MD

Cyber Fusion Analyst

Responsibilities:

• Led and directed diverse functional aspects in the operation of complex cyber security solutions to include: network defense infrastructure, security monitoring, event aggregation and correlation, incident management, vulnerability assessment and management using various ESM tools such as Arcsight.
• Advised senior leadership on security strategy, mission alignment, security architecture, and IT security solutions.
• Coordinated resolution of problems and tasks, selling new ideas in support of operational objectives. Interfaced with all areas affected by the project including end users, computer services and client services.

Confidential | Pentagon

Senior Business Analyst

Responsibilities:

• Served as a technical advisor in ensuring cyber security standards are implemented to enable Confidential organizations to practice safe security techniques by following the DIACAP process.
• Provided information assurance support for the development and implementation of security architectures to meet new and evolving security requirements on cross domain solutions.
• Set up periodic and other unscheduled briefings on the status of critical joint initiatives for Air Staff, SECAF, Joint Staff, and DoD key officials concerning enterprise network initiatives.
• Served as an Confidential technical representative for IA at technical symposia, industry conferences, seminars, meetings, working groups (DSAWG), panels and advise on cross domain solutions issues.
• Prepared, facilitated, and provided post-event minutes and summaries for action officer, executive, and Congressional level hearings, meetings, seminars, conferences, boards and related activities.
• Facilitated the coordination of actions required to implement IT capabilities at the AF Enterprise level, analyzed technology trends to support IT strategic planning using various ESM tools such as Arcsight.
• Authored, reviewed and edited policy documents, regulatory instructions, concepts of operation, and other formal documents as necessary to accomplish tasking and program execution.
• Client Management included actively consulting with Federal sector clients on best practices and Cyber Security solutions, products implementation in the client networks and managing the planned expectations.
• Project Management which included providing flexible strategies, creating deliverables in professional structure and providing detailed reports depicting the overall services provided.
• Planning client engagements and deliverable strategies along with resolving any internal department conflicts and identifying risks areas along with providing a proper solution.
• Provided mentoring to other consultants in the field of Cyber Security using various ESM tools such as Arcsight.

Confidential | Ft. Meade

Enterprise Sensor Grid Manager & Lead Network Security Engineer

Responsibilities:

• Acted as the Agency’s sensor grid manager on the Department of Defense (DoD) Confidential operated Global Information Grid (GIG) enterprise sensor grid. Prepared daily executive summary of the health of the GIG enterprise sensor and presents the material, as required, to senior government leadership.
• Following Confidential SOPs, user guides and STIGs.
• Coordinated and assisted Confidential NetOp Centers (DNC), the SOC (watch floor) and Field Security Operations on enterprise sensor capabilities, Incident response, outages, and maintaining HIPAA (PII) guidelines.
• Used tools such as Arc sight ESM Logger/Connectors, Netcentrix, Trickler, Dscape and remedy to monitor the network intrusions and devices health such as Cisco routers and various switches.
• Participated in the continuous operations (Coop) exercise to maintain 24x7 coverage.
• Acted as a Subject Matter Expert at Confidential . Developed and deliver customized Network Investigations & Cyber CI trainings.
• Provided inputs for courseware, concerning new or existing security system procedures and/or programs to ensure compatibility with the customer's standard operating procedures.
• Developed detailed design courses using best of breed security & Forensics equipment including firewalls, incident response, intrusion detection systems (IDS) and access control servers.
• Also used various tools and software such as Encase, VMware, Netwitness, Forensic toolkit, Snagit, Pcap, Analyst Notebook, mobile Edit, Intrusion detection, Firewalls, TCP/IP, Routing/Switching, IP packets Analysis, intrusion analysis and pen testing.

Confidential | Linthicum, MD

Cyber CI Analyst

Responsibilities:

• Performed intelligence analysis on cleared defense contractor networks to support the DSS Counterintelligence mission, Ethical hacking.
• In accordance with DoD National Industrial Security Program (NISP) guidance, collaborated with analytical counterparts across the U.S. Intelligence Community
• Applied knowledge of network fundamentals, open-source tools, and current implementation of those technologies in order to create all-source analytic products and collection strategies.
• Performed all-source intelligence analyses of cyber activities to identify entities of interest; their methods, motives, and capabilities to determine malicious behavior; and recognized emergent patterns and linkages to mitigate the risks and understand adversary targeting of classified programs and cleared personnel.
• Produced technical intelligence reports in support of special programs and system security plans working with Intrusion detection systems, Firewalls, pen testing, TCP/IP, Routing/Switching, IP packets Analysis, intrusion analysis and incident response using tools such as Arc sight to provide expertise and leadership to the team in the development of analytical models and assessments.