Objective:

Seeking an IT opportunity with an emphasis in cyber security within 40 miles of Harrisburg, PA. Telecommuting work arrangement will also be considered.

Security Clearance: DoD Top Secret/SCI

Employment Experience:

Lockheed Martin Forensic Examiner and Malware Analyst 9/12 - PRES

Confidential

• Perform static and dynamic malicious code analysis for the Defense Industrial Base DIB partners, Defense Industrial Base Collaborative Information Sharing Environment DCISE , and National Cyber Investigative Joint Task Force NCIJTF customers
• Perform reverse engineering of malware samples for targeted attacks and extract network indicators to assist with computer network defense
• Execute forensic examination of digital media

Confidential

• Performed Advance Persistent Threat APT analysis utilizing Booz Allen's proprietary Automated First Responder AFR tool suite
• Utilized forensic tools such as EnCase and FTK for forensic imaging and analysis of digital media
• Executed static and dynamic malware analysis of extracted artifacts

Confidential

• Established a Forensics Team to enhance our Unit's capabilities in Computer Network Operations CNO
• Conduct forensics and malware analysis in support of the ARL Center for Intrusion Monitoring and Protection CIMP

Confidential

• Deployed Host Based Security System HBSS across the Library of Congress' enterprise network
• Configured EPO Servers and implemented security policies to ensure maximum protection for the client
• Reviewed EPO Servers' Security Logs and dashboards for possible intrusions attempts and conducted risk mitigations

Confidential

• Performed forensic image analysis of digital information using EnCase and other forensic analysis and recovery tools
• Utilized forensically sound procedures to identify network computer intrusions
• Employed forensic tools and techniques to crack file and system passwords, recover deleted, fragmented and corrupted data from digital media
• Observed proper evidence custody and control procedures, documented procedures and findings, and prepared comprehensive written notes and reports

Confidential

• Monitored various ARL's Interrogator IDS for network intrusions and malicious activities on the HPC Defense Research and Engineering Network DREN
• Utilized TCPDump and Wireshark analyzers to check and confirm for any network anomaly and intrusions.

Confidential

• Planned, supervised, coordinated, and provided technical assistance for the installation, operation, systems analysis and reporting functions, as well as the management of the Mission Support Team MST
• Oversaw the MST with a focus on TTPs to provide Computer Network Operations CNO support worldwide to the Army employed the Persistent Presence Force PPF along with other technology disciplines in support of network-based Penetration Testing
• Developed and maintained Computer Network Defense - Response Action CND-RA capabilities

Confidential

• Monitored and analyzed intrusion artifacts source code, malware, Trojans, logs
• Managed a team of AS W analysts to monitor and review ArcSight data from various IDS
• Conducted thorough packet level analysis for potential cyber threat activities with the assistance of Intel Source Reports
• Performed network traffic analysis using CENTAUR, Silk Tools, Trickler, Gator, Snort, ISS, and ArcSight

Confidential

• Collected and analyzed intrusion artifacts source code, malware, trojans, log collectors, etc and used discovered data to mitigate potential Computer Network Defense CND incidents within the SWA theater enclaves
• Performed CND incident triage to include determining scope, urgency, and potential impact and identified and recommended specific remediation strategies
• Deployed Snort IDS and developed snort detection signatures
• Monitored 20 Snort IDS through ArcSight and Army Research Lab's Interrogator sensors to perform events correlation for SWA e.g Iraq, Afghanistan, Kuwait, Qatar, Bahrain
• Reviewed TCPDump and PCAP data to check for network anomalies and to perform network intrusion analysis
• Performed data mining and pattern discovery program used to identify attack trends, scopes and methods used against the SWA enclaves

Confidential

• Performed duties in incident response handling, ethics investigations, forensic analysis, vulnerability
• analysis, and project management using EnCase and Forensic Toolkit
• Performed computer network defense specializing in incident handling tasks such as forensic collections, intrusion correlation/tracking, system remediation in support of Corporate Security, Ethics, and Human Resources

Confidential

• Camp Doha, Kuwait and Baghdad, Iraq
• Monitored and maintained network assets costing over 450,000
• Managed a team with a mixture of military personnel and civilian contractors
• Configured, tested, deployed, and maintained three operational McAfee Firewall Enterprise Sidewinder G2 for RCERT-SWA
• Performed analysis on log collector data from host machines that have been triggered by the theater IDS sensors to confirm intrusions and/or the presence of unauthorized software or tools

Confidential

• Designed, tested, and deployed various security solutions for the customer, which included: secure input and output lockdown mechanisms, one way transfer devices, and enterprise content-filtering mechanisms
• Developed and performed unit, functional, system, integration, and regression testing on a customized software-based solution to ensure requirements compliance
• Fully supported the customer in their security architectural initiatives in scoping out and formulate well thought out analysis for implementation in various operational environments.

Confidential

• Assessed and identified security vulnerabilities and provided information assurance for the clients' computer networks
• Conducted numerous on-site Security Testing and Evaluation ST E assessments of the enterprise information infrastructure

Confidential

• Performed vulnerability assessments and Information Assurance Vulnerability Alert IAVA compliance against all the PCs within the ADNET Enterprise
• Enforced the Security Technical Implementation Guides STIG and performed Security Readiness Reviews SRR on all assets residing on the Anti-Drug Network ADNET managed enclaves. The network consisted of over 60 DOD and Federal Government Law Enforcement Agencies and over 500 servers and workstations

Confidential

• Identified security breaches and analyzed network intrusion methods
• Determined the web presence of various joint commands and identified the associated vulnerabilities through open source assessments

Army Training:

• Digital Tactical Operation Center DTOC , Army Battle Command Systems ABCS 2012
• Vmware ESX Server, NetApps FAS2020 Storage Area Networking System, Adobe Connect 2012
• Joint Network Node JNN / Warfighter Information Network-Tactical WIN-T 2012
• Battle Command Common Services BCCS , Tactical Radio Network Planning 2012
• DOD IA Certification Accreditation Process DIACAP , Security 2012
• Microsoft 2003/2008R2, Active Directory Infrastructure, MS Systems Center Configuration Manager,
• MS Exchange 2007/2010, SQL Server 2005/2008, MS Sharepoint 2007/2010 2011
• SNMPc Network Monitoring 2011
• CCNA Security/Cisco Pix/ASA, Cisco VOIP Unified Communication Manager 2011
• Cisco Academy CCNA Exploration 320 hours 2011
• Basic Computer Network Operations Planners Course 2007
• Computer Network Defense Course CNDC Level 3 2007
• System Administrator/ Network Manager Security Course SA/NMSC Level II 2003
• Information Assurance Security Officer IASO Level 1 2003
• Incident Response Handling IRH 2003

Defense Cyber Investigations Training Academy DCITA :

• Forensics and Intrusions in a Windows Environment 80 hours 2013
• Windows Forensics Examination EnCase - 80 hours 2013
• Computer Incident Responders Course - 80 hours 2012
• Introduction to Networks and Computer Hardware - 80 hours 2012
• Deployable Forensics Course - 80 hours 2010
• Wireless Assessment and Network Traffic Analysis - 40 hours 2007

Commercial Training:

• SANS FOR610 Reverse-Engineering Malware: Malware Analysis Tools and Techniques - 30 hours 2012
• Guidance Software EnCase v6 Computer Forensics II - 32 hours 2010
• SEI CENTAUR and SilK Training - 40 hours 2009
• McAfee Host Intrusion Prevention and ePOs HBSS - 40 hours 2008
• ArcSight Certified Security Analyst Course - 40 hours 2007
• SANS Windows 2000 Pro MSCE track, and Windows 2000/XP Security Course 2002

Computer/ Security Skills:

• Forensics/Malware Analysis: EnCase Forensics v6, Forensic Toolkit, Helix, WinHex,
• OllyDbg/Immunity Debugger, IDA Pro
• Penetration Test Tools: Metasploit, Core Impact, BackTrack
• Network Monitoring Tools: Wireshark, EtherPeek, TCPDump, ArcSight
• Vulnerability Assessments: eEye Retina, Languard, ISS Scanner, Nmap, Nessus,
• Routers/Firewalls/Switches: Cisco Routers, McAfee Firewall Enterprise Sidewinder , Cisco Pix/ASA,
• Cisco Switches
• Operating Systems: Windows NT/XP/2000/2003/Vista/7/2008, Linux
• NIDS/HIDS: RealSecure, Snort, Niksun, Interrogator, McAfee HBSS
• Wireless Tools: Aircrack Suite, Kismet, NetStumbler