Michael Kolani

©240-***-**** adxu3s@r.postjobfree.com

Secret Clearance

SOC Analyst Vulnerabilities Assessor DevOps Cloud Security Engineer Security+, CEH and Splunk Core User trained Cyber Security Analyst and US Navy veteran, acquired skills in conducting vulnerability assessment and penetration testing using tools, including Nessus, Rapid7, Metasploit, nmap, Wireshark, Burp Suite, etc. Good working knowledge of tuning and configuration of Enterprise Splunk and Splunk App for Enterprise Security (ES). Ability to deploy and maintain Splunk Dashboards, Visualization, and Alerts as well as develop, and build content, and correlations in Splunk as well as develop security use cases in Splunk. In-depth understanding of DevOps objectives and terminologies with skills in driving continuous integration, delivery, testing, and security. Hands-on knowledge of Security frameworks such as NIST, FISMA, FIPS, FEDRAMP, and OMB. Knowledge and understanding of Firewall rules, IDS, IPS, and EDR. Experienced in collecting IOCs to complete email analysis using OSINT tools and use of SIEMs tools for logs aggregation and analysis. Good understanding of Incident Response steps, Cyber Kill Chain methodology, and malware analysis. Well-conversant in data ownership, backups, policies around unauthorized data sharing, and evaluating the risk associated with Cloud Computing and Virtualization. Evaluate risk associated with Cloud Computing and Virtualization. Academic Level Competencies:

DevOps Administration DevOps Tools Administration DevOps Consulting DevOps Engineering Automation Stakeholder Management DevOps Transformation Security Configuration Vulnerability Assessment and Penetration Testing Deployment Pipelines and DevOps Toolchains Test Strategy Planning and Implementation Risk Evaluation DevOps Architecting Process Improvements Change Management Incident Management, Audit, and Data Loss Prevention (DLP) Controls Data Handling Data Normalization Log Ingestion and Analysis Requirements Gathering Prototyping Architecture Triaging Critical Thinking Problem-Solving Skills MS Office suite FISMA RMF NIST SP 800s, FIPS ATO, POA&M PTA, PIA, SORN SAR, SSP TENABLE NESSUS WIRESHARK FedRAMP SPLUNK Risk Assessment RA CIA ST&E and STIG Visio Software COBIT GDPR ITIL ISO 27001/27002 COSO Professional Value Offered

• Proficient in analyzing intrusion detection systems (IDS) and intrusion prevention system (IPS), identifying detection methods & techniques, including signature-based and anomaly-based detection methods.

• Knowledge in developing and implementing change management, incident management, execution of routine audits, and data loss prevention (DLP) control procedures.

• Knowledge of Risk Management Framework (RMF) Package, Artifacts, and SOPs as well as FISMA Compliance, NIST SP 800-53 Controls, NIST SP 800-53A Controls Assessment guide and Cloud security.

• Efficient in deploying and maintaining Splunk Dashboards, Visualization, and Alerts, creating content and correlations in Splunk, and building security use cases in Splunk.

• Good understanding of various threats, vulnerabilities, and attacks, skillfully evaluate mitigation controls and deterrent techniques that must be used for various attacks.

• Able to streamline data collection, aggregations, and summarization processes as well as integrate external data sources into Splunk as well as normalize data normalization and ETL within Splunk.

• Ability to use Visio software to build System Security boundary diagrams.

• Ability to conduct a vulnerability assessment and penetration testing using tools, including Nessus, Rapid7, Metasploit, nmap, Wireshark, Burp Suite, etc.

IT Courses and Certification

• DevOps Career Pathway Program:

• CompTIA Security+;

• Certified Ethical Hacker (CEH);

• Splunk Core User

• eMASS Certification

• ACAS course Certification

• CASP Certification

• CISA Certification

Education

Bachelor’s degree in cyber security technology (in progress): University of Maryland Global Campus. Associate in science, Purdue University Global.

Professional Experience

Applied Information Science (AIS), Adelphi, MD Aug 2022 – Present Cyber Security Analyst

• Performed System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact levels assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type to support the Navy,

• Ensured proper system categorization using NIST 800-60 and FIPS 199 and appropriate security controls for information systems based on NIST 800-53 rev 5 and FIPS 200.

• Supported Security Control Assessments/ third party assessor using NIST 800-53A Rev5 as guidance for current federal directives and policies.

• Used Visio to configure System Boundary diagrams.

• Conduct CIRT operational duties in accordance with documented processes and procedures.

• 24/7 On-Call incident resolution rotation of leveraged and dedicated SIEM Environment. Responsible for 24/7 support of security tools and provide security guidance to monitoring team.

• Detect, create tickets, report, and perform classification of computer security events and incidents. Coordinate with internal and external teams as needed to analyze events.

• Response/Remediate IDS alerts on Symantec SIM, alerts such as ZeusBot, Port 53 call outs, Suspicious PDF, and etc. Response/Remediate to FireEye alerts such as DNS alerts (Worms, Trojans, etc) and malicious emails.

• Ability to conduct a vulnerability assessment and penetration testing using tools, including Nessus, Rapid7, Metasploit, nmap, Wireshark.

• Experienced in collecting IOCs to complete email analysis using OSINT tools and use of SIEMs tools for logs aggregation and analysis.

Booz Allen Hamilton, Inc., Dahlgren, VA Jul 2020 – Aug2022 Cyber Security Technologist

• Analyzed log files from network traffic logs, firewall logs, IDS/IPS logs, and DNS logs to identify possible security threats.

• Identified violations of internet access by reviewing web content filtering logs in accordance with DoD policy, and SOPs.

• Used Visio to configure System Boundary diagrams.

• I monitored and analyzed alerts, assets, network traffic, security incident logs and Intrusion Detection utilizing Splunk.

• Contributed to Orion Forge project, gathering artifacts to build SSP, eMASS record, and Security planning and wrote Baseline Control Policy and Procedure documents.

• Supported Security Control Assessments/ third party assessor using NIST 800-53A Rev5 as guidance for current federal directives and policies.

• Used DISA STIG Viewer to create STIG checklists and CKLs files for managing the security setting on the Orion Forge network. Created SCTM spreadsheet for control implementation and eMASS record creation.

• Performed Nessus Scan and reviewed scan results; added artifact in Prisma cloud for team track on work progress. Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), and System Security Test and Evaluation (ST&E).

US Navy, Joint Base, Andrews, MD Jul 2016 – Jul 2020 Cyber Security Specialist

• Assists Senior Leadership with attaining system Authority to Operate (ATO) through the application of the Risk Management Framework (RMF). This saved AO time to focus on other crucial tasks.

• Analyzed and updated the System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E).

• Ensured appropriate system categorization using NIST 800-60 and FIPS 199 and appropriate security controls for information systems based on NIST 800-53 rev5, SP 800-53B, and FIPS 200.

• Performed System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact levels assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type.

• Supported Security Control Assessments using NISTSP 800-53A Rev4 as guidance for current federal directives and polices.

FOXCONN Q-EDGE Corp., Durham, NC Jun 2014 – Jul 2016 Cyber Security Analyst Jun 2014 – Jul 2016

• Ensured proper system categorization using NIST 800-60 V2 and FIPS 199 and appropriate security controls for information systems based on NIST 800-53 rev 4 and FIPS 200.

• Reviewed ATO packages and other supporting security documents for correction, completeness, and compliance. This saved AO time to focus on other crucial tasks.

• Supported the tracking of Plans of Action and Milestones (POA&Ms) and reported on remediation effort status. This task allowed the leadership to follow along with our vulnerability implementation timing.

• Maintained and updated C&A / A&A packages and provided support to System Owners, SCAs, and ISSOs through the A&A process as well as reviewed system vulnerability, and scan results and created corrective plans. White Box Testing Team Lead Apr 2012 – Jun 2014

• Used operator technologies, including Shell scripting, Intel megacli, syscfg tools, and EFI scripting; carried out white-box server/software testing and debugging.

• Tested servers in Linux environment for hardware/firmware compatibility. (Any new hardware/firmware is tested in Linux environment). Tested the kernel, kernel subsystems, and user-space applications with different hardware

• Introduced new procedures and was responsible for putting them in place.

• Responsible for FAI (First Article): validating new procedures and testing new article products before production. US Navy Reserve: MDR Leading Petty Officer Oct 2010 - Present

Contact this candidate