FRANK SOWAH

WASHINGTON, DC

ad0nwo@r.postjobfree.com

202-***-****

QUALIFICATION SUMMARY

Accomplished Cybersecurity Specialist with a track record of over 9 years in the field, demonstrating expertise in the strategic planning, execution, and ongoing maintenance of security measures. Highly skilled in educating and training internal stakeholders on critical cybersecurity protocols and proactive safeguards. My specialization lies in Computer Network Defense incident triage, leveraging in-depth knowledge of the tactics, techniques, and procedures employed by diverse Threat Actors to proactively avert cyber threats, particularly in the complex environments of business and corporate settings, by swiftly initiating comprehensive investigations and resolution procedures.

PROFESSIONAL SUMMARY

Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members. Use the Security Incident Event Management (SIEM) platform to perform incident response identification.

Teams I have closely worked with NOC, DLP Engineers, Splunk Engineers, Threat Intel Team, Hunt Team, Forensic Investigators, Scan Team, Red Team, Database Analyst.

I have unique skills in Windows, Linux, and OSX environment. Function as a focal technical lead on incident events providing technical, hands-on investigation and support.

Lead the investigative process for network intrusions and other cybersecurity incidents to resolve the cause and extent of the attacks. Handle the chain of custody for all evidence collected during incidents, security, and forensic investigations.

Summarize events and incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, both in written and verbal forms

Perform sophisticated malware detection and threat analysis.

Prioritize and differentiate between potential incidents and false alarms.

Ongoing review of SIEM dashboards, system, application logs, Intrusion Detection Systems (IDS) and custom monitoring tools

Perform QA, lead and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents while encouraging teamwork and growth.

Provides technical input into and analysis of strategic and tactical planning to ensure accurate and timely service deployments.

CORE QUALIFICATIONS

Strong knowledge of Security Applications or Tools: Splunk Essential Security Nessus, Imperva WAF, Pala Alto, Wireshark, McAfee Intrusion Prevention System, Symantec, Nessus, RSA Netwitness, FireEye, Thread Grid, Microsoft Defender, Microsoft Sentinel, Tanium, Carbon Black, Red canary, ProofPoint, Zscaler.

Sourcefire (Snort), McAfee Endpoint, Symantec DLP, and various Open-Source Intelligence Tools (OSINT).

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) - Skill in recognizing and categorizing types of vulnerabilities and associated attacks

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)

Knowledge of Computer Network Defense policies, procedures, and regulations.

EDUCATION & CERTIFICATIONS

Master’s in cyber security and Information Assurance Western Governor University In-progress

Bachelor’s in computer science Valley View University September 2011

Business Management Michigan State University September 2017

Hospitality Leadership Michigan State University September 2017

Management Certificate in Business of Hospitality Michigan State University September 2018

CompTIA Security+ 2021

PROFESSIONAL EXPERIENCE

Toyota Tsusho America, Inc

Detection and Response Sr. Analyst 2020- Present

Assist in analyzing cyber related incidents and alerts that may require escalation. Play an essential role in supporting the Cyber Fusion Center, monitoring and responding to alerts to help prevent and mitigate cyberattacks. Conducts in-depth analysis of security events and identifies indicators of compromise (IOCs), perform intrusion, and root cause analysis, and proactively take actions to mitigate potential damage to the cyber ecosystem.

Detects and responds to security incidents by leveraging detection/response platforms.

Triage security incidents and perform in-depth analysis through the use of cyber threat

intelligence, intrusion detection systems, firewalls and other boundary protection devices.

Escalates cybersecurity events according to playbooks and standard operating procedures (SOPs).

Assists with containment and remediation of threats during incidents. Uses internal ticketing system to track investigated incidents and capture relevant details.

Conducts threat hunting activities based on internal and external threat intelligence.

Assists with service requests from customers and internal teams.

Identify, recommend, coordinate, and deliver timely knowledge to support teams.

Keep management informed of project progress and problems, particularly as needed to change in schedule, resources and scopes.

Reports all information to the supervisor and upper management with updates as requested and responds to requests for information and assistance.

Develop comprehensive documents and manuals for team members and management.

Work with teams to establish repeatable and constantly improving processes.

Serve as a mentor and provide training to other team members if needed.

Marriott International Bethesda, MD

SOC Sr. Analyst (Global Security Operations Center Operator) 2017 – 2020

•Assist in escalated computer security incidents and cyber investigations, including computer forensics, network forensics, root cause analysis, and malware analysis. Recognizes and identifies potential areas where existing data security policies and procedures require change and creation, as well as assists in guiding and training other team members on those policies and procedures. Interface with other teams in Information Security (e.g., network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cybersecurity strategy.

•Document’s assessment findings of security control implementation and conducted a risk assessment on system security controls contingent on control status and examination, interview, and test results.

•Act as coordinator in the event of escalated cyber threats/incidents for Tier 1 analysts. Adhere to all policies and standards, as well as regulatory requirements regarding reporting and escalations. Executes on appropriate mitigation strategies for identified threats. Participates in threat hunting activities to proactively search for threats in the enterprise environment.

•Utilizes XSOAR to investigate any common security threats (e.g., malware, virus, phishing, social engineering

•Works with team members to enhance and enrich security monitoring tools with contextual information.

•Delivers cyber intelligence services and material to information technology and business leaders.

•Identifies new threat tactics, techniques, and procedures used by cyber threat actors.

•Manages the real-time monitoring of third-party security feeds, forums, and mailing lists to gather information on vulnerabilities and exploits related to the client. Utilizes Splunk to monitor and investigate any threats\abnormalities in Truist Network Environment.

•Utilizing Netflow analysis, Gigamons, and HPNA for operational support and monitoring to manage the network infrastructure.

Gaylord Nationals Resorts National Harbor, MD

Information Security Analyst 2013 - 2017

Successfully lead and participated in the Incident Response team in all proactive and incident handling measures for SOC customers including Threat Detection, Response, and Remediation

Participated in incident commander role, effectively communicated issues, and provided recommendations to come up with resolutions.

Developed timeline during the incident occurrence, provided companywide updates, following disaster recovery procedures during a major outage.

Monitored phishing emails, investigating malware threats, blocking unwanted senders, and analyzing the impact level of malware links via Splunk and Iron port.

Developed process and procedure for SOC team to follow for disaster recovery procedures, provided monthly testing and training to assure accurate response for a real-life scenario.

Conduct security control and risk assessment on the organization and information systems based on security policy and security best practices and guidelines.

Extract and analyze daily reports through the NORSE SIEM tool and Netcool monitoring system for potential threats within the enterprise system.

Utilized Carbon Black to monitor daily user activities and restrict access to services after vulnerability and impact level is analyzed.

Continually monitored, assessed, tested, and implemented new security technologies to help improve network security.

Gaylord Nationals Resorts. National Harbor, MD

IT Support Technician 2011- 2013

Provided quality support to the internal and external user community by troubleshooting and escalating issues to 2nd level support. Deployed and troubleshooted desktop/server/network hardware, operating systems, and applications. Assisted clients with new software installations, upgrades, and patches. Provided advanced software/hardware troubleshooting support for Windows and Mac OS

Ensured upgrades to the base IT and communications infrastructure are identified and help customers develop and submit recommendations for additional equipment’s. Cooperates and works with unit personnel in planning and developing new or additional infrastructure/architecture capabilities.

Identified potential performance or capacity problems. Works with technical support personnel in resolving issues.

Provided onsite desktop and remote technical support and guidance for hardware, software, and network issues. Managed and monitored equipment installations, removals, network infrastructure, applications, and outages upon occurrence.

Utilized ticketing systems Remedy and ServiceNow to document triage and resolution specifics. Updated and closed tickets according to defined service level agreement requirements.

Contact this candidate