My Super Powers: Cyber Security Analyst that is passionate about protecting digital assets from various security threats. As an analyst, I pride myself with the ability to think critically and investigate incidents using the “5 W’s” (Who, What, When, Where and Why). These powers give me the ability to have Strong communication, interpersonal skills, and a customer service-oriented mindset. Knowledge of asking targeted questions to quickly understand the root cause of a problem. I have the Willingness to work in a fast-paced environment. Independent self-starter that will take action on needs as they arise. Ability to excel in a fast-paced team environment, manage multiple priorities, and meet deadlines.

EMPLOYMENT EXPERIENCE

NASA, Houston, TX

Cyber Security Analyst, Sep 2018 – Jan-2024

Initial triage of security events using established procedures, tools, and monitoring platforms including, but not limited to: Firewalls and network devices, Servers and workstations, Web proxies, Intrusion detection and prevention systems (IDS/IPS)

Perform network traffic analysis using SIEM, Intrusion Detection Systems (IDS), SEPM and other sources to maintain a rapid response posture in a highly critical environment. Manage Help Desk/ServiceNow tickets in a timely manner.

Conduct analysis through Security Information and Event Management (SIEM) systems and GUI

frameworks in order to identify, quarantine, and remove cyber threats to the enterprise

network.

Assist senior members of the SOC with analyzing and responding to potential security incidents. Responsible for creating end of shift report and briefing oncoming shift analyst of all activities from previous shift. Record events and problems and their resolution in logs

Manage Help Desk/ServiceNow tickets in a timely manner. Managing internal policies and procedures. Developing internal toolsets. Participate in shift transition calls to ensure all open cases and tasks are properly managed and addressed.

● Monitored computer and communications networks for security incidents for the International

Space Station and Mission Control (Splunk, Sourcefire, Palo Alto etc.)

●Provide critical support to Flight Control console positions; ensure prompt processing and

delivery of orbital messages through the Multi-functional Secure Gateway System (MSGS), and

assist in the configuration of up-links and down-links, key management, and security for the

International Space Station using standalone encryption hardware.

Greensky Credit, Alpharetta, GA

Integrated Security Analyst, August 2017 to 2018

●Performs physical and network security monitoring and incident response for a large, multi-site organization

● Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies

● Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation

●Knowledge of creating Security Information Event Management (SIEM) tool rules

●Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information

●Assists with implementation of counter-measures or mitigating controls

●Prepares briefings and reports of analysis methodology and results

●Monitor and respond to alarms generated by Physical Security Systems (Burg, Fire, CCTV), Information Security Systems (SIEM, Firewall, IDS/IPS, HIPS, FIM, AV, NAC, Web Filtering) as well as understanding the key links between all systems (communication, alarm receivers, automation software).

●Monitor and respond to service tickets and other Tier 1 requests, including Web Filtering tickets, emails to the Security inbox, and other reports of spam or malware issues Experience and Skills

●

Dept of HHS via Merlin International, Atlanta, GA

Jr. Cyber Security Incident Response Analyst, March 2016 to June 2017

Responsible for training new Service Desk Analyst and maintaining and develop and maintain technical documentation and Standard Operating Procedures (SOP).

Assist senior members of the SOC with analyzing and responding to potential security incidents

Responsible for creating end of shift report and briefing oncoming shift analyst of all activities from previous shift. Record events and problems and their resolution in logs

Responsible for Incident Lifecycle including preparation, identification (detection analysis), containment, eradication, recovery, and post-incident activities/lessons learned.

Monitors network activity and analyzing it for evidence of suspicious behavior. Collaborate with Analysts and other Technical Leads in tracking and reporting on events/incidents from detection through remediation

Recommend proactive measures to contain incidents which may include identification of intruder local changes/suspect interactions, isolation, in-depth digital media analysis, consultation with law enforcement or counterintelligence organizations.

Responds to urgent situations to mitigate immediate and potential threats and oversees and communicates systematic analytical approaches to collect, organize, and interpret data and information to maintain 24/7 operational situational awareness of current and emerging threats.

Responsible for collaborating analysts to review collected data, analyze cyber events, and find trends, patterns, or anomaly correlations that indicate more serious attacks or future threats.

Works with business units to develop product and process/workflow improvements.

Home Depot Corp via Kforce, Smyrna, GA

Security Analyst (Contractor), 06/2015 – 12/2015

●Utilize Splunk for monitoring, correlating, analyzing security events from appliances including: Blue Coat Proxy, FireEye, SoureFire, Symantec, Juniper SRX, Fortigate, and others.

●Configure and tune customized Splunk Enterprise Security alerts, adhering to the requirements of the Home Depot Environment.

●Create custom documentation for internal and external needs.

●Work closely with Digital Forensics to conduct deep dive investigations and digital discovery on endpoints.

●Analyze, and triage remediation of threats detected across all Home Depot endpoints, including exploit kits, viruses, Trojans, adware, & spyware. Work with vendors such as Fishnet/Optiv to run scan and LPA on suspected infected endpoints

●Conduct investigations regarding phishing campaigns, while working with vendors such as Fortigate, Symantec, Blue Coat and Microsoft to get malicious content properly classified, signatures updated, and ensure that proper blocking is in place.

DCMA via ICF International, Smyrna, GA

Computer Network Defense Security Analyst (Contractor), 11/2014 – 03/2015

●Continuously monitor the Defense Contract Management Agency’s (DCMA) networks for anomalous and nefarious activity. Conduct research using both open source intelligence sites and classified intelligence. Create and modify IPS/IDS rules in order to detect and thwart network attacks. Analyze behavioral malware reports to gain greater insight into malware infections. Perform in-depth packet analysis to identify malicious payloads, network intrusions, and data exfiltration. Manually correlate data across various security tools and created intrusion report based on findings. Participate in the creation and modification of SIEM correlation rules. Assist in troubleshooting and problem solving a wide variety of client issues

●Responsible for monitoring client networks for network security, reviewing events and alerts on a near real time basis and taking the appropriate response actions. Determine the proper fault isolation and identify the necessary corrective action(s), working closely with infrastructure engineers, information assurance engineers, and system administrators to ensure the security and availability of the network to include:

●Constant monitoring, analysis, and response to network and security events.

●Creation of technically detailed reports based on network events and alerts.

●Analyze and evaluate anomalous network and system activity.

DLA Columbus via TekSystems

DLA Columbus Desktop/Asset Management Support, Columbus, Ohio 9/2014-11/2014

●Provide technical support for designated hardware and software as identified by the COR and/or COTR. This support will cover new technology as it is acquired or developed. Technical support will be required for installation, troubleshooting, and preventative maintenance on IT related equipment. Current support includes (but is not limited by):

●Asset Management of information technology equipment including the inventory of all purchased hardware and software assets. This includes all tracking of assets from receipt through disposition using a government provided Asset Management Database (AMD). Help Desk Support for DLA Columbus database may include the tracking barcode number, end user information, asset description, and location.

●Provide hardware and software configuration of desktop and printer/scanner devices which includes setup and initialization of hardware, operating system, interfaces (user, network, and application), and standard applications. The Employee will also perform reconfigurations due to problems, performance issues, and/or requirement changes. Baseline configuration must be applied using disk-imaging utilities.

●IMACs (Installation, Moves, Additions, and Changes) of information technology equipment will include physical installation (including all cables, internal cards or chips, racks and related peripherals).

●Printer Support: The Employee shall be responsible for installation, placement, configuration, troubleshooting, and maintenance and repair where warranted.

Ohio Army National Guard

IT Specialist (CUSTSPT) (GS-11) Columbus, Ohio 2/2008 – 2/2013

●Senior help desk personnel providing tier 1 &2 support. Provide technical support & solutions to customer’s request for assistance in resolving hardware and software problems for desktop computers, mini computers and mainframes using computer hardware, standard desktop applications or client software applications. Train end users in the use of equipment and software. Fully document all cases in call tracking software and escalate to appropriate queue.

●Experience with Windows 2008 Server Administration, DameWare, Windows XP & Vista. Utilized troubleshooting processed for quickly assessing and determining problems and escalation to subject matter experts. Provided tier 1 CISCO Call manager 4.x and 8.5 (SU3) support and troubleshooting. Provide Tier 1 CISCO Unity Connection 8.3/voicemail support and user configurations; Conducted CISCO MeetingPlace 7.x support, configuration and teleconference setup.

●Install and maintain hardware devices by utilizing remote access tools. Use reference materials and diagnostic equipment/software to identify and resolve internal system conflicts i.e. network monitoring systems such as Nagios to conduct vulnerability remediation support for over 2000 computers. Remove and replace defective hardware components; installs network/peripheral device interface cards. Perform upgrade of hardware to include memory, fixed storage and installation of network interface cards. Install and configure workstation or network operating systems, and applications software on system device. Enforce command standards for hardware and software configurations

●Troubleshot and corrected software problems to include resolving conflicts between applications, hardware and/or device conflicts and operating system faults and printers. Updated hardware and software databases to reflect installations, turn-ins, and changes in reportable software. Migrate systems from Windows XP to Vista to Windows 7. Instructed users on how to use Windows 7. Perform software upgrades, updates and patches as needed

EDUCATION

●DeVry University: Bachelors of Science in Networking and Communications Management

Graduation Date: March 2007

●Active Member of the Army Reserves – 2016 to 2017

●National Guard 1996-2013

Certifications:

CompTia Security+

Contact this candidate