Senior Cybersecurity Analyst
Resume:
Travas Tracey Lenard - Senior CyberSecurity Analyst
623-***-**** *.**********@*****.***
Tools
SIEM Sumo Splunk Qradar LogRhythm SentinelOne Crowdstrike Sophos Carbon Black Fortigate Palo Alto F5 FTK Forensic Toolkit SCCM AWS GuardDuty, Cloudwatch, Cloudtrail, Inspector Wireshark Tenable Nessus SonarCloud Python JIRA Responsive Confluence Opsgenie
Skills
Threat Hunting Threat Intelligence Forensics Incident Response Vulnerability Management Malware Analysis Log Analysis Packet Analysis Firewall Management SOC2 HITRUST Training & Mentoring SOC Management Risk Management Blue Team NIST CSF VSQ RFP CAIQ SIG Web Application Firewall
Experience
Exterro - CyberSecurity & Risk Analyst 2021 - Current
● Perform Vendor Risk Assessments for our third parties. Reviewing their SOC2, ISO27001, pentesting results and policies to ensure they meet our security standards.
● Completed 100s of VSQs, SIG, CAIQ, risk assessments and RFPs as the SME for internal products.
● Conduct client meetings about our applications and policies clarifying security concerns before contracts are signed.
● Use Tenable Nessus and AWS Inspector to review our application and AWS infrastructure for vulnerabilities weekly.
● Maintain a vulnerability management program for multiple FedRAMP clients. Running scans, extracting data from reports into format to be presented to Gov. Clients.
● Managed Security Awareness training for over 500 employees ensuring users completed annual security and phishing training. Ran security guild meetings and chat to foster security awareness in the organization.
● Created Security Operations Center runbooks, procedures, escalation matrix, ticketing & turnover process, notification procedures via ops genie tools. Trained new analysts in our system.
● Interviewed third party companies to add security tooling into our SOC.
● Used Sophos, Crowdstrike, Logrhythm, Tenable Nessus, AWS Cloudtrail, Cloudwatch, Guard Duty to perform daily SOC responsibilities.
● Audit preparation and evidence gathering to ensure compliance with all relevant regulations, standards meet regulatory requirements and validate internal standards.
● Coordinating with engineering teams to test security tools before deploying on production servers.
● Incident Response - Perform investigations into compromised devices with Wireshark, Crowdstrike & Splunk. Kubra - CyberSecurity Analyst 2020 - 2021
● Vulnerability Management using Tenable Nessus to push remediation efforts across different engineering teams.
● Lead compliance efforts to pass SOC2 audits
● Investigating AWS cloud infrastructure security incidents using Cloudtrail, SUMO and OSCINT research for over 4 billion customer interactions annually.
● Kept organized records of incidents, risks and events to share with management & auditors.
● Creating security training documents and procedures for future hires.
● Ran the risk management program for the organization by maintaining the risk registry and developing risk mitigation strategies to address threats. with various teams.
● Developed processes for change management to ensure compliance with audit standards.
● Became a subject matter expert SME across 11 different products with various infrastructures spanning Azure/AWS, on-prem and cloud environments
Mosaic451 - Cybersecurity Analyst 2017-2020
Responsible for monitoring, analyzing and investigating network traffic events across over 20,000 devices for major US cities, critical infrastructure and the Department of Energy. Mosaic’s SOC manages multiple environments by configuring and administering SIEMs, Firewalls (Palo Alto,F5) and IDS/IPS Endpoint Detection & Response tools simultaneously ( SentinelOne, Crowdstrike, Carbonblack ).
Cybersecurity Responsibilities
● Deploying agents, investigating alerts, reviewing the indicators of compromise in the surrounding environment
● Investigating the storyline for processes and commands a file initiated.
● Investigating any network behavior that occurred like external callouts or lateral movement.
● Determine the severity of an incident and running escalation procedures.
● Running the IPS command to either kill, quarantine, rollback or blacklisting hashes values.
● Often programs that were not malicious were identified by S1 incorrectly, so tuning our instance by whitelisting the appropriate hashes or commands was necessary.
● Access Management - Reviewing roles to verify access levels. Removing the permissions for offboarded employees.
● Inventorying and removing all non essential programs, including remote access tools from the network.
● Closing non needed ports and opening them to specific ranges required for services to run.
● Promoted to team leader, trained and mentored junior analysts to improve their threat hunting and analysis skills, verified their findings were correct before remediation.
● Handled multiple clients security and networking operations at the same time, protecting over 1,000,000 total end users across clients.
● Monitoring, analyzing and investigating network traffic events across over 20,000 devices.
● Handled communications with major US cities while staying calm under pressure during “Acts of God” such as major flooding and tornados.
MemorialCare Healthcare System
Lead analyst for over 20 locations 250,000+ patients monitor over 10,000 endpoints from mobile devices to medical cabinets
● Qradar SIEM investigation of suspicious behaviors such as external or lateral connections across servers
● Forensics activities i.e. pulling a laptop for log analysis or opening malware files in a contained virtual machine
● Remediation via white/blacklisting hashes and IPs, file deletion and/or escalation
● Presented quarterly security briefings to management, explaining security concepts to a non-technical audience
● Traveled to clinics to identify unknown devices in the network behaving suspiciously, working with hospital police
● Found over 500 instances of Remote Access Tools (RATS) & Potentially Unwanted Programs ( PUPS )
● Investigated into a vendor affected with Ransomware, identified who had access to MHS environment and if MC was in any potential danger of infection
● Implemented threat intelligence platform IBM x-Force, Fireeye AT&T, Alienvault feeds to monitor against 0 days and new threats as a part of the global security community Education & Certifications
Fisk University BS in Computer Science 2011-2014
Georgia Institute of Technology Polymer Engineering 2008-2011 Certifications: Security+ AWS Cloud Practitioner Palo Alto Sales Executive Foundation Palo Alto Accredited Systems Engineer Foundation
Contact this candidate