Security Information

PROFESSIONAL SUMMARY

U.S. Marine Corps Veteran with over 25 years of Security Operations leadership experience that includes employing Encase Cyber Security, Network Access Control Net – FTK/Witness Investigator and Informer; ArcSight 6 Console, Logger and Express; Fire Eye Email Protection, Fire Eye Web Protection, En Circle, Jump Server, Blue Coat, Snort, ASA Firewall, SCCM, Splunk, and Sourcefire. Meticulous and dedicated professional with experience abiding by Security Operations Guideline protocols NIST, US Cert, and FISMA Framework.

CERTIFICATIONS

North American Electric Reliability Corporation (NERC)

Federal Energy Regulation Commission (FERC)

CISSP – ISSAP Boot Camp (Currently in progress)

EDUCATION

Walden University: PhD, Security Management – 2018

Strayer University: MBA, Information Security Management – 2009

Strayer University: BA, Business Management – 2008

SECURITY TOOLS

NBT Scan

Metasploit

CORE Impact

Cylance

Splunk 6.4

Palo Alto

ASA Firewall

Splunk SIEM

Source Fire

Checkpoint

McAfee

Nessus

Aircrack Retina

HP Logger

EnCase Enterprise

HP ArcSight Console

Fire Eye Web Protection

Fire Eye Email

TCP Dump

Web Sense

Protection

Symantec Endpoint

Protection

Net Witness Investigator FTK

Blue Coat

PROFESSIONAL EXPERIENCE

IBM Security Manager December 2019

Configured security tools and writing security play books and conducted tabletops

Perform incident investigations, determining the cause of the security incident while preserving evidence for chain of custody with internal and external partners

Analyzed malware behavior, network infection patterns and security incidents

Knowledge of network security capabilities and solutions, including firewalls, intrusion detection and protection systems (IDS/IPS), SIEMs, host-based security, network vulnerability scanning, IP encryption, bulk encryption, data protection (DAR & DIT), identity and access management (or cross domain solutions (CDS)

I use/and train teams Toolkit, MSF console, Nmap, Cobalt Strike, Remote attack, Client-Side Attack, Blind Side Attack, Social Engineering Attack, and Fuzzing Attack/DoS--MITM (Man in the Middle Attacks)

Identified potential malicious activity from packet captures and analyzing log files.

I trained incident response Team/ Red Team/ Blue Team / SOC Team 48 Reports

Used Intrusion Detection/Prevention Systems daily, perform in-depth as a Blue Team/Red Team expert and point man for the SOC analyst/ vulnerabilities team conducting incident response events and threat intelligence for the corporate enterprise

Experience with multiple attack vectors such as: Malware, Trojans, Exploit Kits, Ransomware and Phishing, and Botnet.

Reviewed logs and vulnerabilities utilizing CIRATS (Compliance Issue Risk and APAR Tracking

Interface with technical personnel from various disciplines to rapidly resolve critical issues

Appropriately inform and advise leadership of incidents and propose effective response and/or countermeasures for containment

Participate in knowledge sharing with other security engineers and partner

Threat Intelligence Assessment

Assist, and/or perform, comprehensive threat intelligence assessments. This may include Utilized digital forensic tools including Guidance EnCase/FTK

Prepared, arranged, and tested Splunk/Arc Sight search strings and operational strings.

Analyzed approximately 10 classified network security intelligence reports daily

Specialized in network centric analysis utilizing a variety of tools and techniques such as Network Security Monitoring, log analysis, and more.

Monitored, detected, and analyzed network traffic for malicious activity and provide reports.

Used net-witness to analyze PCAPs Integrated numerous types of cyber security data feeds into Arc Sight HP

Conducted penetration testing on DoD network defense mechanisms externally utilizing various methods and techniques (withheld for operational security). Tools: Metasploit, Armitage, SE

Security Engineer hands On Director - June 2017-2019

(SAIC)

Developed, evaluated, and documented specific metrics for management purpose.

39 Reports, and I oversee 3 locations. Build many SOC” s from ground zero until go live

Trained Splunk security team members for complex search strings and ES modules.

Knowledge of installing, configuring, operating, maintaining, and using security appliances and solutions (SIEM systems, firewalls, IDS/IPS)

Experience working with vulnerability assessment and testing tools like Kali Linux, Nessus, IBM AppScan, Burp Suite, IDAPro

Knowledge of common security controls, detection capabilities, and other practices / solutions for securing digital environments, to include packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus and other host-based monitoring, email monitoring and spam technologies, SIEMs

Experience with deploying and managing a large SIEM deployment

Experience with deploying and managing SIEM, NAC, or IPS appliances

Analyzed security-based events, risks, and reporting instances.

Utilized Mandiant and FireEye technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence executed systems programming activities and supported data center activities.

Sr. Security Manager (Hands On) - December 2014-Novermber 2016

ENGILITY CORP

Managed the team responsible for threat intelligence, incident response, forensics, vulnerability scanning, web application scanning, data loss prevention and malware. Monitored, detected, scanned, recorded, audited, analyzed, investigated, reported, remedied, coordinated, and tracked security-related "events" such as signs of intrusion, compromise, misuse, and compliance. Utilize provided sensors, systems, tools to monitor networks and systems for signs of intrusion, compromise, misuse, and non-compliance

I perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output. Performed patching and vulnerability scanning and network discovery

Tracked and resolved security non-compliance issues and patch advisories) (Plain of Action).

Provided trend analysis for correlated information sources and network data including event logs, IDS, and network captures.

Provided trend analysis for correlated information sources and network data including event logs, IDS, and network captures.

Utilized Splunk SIEM/ArcSight daily to upkeep and identify any common threat. Reported to document security incidents that occurred during my shift.

Conducted onsite penetration tests from an insider threat perspective.

Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network

Performed network traffic and deploying tools and create dashboard Splunk/Config

Used Blue Coat against web threats to intercept all web bound traffic

Oversaw 3 locations and ensure business is running normal and place out major events at remote locations addition responsible for SLA, Training, Policy, SOP and closing all investigate reports before send to US CERT/ Addition Writing security Play books

Security SOC Manager – August 2010 – 2014

CDI Supporting/IBM

Implemented Nessus on the network, actively installed/aided in patching, and significantly reduced the number of vulnerabilities on the servers. Lead of weekly vulnerability scans (Nessus & McAfee Found stone.

Reviewed logs and vulnerabilities utilizing CIRATS (Compliance Issue Risk and APAR Tracking System-PCI, SOX,) enabled IBM Integrated Technology Delivery to document, track, and resolve security noncompliance issues and patch advisories.

Utilized Aruba 802.11ac wireless access points/create rules/SSID

Utilized ArcSight, Symantec, Splunk, Net witness, and EnCase Enterprise.

Performed regular health checks for ArcSight ESM, Logger and the Connector Appliance.

Used major tools and continued to check log files for system errors or down connectors and resolve any issues that affected the performance of the SIEM801.

Created and maintained Arc Sight content based on latest threats, suspicious/anomalous traffic, and signatures for anti-virus (AV) or Intrusion Detection System (IDS) solutions.

Monitored Arc Sight feeds to discover, analyze, and suggest remediation actions for security threats to the IBM network.

Active Duty/ Marines -December-1999 November 2010

Managed and executes multi-level responses and addresses reported or detected incidents

Performed information security incident response and incident handling based on risk categorization and in accordance with established procedures

Performed hunting for malicious activity across the network and digital assets

Worked with a cross-functional team, drive improvements to policies and processes within the law enforcement response team

Coordinated with internal partners and external law enforcement agencies to aid people in crisis.

Identified incidents and make recommendations to protect the network

Assisted in the administration and integration of security tools to include new data/log sources, expanding network visibility and automation.

Responsible for monitoring client networks to detect suspicious and malware and hostile activity that would jeopardize the integrity of information systems. Responsible for reviewing logs/ Vulnerabilities from various security tools

Contact this candidate