Sign in

Theodore Nchako - Cyber Security

Atlanta, GA
May 13, 2020

Contact this candidate


Proven professional who is driven, goal-oriented, with project management experience. Excellent communication and leadership abilities. Strong team player who can analyze systems for vulnerabilities, harden systems, maintain patches, and investigate threats. Seven years of information security experience including NIST Risk Management Framework, Intrusion Detection, SOC Analysis, Incident Response Planning and Security Assessment and Testing.

7 Years of Cybersecurity, Network and Information Systems Management Experience

Summary of Competencies

Applies current Information Assurance technologies to the architecture, design, development, evaluation, and integration of systems and networks to maintain system security.

Assisting with the development of processes and procedures to improve incident

response times, analysis of the event, and overall SOC management.

Able to analyze cyber threats, the discovery of IT vulnerabilities, monitoring

for cyber intrusions, network troubleshooting, and respond to security incidents alerts using security applications / various tools.

Anazlzed packets and frames, for various protocols, to inspect TCP / UDP traffic in assessing data to and from network hosts.

Created policies and SOP’s for organizations to adhere to, in order to maintain compliance with PCI standards.

Under FISMA guidelines, conducted security risk assessments and annual tests on various IT systems and evaluated those systems for vulnerabilities and reported remedial actions to address vulnerabilities found within the systems.

Assisted multiple client HR departments and network engineers in understanding and impelenting encryption requirements under HIPAA privacy and security rules for the transmission of PHI, for internal employees.

Designed and deliver Encryption, key management and PKI related solutions.

Documented and reviewed System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO) for multiple organizations.

Experience of DNS, Kerberos and Windows Authentication, to include validation with other technologies for Single Sign-On and federated systems. Familiar with TACACS +.

I have a sound understanding and experience with the NIST Risk Management Framework (RMF) process and the compliance / assesment requirements through FedRAMP to cloud computing services to ensure safeguards.

Assessed cloud computing environment using the CSA CCM domains, to align my clients cloud based needs with regulatory security compliance.

Worked with management to ensure security recommendations complied with company procedures and performed the security impact analysis of proposed changes.

Provided remediation recommendations for any new weaknesses on assigned systems before being implemented in various production environments.

Performed risk assessment and ensured that proper protection or corrective measures are in place for vulnerabilities identified during the assessment and audits process from third-party auditors.

Reviewed and updated system artifacts like Contingency Plan (CP), Continuity of Operations Plan (COOP) Disaster Recovery Plan (DRP), Business Continuity Plan (BCP) to ensure they remain current for the resource requirements and recovery priorities based on conducted Business Impact Analysis (BIA).

Reviewed and updated Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M) Reports.

Prepared and assembled an Authorization package including authorization letter and submitted to the Authorizing Official (AO) for Approval of system operations under NIST RMF 800-37.

Trained users on risks, social engineering, security controls, and best practices to ensure the security and safety of assets.

Designed, configured, and implemented threat management using Splunk ES, which provided Real-Time Log analysis from different devices such as Firewalls, IDS, IPS, Proxy Servers, Windows Servers, System Application, Databases, Web Servers, and Networking Devices.

Technical Skills Profile

Risk Management

Followed NIST Risk Management Framework to ensure quality in Cyber Security Risk Management.

Network Security

Worked with NAC, Virtualization, Endpoint Security, DLP, Email Security, Mobile Security, Wireless Security, and Firewalls to create and maintain a hardened environment. Firm understanding of OSI layers 2,3 and 4 to include frames, packets, headers and how the TCP / UDP stack operates.

Threat Assessment

Used various threat assessment tools such as Akamai and Fortinet to analyze and determine the threat landscape to prevent data breaches and external intrusions.

Vulnerability Assessment

Performed compliance checks, sensitive data searches, IP scans, website scans, and general weaknesses.

Security Event Management (SEM)

Security Information and Event Management (SIEM)

Leveraged various SIEM platforms to automate and analyze a daily throughput of terabytes (TBs) of ingested data to provide network enumeration, monitoring, and analysis on different Enterprise network environments to endpoints.

Analysis and Assessment

Threat assessment, event analysis, active analysis, log analysis, Vulnerability Assessment, Threat Intelligence in according to PCI, HIPAA, NIST, ISO and FISMA standards.


Wireshark, IronPort, Nessus, SolarWinds.

Incident Response

Proofpoint, FireEye, Incidence Response Process.

Disaster Recovery Planning

I am skilled in creating customized DLP plans for enterprise organizations.

Computer Network Defense (CND)

Used NIST, ISO, CSA CCM, FISMA and FedRAMP standards to implement and maintain a secure network defense in tandem with approved cloud services that could access network resources.

Computer Network Offense (CNO)

Conducts penetration testing, vulnerability testing, and threat assessment to identify vulnerabilities, analyze threats, and implement countermeasures.


Plan of Action and Milestones (POA&M).

Standards Development Organizations (SDOs)

Professional Experience Profile

Senior Network Security Analyst

Dick's Sporting Goods-Oakdale, PA July 2017-Present

Performed network sweeps to locate and identify rogue devices and undocumented changes to inventory.

Created Standard Operating Procedures for specific team tasks and responsibilities that are still in use today

Responsible for creating, maintaining, and enforcing Information Security Policies and Procedures in compliance with PCI-DSS regulations and NIST cybersecurity best practices.

Worked with IT teams to assess weaknesses, identify solutions, and develop strong security policies.

Firewalls and database activity monitoring to maintain confidentiality, integrity, and availability of the network environment.

Conducted continuous analysis of network-systems data traffic using SIEM tools such as Splunk and IBM's Resilient Systems. Monitor and analyze network traffic with Source-Fire and Stealth-Watch Intrusion Detection systems.

Reviewed general cybersecurity support systems for vulnerabilities and threats, including patch management, weak password settings, and soft configuration settings.

Deployed, configured, and maintained Splunk forwarder on different platforms.

Performed proactive contiguous network monitoring and threat analysis for various subnetted networks.

Reviewed and apporved PKI governance documents such as the CPS and CP documents for encryption.

Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEMs (SourceFire, Tripping Point) and firewall alerts.

Examined and probed large sets of data on clients' portal to detect fraudulent activities.

Configured and installed Splunk Enterprise for the user and role authentication and SSO.

Investigated the identification and processing of phishing emails, phishing campaigns: spear to whaling and all points in between.

Trained others on the detection and processing of malicious email attachments -Sandboxing/decomposition analysis of various payloads using different tools and techniques.

Network Security Analyst

Pinnacle Financial Partners, Nashville, TN Jan 2016-July 2017

Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional.

Provide administrative assistance during incident response.

Educated other company associates on security best practices, company security standard operating procedures (SOP's), and network resource acceptable use policies.

Pinpointed the locating of malicious software/files on servers or endpoint devices by using of Tanium and SCCM.

Helped network engineers to ensure that network segments that processed PCI information were properly encrypted before being transmitted across the internet.

Providied configuration management support in the operation of a number of PKI systems deployed for the client.

Designed and implemented dashboards and search rules on SIEM systems.

Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems.

Supervised associates that hunted for threats and assisted them in incident response procedures.

Consulted with network engineers on support of internal and external DNS systems. Assisted in management and support of internal DHCP architecture and scoping on routing devices.

Consulted heavily on the requirements of PCI for external customers of Pinnacle.

Educated internal staff on the encryption requirements for PCI-DSS and guided the client through out the entire process of being compliant, as well as educating Pinnaces business partners on PCI.

Evaluation, testing and certification of cyber related products including encryption, PKI management and access control services.

Educated several of Pinnacles healthcare clients on how to protect HIPAA data at rest, in use and in transit as a professional courtesy for Pinnacle.

Consulted with Pinnacles medical clients and surgery centers in securing their networks for HIPAA data transmission and PCI-DSS data transmission.

Improved upon the organizational incident response techniques.

Enhanced mitigation and reaction capabilities through threat emulation and proactive analysis of network intrusion events and incidents, which led to a decrease in false positives/negatives.

Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.

Operated industry-standard investigation tools such as Splunk, EnCase, FTK, IBM's Resilient, IDA Pro, tcpdump, and Wireshark.

Deployed, configured, and maintained Splunk forwarder on different platforms.

Facilitated FISMA Continuous Monitoring Test Cases NIST 800-53 Rev 4 Update, and updated the controls changes from NIST-800 53 rev. 3 to NIST-800 53 rev. 4 and control assessment changes from NIST-800 53A to NIST 53A rev4.

Reviewed cload based services for security levels and their ability to protect data according to FedRAMP standards.

Consulted on the design and develop of authentication, authorization, auditing, data at rest encryption, and other security features referencing CSA CCM control objectives.

Network Security Analyst

ArcelorMittal - Burns Harbor, IN Jan 2014-Jan 2016

Scanned operating systems using SCAP, SRR, and Gold Disk for independent security analysis (verification and validation) of software security configuration metrics.

Analyzed information assurance (IA) requirements related to customers, organization, infrastructure, and support services.

Knowledge of IAS (internet authentication service and network policy service)

Studied and investigated security breaches to determine their root cause.

Recognized potential, successful, and unsuccessful intrusion attempts and compromises through comprehensive reviews and analyses of relevant event detail and summary information.

Harvested, preserved, and forensically analyzed electronic data from hardware and software.

Analyzed software vulnerabilities obtained from scanning to determine risk, impact, and remediation plans.

Reviewed and updated Cybersecurity documentation on an annual basis.

Applied fundamental understandings of information security policies, standards, procedures, and best practices to assist in developing a risk management policy on a functional level.

Developed and maintained security Implementation policies, procedures, and data standards.

Executed security data management plans for the collection of data, scheduling, and review clarification and reporting systems.

Monitored global NIDS, Web Application Firewall, and log correlation tools for potential threats in the Cloud or customers on-premises infrastructure.

SOC Analyst (Security Operations Center)

Holder Construction, Atlanta, GA Sept 2012-Jan 2014

Monitored security patch implementation according to the patch management plan on servers, workstations, and network environments. Managed updates for anti-virus software on systems.

Acted as a critical member on a hand-picked team within a SOC dedicated to solving complex and evolving problem sets, where I specialized in network-based solutions for growth and expansion.

Executed proactive network monitoring and threat analysis.

Analzyed the TCP / UDP traffic and turned off UCMP protocol on servers that housed sensitive business information.

Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEMs (SourceFire, Tripping Point).

Examined and investigated large sets of data on clients' portal to detect fraudulent activities.

Reviewed provided or requested Artifacts and Plan of Action & Milestones (POAMs) to determine if controls are implemented correctly.

Responsible for completing threat analysis using Security tools (BlueCoat, Qradar, FireEye, Symantec Endpoint Protection, Splunk)

Supplied weekly status reports to managers.

Performed incident handling within the incident response lifecycle (detection, triage, analysis, mitigation, reporting, and documentation).

I performed a vital role in change management procedures by auditing and evaluating change management logs for accountability purposes.

Coordinated with application teams to implement encryption and tokenization solutions for level six processes on the OSI model.

Practical working knowledge of network (Cisco routers and checkpoint security practices)

Monitored traffic for irregularities based on information received from various sources, alerts, and tickets generated by internal non-security staff and endpoint devices.

Reviewed and analyzing log files to report any unusual or suspect activities.


Bachelor's Degree in Cyber Security, Oklahoma State University, Okmulgee, OK


CompTIA Security +

CompTIA Cybersecurity Analyst (CYSA+)

Certified in Risk and Information Systems Control (CRISC)

Contact this candidate