Albert Daissala - Cyber Security
Resume:
Experience Synopsis
**+ years’ experience in the IT and IT Security, Threat Management, Risk Management, and Vulnerability Assessing.
High proficiency in OS fingerprinting, Banner Grabbing, Network Mapping using enumeration tools such as Wireshark, Nmap, Metasploit, John The Ripper, Aircrack, Burp Suite, Cain and Abel, SQLMap, Kali Linux, Nessus, Ettercap, Burp Suite, Aircrack, Snort, Webroot.
Experienced in performing vulnerability analysis for risk management using Tenable Nessus, OpenVas, Acunetix, Qualys, GFI Languard, and Owasp Zap.
Involved using encryption and hashing tools and techniques AES Crypt, BitLocker, Steganos Locknote, MD4 hashing calculators (for file integrity checking).
Skillful with SIEM tools such as Snort, Splunk, FireEye HX/NX, AlienVault for evaluating network attacks and alerts. I also used those alerts for preliminary threat hunting.
Advanced knowledge of cybersecurity, penetration testing, and vulnerability remediation.
I am trained in Windows and Linux products for support, scanning, troubleshooting, end-user support, and management of security applications.
Qualified in migrations, deployments, support, and troubleshooting.
Used tools for security and penetration testing (such as Kali Linux, Metasploit)
Highly trained and adept in applying compliance regulations to harden the confidentiality, integrity, and availability of information systems.
Proficient in assessing client security systems using NIST Publications 800-53A, 800-53, 800-37, FIPS 199, FIP 200, OMB A-130, ISO 27001, COBIT, HIPPA, and all related appendices.
In-depth knowledge of FIPS guidelines, System Security Plan (SSP), Security Assessment Plan (SAP), SAR, Plan of Action & Milestone (POA&M), Risk Assessment (Impact Analysis), and Contingency Planning.
Implemented practical use of the cybersecurity kill chain for cybersecurity forensics investigations.
Great problem solving and analytical skills needed for effective product delivery.
Ability to adapt and deliver in a fast-paced and time-sensitive environment.
Strong communication skills in both English and French.
Competent in IT configurations, monitoring, and troubleshooting techniques.
Experience in Oracle/ SQL / Databases, SAN/NAS/DAS/CIFS, Disks, Storage, & RAID Groups.
Deployment and design of Cisco routing and switching devices: ISR 4000 routers, Cisco ASA firewalls, PoE Switches, Cisco smart switches and, Meraki Networks
Technical Skillset and Toolset
●Application:
Exchange 2010, Skype 2015, Microsoft TEAMs, Windows Server 2003, 2008, 2012, 2016, Citrix, VM Ware, Hyper-V, Splunk, Wireshark, Nmap, Linc, Unix, Skype for Business
●Scripting:
PowerShell, VB Scripting, Java, Bash
●Networking:
WireShark, DNS, Snooper, IPV4/IPV6, Subnetting, DHCP, N-Map, Switches, Routers, TCP/IP, Ethernet, SSH, LAN/WAN, Active Directory, Subnet Configuration, Network Support, WAN, VPN, DNS, DHCP, WAPS, Network Security, Cisco Equipment, Firewall Configurations
●Tools:
Wireshark, Metasploit, John The Ripper, Burp Suite, Cain and Abel, SQLMap, Kali Linux, Nessus, Ettercap, Burp Suite, Aircrack, Snort, Webroot, Acunetix Vulnerability Scanner, Qualys, Nikto, Fortinet Fortigate, Shodan, Process Explorer, Netcraft, ZoneAlarm Firewalls
●Frameworks:
NIST Cybersecurity Framework, SP 800-53, RMF SP 800-37, ITIL, ISO/IEC 27001, COBIT
●Regulatory Compliance
HIPAA, SOX, PCI-DSS, GBLA, EU GDPR, FISMA, CIPA, COPPA, FERPA, CA-CCPA, State data breach notification laws.
Certifications and Training
EC-Council Certified Ethical Hacker
CompTIA Security+
CompTIA A+
CompTIA Server+
Splunk Essentials
Netapp Certified Data Administrator, Ontap 7-Mode, 2016
Microsoft Technology Associate Database Certified, 2016
IBM System and Process Certified
RICOH System and Process Certified
Advanced Network Defense
Cisco Routing and Switching
Cisco Adaptive Security Appliance
Experience
Acethia LLC
Brookeville, MD
Sr. Cybersecurity Analyst / Security Engineer (June/2017 - Present)
To ensure data integrity, availability, and confidentiality, I had to monitor and document findings on various threats using security tools such as:
Arachni, mostly used for web application monitoring, and SQL and XSS injection.
Create and maintain use cases for recurring investigation/ incident, threat, and cyber threat, Wireshark in this role helped provide both offline and live capture analysis.
Engaged in Threat hunting activities in the network, BeEF (Browser Exploitation Framework) helped in checking web browser for any attacks.
Conducted hands-on security testing, analyzed test results, document risks, and recommend countermeasures.
Analyzed given situations to determine which security testing approaches.
Performed manual Penetration testing and communicated findings to both business and web developers.
Performed security reviews of application designs and source code review.
Developed testing scripts and procedures.
Established and applied online security procedures.
Collaboration with stakeholders to revise security guides and address existing concerns.
Updated security software to prevent database security threats.
Applied system recovery methods to reduce losses should an incident occur.
Evaluated system access controls and monitored database access based on permissions.
Revised cybersecurity protocols/procedures and created efficient training processes.
Assembled daily database logs to build reports to identify potential vulnerabilities.
Safeguarded conformity with internal and external email security standards.
Recommended software updates and oversaw patch management procedures.
Developed internal processes and standards for threat intelligence workflow.
Deescalate and manage customer related escalations.
Ensured all Service Management procedures are being followed and SLA’s met.
Developed mitigation and countermeasure strategies from collected threat intelligence.
Maintained and helped develop operational procedures for the team to use in the daily operation.
Translated complex information sets into concise labels to assist incident response efficacy.
AlphaHill LLC,
Washington, DC
Sr. Security Control Assessor, (Jan/2013 - April/2017)
Demonstrated knowledge of processes, procedures, and regulations, using Nessus, I was able to perform scans of the entire system and provide an overview of the network vulnerabilities.
Conducted security assessment on assigned systems to ensure FISMA compliance following NIST SP 800-53 rev 4, NIST 800-53A, and FIPS.
Applied knowledge of Intrusion Detection/Prevention Systems and rule/signature writing.
Delivered cooperation to partner agency cyber threat analysis entities to communicate and share threat information across the cybersecurity community.
Evaluated and reported cyber threats as well as aided in preventing, detecting, examining, studying, and analyzing computer and network intrusions.
Supplied support in the discovery, reaction, mitigation, and exposure of cyber threats affecting client networks.
Contributed to delivering status reports and updates to stakeholders to give analysis for correlated data sources.
Applied extensive knowledge of networking principles, routing protocols, TCP/UDP/IP stack.
Populated and sustained an active intrusion database and delivered data analysis support; evaluating data from logs, sensors, network devices, alerts, and running applications using SIEM tools, log servers, application interfaces, and third-party applications such as process explorer.
Assessed information system controls on various platforms and devices to include Windows, Linux, UNIX operating systems, Databases, and Networks devices.
Conducted regular assessments on assigned systems to ensure the renewal of systems ATO.
Teamed up with the CISO to create and manage POA&Ms for system vulnerabilities and tracked metrics to ensure that they are effective, remediated, and closed.
Meticulously reviewed information system documentation, for example, Security Assessment Reports (SAR), System Security Plans (SSP), and Executive Summaries to confirm FISMA conformity.
Operated in a team to ensure that deliverables were completed with the highest quality and submitted in a timely manner per FISMA specification.
COMSYS Systems
Atlanta, GA
Security Analyst, (April/2010 - Jan/2013)
Provided risk-based surveillance of organization information.
Performed sniffing and penetration testing, provided mechanism against sniffing, using tools such as RSA Netwitness Investigator, TCP dump.
Performed Mac and DNS Spoofing, ARP poisoning to provide a better overview of the vulnerabilities of the system, using tools such as BetterCap and Ufasoft snif.
Handled Certification and Accreditation (C&A) actions correlated to certification of the US-VISIT core mission and support systems, for the development of system releases.
Organized system security evaluations centered on NIST SP 800-53.
Produced security documents, system security plans, including security assessment reports; contingency plans; and disaster recovery plans.
Reinforced security tests and evaluations (ST&Es).
Supplied security support and assessment to development teams in order to incorporate information assurance/security during the course of the System Life Cycle Development of application releases.
Designed and tracked POA&Ms using Trusted Agent FISMA (TAF).
Developed FIPS-199 worksheets and E-Authentication.
STS Telecom
Atlanta, GA
Network Engineer, (February/2008 – April/2010)
STS Telecom was acquired by Earthlink in late 2010 or early 2011.
Improved networking connectivity issues in wireless, routing, and switching using the OSI model methodology.
Regulated network topology, arranging, and configuration for WLAN upgrades for coverage in inter-office areas, large-scale industrial warehouses, and open-air layouts.
Completed configurations for routers, switches, wireless AP's, and WLAN controllers using Cisco hardware.
Incorporated new company procurements and unions including new circuit infrastructures, equipment upgrades, and comprehensive walkthroughs with onsite technical staff.
Monitored performance, security and analyzed network irregularities using inline protocol hardware.
Technology Support Help Desk Solutions
Atlanta, Ga
System Administrator, (March/2004 - February/2008)
Performed multiple DNS configurations, facilitated troubleshooting, and customized DHCP and Active Directory issues. Responsible for providing server hardware support including installation, memory, Hard disk, cards and CPU upgrades, and hardware repair.
Implemented and configured virtual environment through VMware, Virtual Box.
Maintained records of every communication transaction in the call tracking system, including problems, and remedial actions are taken, next steps, and contacts to resolution.
EDUCATION
Kennesaw State University - Kennesaw, Georgia
BACHELOR OF INFORMATION SYSTEMS
Westwood College - Atlanta, Georgia
ASSOCIATE DEGREE IN COMPUTER NETWORK ENGINEERING
Contact this candidate