Eldrick Kennedy - Cyber Security
Resume:
Cyber Security Analyst & Network Security Administrator with 7 years of experience specializing in SIEM (Security information and event management), endpoint detection and response for real-time monitoring and collection of endpoint data with rule-based automated response and analysis capabilities, data loss prevention, authentication, frameworks and guidelines such as regulatory, non-regulatory, national, international, vendor-specific, platform-specific, and industry-specific. Capability to clearly convey complicated ideas, written and verbal. PCI compliance experience encrypting the transmission of cardholder data across an open, public network, updated regularly and patch systems, restrict access to the cardholder data to business need to know, implemented logging and log management, documented and conducted risk assessments such as quantitative and qualitative assessments. Ability to communicate complicated subjects to those who may not have much of a technical background, such as "C-suite executives."
7 Years of Network Security, Information Assurance, Risk Management, and IT infrastructure and Systems Management
Summary of Competencies and Skills
Experience and understanding of the architecture, administration, and management of operating systems such as (Linux distros, Windows, IOS), networking and virtualization software.
Experience in programming languages, including Java, C/C+, disassemblers, assembly language, and scripting languages (PHP, Python, Perl, and/or shell).
Implemented hardware & software firewalls, application-level firewalls to monitor incoming and outgoing traffic to secure network, such USG (Unifi Security Gateway) which enabled deep packet inspection, the ability to monitor traffic before it reached the local network, and Cloudflare WAF which was cloud-based and combined with DDoS (Distributed Denial of Service) protection.
Improved, protected, and secured communications by applying and using tools such as but not limited to, “Proton Mail” and “Tutanota” which provided automatic email security and both supported end to end encryption.
Administered, managed, and secured networks deploying tools such as "Nagios," OpenNMS, and Capsa Free to monitor network traffic along with display devices connected to the network to ensure authorized usage.
Installed, upgraded, and installed software's such as McAfee Antivirus, Kaspersky, ZoneAlarm HFW, Malwarebytes, MobileIron, and other MDM solutions.
Configured network firewalls (Cisco ASA, Firepower, Meraki) in-between internal network servers.
Analyzed system logs and identified potential issues with computer systems using tools such as Loggly which allowed me to spot trends in logs with rich views and graphs and GoAccess terminal-based analyzer to view web-based activities in real-time without the use of browser.
Added, removed, and updated user account information, resetting passwords, and troubleshot account lockouts with tools such as Netwrix Account Lockout Examiner and Powershell to filter log events related to a certain account to determine the initial cause of the lockout.
Responsibility for User Account security and implemented a change management policy to enforce changes and/or configurations made to systems.
Experienced in Kerberos, RADIUS (for Wi-Fi), and Windows Authentication, including validation with other technologies for Single Sign-On and federated systems. (e.g. TACACS +).
Experience specializing in data loss prevention to prevent data breaches, and data exfiltration transmission by monitoring, detecting, and blocking sensitive data while in motion and at rest implementing tools such as SolarWinds data loss prevention with ARM, Comodo MyDLP, Code42, and CoSoSys endpoint protector.
Experience in IDS/IPS monitored events occurring within the network and analyzed them for signs of possible incidents, violations, and/or imminent threats to implemented security policies.
Applied and used Two-Factor Authentication to improve security measurements such as identification, authentication, and authorization.
Improved, supported, and protected data/cloud storage by deploying encryption tools such as “Box Cryptor” which encrypted data on devices before they were synchronized to the cloud
Conducted Vulnerability Scans within organization networks with tools such as OpenVAS, Tripwire IP360, Nessus and Nexpose.
Implemented DMZ network for public based servers that were susceptible to being remotely rooted to allow separation of "private" and "trusted" network.
Managed and assisted in network infrastructure to improve hardware and software resources of the network that enabled network connectivity, communication, operations, and management of the network, deploying tools such as "Dynatrace," "ScienceLogic" (SL1), and Spiceworks.
Ensured that the network infrastructure was up and running by performing authorized penetration testing with python GUI application tool called SPARTA that allowed me to also run NMAP and/or import NMAP XML output.
Trained users to properly access and use accounts by implementing the least privileges and/or role-based access control.
Configured and implemented threat management using Splunk ES, which provided Real-Time Log analysis from different devices such as Firewalls, IDS, IPS, Proxy Servers, Windows Servers, System Application, Databases, Web Servers, and Networking Devices.
(MDM) Mobile Device Management with MDM software such as IBM Maas360 to manage corporate devices by written policies within IBM Maas360.
Enforced (BYOD) Bring Your Own Device regulations and guidelines to include the definition of requirements, device selection, developed policies, security, and support.
Performed Android OS vulnerability scanning, using an X-ray scanner to determine whether vulnerabilities that remain unpatched through your carrier.
Installed and configured new hardware and software such as hard disk drives, motherboards, video cards, and power supplies. Implemented Intrusion detection software like SolarWinds Security Event Manager, Kismet, and Security Onion. VPN Software, Firewall (Comodo, GlassWire, ZoneAlarm, & Peer Block (application and host-based), and Time-lapse Software (D-Software Cam Control).
Configured, added, and deleted file systems using tools such as ERASER, WIPEFILE, and
BITKILLER.
Implemented operating system updates, patches, and configuration changes using OUTDATEfighter tool for batch, individual updates and to configure those default settings for updates and patches.
Solid written communication and presentation skills.
Efficient written, verbal, and listening communication skills with excellent analytical abilities
Robust collaborative abilities and established capability to perform in a varied team of security specialists.
I possess a high-level proficiency in particular job-related skills that are required for precision and attention to detail.
Incident Response - critical thinking, analytical, and superb consultation skills around IT events and incidents.
Formidable detailed, technical writing skills.
Great analytical, problem resolving, and consulting abilities with experience in cybersecurity and correlated technologies.
Technical Skills Profile
Risk Management
Implemented & followed (GDPR) General Data Protection Regulations, NIS (Network and Information System Regulations), (PCI-DSS) Payment Card Industry Data Security Standard, NIST SP 800 – 37, (ISO 27001) The International standard for information security management.
Network Security
Experience in NAC, Virtualization, Endpoint Security, Data Loss Prevention, Email Security, Mobile Security, Wireless Security, and Firewalls to create and maintain a hardened environment.
Threat Assessment
Deployed threat assessment tools such as RMS Studio and ISO Etrix to analyze and determine the threat to prevent data breaches and external intrusions.
Vulnerability Assessment
Performed web application scanning, network scanning, Host-based scanning, build assessments, and database assessments, environmental scans, and external/internal scans.
Security Event Management (SEM) and Security Information and Event Management.
Operated various SIEM platforms to automate and analyze a daily throughput of terabytes of ingested data to provide network enumeration, monitoring, and analysis on different Enterprise network environments to endpoints.
Analysis and Assessment
Threat assessment, event analysis, active analysis, log analysis, Vulnerability Assessment, Threat Intelligence in according to PCI, HIPAA, NIST, ISO, and FISMA standards.
Monitoring
Wireshark, Nessus, SolarWinds, Microsoft Message Analyzer, Nagios, OpenNMS, Capsa Free, Splunk, Telerik Fiddler, Network Minor, Pandora FMS, and Zenoss Core.
Incident Response
Incidence Response Process (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned or (AAR) After Action Review.
Disaster Recovery Planning
Highly skilled in creating, presenting, and implementing DRP to include preparation, response, recovery, and mitigation.
Computer Network Defense (CND)
Essential knowledge of the actual construct of data, network defense and architecture, the application of network security protocols, border appliances, Secure IDS, VPN and firewall configuration, analysis, and vulnerability scanning.
Computer Network Offense (CNO)
conducted penetration testing, vulnerability testing, and threat assessment to identify vulnerabilities, analyze threats, and implement countermeasures.
Documentation
Standards Development Organizations (SDOs) within Unites States systems to include contact information, the scope of standards development work, and their international activities by geographic region.
Professional Experience Profile
Sr. Cyber Security Analyst
18th Montana Democratic - Billings, Montana
August 2018-Present
Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.
Documented policies and procedures in support of Risk Management Framework (RMF) process.
Worked with security compliance policies, programs, processes, and metrics.
Used log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents.
Audited data location and permissions; verified end user, service and administrator access to resources.
Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.
Communicated and engaged with senior management (CISO, CIO, and Directors) and system owners to assure information sharing and timely incident response and risk reporting.
Assisted in the evaluation, testing and recommendation of hardware, software, and network configurations based on customer needs.
Evaluated systems covering for Risk Management Framework (RMF).
Planned, implemented, upgraded, and/or monitored "security measures for the protection of computer networks and information."
Ensured "appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure."
Experienced in working with AWS cloud security.
Responded to "computer security breaches and viruses."
Developed and maintained policies and procedures, as well as creating and maintaining the right time period for changing access rules and passwords.
Gave authorization to requests, as well as performed auditing functions on access rights periodically in line with the required HIPAA policies.
Communicated with IT teams to assess weaknesses, identify solutions, and developed strong security policies and improved upon configurations from evaluating risks and threat hunting.
Implemented scans to effectively detect malicious software and hardware that might be present on the network.
Was responsible for completing statistical and status reports, as well as providing fast and timely responses.
Reviewed general cybersecurity support systems for vulnerabilities and threats, including patch management, weak password settings, and soft configuration settings.
Monitored security events for global security incidents and carrying out the appropriate investigation to discover root causes.
Ensured the identification of required security-related issues, and that they are alerted upon by configuring and establishing monitoring, correlation, and alerting solutions Reviewed and approved PKI governance documents such as the CPS and CP documents for encryption.
Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEMs (Sourcefire, Tripping Point) and firewall alerts.
Carried out configuration and maintenance of the implemented SIEM solution to enable it effectively to detect and notify upon possible security incidents and reduce false alerts concurrently.
Experienced in working with Azure.
Participated in the investigations being performed by the Information Security team.
Produced and maintained dashboards for observing security information for upper-management and cybersecurity engineers, in order to deliver a various degree of network visibility both actual-time and across extended periods within the security environment.
Trained others on the detection and processing of malicious email attachments -Sandboxing/decomposition analysis of various payloads using different tools and techniques.
Performed all work in coordination with various departments.
Ensured upkeep information in relation to Windows Active inventory.
Provided third-grade backup to help desk employees.
Participated in various network administration programs to accelerate multi-functional activities.
Jr. Security Operation Center Analyst
The United States Armed Forces (Army), United States
Jan 2014-August 2017
Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.
Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external web integrity scans to determine compliance.
Responsible for leading and delivering accurate and expedient handling of end-user support requests.
Responsible for creating, maintaining, and enforcing Information Security Policies and Procedures in compliance with PCI-DSS regulations and NIST cyber security best practices.
Worked with IT teams to assess weaknesses, identify solutions and develop security policies.
Firewalls and database activity monitoring maintaining confidentiality, integrity, and availability of the network environment.
Identified and evaluated foreign communications for intelligence purposes, mission support and the handling of classified communications for threat intelligence.
Distinguished variations in communication modes to alert the appropriate personnel within the chain of command.
Intercepted and identified cryptographic communications to evaluate the threat landscape.
Supplied written translation of intercepted foreign communications for security analysts.
Delivered transcriptions and interpretations from foreign communications to the chain of command.
Handled and labeled classified information for the preparation of intelligence reports.
Acted as language and cultural expert for visiting foreign nationals.
Interpreted communications amongst healthcare workers, patients and interpreted crucial forms, documents, procedures, and information for the stated.
Transcribed conversations and proceedings in another language and acted as radio operators working with electronic listening devices, computers, and other equipment in use by the DOD
Applied situational awareness (SA) during a military career, to serve as a means to identify criminal behavior and other dangerous situations with indigenous populations.
Studied human behavior and applied that into training and combat scenarios to establish how these traits can be utilized to enhance the soldier’s ability to recognize indicators of aggression to prevent and mitigate attacks.
Provided support to analyze all risk factors for improvement of computer systems.
Performed expert knowledge to speed up computer-related management programs.
Evaluated and ensured security efficiency and assist in the installation of antivirus to fortify the security system.
Coordinated with various departments, evaluate, and ensure accuracy to all server operating systems.
Managed and implemented network security processes and maintain proper reports for the same.
Documented and provided an upgrade to all information security policies and processes.
Participated in the execution of product-oriented programs and methods for enhancement of computing systems.
Maintained and ensured effective protective measures to upgrade systems for the upkeep of LIS projects.
Fundamental incident response, security analysis, and investigation abilities.
Ensured completion of analytical studies to maintain log recording and IDS alarm systems.
Assisted employees by sticking to proper disaster overtaking plans.
Documents and develop custom tools in writing and check and review and evaluate security systems for enhancing network access.
Security Engineering & Project Management
Sykes Enterprises - Kingstree, South Carolina
Jan 2013-Jan 2014
Supervised the development of training content for issues related to IT Cybersecurity.
Identified threats, assessed risks, and recommended best practice solutions and cybersecurity controls that met client requirements.
Worked with clients to ensure that controls adhere to the overall solution architecture.
Developed necessary cybersecurity leading practices to ensure access to the project systems and data.
Deployed and maintained cyber controls to ensure the project development team adhered to established cybersecurity and development standards.
Collaborated with key stakeholders including project managers, architects, and other technical leads around cybersecurity requirements throughout the lifecycle of the project.
Made recommendations to mitigate risks during the development and production cycle.
Managed and ensured compliance with IT structures / processes / guidelines /technologies.
Oversaw troubleshooting of complex, technical situations by providing solutions based on established cybersecurity standards.
Managed projects and analyzed solutions to integrate cybersecurity controls within the solution.
Monitored technical risks and provided mitigation plans that aligned with established cybersecurity controls.
Evaluated security measures to protect against threats or hazards to data.
Engaged with external auditors and third parties in support of security activities.
Developed project plans, estimations, specifications, flowcharts, and presentations.
Performed analysis to validate all security requirements and recommended additional security measures and safeguards.
As the project manager, I planned, budgeted, overseen and documented all aspects of the specific project our company were working on.
Matured processes for the cybersecurity program, including document control reviews, change management processes, auditing/assessment preparation for controls, staff communications coordination, threat artifact finding, coordinating with data owners on vulnerability remediation plan development, tracking remediations for vulnerabilities, reporting and incident response escalation.
Operated directly with senior management to make sure that the scope and focus of each mission was timetable where deliverables were concerned.
Assisted other departments in project planning and deliverables as well.
Extended business expertise and technological skills to execute practical strategies, evaluated QoS for products, and delivered an exceptional level of technical assistance that benefited the corporation.
Predicted resources needed to reach objectives and managed resources in an effective and efficient manner.
Tracked project expenses to maintain the projected budget.
Presented project updates on a consistent basis to various stakeholders about strategy, adjustments, and progress.
Managed contracts, SLA’s and agreements with the supply chain, by assigning effectively agreed deliverables on from their end.
Communicated the seriousness of the threats and recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.
Calculated project performance metrics to pinpoint areas for improvement.
Monitored and managed all installed systems and infrastructure.
Established, configured, tested, and maintained operating systems, application software and system management tools.
Scanned and monitored network vulnerabilities on servers and network infrastructure devices using vulnerability scanning solutions.
Lead scrum meetings, presented to the stakeholders, and trained staff on security best practices.
Overseen the development of customized software and hardware requirement.
Planned and implemented systems automation as required for better efficiency.
Formulated and designed the security system in place to maintain data safety.
Overseen the constant availability of technical resources.
Handled supply chain, oversaw, and coordinated logistical security with vendors.
Education
Bachelor of Applied Science in Cyber Security emphasized in Information and Technology, Present, Grand Canyon University, Phoenix, Arizona.
Associate of Applied Science in Cyber Security emphasized in Information and Technology, Graduation Year (2014) Dual-enrolled, Horry Georgetown Technical College, Myrtle Beach, South Carolina.
Certification and Training
Cisco (CCNA)
CompTIA Linux+
MTA
CompTIA Security +
EC-Council Certified Ethical Hacking
Splunk Essentials
Contact this candidate