Cybersecurity
Resume:
SUMMARY
**+ years of industry experience in the I.T. technology and cybersecurity field.
10+ years of experience system configuration, imaging, deployment, network analysis, troubleshooting desktop, and infrastructure support.
Security implementations.
Skilled in Microsoft Office Suite including Excel, Outlook, OneNote.
Adept in the use of cybersecurity monitoring tools, e.g., pfSense Firewall Manager, Nessus, Nmap, Alien Vault, and Wireshark.
Extensive experience in System assessment, system imaging, and deployment across various platforms (Windows, Mac, Linux, Hybrid).
Expertise with Win10, OSX, Office 365 in migrations, deployments, support, and troubleshooting.
Expertise in Active Directory, Windows Group Policy, JAMF, SCCM, Windows Defender, BIOS Configuration.
Cisco Infrastructure (routers, switches, servers), Data Backup/Recovery Systems, Hardware/Software solutions- Configuration, installation, and support.
Microsoft Migrations.
Testing & Research based on production requirements for security using tools like Deepscan, Veracode, and Fortify Static Code Analyzer.
Remote Support using Telnet, VPN and SSH as well as other third-party apps (e.g., Team Viewer).
Examined and evaluated Cybersecurity alerts from vulnerability scans.
Monitored troubleshooting network issues/security events using Wireshark NMAP/Zenmap, Hping3, Greenbone (OpenVAS), Nessus, to name the most prevalent.
Experience in the creation of reports on Cyber Security events and issues found in vulnerability assessment scans through exhaustive documentation for stakeholders.
Configuration of VMware environments with multiple O.S.'s (Linux, Ubuntu, Windows and installed and administered Windows Server 2012 r2, 2016 and 2019, which included installing Active Directory, DNS and DHCP.
Harden various systems and O.S.'s to reduce the likelihood of a cybersecurity attack.
Applied security in depth to reduce the threat landscape.
SKILLS AND ACCOMPLISHMENTS
Application:
Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019, Skype 2015, TEAMs, Windows Server 2012, Citrix, VM Ware, VirtualBox, Ghost, Office 365, SCCM, JAMF, Splunk, ServiceNow
Scripting:
PowerShell, BASH
Network Troubleshooting:
Wireshark, Ophcrack, Nessus, IPV4/IPV6, Subnetting, DHCP, N-Map, Netscan Tools Pro, Colosoft, Whois, Tenable Nessus, OpenVAS, Kali-Linux, Netcraft, Shodan,
Tools:
PSTools, Footprints, SolarWinds, Hybrid Deployment Wizard, Metasploit, Netcat, Nikto, Bitlocker, Logic Gate Risk Cloud, EmailTracker-Pro
Platforms:
Mac OS,OSX,iOS,IpadOS,Android,Linux,Windows7,Win10 (Home, Pro and Enterprise)
SIEM:
Splunk, Snort, ArcSight, AlienVault, SolarWinds, TippingPoint, FireEye
Network Equipment:
Cisco ASA 5506-x, Cisco ASA 5510, ISR 4000 Series routers, Meraki Firewalls, and PoE Switches and WAP’s, Cisco 200 Series Smart Switches, Catalyst 3560, 3560-x, 3750 Switches
Frameworks and Regulatory Compliance:
HIPPA, NIST 800 series, SOX, COBIT, RMF, GLBA, ISO-2700 series, PCI-DSS, FMLA, EU-GDPR
WORK EXPERIENCE
AT&T (Lenovo), San Ramon, CA
IT Security Engineer (07/2016-Present)
As a Contractor for IBM (client AT&T), I provide support to clients with technical issues, including hardware/software support, security configurations, security training, risk mitigation and consultation, vulnerability assessments, and low-level penetration testing on a per device basis. Deployment of security and non-security solutions, network troubleshooting, setup configuration of company desktops, laptops, and mobile devices, both Mac, PC, IOS, android and windows (both standard and mobile). I then harden the devices to ensure AT&T’s security policy for end devices.
Investigated and responded to Tier 1, 2, and 3 alerts from ArcSight SIEM.
Cross-referenced alerts from other sources against ArcSight to rule out false positive and false negatives.
Designed metrics to assess how long before an alert is triggered vs. how much time it took to be placed in the queue for proper incident responses.
Using ArcSight, information such as the source IP, ports, payload and destination address, gave insight as to how to create a response action plan in the event of a real-time incident.
Devised a playbook for tabletop exercises on how to respond to hypothetical incidents.
Assisted in the architecture of how to configure Splunk for threat feeds alongside ArcSight and Sourcefire.
Experienced in working with AWS cloud security.
Used Sourcefire IDS to inspect packets and payloads that triggered ArcSight alerts.
Install anti-malware, HIDS, host-based firewalls, MDM, DLP and monitoring software on various devices.
Used the Cyber Security Kill chain as part of the Intelligence driven defense initiative initiated during the merger at AT&T. It provided greater visibility for identification and prevention of cyber intrusions/malicious activity.
Throughout my tenure have been involved in all steps from initial reconnaissance through intrusion and exploitation, privilege escalation, lateral movements, obfuscation, and exfiltration.
Used as a framework for performing penetration testing on systems/networks prior to adding them to the existing environment.
Provided information on vulnerabilities that were at risk of being exploited and allowed for patching, mitigation or elimination of discovered risks improving the security posture of the organization.
Employed FireEye sandboxing solutions where added to the AT&T environment to allow for Dynamic malware analysis.
Gained insight into company’s threat intelligence portfolio during assessment of inclusion into security environment, native managed vs SaaS based solution.
Provide high-level consultation and security analysis for best practices on safeguard data across several interoffice departments (e.g., H.R., Finance, R&D, I.T., Coding, Risk Management)
I consult with and for the client and with their vendors to schedule break/fix solutions, security solutions, and risk mitigation strategies.
Performed data backup, reimaging, data restore, and or transfers to ensure critical systems have no downtime.
Used Arcsight Enterprise security manager to the environment to assist with SIEM operations.
Installed hardware and software including, RAM, Bitlocker, TPM’s, FDE software, hard drive replacement.
Perform software upgrades, patch management, sandbox testing, and system upgrades, as well as system hardening.
Always involved in security research on various cybersecurity domains for the client (Mobile Security, End Point Solutions, MDM, Policies, Physical Security, etc.)
Primary POC for all company Apple devices in Northern California, tasked with deployment and setup, troubleshooting and resolution of all issues including the migration from manual setup to a JAMF environment.
Utilized CrowdStrike Falcon Platform by providing endpoint security with antivirus solutions (falcon prevent), Threat detection and Response (falcon insight) and device control (falcon Device control).
Cloud native endpoint protection allowed for scalability and real-time threat intelligence, combined with security and IT operations to provide security platform that was robust and lightweight.
Combined Arcsight open architecture for data security, real-time correlation and analytics-driven approach to Security Information and Event Management (SIEM).
Worked with customers for the client as well as other techs to resolve customer security and privacy issues as efficiently as possible adding to the knowledge-based and educating the clients' customers on security best practices for data privacy
I assisted in the deployment of Global Cloud IAM software.
Perform tasks ranging from the deployment of workstations, system hardening, to the security imaging of industry-specific devices and the configuration of Infrastructure devices (Cisco switches and servers)and Juniper Firewalls.
Experience in working with Azure.
Arcsight provided a powerful tool to help security team stay ahead of cyber threats that arose with the changing security landscape.
Provide onsite support to the network teams for security configurations, routing protocols, as well as performing various networking duties including but not limited to managing server backup tapes, rebooting/repairing kiosk and camera servers and, assuring resources for security and business continuity.
Deliver remote support, asset management, security and compliance support for company partners and clients across the United States ensuring that all local laws and constraints meshed with security policies set forth by all impacted local governments, cybersecurity frameworks and compliance.
I provide backend support for company infrastructure using both active directory and SCCM.
Offer support to clients both onsite as well as remotely, dealing with both hardware and software issues on laptops, desktops, and mobile devices networked and local peripherals as well as virtual machines and mobile devices.
Primary support person for asset tracking, loss prevention, and hardware/software remediation, as well as change management for onsite network equipment.
Work with interested parties across all levels of the organization to establish and implement a security policy within the company that would allow for Confidentiality, Integrity, and availability of company resources throughout the transition in accordance with California's data privacy law.
I am tasked with security, hardware, and software installation and upgrades for remote sites as well as local users, ensuring that newly established security and group policies were followed during the transition and migration of data.
Further duties include the imaging and configuration of new machines, the deployment of security configurations, remediating compliance issues updating anti-virus and malware, setting up and configuring mobile device management, and training employees on best security practices.
Deployment and troubleshooting the software and hardware of both the Mac (JAMF-Self Service), P.C. (SCCM) and M.S. Surface devices in the environment -desktops, laptops, tablets, Surface T.V.'s and smartphones.
Performed malware intrusion detection/prevention and security on company hardware that had been out of compliance while on client’s network.
Performed vulnerability scans using Wireshark and Nmap in an effort to update/identify needs for employee training by initiating a social engineering campaign including but not limited to-Phishing, whaling, and vishing.
Use EmailTracker-Pro to identify potentially malicious emails and provide the I.P. / WhoIS information to stakeholders and network security engineers.
Responsible for following Response Playbooks/Incident Response Plans (IR Plans) used by SOC team.
Use of NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.
Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.
SOC Team worked with NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.
Created a formal Cyber Weekly Report for reporting to Senior Management/Executives.
Conducted e-mail analysis on suspicious e-mails.
Actively conducted open source research to find new threats and IOCs.
Served as the system tool owner for our security applications (Splunk, Carbon Black, etc)
Complete Threat Intelligence using Cyber Kill Chain and Diamond Model in Cyber Security.
Provided Cyber Security support for complex computer network exploitation and defense techniques.
Performed comprehensive Cyber Security monitoring, identifying vulnerabilities, and documenting all events.
Write threat reports and manage recommendations with affected stakeholders.
VA Hospital, San Francisco, CA
Sr. Cyber Security SOC Analyst, (05/2011-07/2016)
During my tenure, I was responsible for the imaging, configuration, deployment, and the security of newly deployed end users ' hardware and software. I was also responsible for updates and patch management of these devices in numerous medical facilities at the San Francisco Campus of the V.A. Hospital.
Administered Cyber Security continuous monitoring information security program per NIST framework.
Worked as part of Cyber Security incident Response team as needed, following SOC Incident Response procedures.
Investigated and resolved Cyber Security incidents and events per SOC team policy and procedures.
Utilized Splunk dashboards for Cyber Security incident reports in Splunk and helped create automated reports for greater understanding of, and accountability for, Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance with NIST 800 series guidelines.
Used WireShark to troubleshoot and investigate Cyber Security threats.
Responsible for troubleshooting various indexing issues by analyzing Splunk logs such as splunkd.log, metrics.log ingested as internal index.
Supported Cyber Security with SIEM tools such as Alien Vault, NMAP, Splunk, Snort, WireSharek, pfSense and Nessus.
Reviewed AD and SIEM reports for user account creation, onboarding and separation per Cyber Security policy compliance following NIST guidelines.
Conducted Cyber Security vulnerability scanning and evaluation of controls.
Automated Cyber Security analysis workflow regarding endpoint detections, sandbox results, email scanning.
Detected Cyber Security events and reported on any and all threats that are directed against systems regardless of classification level or type.
Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.
Conducted Cyber Security Awareness Training with SOC Team for all end-users and management.
Evaluated the adequacy of Cyber Security Programs against NIST guidelines and industry best practices.
Work with SOC team to provide 24/7 Cyber Security coverage, responding to any and all alerts per SLAs.
Stayed abrest of current updates and patches, and ensrued all systems were maintained and tested post update/patch implementation.
Provided technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and, network decoy and deception operations in support of computer intrusion defense operations.
In conjunction with the security, deployment, and data management/migration team providing, I led a team that provided next day solutions for misconfigurations, security issues, security events that were reported to our office.
Provided training for medical staff on newly installed solutions and security policies with regards to guidelines governing a new environment focusing on improved access while still in compliance with HIPAA regulations.
I helped to ensure HIPAA security and privacy compliance on networks and devices that stored and transmitted PHI.
Secured government requirements to guarantee information security solutions aligned with HIPAA requirements for critical data assets.
Used FireEye CMS as a network-based security appliance while at the VA hospitals to consolidate the management, reporting a data sharing of web, Email and File malware protection.
Used Detection on Demand threat detection service to provide end users protection to acquired companies during the auditing process before full integration.
Identified and classified PHI data in order to apply appropriate access controls within network systems and end devices and well as to consult on the policy of least privilege for data access to NPI and PHI.
Helped to ensure that information security personnel adhered to and enforced security policies at each location on campus.
Provided endpoint security on customer facing devices and interfaces at the VA hospitals during the transition to digital records being integrated into the environment.
As the transmission of data through different mediums became more prevalent security solutions had to be developed to ensure that confidentiality, integrity and availability were maintained.
Antivirus solutions such as Malwarebytes, and the Norton suite of product, as well as MDM solutions for mobile devices that were deployed throughout the hospital.
The backend infrastructure was updated with bot IDS and IPS devices to secure data while at rest network segmentation and data containerization was used to better secure data in transit.
Educated users about HIPAA and cybersecurity best practices.
Conducted security assessments of interoffice programs IAW ISO 27002, NIST, and DoD frameworks for data privacy.
Directed and coordinated with management on security projects to include budget, resource acquisition, and security implementations.
Researched developing technologies and identified use cases for inclusion into the security program on campus which included physical security to critical data assets.
Was responsible for assisting the SOC team in maintaining SIEM tools, hardware for network security and their configurations, change management, security logging, and assisting in incident response.
Provided analysis of cybersecurity as well as physical security policies and procedures depending on departments duties and needs.
Worked closely with managers and security personnel to ensure that security policies and controls were effective with provided services, software, hardware, and updates.
Collaborated with I.T., Security, Record, and Policies departments on the best practices for moving from physical to digital records keeping in a continuous production environment while ensuring continuity of service.
Completed numerous special projects, including Win 7/8/10 deployment and an infrastructure maintenance/update project. Worked with vendors on asset procurement, company location expansion. Infrastructure needs and security compliance while migrating company assets.
Worked as the subject matter expert and team lead on Mac OSX migration.
Worked with the information security team to implement policies and research alternate software to secure mobile devices and Mac hardware in a previously P.C. laptop centric environment.
Support of machines and peripherals related to the medical field.
Provided students and medical professionals with training on security best practices and security solutions available that would allow for availability of data while still providing the necessary level of confidentiality and integrity of data in its different forms/states.
Bank of America, CA
Security Deployment Engineer, (07/2005-05/2011)
Provided tier 2-3 desktop support, (Windows, Mac, and Linux) to clients both onsite as well as remotely
Performed troubleshooting of computers remotely using LANDesk and windows remote desktop.
Repaired all software related issues for Windows base computers such as Microsoft office
Wrote automated test scripts in Unix scripting language.
Developed scripts using Java, SQL, and worked with proprietary software parsing Java objects using IBM Rational Functional Tester.
Responsible for providing all levels of desktop support for more than 1800 end users.
Was the primary Executive desktop support technician and handled day to day PC Support of designated Executive staff and their assistants.
Troubleshot and repaired various hardware issues on several models of Windows Base computers such as HP and Dell.
Installed and configured new Lenovo ThinkPad and Dell laptops for end users.
Repaired all hardware related issues such as system boards, hard drives, LCD displays and DVD drives.
Supported office environment multi-function machines such as Ricoh and Xerox.
Provided support for Windows servers, updates, patches and DLP.
Worked closely with cross-functional teams assisting as needed.
Led a team tasked with the upgraded hardware and infrastructure and audit of security policies of the BoA offices and branches across California.
I was the head of the onsite I.T. Department responsible for managing the ServiceNow ticketing system, providing support to the leadership team as well as training to employees. My duties included but were not limited to break-fix, upgrade, deployment, maintenance, consulting, hands/eyes, configuration, testing and procurement of all information technology on-site hardware, software, infrastructure, desktop, laptop, security solutions, portable devices (BYOD and company provided), peripherals, O.S. and platforms in the lab space, the office space and in-between.
Leveraged platform and network expertise to provide cyber security-centric solutions during the upgrade of the infrastructure of the financial institutions and branches.
Provided education to employees about the presence, functionality, and the new usage policies with regards to the hardware and software that had been deployed.
Performed data security audit to ensure that proper security policies and compliance mandates were in place and enforced.
Performed vulnerability scans to inspect security posture and provided suggestions for environment hardening.
Primary onsite contact for special projects relating to information technology both desktop and infrastructure services and security.
Ran pre-migration checks for upgrade readiness of production system and manage user accounts and attributes for migration to the cloud.
Led clean-up effort for infrastructure locations, record keeping and information management, and back-ups.
Performed security and resource audit (Logic Gate Risk Cloud) in conjunction with an inventory project.
Troubleshoot issues with production and mobile equipment related to functionality, compliance, asset management, and availability.
UC Berkeley, Berkeley
Network Technician, (09/2002) -(07/2005)
Responsible for the daily maintenance and upkeep of computer systems, networking, and additional systems related to the organization (BRRC) desktop infrastructure
Assisted 30+ small and medium businesses (400+ individual users) in average 15-90 minutes by answering questions, responding to inquiries and telephone requests
Used Active Directory to manage user accounts and troubleshot Active Directory issues.
Worked directly with management, CEO, CFO, CTO, CIOs, and IT department to discuss
strategies to mitigate IT issues
Responded to customer requests via telephone/email effectively answered questions and inquiries
Copied, logged and scanned supporting documentation for client's information data files
Answered average of 30 calls, emails and faxes per day, addressing customer inquiries, problem solving and providing new product information
Maintain Windows network for 30+ small and medium businesses to include Server 2000-2016, SQL 2000-2014, Exchange 2000-2016, Office 365 (Initial setup or migration) Windows 2000-Windows10,
Terminal services, SSL, Multi-factor authentication, AD, DNS, DHCP, GPO, IIS, Multisite VPN IPSec, SSL, PPTP, Cloud and local backup, managed antivirus, Kiosk, Remote support, Cloud and premise based antispam-antivirus, VMWare, Hyper-V, Firewall and routing
Reviewed the current infrastructure of the Program and assessed current need and risks within the environment.
Liaised with the university on behalf of the organization regarding the needs, security posture, and challenges faced in providing support to the organization.
Troubleshoot connectivity issues and ensures compliance with University security standards to ensure continued AAA- (Authentication, Authorization, Access)
Configured static routing and dynamic routing protocols.
DNS lookup, DHCP, TFTP, DNS, HSRP, NAT, PAT, NTP operation.
Troubleshoot network connectivity issues using ICMP, HPING 3 and Nmap.
Prevented DHCP SPOOFING, VLAN PRUNING, TAGGING, Ping and traceroute on critical servers.
Performed backup and restore device configuration.
Did configurations to; verify and troubleshoot IPv4 addressing and subnetting.
Configured MAC address filtering implemented policies on firewalls and helped students connect to WAP’s.
EDUCATION, CERTIFICATIONS, AND TRAINING
University of California at Berkeley
Berkeley, CA
B.S. of EECS (Electrical Engineering Computer Science)
Network+ (Certified)
Security+ (Certified)
EC-Council – Certified Ethical Hacker
Server+ training
Contact this candidate