InfoSec Analyst IT Risk Assurance Network Technician IS Auditor Project Manager Oracle DBA

Professional Profile

15+ years of professional Information Security, Information Management, Risk Managing, Leadership, and Pen-Testing for vulnerability assessments/compliance

Experience scanning networks using Nmap, Hping3, Nikto, OpenVas and other various network scanners to view open ports, running services, troubleshooting, and network connectivity.

Performed banner grabbing using tools such as telnet, Netcat, and Nmap. Performed to retrieve information about a computer system on a network to mitigate vulnerabilities and prevent attackers from gaining banner information.

Used Nmap to identify operating systems (OS) running on remote hosts.

Used the PoF tool to identify operating systems (OS) also running on remote hosts.

Observed PCAP files, logs and active real-time traffic patterns using WireShark.

Installed CryptoDemo to encrypt/decrypt information traversing the intranet for observation.

Used the Cyber Kill Chain to better understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

Incorporate FireEye Threat Intelligence subscriptions and services to address all aspects of our threat intelligence needs.

Installed/Used HashCalc for file checking.

Implemented/Configured/Customized DNSSEC.

Comfortable with troubleshooting, scanning, and utilizing Linux systems and various Linux command-line tools. i.e., DIG, to troubleshoot network-related issues.

Proficient with Windows command-line tools such as the PsInfo command-line tool, which can be used to retrieve information about remote systems in the network.

Used different tools, like Stinger to scan for malware; tools like CurrPorts, TCPView, and What’s Running to review process monitoring; perform file hashing with HashCalc.

Performed port redirection using the netcat command-line utility available for Linux, UNIX, and Windows platforms. In Linux/Unix using the finger command to retrieve information about the system users in the network.

Used TCPView to track the port usage of devices. This displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on devices.

Configured Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and the Command Line Interface.

Operated Microsoft Baseline Security Analyzer (MBSA) checking for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans computers for insecure configuration settings.

Conducted system hacking by means of malware (IDA Pro) and trojan analysis tools; monitored ports and processes; monitored and protect files and folders.

Configured the TFTP (Trivial File Transfer Protocol) server to plant a backdoor on a victim’s computer system.

Implemented application-level session hijacking for viewing cookie information from unencrypted web sites.

Competent understanding of the Public Key Infrastructure (PKI), Symmetric Cryptography, and its' uses in SSL/TLS and SSH as relates to secure access and authorization.

Well informed of new Cyber Security industry news and trends: reading various periodicals, conducting research, and experimenting using virtual labs.

Installed and Configured various tools and applications:

oZoneAlarm Firewall

oNAT Firewall

oOpenSSH

Installed, Tested, Configured, and Re-Tested Snort.

Created a DoS Attack; Use Anti-Phishing Toolbar (Netcraft).

Installed/Used Password Cracking Tools (Cain & Abel, PWDump, LM Hash, ThreatFire)

Used Hyper-V Virtual Machine to Create a Secondary Virtual Hard Disk.

Established/Configured Active Directory Certificate Services.

Created and Configured Certificate Revocation Lists (CRLs).

Set-Up/Configured WSUS; Created Computer Groups for WSUS; Configured GPO Policy for WSUS.

Installed/Configured Remote Authentication Dial-in User Service (RADIUS) for Wi-Fi authentication.

Fixed/Configured the Routing Protocols, (Static and Dynamic) in Cisco routers and switches.

Experienced in Monitoring, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.

Hands-on Vulnerability Assessment and Penetration Testing

Technical Skills

Security Evaluation

Compliance Evaluation, Network Auditing, Risk Management, MBSA

Monitoring

Intrusion Detection

Security Analytics

Intrusion Prevention

Penetration Testing

FireEye

Mitigation

Mobile Protection Tools (MDM)

Network/wireless sniffers (e.g., Wireshark, Airsnort)

Port scanning tools (e.g., Nmap, Hping)

Vulnerability scanner (e.g., Nessus, Qualys, Retina)

Vulnerability management and protection systems (e.g., Founds tone, Ecora)

Intrusion Detection Tools (e.g., Snort, FireEye)

Splunk Enterprise Security (SES)

Metasploit

pfSense Firewall Manager

Kali Linux

Alien Vault

Network Hardware and Software (e.g., Comodo Firewall, Cisco ISR, Cisco ASA, Meraki, Cisco Smart Switches)

Honeypot tools (e.g., KFSensor)

Cloud security tools (e.g., Core Cloud Inspect)

Cryptography tools (e.g., Advanced Encryption Package)

Cryptography toolkit (e.g., OpenSSL)

Cyber Security Tools

Splunk, Nessus, Metasploit, Ettercap, Nmap, Hping3, Telnet, Burp Suite, IDA Pro, MDM Solutions, Cyber Kill Chain, Diamond Model, Intrusion Detection Tools (e.g., Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Hardware and software firewalls (e.g. Comodo Firewall), Honeypot tools (e.g., KFSensor), IDS/Firewall evasion tools (e.g. Traffic IQ)

Framework and Compliance

NIST 800 Series

Risk Management Framework (RMF)

HIPAA, SOC (1,2,3) FedRAMP, ISO

Enterprise Mission Assurance Support Service (eMASS)

Owasp Top 10, Consulting on OWASP best Coding Practices, CVSS, CVE’s, CIS Benchmarks

Enterprise Mission Assurance Support Service (eMASS)

DoD Information Assurance Certification and Accreditation Process (DIACAP)

PCI – DSS

ISO 27000 series

COBIT

HIPAA

Professional Experience

UNIK TECHNOLOGIES - Atlanta, GA

1/2019-Present

Sr. Cyber Security Analyst

Monitored and investigated suspicious network activities with various security tools (e.g., Splunk, WireShark, Alien Vault, NMAP, Snort) to identify potential incidents, network intrusions, and malware events, etc.

Utilized Wireshark to analyze PCAP traffic.

Actively participated in various enterprise working groups to provide comprehensive implementation, oversight, and mitigation solutions for Cyber Security related issues including threat identification, security assessment, and processes as part of NIST based Cyber Security Risk Management program.

SOC Team used Splunk to onboard applications for logging capabilities.

Forwarded results of Nessus Vulnerability Scans to team leads for resolution of Cyber Security issues.

Conducted confirmatory Cyber Security Vulnerability assessment rescans using Splunk.

Along with SOC Team presented Cyber Security Related Awareness and Training for end users and management.

Experienced in working with AWS cloud security.

Conducted periodic Cyber Security vulnerability scans of IT systems, wireless and network connected devices.

Cyber Security Analysis of assigned systems, events, and cyber related incidents.

Followed SOC Team runbooks and playbooks for Cyber Security continuous monitoring, testing and incident response as part of Cyber Security program.

Performed Penetration Testing using Metasploit pentesting tool.

Provided support for SOC working with team members to provide shift rotation coverage.

Worked with system data including but not limited to security event logs, system logs, proxy and firewall logs.

Performed vulnerability assessment using tools such as Nessus, Splunk, Nmap.

Used log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents.

Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.

Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.

Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.

Implemented, installed, and used Voltage Mail Encryption by authenticating my mail address with the server to send all of my encrypted email messages securely.

Used Nessus to run scans on operating systems.

Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.

Configuring Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and Command Line Interface.

Installed and Configured ZoneAlarm Firewall, NAT Firewall; Installing OpenSSH.

Installed, Tested, Configured, and Re-Tested Snort.

Created a DoS Attack; Used Anti-Phishing Toolbar (Netcraft).

Used Scanning Tools (Nmap, Zenmap, and Wireshark) to observe Traffic Pattern.

Installed CryptoDemo; Encrypt/Decrypt using CryptoDemo.

Installed/Used HashCalc; Implement/Configure/Customize DNSSEC, Password Cracking Tools (Cain & Abel, PWDump, LM Hash).

Used Hyper-V Virtual Machine to Create a Secondary Virtual Hard Disk.

Installed/Configured Active Directory Certificate Services.

Configured Certificate Revocation Lists (CRLs).

Installed/Configured WSUS; Create Computer Groups for WSUS; Configure GPO Policy for WSUS.

Experience in working with Azure cloud.

Experienced with RHEL 4/5/6 implementation Administration, Installation & Maintenance as well as Installation of Patches, Hardware, software's and Firmware upgrades on servers using Red Hat.

Ensured Voltage Application allows for the encryption and decryption of sensitive data securely such as the Personally Identifiable Information (PII) and Social Security Numbers, I also confirmed the security of the data on the Voltage Application because of the compliance with NIST, PCI/DSS, HIPAA, and GDRP.

Installed/Configured Remote Authentication Dial-in User Service (RADIUS).

Performed networks scanning to Identifying live systems using Nmap/Hping3, ping scan (ICMP) scan to determine if a host responds to the ping request sent by hping3, and network scanning Identifying open ports by performing SYN scan using Nmap and Hping3.

Tested organization’s network to identify systems running in promiscuous mode.

Monitored Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.

Used Puppet to define distinct configurations for every host that was applicable, and continuously checked and confirmed whether the required configuration is in place and is not altered.

Puppet was also instrumental in dynamically scaling up and scaling down machines and provided control over all configured machines, so a centralized (master-server or repo-based) change is spread to all, automatically.

Implemented a policy for the use of CIS benchmarks based operating systems, cloud service providers, mobile devices, networking devices.

Stayed on top of new Cyber Security industry new and trends (OWASP, SANS, CIC, and ISO).

Monitored risk management for compliance following NIST 800 guidelines.

Experienced in SIEM Tools like Alien Vault, Nessus, Splunk and analyzing network monitoring tools logs such as Nmap, Snort, MBAS, IDS, IPS.

Wrote and implemented many security policies to accommodate business growth.

Initial installation and configuration of network endpoint deception technology such as Botsink, Honeypot.

Followed SOC team incident response plans implemented tools for each stage.

Familiar with Public Key Infrastructure (PKI) and SSH as relates to secure access and authorization.

Hands-on Vulnerability Assessment and Penetration Testing using a wide array of commercialized and open source tools.

Created logical volumes and increased the file system in Linux and Microsoft servers

Experienced in managing disk quotas and applying RHEL Hardening Standards for security

Remediated vulnerabilities in several OS’s such as Red Hat, Microsoft, iOS, Cisco IOS to name a few.

Toyota - Atlanta, GA

8/2016-1/2019

Cyber Security Engineer

Worked with on-site team and management to understand how different Cyber Security solutions would support specific business objectives.

Identified gaps in the organizational security stack and evaluated technologies to close them, resulting in improved security posture.

Conducted a gap analysis of the firm's DDoS capabilities and documented the security requirements for an enterprise wide DDoS solution in a hybrid environment.

Design and develop a Business Continuity Plans and Network Perimeter Security including Endpoint Security.

Conducted a DMZ security architecture review of multiple data centers across the globe to highlight gaps in common security controls.

Streamlined the legacy security architecture questionnaire into one based on the NIST Cybersecurity Framework v1.1 with scoring in order to reduce the time of a security architecture review by 30%.

Assessed rules for effectiveness and prioritized for implementation based on maximum risk reduction.

Outlined a plan for website security following OWASP Top 10.

Coordinated and implement Information security policies, processes, and procedures to ensure information systems security objectives and compliance are met.

Identified onboard/off-board gap impacting Access Management, resolved by updating organizational procedure shortfalls.

Created and maintained an inventory of all third parties that includes the functions they perform, as well as the critical and/or confidential information regularly access.

Coordinated and performed internal and external vulnerability assessments on computing assets such as hosts, network resources, and all other aspects of the organization.

Utilized Archer GRC in performing operational risk management of new and existing assigned entities/vendors to identify the risk-based level and security posture for each entity.

Tested website for security using Qualys.

Assisted and coordinate Internal Auditing IT infrastructure and end-users.

Worked with business, legal and project teams to create and implement plans to rectify discovered vulnerabilities.

Monitored performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.

Monitored and analyze network traffic security systems such as Firewalls, Servers, and Databases, using tools like Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, web proxy, for system vulnerability.

Developed, tracked, and sustained action plans for the solution of issues discovered during assessments and audits. Deliver necessary assistance with the implementation of those remediation plans.

Developed an internal systems security plan on how to handle procedures to isolate and investigate potential information system compromises.

Assisted internal auditors in completing IT components of audits using computer-assisted audit tools and techniques.

Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems, receiving over eight ATOs.

Upgraded software, patches, security patches on dev/test, and production.

Identified and prioritized information security risk; advise business partners on security/privacy requirements and solutions to ensure compliance.

Performed information security assessments in direct support of a major compliance effort (NIST, PCI-DSS, and ISO).

Identified and prioritize information security risk; advise business partners on security/privacy requirements and solutions to ensure compliance.

Coordinated, and prioritized both application and network vulnerability test results.

Performed updates, audit findings, Plan of Action and Milestone (POA&M) management and providing a response to audit inquiries.

Ensured all documentation pertaining to key management policies and procedures reflects current practice within the organization.

Supported new development or enhancement initiatives that require security infrastructure/operations activities.

Educated, detail-oriented Linux Administrator with over three years of experience working with LINUX software, RHEL servers, configuring and troubleshooting nameservers and creating and managing user accounts.

Managed operational activities, including training metrics, to measure the progress and effectiveness of the training and awareness content.

Experienced in planning, organization and conducting Third Party Assessments and Review.

Satander Bank - Newark, NJ

6/2014 – 8/2016

Information Security Manager

Architect end-end Identity and Access Management solutions in On Prem and hybrid following HIPAA regulatory compliance standards.

Provide holistic data governance solutions with an emphasis on data classification and data leakage prevention

Analyzed, monitored and identified security risks to determine potential impacts.

Oversaw successful SIEM audit by constructing a management action plan.

Conducted weekly meetings with the CISO to review security incidents and trends.

Delivered Splunk into S&P Ratings as the project manager to close a gap against the company logging standard. Led the design of the Splunk architecture.

Analyzed log traffic and PCAPS, reading and understanding system data, including, security event logs, system logs, and firewall logs.

Cyber Security and Information Security program design following NIST-SP 800-37 Risk Management Framework.

Executed risk-based audit programs to assess the effectiveness of controls for critical systems and processes.

Employed security testing techniques such as network discovery, port and service identification, vulnerability scanning using Splunk ES, Snort IDS/IPS, Firewall, Wireshark and Nessus.

Implemented and configured SIEM tool using Splunk/Snort IDS/IPS, Wireshark for network traffic and packet analysis, and various Cyber Security tools Nmap and Nessus.

Implemented security setting on Firewalls and Switches and Routers.

Implemented DLP Plan with Backup and Recovery/Data Recovery and RAID.

Establish Host Security to protect Application Data

Conducted Security Assessment/Testing per company policy regarding the Risk Management Plan.

Ensured that the Security Assessment and Authorization process are met per NIST SP 800 guidelines.

Conducted system baselining and hardening based on CIS standards

Participated in writing security policy and Standards for security controls according to NIST SP 800 -37

Generated security documentation, including security assessment reports; system security plans; contingency plans; and disaster recovery plans.

Coordinated and implemented Information security policies, processes, and procedures to ensure information systems security objectives and compliance are met.

Coordinated and performed internal and external vulnerability assessments on computing assets such as hosts, network infrastructure.

Utilized Archer GRC in performing operational risk management of new and existing assigned entities/vendors to identify the risk- level and security posture for each entity.

Information Security Risk Management expert with a focus on FISMA, System security evaluation, validation, monitoring, Risk assessments, and Audit engagements

Worked with a team of Information System Owners, Developers, and System Engineers to select and Implement tailored security controls in safeguarding system information.

Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines.

Reviewed system vulnerability scans and audit logs and work with system administrators to remediate findings and document non-remediated findings in the POA&M.

Performed security categorization of systems using FIPS 199 & NIST SP 800-60

Initiated compliance and vulnerability scan requests to identify and report weaknesses and potential security breaches in accordance with SP 800-34.

Participated in weekly meetings to discuss the status of the risk assessment process.

I-Ping Solutions - Dallas TX

(4/2012 – 6/2014)

Jr. Cyber Security SOC Analyst

Responsible for following Response Playbooks/Incident Response Plans (IR Plans) used by SOC team.

Use of NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.

Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.

SOC Team worked with NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.

Created a formal Cyber Weekly Report for reporting to Senior Management/Executives.

Conducted e-mail analysis on suspicious e-mails.

Actively conducted open source research to find new threats and IOCs.

Served as the system tool owner for our security applications (Splunk, Carbon Black, etc)

Complete Threat Intelligence using Cyber Kill Chain and Diamond Model in Cyber Security.

Provided Cyber Security support for complex computer network exploitation and defense techniques.

Performed comprehensive Cyber Security monitoring, identifying vulnerabilities, and documenting all events.

Write threat reports and manage recommendations with affected stakeholders.

T-Mobile: Dallas TX

(1/2010 – 4/2012)

Penetration Tester

Provide user support in all software under Windows environment. Perform backups main system

(BIPS) on AS400 and Lotus Notes. Provide technical support between departments, customers, and outsourcing suppliers.

Performed Threat Intelligence using Cyber Kill Chain and Diamond Model.

Security breach analysis using Cyber Kill Chain and Diamond Model.

Intrusion testing and prevention; created and annotated log data samples, and was responsible for managing a malware lab sandbox environment.

Engaged in computer exploitation and reconnaissance; target mapping and profiling; and, network decoy and deception operations in support of computer intrusion defense operations.

Lead penetration tests and security assessments for applications and infrastructure including, web application assessments, mobile application assessments, API assessments, and physical penetration of properties.

Hands-on penetration testing and threat emulation of assets to enhance the security posture.

Determine need, scope, testing plan, and process.

Assist in exploring OWASP top 10 vulnerabilities along with remediation recommendations.

Testing for vulnerabilities and confirming exploitability, using Burp Suite, Metasploit, Kali Linux and custom scripts and manual techniques as needed.

AT&T Mobility: Atlanta, GA

(2/2005 - 1/2010)

Security Operation Analyst and Wireless Technician

SOC Team member responsible for communicating technical security remediation plan to teams within the organization.

Followed SOC team procedures for Risk Management including vulnerability scanning, traffic monitoring, penetration testing and incident response.

SOC Analyst responsible for monitoring network traffic, end-point security, vulnerability scanning, penetration testing and firewall security.

Used various Cyber Security tools including pfSense Firewall Manager, WireSharp Nmap, Nessus, Splunk and Snort.

Worked as part of the SOC teams providing Security Assessment and Testing as well as Security Awareness Training.

As SOC Analyst, analyzed test results and implemented mitigations for Cyber Security incidents in accordance with Incident Response Plan.

Identified areas for improvement and control gaps, and evaluated the impact of various Cyber Security measures.

Implemented compliance-based Cyber Security audits following NIST 800 guidelines and SOC procedures.

Worked closely with network engineers to program two-way amplifiers (BDA) to optimize cellular coverage across organizations.

Created and designed propagation models to demonstrate estimated signal strength throughout the proposed coverage areas based on server antennas being located within the model.

Specifically, and professionally communicated with clients and ensured that their needs and concerns were addressed in a timely manner.

Installed and programmed wireless networks to better suit the client's needs.

Made sure all diagrams and building codes were followed properly and professionally to certify that client safety and warranties were considered.

Swept system for total flatness; maintain constant levels by properly balancing amplifiers and nodes according to technical specifications.

Red and followed building codes, fabricated Fiber Optic cables, and installed plenum rated and non-rated cables for Sprint/Nextel and Cingular networks.

Maintained a positive, courteous attitude while addressing customer issues and complaints concerning their wireless products and services and providing excellent resolutions for customers.

Educated customers on new and older products and help determine which mobile device best suits their needs.

Daily device troubleshooting, navigating clients with confidential account information.

Education

BS in Information Technology

AAS in Information Technology

Certifications and Training

CompTIA Security+ (CompTIA University)

Certified Oracle Database Administrator (Oracle University)

Certified Scrum Master (CSM) (International Scrum Institute)

Cybersecurity Systems Analyst (CySA)

Certified Ethical Hacker (CEH)

Palo Alto network Fundamentals, Splunk Fundamentals

Oracle Database 12c

Contact this candidate