PROFESSIONAL SUMMARY
Security Defensive Cyber Operations professional with 10 years IT experience. Seeking a position with a growing company to provide my expertise in security monitoring and incident response (IR) and to maximize my excellent analytical, organizational, interpersonal skills, while remaining in constant vigilance in digital safeguards and protecting companies’ data.
CISSP Certified
TECHNICAL SUMMARY
Anomaly detection: PAN Firewall, Cisco, SPLUNK ES, IDS/IPS,
EDR: SentinalOne Exabeam, Tripwire, Imperva, Symantec DLP/Vontu, Cyphort, MS ATA, Tanium, Tattletale, DarkTrace, CyberArk, FireEye, Carbon Black, Cisco AMP, ThreatGrid, Crowdstrike
Network Analysis Tools: AMP threatGrid, RSA Analytics, Wireshark, tcpdump, flow-tools
Forensics tools: CyberTriage, Magnet Axiom, Paladin, FTK imager, Autopsy, RegistryExplorer, ANJPv3, UsnJrnl2Csv, Eric Zimmerman’s EZ tools, Volatility
Ticketing Systems: Jira, Remedy, ServiceNow
PROFESSIONAL EXPERIENCE
Herjavec Group (MSS) West Hollywood June-October 2020
Sr. Incident Response Forensic Technology
Responsibilities:
Scoping: Detection & analysis
Incident Response: Deep level forensic investigation, evidence collection, root cause analysis, and containment leveraging Windows artifacts, memory logs, and network traffic logs.
Recovery: Support clients to return to normal operations.
Post incident Review: Reviews for improvement on client's security posture and readiness.
Herjavec Group (MSSP) West Hollywood August 2018- June 2020
Sr. Security Analyst, Sr. TSL
Supporting Cedar Sinai Hospital
Responsibilities:
Work closely with a cross functional team to communicate and support Cedars Saini hospital’s Information Security function on behalf of Herjavec Group.
Action all Tier 1 escalated cases for the full scope and lifecycle of incident response.
Work with threat Intel Team to identify known threats/ gaps and provide recommendations.
Analyze previously unknown malware utilizing static and dynamic methods to determine its behavior and impact on endpoints as well as build a list of indicators of compromise.
Drive Anti-Phishing simulation campaign to guard against email –born threats in an effort to reduce/discourage users unsafe behaviors.
Taos Supporting eBay (CSIRT) San Jose CA April 2016 to August 2018
Incident Response
Responsibilities: Defensive Cyber Operations
Incident Response – Led the night IR shift, efficiently triage incidents across multiple environments, investigate and respond to security incidents and responded to third-party reported security vulnerabilities.
Detection - Worked with engineering team to build intelligent correlation rules on Splunk (our SIEM) to help resolve high fidelity alerts.
Automation – (Vulnerability Management Automation) Worked with the vulnerability management team (Qualys) to correlate vulnerability findings to asset owners.
Data leak Prevention - Monitored and respond to alerts generated from the DLP systems and collaborated with DLP administrators, data scientists, and engineering to improve our fraud prevention mechanisms, processes, and tools.
CSC supporting Raytheon Corporation; El Segundo, CA August 2011 to February 2015
Responsibilities: Incident Response, Tier III IT Support Specialist
Coordinate with Computer Emergency Response Team (CERT), Raytheon Global Recovery, (GRTs), Forensics Team, Raytheon Security Operation (SOC), and follow directions on data remediation, recovery procedures, and countermeasures.
Perform data backup, reimage media, encrypt systems, setup user’s profile, transfer clean data, setup lotus and archives; map users to network drives, and install printer drivers.
Assist end-users in changing all passwords including SSO, RSA Token PIN, PGP, PKI, and lotus notes to ensure confidentiality, integrity, and availability.
Perform administrative roles in assigning access permissions.
Educate End-users in utilizing best practices and behaviors to protect against security threats to establish secure networks, infrastructure, applications, and databases.
EDUCATION
Eritrea Institute of Technology, Asmara, Maekel
Bachelor of Science 2000 – 2004
Certifications: CISSP, HP+, CompTIA A+,
Certifications Pursuing: SANS GCIH, DFIR, and Symantec DLP