Post Job Free

Resume

Sign in

Analyst Security

Location:
Vienna, VA
Posted:
February 20, 2021

Contact this candidate

Resume:

Gary Austin Basham

Cell: 571-***-**** Email: adkcet@r.postjobfree.com

EXPERIENCE SUMMARY

For two years and three months I was the team lead of a dedicated US SOC team focused on one of Verizon Federal’s customers as a Senior Network Security Analyst; leaving as a Principal Network Security Analyst. That time included analyzing alerts, writing tickets, proofing or editing teammate’s tickets, providing on-the-job training, mentorship, tuning new tools to work with the customer’s network logs, provided direction for future development of additional logs and provided technical representation in customer meetings (also potential future customers). Before that, for two years I was an incident response analyst and the assistant team lead for the National Reconnaissance Office alongside six contractors and one other military member. For one year and six months I worked in the CND SOC watch floor and Cyber Crime Detection of NSA/NTOC. There I worked closely with a malware reverse engineer, reporting cell and network device team. Another year and six months before that I worked as a Digital Network Exploitation Analyst in the signals intelligence realm and digital network information. During that time I utilized many techniques and fundamentals that closely resemble work in a CND SOC and network engineering. In total I have 8 years of experience in the Intelligence Community and Information Security combined. Additional information about my experience is outlined below. Request for comment for any other information.

PROFESSIONAL EXPERIENCE

SOC Network Security Analyst and Team Lead - Verizon Enterprise Solutions (Ashburn, VA) Jan 2018 – Mar 2020 Official titles “Secur Spec IV – Netwk & Info Sec” and “Principal - Netwk & Info Sec”

Analyst: responsible for analyzing logs, network data, alerts and any other useful sources then translating those sources into an explanation for customer benefit into a service ticket. Then tracking the ticket until resolution.

Trainer: trained coworkers to bridge knowledge gaps I observed in the team to increase work efficiency and readiness. This includes on the job training and formal training during team meetings.

Leader: proof and review tickets to finalize before customer viewing. Represent my security operations team on several meetings including briefing my customer’s security director on a weekly call.

Provided formal training on the following topics: reading and writing Snort signatures, a deep dive into windows event logs, custom IBM WinCollect injects, Juniper firewall logs, custom Verizon security product training for analysts and how DNS fields can relate to malware.

(powerpoints available upon request)

Provided informal training: ‘Google question’, string analysis on files, DoS/DDoS training, HTTP headers/methods, cross-trained US ASOC teammates on PCAP analysis, windows event logs, various AV logs and others.

Successfully pushed and led for additional logs from the customer my team was focused on (FireEye and McAfee EPO).

Represented the operations team in meetings with the customer in question former SOC manager and current security director. Ended with an agreement with to move to the more encompassing ASOC model.

Won a Splunk BOTS CTF as Team PAIR with fellow Verizon teammates. SOC Network Security Analyst and Team Lead - Meridian Tech. Contractor (Ashburn, VA) May 2017 – Jan 2018

Meridian Technologies contractor supporting Verizon Enterprise Solutions in network security efforts for their customers.

Analyst: responsible for analyzing logs, network data, alerts and any other useful sources then translating those sources into an explanation for customer benefit into a service ticket. Then tracking the ticket until resolution.

Trainer: trained coworkers to bridge knowledge gaps I observed in the team to increase work efficiency and readiness. This includes on the job training and formal training during team meetings.

Leader: proofread and review tickets to finalize before customer viewing. Represent the operations team dedicated to the customer of interest on several meetings including briefing the customer’s security director on a weekly call.

Provided formal training on the following topics: DNS Z bit and how it relates to legitimate and illegitimate traffic. An analysis over a penetration test for an insurance company that the Juniper SOC team worked on.

Provided informal training: LMGet script for faster backend results, using cURL for additional manual analysis, a deep dive on the syntax of Juniper SRX logs, NTAA, reading SecurityOnion logs, using Kibana/ELK, importance of reverse whois and certificates.

Participated in defending against two penetration tests against a large insurance company (2nd most found in first test and 1st most found in second) which then led that company to purchasing services from Verizon. In turn briefed the SOC manager and team over the complete penetration test report.

Proofread and reviewed coworker analysis before it was sent to the customer. Analyzed and provided notes on a penetration test on a customer.

UNITED STATES NAVY May 2011 – May 2017

Incident Response Analyst, CND Watch Analyst and IRT Assistant Lead - SPAWAR SSFA (NRO Chantilly, VA) Feb 2015 – May 2017

Analyst for an Incident response team/CIRT responding to malware events and digital investigations including collaboration with external partners such as an inspector general office and counter-intelligence office (IRT Analyst Tier 2/3).

Led and managed a small team of analysts in conducting investigations and analysis in response to potential incidents in support of a large network within the DoD.

Minor SCADA/ICS incident response experience.

Implementing the cyber kill chain methodology, evidence chain of custody and preservation to cases. Page 1 of 3

Created and responded to cases and incidents involving malicious attacks on DoD systems, acceptable use policy, time accountability, and miscellaneous events.

Write snort signatures and rules from gathering IOC’s from cases to send to the implementations team.

Administratively processed, closed and quality controlled other team member’s cases in their final phases. Target Pursuit Operator (TPO) & Event Detection Operator (EDO) - NIOC MD (NSA Fort Meade, MD) Mar 2014 – Feb 2015

Collaborated, communicated and worked as a part of a large team for 12 hour shiŌs on a 24/7 365 watch floor in a SOC environment supporting the DoD.

Determined details related to detected events in order to clearly identify the threat activities, the associated events, the intrusion, the customers, and the tools of the intrusion.

Recommended effective mitigation implementations for customers through reporting.

Implemented the cyber kill chain and diamond model methodology to alerts.

Provided technical expertise to support a reporting cell of a watch floor.

Worked alongside a malware analyst to determine new callback information for signature creation.

Conducted event detection across multiple data sources to confirm or deny malicious activity on the networks of US interests.

Reviews events to confirm or deny and inform on threat activity.

Understanding of attacker techniques, tactics and procedures to support a reporting cell. Intrusion Detection Analyst - NIOC MD (NSA Fort Meade, MD) Aug 2013 – Mar 2014

Analyzed network events across the DoD on a daily basis confirm or deny malicious activity.

DraŌed internal reports on all network events analyzed.

Collaborated with partners to support reporting cells for cyber events.

Implemented the cyber kill chain and diamond model methodology to alerts.

Trained co-workers in tools, net flow, protocols, filter creation and traffic analysis to pass job qualification standards. Digital Network Exploitation Analyst (DNEA) - NIOC MD (NSA Fort Meade, MD) Feb 2012 - Aug 2013

Conducted analysis of Digital Network Exploitation Intelligence (DNI) and open source data to ensure target continuity in support of Commander SIXTH Fleet and TENTH Fleet.

Analyzed, collected, reported information and conducted action in direct support of computer network operations worldwide in support of the U.S. Navy, National Security Agency, Department of Defense, and the national/theater level mission.

Conducted data mining and research across multiple databases to find pertinent reporting.

Target research analysis involving network analysis/discovery.

Performed detailed network analysis by analyzing all-source network data and metadata.

Trained six other sailors to become DNEA’s; questioned and graded sailors to sign their job qualification standard. As well as prepared sailors to stand a 2.5-hour oral board and participated as one of the board members with questions. TECHNICAL & TOOL PROFICIENCES

Technical Proficiences: Big data intrusion detection, deep inspection packet analysis, firewall logs, network artifacts (headers, handshake information, C2 communication, protocol tunneling), scanning, PCRE/Regex, mitigation development, cyber kill chain, diamond model methodology, Snort/Suricata signature development and testing. File system forensics (FTK & SANS SIFT), memory forensics (Volatility), registry hive analysis, data carving/recovery, static malware analysis, dynamic malware analysis, identify IOC’s, Javascript, powershell, image/evidence handling and creation.

Tools: Arcsight, Blue Coat, Splunk, Kibana/ELK, SEAM, Recorded Future, Autonomous Threat Detection (previously Niddel), Network Threat Advanced Analytics, SANS SiŌ Workstation (tools within the distro), Kali/Backtrack, Wireshark, NMAP, Snort, Suricata IDS, FTK 5.6, EnCase 6/7, registry ripper/registry viewer, FireEye CMS, FireEye MAS, Mandiant Redline, log2timeline/Super-Timeline and Volatility. Generic Proficiencies: Effective trainer, technical writing ability, technical presentation skills, experience working with co-workers with ASD, critical thinking and problem solving.

CERTIFICATIONS & TRAINING

(Currently recertifying in GCIH, GCFA and testing for Splunk Power User certification) Splunk Certified User 6.x Cert-190372 04JULY2017-Lifetime CompTIA Security+ CE Reg# 313002872 Validation# 964163496 01MAR2017-01MAR2020 GIAC Certified Incident Handler (GCIH) Analyst# 28730 (giac.org/certified-professional/gary-basham/156604) 16DEC2016-31DEC2020 GIAC Certified Forensic Analyst (GCFA) Analyst# 12350 (giac.org/certified-professional/gary-basham/156604) 03DEC2016-31DEC2020 FOR508 - Advanced Digital Forensics

and Incident Response

In-person Class SEPT 2016

ITIL Foundation v3 Certification# GR750201068GB 22OCT2015-Lifetime EC-Council Certified Ethical Hacker

(CEH)

Certification# ECC84466742855 18SEP2015-17SEP2018

NRO CND Watch Floor Analyst and NRO Job Qualification MAY 2015 Page 2 of 3

Incident Response Analyst

Target Pursuit Operator and Event

Detection Operator Qualifications

NSA Job Qualification MAR 2014

Digital Network Exploitation Analyst Navy/NSA/USCYBERCOM Job Qualification DEC 2012 Information Warfare Specialist Navy Warfare Pin NOV 2012 SEC660 - Advanced Penetration Testing,

Exploit Writing, and Ethical Hacking

In-person Class APR 2012

Graduated Joint Cyber Analysis Course

(JCAC) with honors

In-person Class; Rate as a Cryptologic Technician – Networks JULY 2011 AWARDS & ACHIEVEMENTS

Verizon Spotlight Award (x2)

1st place in 2018 Verizon Splunk Boss of The SOC (team achievement)

Joint Service Commendation Medal recognizing my work at NRO

Joint Service Achievement Medal recognizing my work at NSA

1st place in SANS660 CTF (team achievement)

Page 3 of 3



Contact this candidate