Air Force Security
Resume:
MARQUISE DAVIS
***** * ***** ****** ****** Apt, *02
Gretna, Nebraska 68028
*******************@*****.***
Education Masters in Cyber Security Aug 2017 – Oct 2018
Bellevue University, Bellevue, NE
Bachelor of Science in Management Information Systems Jan 2011 – June 2016 Bellevue University, Bellevue, NE
Major in Management Information Systems
Highlights:
•TS clearance
•Security + Certified
•ITIL 2011 certified
•Attended SANS 504 Bootcamp (taking test in the next month or so)
•Attended CISSP Bootcamp (taking test next year)
•Military Service (10 years) Currently in the Air Guard
•Used Active Directory in the military for the last 10 years; part of the system administration group that installed, managed and gave rights to users
•Help deploy windows server 2012 and higher here at the bank of the west
•Azure is part of the few cloud options we have recently deployed here at the bank ( have used it for the last two years)
•As a vulnerability analyst; powershell was one of the tools used to help push patches with the help of SCCM
•Experience working with Visio and AutoCad over the last several years
•Lead a team at the bank and they report to me; I report back to the president of the progress
•Actively used ForeScout as a vulnerability analyst for several years.
Tools:
•CodeSonar (Used in AirForce) – One of the static code analysis tools we used on a daily basis at drill
•Possess effective communication skills; both verbal and written
•Proficient in Microsoft Excel, Power Point, Word, Outlook
•Member of ISACA
•Contrast (IAST tool)
•Burp Suite (DAST tool); used for web application scanning at the bank of the west
•Nmap; used for network mapping at the bank and the USAF
•Zenmap; Graphical user interface tool used with the bank and the USAF
•NowSecure (Mobile Security)
•Pfsense (firewall); Used with the Airforce; helps us filter traffic
•ACAS (Vulnerability scanner); used during my time in the Vulnerability analyst role; ran scans and fixed vuln.
•Nessus (Vulnerability scanner); used during my time in the Air Force; ran scans and fixed vuln.
•Grassmarlin (passive network scanner)
•WhiteHat (DAST tool); Used here at the bank to perform scans of applications for vendors
•Wireshark; Packet capture tool used with the Air Force
•Security Onion (Kibana, Squert, Squil); Part of the blue team exercise we used in the Air Force
•Splunk (SIEM)
•Knowledge of TCP/IP: must be able to demonstrate technical understanding of all layers of the TCP/IP stack, including familiarity with major application-layer protocols such as HTTP, HTTPS, FTP, SFTP, FTPS, SMTP, DNS, etc
•A clear understanding of a variety of network and application attacks: examples include DoS/DDoS, buffer overflows, SQL injection, reconnaissance scanning, and evasive methods attackers use to avoid detection;
Experience
Vulnerability Management Engineer November 2020- Present
Lincoln, Nebraska, NE
•Assist with the initiation and administration of vulnerability mitigation alerting/monitoring activities
•Generate, track, escalate and attain resolution tickets for change management
•Perform moderately complex spreadsheet work to support normal operations and projects
•Perform weekly vulnerability repository (Access) updates
•Validate accuracy and dependencies of vulnerability mitigation tickets and vulnerability exception requests
•Research False Positive Reports
•Experience with Enterprise Security and/or Vulnerability Management practice
•Qualys Platform Administration (Vulnerability Management, Web Application Scanning, and Policy Compliance)
•Experience with ticketing system (ideally Remedy/Remedyforce)
Vice President Cybersecurity Analyst/Architect, October 2018 - November 2020
Bank of the West, Omaha, NE
•Review current system security measures and recommend and implement enhancements
•Conduct regular system tests (pen tests) and ensure continuous monitoring of network security
•Develop project timelines for ongoing system upgrades
•Ensure all personnel have role-based access to the IT system
•Establish disaster recovery procedures and conduct breach of security drills
•Promptly respond to security incidents and provide thorough post-event analyses
•Participates and an integral component of audit, compliance, and regulatory functions, including: Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), emerging state and Federal privacy laws, and general security auditing
•Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to: IPS/IDS alerts, Application Firewall alerts, malware alerts, change detection (FIM) alerts, rogue wireless network alerts, security system health alerts, exploit attempt alerts
•Number of security tools used here at the bank; I use Burp Suite and WhiteHat (DAST) to conduct web application scans on websites that needs to be scanned
•For Mobile testing I use NowSecure Mobile to conduct the penetration tests; afterwards I review the findings and discuss what I found to the vendors and give them recommendations on how to fix those issues
•For IAST scans I use Contrast which allows me to hook into the application and analyze it from within as it runs
•Splunk (SIEM) is a tool we used that helps us gain insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity management.
Cyber Protection Team (Air Force/Air Guard) (Blue Team) August 2011 – Present
Lincoln, NE
•Lead efforts in monitoring, reporting, and responding to information security incidents.
•Report, track, monitor and close out Incident Response issues.
•Coordinate and document lessons learned and track issues to resolution.
•Interact with internal Business Units to address incidents and support investigations.
•The focal point for critical security events and incidents and serve as subject matter experts in providing recommendations and guidance to the respective Business Units and to the Security Monitoring and Detection team for escalation and remediation.
•Manage, respond, and document all events or incidents that require escalation from level 2 or level 1 analysts.
•Analyze and review escalated cases until closure; this includes investigating and recommending appropriate corrective actions for data security incidents which includes communicating with the implementation staff responsible.
•Recommend controls and process improvements based upon external threat indicators, industry trends, and lessons learned.
•Wireshark is used by our team to capture and analyze the packets being sent through the network.
•Security Onion which includes squirt, squil and kabana is part of our fly away kit that we used whenever we are tasked to take care of a security incident. As a team we analyze the threat and put together a plan to remediate the vulnerability
•Our team used Nmap and Zenmap (GUI) to scan the network for any live hosts and open ports to determine which ports should be allowed on the network. Here we also use grassmarlin (passive network scanner) if we don’t want to make any noise when doing our scans
•As a team we use Pfsense as our firewall and have someone that monitors the traffic being filtered by our firewall
JFHQ Lincoln Cyber Security Analyst (Vulnerability Analyst) August 2017 – October 2018
Lincoln, NE
•Performed threat intelligence directed vulnerability scanning of attack surface.
•Maintained Definitive Scanning Profile library.
•Evaluated the impact of security issues with respect to the company mission and prioritization of remediation efforts based on risk
•Created, automated, and optimized appropriate reports and dashboards in multiple Continuous Diagnostics and Mitigation tools to highlight areas for improvement
•Performed threat Intelligence and directed penetration testing of attack surface.
•Maintained in-house penetration testing methodology and tool set.
•Developed quality metrics for use as both program performance measures and enterprise risk indicators.
•Used inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
•Used Vulnerability scanners such as ACAS and Nessus to conduct our scans and determine where we were weak at. Afterwards, I would put together a remediation plan and work with the client to resolve the issue
REFERENCES AVAILABLE UPON REQUEST
Contact this candidate