Cyber Security
Resume:
Professional Profile
**+ years of experience in information security and technology executing network administration, cybersecurity administration, implementing audits, security assessments, risk management, security-related awareness and training, threat hunting and, ensuring safe environments through best practices following prolific cybersecurity frameworks. (NIST, COBIT, ITIL, ISO/IEC.)
Expert in Microsoft Office Suite including Excel, and use of Cyber Security Monitoring tools, i.e., pfSense Firewall Manager, Nessus, Nmap, Alien Vault, and Wireshark.
Experienced in investigating and analyzing Cyber Security events found in vulnerability scans and monitoring using N.M.A.P./Zenmap, Hping 3, Greenbone (OpenVAS), Nessus to name the most prevalent.
Experienced in reporting on Cyber Security events and issues found in vulnerability assessment scans through exhaustive documentation for stakeholders.
Experienced with Cyber Security vulnerabilities and risks in computer networks as a means to reduce the threat landscape for multiple organizations.
Implemented swift resolution for vulnerabilities based on various risk score matrices, CVSS, and CVEs, in accordance with NIST SP-800 37 security controls and best practices.
Skilled in Information Security/Assurance Analysis, Compliance, Governance of the CIA triad.
Experience with monitoring and vulnerability scanning, penetration testing following a highly methodical approach to ensure a high degree of all vulnerabilities have been addressed.
Skilled in incident response following SOC procedures in Incident Response Plan based on the MITRE ATT@CK framework.
Performed security assessments and audits for compliance with the NIST Risk Management Framework on critical information systems to implement recommended security controls.
Skilled in Network Administration and general IT support
Collected log data from SIEM tools such as Splunk, AlienVault, and Snort to respond and conduct an analysis of cyber incidents.
Skilled in IAM, Penetration Testing, Vulnerability Assessment, SOC. Analysis, Incident Response, and Threat Mitigation.
Adept in performing log analysis, intrusion detection, and incident management as SOC. Analyst /security engineer.
Skilled use of SOC team tools for Cyber Security, such as Alien Vault, Splunk, Nessus, Wireshark, Nmap, and pfSense firewall manager, N.A.C., multifactor authentication.
Experienced in configuring firewalls for intrusion vulnerabilities using pfSense firewall manager.
Skilled in evaluating systems for Cyber Security best-practices and vulnerabilities following the NIST framework.
Performed Cyber Security breach analysis using Lockheed Martin Cybersecurity Kill Chain.
Collected network traffic and analyzed firewall and router traffic through Log and Event-based on TCP/IP protocols, Syslog, endpoint security logs, application logs, firewall logs, and Splunk as a log aggregator.
Used Splunk dashboards for visualization and reporting.
Experienced Active monitoring of jobs through alert tools and responding to logs analysis.
Skilled in escalating critical alerts and issues to the next level for remediation.
Provided Cyber Security SOC support working with teammates on rotation and shifts as needed.
Monitored systems for any anomalies, proper updating, and patch management.
Assisted in incident response for any breaches, intrusions, or theft.
Managemed security procedures and incident response across a large-scale network in response to network attacks.
Technical Skills
Cyber Security Tools
My experience in Information Technology over the years has exposed me to numerous tools, both in networking and information security. These tools enabled me to carry out projects and get them done with accurate results. Among the tools I have worked with, below are a few:
Mobile Protection Tools
Network/wireless sniffers (e.g., Wireshark, Airsnort)
Port scanning tools (e.g., Nmap, Hping)
Vulnerability scanner (e.g., Nessus, Qualys, Retina)
Vulnerability management and protection systems
Log analysis tools
Exploitation tools
Footprinting tools (e.g., Maltego, FOCA, Recon-ng)
Web application security tools (e.g., Acunetix WVS)
Web application firewall
SQL injection detection tools (e.g., IBM Security AppScan)
Wireless and Bluetooth security tools
Android, iOS, Windows Phone OS, and BlackBerry device security tools
MDM Solutions
Intrusion Detection Tools (e.g., Snort)
Splunk Enterprise Security (SES)
Metasploit
pfSense Firewall Manager
Kali Linux
Alien Vault
Hardware and software firewalls
Honeypot tools (e.g., KFSensor)
I.D.S./Firewall evasion tools (e.g., Traffic IQ. Professional)
Packet fragment generators
Honeypot Detection Tools
Cloud security tools (e.g., Core Cloud Inspect)
Cryptography tools (e.g., Advanced Encryption Package)
Cryptography toolkit (e.g., OpenSSL)
Disk encryption tools
Network discovery tools (e.g., Network Topology Mapper)
Enumeration tools (e.g., SuperScan, Hyena, NetScanTools Pro)
Steganography detection tools
Malware detection tools
DoS/DDoS protection tools
Patch management tool (e.g., MBSA)
Webserver security tools
Cryptanalysis tool (e.g., CrypTool)
Cyber Security Frameworks
NIST Cybersecurity Frameworks
COBIT
SOX
HIPAA
PCI - DSS
ISO / IEC
Directory and Services
Microsoft Exchange/Office 365/Outlook
Windows Server (Versions: 2008 R2 / 2012 / 2012 R2 / 2016 / 2019)
Domain Name Service (DNS)
Dynamic Host Configuration Protocol (DHCP)
Information Security Programs
Operating Environments (Linus, Windows, Mac OS)
Anti-Malware systems and programs (Anti-keylogger, Anti-Spyware, Anti-rootkit, Anti-trojan, Anti-virus)
Cisco IOS
Android
iOS
Terminal
Command Prompt
Malware
Firewalls with inbound and outbound rules to filter traffics, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Endpoint Detection and Response (EDR) systems, Endpoint Management Systems (EMS), System Center Configuration Manager, and antivirus software
Networking
Network protocols setup (e.g., Switching and routing protocols) and packet analysis tools, TCP/IP, computer networking.
Firewall installation and configuration with rules to filter inbound and outbound traffics on the network.
I have had vast experience working with Cisco networking devices such as:
• Routers like ISR4331, ISR4321, 1941, 2901, 2911, 819HGW, 2621XM, among others.
• Switches like the Catalyst Series (2960, 3560-E, 3560-x, 3750, 3750-E, 3750-X, 4500, 6500).
• Access Points
• Hubs
Cyber Security Skills
• Risk Assessment, Threat Assessment, Incident Management, Access Control
• Follows Security Policy and Procedures, uses SIEM Tools, Perform Root Cause Analysis as part of Incident Investigation following Incident Response Procedures. Team Security Awareness Training
• Risk Mitigation, Recovery, Data Loss Prevention (DLP) following Procedures.
• Vulnerability Assessment and Penetration Testing (VAPT)
• NIST Standards including 800 Series
• Intrusion Detection, Incident Response, and Planning
• Desktop Software: Microsoft Office Suite/365 (Word, Excel, and PowerPoint)
• Skilled in Windows Server 2008, 2012, 2012R2, 2016 and 2019; Windows OS, Linux OS, and macOS (OS X)
• Log Analysis, Basic Forensic Analysis, and Incident Response Reports
• Information Security Analysis/Security Assessor
• Privacy and Data Security Management and Operations, Certification and Accreditation (A&A)
• FIPS
• FISMA Security Content Automation Protocol
• Project Management, NIST 800-53 rev4 and NIST SP 800-37, 800-18, 800-53 and 800-34
• NIST Family of Security Control, POA&M, Incident, and Contingency Planning
Defense-In-Depth
I can comfortably employ layered security to an organization, and its network, resources, information, and data because of my previous experience of Defense-in-Depth.
Defense-in-Depth, an information assurance strategy that provides multiple, redundant defensive measures in case a security control fails, or vulnerability is exploited.
Defense-in-depth architecture is centered on controls that are intended to protect the physical technical and administrative aspects of critical networks.
• Physical controls like Security guards and locked doors.
• Technical Controls like using Firewall appliances or antivirus programs.
• Administrative Controls like policies or procedures directed at the employees (instructing users to label sensitive information as confidential).
• My additional knowledge of security layers helps protect individual facets of a network. They include:
o Access Measures (authentication controls, biometrics, timed access and VPN)
o Workstation defenses (antivirus and anti-spam software)
o Data protection (data at rest encryption, hashing, secure data transmission, and encrypted backups)
o Perimeter defenses (firewalls, intrusion detection systems, and intrusion prevention systems)
o Monitoring and prevention (logging and auditing network activity, vulnerability scanners, sandboxing and security awareness training)
o Website protection (Combination of security offerings, e.g., WAF, antivirus, anti-spam software, etc.) and training to block threats and protect critical data. Therefore, the user’s network is safeguarded against malware, web application attacks (e.g., XSS, CSRF).
o Network Security (Configuring firewalls, and in addition, encrypt data traversing the network, and encrypts data at rest. Even if hackers get past the firewall and steal data, the data is encrypted).
Professional Experience
May 2019 – Present
EmblemHealth, New York, New York
Information Security Manager
• Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional.
• Provided administrative assistances during incident response.
• Educated other company associates on security best practices.
• The locating of malicious software on servers or endpoint symptoms - Use of Tanium and SCCM -Designed and implemented search rules on SIEM.
• Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems.
• Monitored and hunted for intrusion and incidents.
• Experienced working with AWS cloud security.
• Improved upon organization incident response procedures mitigation and reaction capabilities by emulation and analysis of network intrusion events and incidents from emerging cyber risks.
• Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.
• Implemented Splunk for Information System Continuous Monitoring (ISCM).
• Remediation of identified cybersecurity threats and vulnerabilities using Splunk.
• Managed Artifacts and Plan of Action & Milestones (POA&Ms) to ensure correct implementation of controls.
• Experienced in working with Azure Cloud.
• Evaluated systems covering for Risk Management Framework (RMF).
• Worked with industry-standard Cyber Security tools for testing, monitoring and investigation such as, Splunk, Nessus, Alien Vault Nmap, WireShark, Metasploit and pfSense.
• Deployed, configured and maintained Splunk forwarder on different platforms.
• Monitored and analyzed SCCM and SIEM reports to identify trends and potential vulnerabilities.
• Monitored and investigated large sets of data on clients’ portal to detect fraudulent activities.
• Conformance Testing & Assurance: Conducted sample assurance testing to confirm key controls were operating effectively using the Information Governance Risk Assessment framework.
• Developed and reviewed system security artifacts such as Contingency Plans (CP), Incident Response Plans (IRP), Privacy Impact Assessments (PIA), PTA, and MOUs/ISAs for compliance with NIST guidelines and agency security requirements.
• Utilized knowledge of information technology principles, methods, and security regulations and policies to administer a continuous monitoring information security program.
• Performed security testing of IT assets, gathering and aggregating test data for trend analysis.
• Recommended and addressed the acceptability of the software products for continuous monitoring project.
• Developed and maintained documentation to support the testing process and ensured the testing process matures in-line with industry, requirements, and expectations.
• Performed Risk Management Framework (RMF) Using NIST 800-37 as a guide for assessments and Continuous Monitoring. Starting meetings with various System Owners and Information System Security Officers (ISSO), delivering guidance of indication required for security controls, and documenting findings of vulnerability assessments.
• Revised System Security Plans (SSP) Using NIST 800-18 as a model to build SSP, Risk Assessments, and Incident Response Plans.
• Created and devised change control procedures, and drafted, reviewed, update Plans of Action and Milestones (POA&Ms).
• Certification and Accreditation (C&A), RMF, continuous monitoring. Proficiency in the National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POA&M Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.
• Efficiently communicated between various clients to perform POA&M redress.
• Handled internal communications within the Chief of Information Security and external communications with several different groups daily.
• Retained superb working relationships with both internal and external customers using interpersonal communication skills.
• Supplied services as security control assessors (S.C.A.s) being an essential part of the group.
• Participated in assessments and authorizations procedures to include A&A scanning, documentation, consulting auditing requirements, evaluating present threats to critical information security systems. Recognized trends and root causes of system malfunctions or weaknesses using NESSUS Vulnerability Scanner, Nmap to scan ports, poor configuration, and absent patches.
• Ensured that the Information Systems Security department's policies, procedures, and practices were in compliance with FISMA, NIST, and general agency standards.
February 2017 - April 2019
InCharge, Kissimmee, Florida
Cyber Security Engineer
• Analyzed security breaches to determine their root cause.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Analyzed discovered infrastructure and software vulnerabilities obtained from scanning to determine risk, impact and remediation plans.
• Reviewed and updated Cybersecurity documentation on an annual basis.
• Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level.
• Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.
• Monitored and analyzed network traffic and logs using WireShark, Nmap and pfSense.
• Monitored traffic for irregularities based on information received from various sources.
• Monitored and analyzed SCCM and SIEM reports to identify trends and potential vulnerabilities.
• Performed penetration testing and vulnerability analysis.
• Monitored and audited information security controls for compliance and effectiveness.
• Processed Nessus vulnerability scanning for critical and high severity alerts, log analysis, and results.
• Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST guidelines.
• I worked with internal stakeholders to create a matrix that mapped project requirements to the National Institute of Standards and Technology (NIST) security controls.
• Monitored the IT regulatory landscape for emerging regulations and assessed the impact to control framework and risk strategy.
• Responsible for IT testing using appropriate tools.
• Tested, maintained, and monitored computer programs and systems, including coordinating the installation of computer programs and systems.
• Provided services as security control assessor (S.C.A.) and perform as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing, and analysis requirements. As a team, we determined Security Categorizations using the FIPS 199 as a guide, reviewed, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiated System Security Plan (SSP).
• Experience developing and updating System Security Plans (SSP), Contingency Plan, Disaster Recovery Plan, Incident Response Plans, and Configuration Management.
• Skilled in performing assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
• Worked with ISSO, AO, and the Security team to access security controls selected and assess the weakness and produce (RTM), or Test case, and all findings reported in our SAR report.
• Reviewed and documented contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.
• Reviewed and updated of the System Security Plan (SSP) using NIST SP 800-18 guidelines.
• Specialized in the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, P.I.A., E-Authentication ST&E (Security Test & Evaluation), POA&M.
• Developed and conducted ST&E (Security Test & Evaluation according to (NIST SP 800-53A) and perform on-site evaluation and support.
March 2015 – January 2017
VISO Trust, San Francisco, California
Cyber Security Analyst
• Analyzed network traffic for anomalies and detect malicious activity.
• Acted as a member of SOC team dedicated to solving cyber security threats.
• Performed proactive network monitoring and threat analysis.
• Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEMs.
• Monitored and investigated large sets of data on clients’ portal to detect fraudulent activities.
• Reviewed provided or requested Artifacts and Plan of Action & Milestones (POAMs) to determine if controls are implemented correctly.
• Completed threat analysis using Security tools (Alien Vault, Splunk).
• Provided weekly status reports.
• Performed incident handling and documentation within the incident response lifecycle (detection, triage, analysis, mitigation, reporting and documentation).
• Played a vital role in change management and incident response.
• Coordinated with application teams to implement encryption and tokenization solutions.
• Monitored traffic for irregularities based on information received from various sources.
• Reviewed and analyzing log files to report any unusual or suspect activities.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Supported security tests and evaluations (ST&Es).
• Monitored controls post-authorization to ensure continuous compliance with the security requirements.
• Conducted Security Control Assessments (SCA) on Information Systems by interviewing, examining and testing methods and documented control findings in the SRTM worksheet
• Worked to determine strategies and takes measures to mitigate risk.
• Processed Nessus vulnerability scanning for critical and high severity alerts, log analysis, and results.
• Forwarded results of Nessus vulnerability scan to lead application owners for remediation plans and resolution.
• Assessed an alignment with DLP, PCI-DSS, and NIST-800 controls for critical enterprise systems; developed effective and efficient processes to remediate the compliance gap.
• Performed internal vulnerability testing such as ACAS and SCAP scans and perform appropriate remediation.
• Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of system authorization.
October 2013 – February 2015
Ernst & Young, Atlanta, Georgia
Threat Haunter
• Used log data from SIEM tools (Splunk, QRadar, ArcSight, AlienVault) to conduct analysis of cyber incidents.
• Configured and installed Splunk Enterprise for the user and role authentication and SSO.
• Analysis of network data traffic using SIEM tools such as Splunk and IBM's Resilient Systems.
• Monitored and analyzed network traffic with Source-Fire and Stealth-Watch Intrusion Detection systems.
• Monitored the general support system for vulnerabilities including weak password settings and weak configuration settings.
• Deployed, configured and maintained Splunk forwarder on different platforms.
• Performed proactive network monitoring and threat analysis.
• Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEMs (SourceFire, Tripping Point).
• Monitored security processes for the protection of computer systems, networks, and information.
• Monitored open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
• Monitored IDS/IPS, Syslog, and OpenDNS.
• Monitored and responded to various endpoint detections via SEPM.
• Performed Vulnerability Assessment using Metasploit.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Performed security testing and analyzed results to identify vulnerabilities and violations of information security.
• Monitored network for suspicious activity using continuous monitoring with various security tools (e.g., Wireshark, Splunk, Alien Vault) to identify potential incidents, network intrusions, and malware events, etc.
• Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.
• Documented policies and procedures in support of Risk Management Framework (RMF) process.
• Worked with security compliance policies, programs, processes, and metrics.
August 2011 – September 2013
RocketCyber, Dallas Texas
Network Engineer
• Monitored and investigated large sets of data on clients’ portal to detect fraudulent activities.
• Configured and installed Splunk Enterprise for the user and role authentication and SSO.
• Identification and processing of phishing campaigns: spear to broad.
• The detection and processing of malicious e-mail attachments -Sandboxing/decomposition analysis of various payloads using different tools and techniques.
• Performed proactive network monitoring and threat analysis.
• Monitored system, detecting, analyzing, and resolving all incidents/events reported by various SIEMs.
• Monitored and responded to various endpoint detections via SEPM.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Monitored the general support system for vulnerabilities and threats, weak password settings, and weak configuration settings.
• Responsible for gathering information and scanning using security testing tools.
• Monitored and analyzed SCCM and SIEM reports to identify trends and potential vulnerabilities.
• Monitored and investigated suspicious network activities utilizing a variety of tools such as Splunk and FireEye.
• Investigated network access errors as well as network logs using Splunk.
• Worked with symmetric and asymmetric cryptographic keys implemented in the financial services industry.
• Applied concepts of dual control and split knowledge, integral in applying least-privilege principles and maintaining the security of sensitive keys or data.
• Applied signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector.
• Efficiently facilitated and expedited the tracking, handling, and reporting of all security events and computer incidents.
• Implemented deep dive analyses on alerts received from enterprise security tools and took action on remediation process.
• Deployed, configured and maintained Splunk forwarder on different platforms.
• Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional.
• Produced and submitted appropriate forms to ensure the proper guidance for the protection and handling of security information. Identified problems, determined accuracy of information and used sound judgment to generate and evaluate alternatives, and to make recommendations.
• Ensured the confidentiality, integrity, and availability of systems, networks, and data through security programs, policies, procedures, and tools.
• Implemented, validated and maintained Information Assurance controls.
Education and Training
Bachelor's Degree in Business
University of Phoenix,
Master's Degree in Computer Science and Information Technology
University of Phoenix,
SOC. Analyst Training Course
• Worked with Security Information and Event Management (SIEM) solutions in the Cyber Security Operations Center (SOC).
• SOC Team duties included daily audits of access logs to verify users have the proper clearance to access authorized areas of the department.
• Implemented processes to capture both current and historical Cyber Security audit findings to identify systemic failures and patterns for corrective action.
• Promoted Cyber Security awareness of security issues among system owners and executive leadership to improve compliance with Cyber Security policies and procedures.
• Responsible for initial investigation and remediation of Cyber Security threats.
• Used Splunk to enhance Cyber Security posture from the network to the end device.
• Performed regular Cyber Security penetration and vulnerability assessment and review using Nessus, Metasploit and other offensive security tools.
• Monitored Firewall traffic using WireShark, PfSense, and log correlation tools for potential Cyber Security threats in the infrastructure.
• Actively engaged with other teams on Cyber Security process improvements to ensure that security requirements are incorporated in all technology projects.
• Conducted Cyber Security network monitoring using WireShark, NMAP, Snort, and reported on findings.
• Followed-up on Nessus Vulnerability Scan to ensure proper remediation as part of Cyber Security SOC Team.
• Documented Cyber Security events and incident response reports and tracked resolutions as part of SOC Team SOP.
• Worked with Splunk to create meaningful Cyber Security reports and dashboards.
• Strategic planning of physical and non-physical information security policies to protect client and firm data.
• Cyber Security Analyst Training Course.
• Trained to analyze, interpret, and monitor software in Security Operation Center.
• Introduced to Splunk and Splunk Enterprise reporting methodologies for macros and real-time data, as well as understanding how to use specialized software for data insights and risk analysis.
• Able to create dashboards, glass tables, alerts, and automatic reports.
• Logs, traffic, user behavior analysis, and threat/incident remediation.
• Understand Networking and Security fundamentals, Next-Generation Intrusion Prevention Systems (NGIPS), and Network Security Monitoring (NSM).
Certifications
• Splunk 7.1 Certification
• CompTIA Network +
• Certified Information Security Manager (CISM) In Progress
• Certified Ethical Hacker (CEH) - In Progress
• CompTIA Security+ (Sec+) – In Progress
• Microsoft Azure Fundamentals AZ-900. In Progress
• Microsoft Azure Security AZ-500. In Progress
• Amazon Web Services (AWS) Fundamentals. In Progress
• Amazon Web Services (AWS) Security. In Progress
Contact this candidate