InfoSec Analyst IT Risk Assurance Network Technician IS Auditor Incident Response Disaster Recovery

Professional Profile

Passionate and enthusiastic master’s graduate in Cyber Security with a primary focus on Red Team Ethical Hacking, Vulnerability Assessment, Risk Management, and Threat Hunting. Proven tenacious work ethic while possessing the ability to multitask effectively and handle a high-volume workload while consistently meeting or surpassing performance metrics. Possess knowledge in Cyber Security practices and principles. Possess excellent oral and written communication skills along with excellent time management and analytical skills. Possess the ability to work independently or within a team and under supervision. Prior skills include management, operations, training, customer service and administrative duties.

Experienced scanning networks using Nmap, Hping3, Nikto, OpenVas and other network. scanners to view open ports, run services, troubleshoot, and analyze network connectivity.

Performed banner grabbing using tools such as Telnet, Netcat, and Nmap to retrieve information about computer systems on a network to mitigate vulnerabilities and prevent attackers from gaining banner information.

Used Nmap to identify operating systems (OS) running on remote hosts.

Used the PoF tool to identify operating systems (OS) also running on remote hosts.

Observed PCAP files, logs, and active real-time traffic patterns using Wireshark.

Installed CryptoDemo to encrypt/decrypt information traversing the intranet for observation.

Used Cyber Kill Chain to better understand and combat ransomware, security breaches, and advanced persistent threats (APTs).

Incorporated FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.

Installed/used HashCalc for file checking.

Implemented/configured/customized Domain Name System Security Extensions (DNSSECs).

Comfortable troubleshooting, scanning, and utilizing Linux systems and various Linux command-line tools. (e.g., DIG, to troubleshoot network-related issues).

Proficient with Windows command-line tools such as the PsInfo command-line tool to retrieve information about remote systems in a network.

Used tools such as Stinger to scan for malware, tools such as CurrPorts, TCPView, and What’s Running to review process monitoring; and tools such as HashCalc to perform file hashing.

Performed port redirection using the Netcat command-line utility available for Linux, UNIX, and Windows platforms. In Linux/Unix, used the finger command to retrieve information about system users in networks.

Used TCPView to track port usage of devices. This displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on devices.

Configured Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and the Command Line Interface.

Operated Microsoft Baseline Security Analyzer (MBSA) checking for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans computers for insecure configuration settings.

Conducted system hacking by means of malware (IDA Pro) and Trojan analysis tools, monitored ports and processes, and monitored and protected files and folders.

Configured the TFTP (Trivial File Transfer Protocol) server to plant a backdoor on a victim’s computer system.

Implemented application-level session hijacking for viewing cookie information from unencrypted web sites.

Demonstrated understanding of the Public Key Infrastructure (PKI) and Symmetric Cryptography and their uses in SSL/TLS and SSH as elated to secure access and authorization.

Well informed about new Cyber Security industry news and trends, read various periodicals, conduct research, and experiment using virtual labs.

Installed and configured various tools and applications:

oZoneAlarm Firewall

oNAT Firewall

oOpenSSH

Installed, tested, configured, and re-tested Snort.

Created a DoS Attack; Used Anti-Phishing Toolbar (Netcraft).

Installed/used Password Cracking Tools (Cain & Abel, PWDump, LM Hash, ThreatFire).

Used Hyper-V Virtual Machine to create a Secondary Virtual Hard Disk.

Established/configured Active Directory Certificate Services.

Created and configured Certificate Revocation Lists (CRLs).

Set up/configured WSUS; created Computer Groups for WSUS; configured GPO Policy for WSUS.

Installed/configured Remote Authentication Dial-in User Service (RADIUS) for Wi-Fi authentication.

Fixed/configured Routing Protocols, (Static and Dynamic) in Cisco routers and switches.

Hands-on Vulnerability Assessment and Penetration Testing.

Technical Skills

Security Evaluation

Compliance Evaluation, Network Auditing, Risk Management, MBSA

Monitoring

Intrusion Detection

Security Analytics

Intrusion Prevention

Penetration Testing

FireEye

Mitigation

Mobile Protection Tools (MDM)

Network/wireless sniffers (e.g., Wireshark, Airsnort)

Port scanning tools (e.g., Nmap, Hping)

Vulnerability scanner (e.g., Nessus, Qualys, Retina)

Vulnerability management and protection systems (e.g., Founds tone, Ecora)

Intrusion Detection Tools (e.g., Snort, FireEye)

Splunk Enterprise Security (SES)

Metasploit

pfSense Firewall Manager

Kali Linux

Alien Vault

Network Hardware and Software (e.g., Comodo Firewall, Cisco ISR, Cisco ASA, Meraki, Cisco Smart Switches)

Honeypot tools (e.g., KFSensor)

Cloud security tools (e.g., Core Cloud Inspect)

Cryptography tools (e.g., Advanced Encryption Package)

Cryptography toolkit (e.g., OpenSSL)

Cyber Security Tools

Splunk, Nessus, Metasploit, Ettercap, Nmap, Hping3, Telnet, Burp Suite, IDA Pro, MDM Solutions, Cyber Kill Chain, Diamond Model, Intrusion Detection Tools (e.g., Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Hardware and software firewalls (e.g., Comodo Firewall), Honeypot tools (e.g., KFSensor), IDS/Firewall evasion tools (e.g., Traffic IQ)

Framework and Compliance

NIST 800 Series

Risk Management Framework (RMF)

HIPAA, SOC (1,2,3) FedRAMP, ISO

Enterprise Mission Assurance Support Service (eMASS)

Owasp Top 10, Consulting on OWASP best Coding Practices, CVSS, CVE’s, CIS Benchmarks

Enterprise Mission Assurance Support Service (eMASS)

DoD Information Assurance Certification and Accreditation Process (DIACAP)

PCI – DSS

ISO 27000 series

COBIT

HIPAA

Professional Experience

April 2019-Present

IONIC Security, Atlanta, GA

Information Systems Manager

Ionic empowers clients to future-proof their organizations and accelerate innovation by unifying data security and access controls, regardless of where they are in their journey to the cloud.

My network security technology highlights:

Monitored and investigated suspicious network activities with various security tools (e.g., Splunk, Wireshark, Nessus, Alien Vault, NMAP, Snort) to identify potential incidents, network intrusions, and malware events, etc.

Utilized Wireshark to analyze PCAP traffic.

Actively participated in various enterprise working groups to provide comprehensive implementation, oversight, and mitigation solutions for Cyber Security-related issues, including threat identification, security assessment, and processes as part of NIST-based Cyber Security Risk Management program.

Used Splunk to onboard applications for logging capabilities.

Forwarded results of Nessus Vulnerability Scans to team leads for resolution of Cyber Security issues.

Created a detailed Incident Report (IR) and contributed to lessons learned and mitigations for future attacks of a similar nature.

Conducted confirmatory Cyber Security Vulnerability assessment rescans using Splunk.

Along with SOC Team, presented Cyber Security Related Awareness and Training for end users and management.

Experienced working with AWS cloud security.

Performed Cyber Security Analysis of assigned systems, events, and cyber-related incidents.

Followed SOC Team runbooks and playbooks for Cyber Security continuous monitoring, testing, and incident response as part of Cyber Security program.

Performed Penetration Testing using Metasploit penetration testing tool.

Provided support for SOC working with team members to provide shift rotation coverage and worked with system data, including but not limited to security event logs, system logs, proxy, and firewall logs.

Documented policies and procedures in support of Risk Management Framework (RMF) processes.

Performed vulnerability assessment using tools such as Nessus, Splunk, and Nmap.

Used log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents and analyzed log data from SIEM tools such as Splunk and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Conducted periodic Cyber Security vulnerability scans of IT systems, wireless, and network connected devices.

Performed tests, including SQL injection on websites that contained secured data modified by unauthorized users through command-line injection and cross-site scripting language.

Experienced in Web Application Security with an ability to evaluate security and adhere to best practices and standards.

Experienced working with Amazon Warehouse Services (AWS) Cloud Security.

Able to work Software Development Security to advise about best practices.

Patched websites after finding vulnerabilities.

Performed Penetration Testing on Debian servers with weak key vulnerability to meet objectives.

Monitored Cyber Security alerts related to malicious web and ad operations.

Analyzed security breaches to determine their root cause.

Recognized potential/successful/unsuccessful intrusion attempts and compromises through review and security analysis/malware analyses of relevant event details or summary information.

Trained team members on proper Cyber Security Incident Response procedures.

Performed web application monitoring using Arachni, SQL, and XSS injection.

Created and maintained use cases for recurring investigation/incident, threat, and cyber threats. Wireshark in this role helped provide both offline and live-capture analysis.

Engaged in Threat hunting activities on the network. BeEF (Browser Exploitation Framework) and checked the web browser for attacks.

Conducted hands-on security testing, analyzed test results, documented risks, and recommended countermeasures.

Forensically investigated systems flagged by our Endpoint Threat Detection/Protection product.

Conducted research about automating Malware Analysis workflows, including AI recognition of obfuscated/malicious macros, and extracted images from phishing documents to identify campaigns.

Researched detonation sandboxes, filetype identifiers, and other public tools to integrate into existing Malware Analysis frameworks for Cyber Security initiatives.

Provided requirements developing internal Malware Analysis intelligence frameworks and next-generation endpoint threat detection products.

Analyzed specific situations to determine appropriate security testing approaches.

Performed manual Penetration testing and communicated findings to both business and web developers.

Experienced working with Azure.

Performed security reviews of application designs and source code.

Developed testing scripts and procedures.

Established and applied online security procedures.

Collaborated with stakeholders to revise security guides and address existing concerns.

Updated security software to prevent database security threats.

Applied system recovery methods to reduce losses should an incident occur.

Evaluated system access controls and monitored database access based on permissions.

Revised cybersecurity protocols/procedures and created efficient training processes.

Assembled daily database logs to build reports to identify potential vulnerabilities.

Safeguarded conformity with internal and external email security standards.

Recommended software updates and oversaw patch management procedures.

Developed internal processes and standards for threat intelligence workflow.

Deescalated and managed customer-related escalations.

Ensured all Service Management procedures were being followed and service level agreements (SLAs) met.

Developed mitigation and countermeasure strategies from collected threat intelligence.

Maintained and helped develop operational procedures for the team to use in daily operations.

Translated complex information sets into concise labels to assist incident response efficacy.

Risk Management Framework Analysis, System Control Assessments, Vulnerability Assessment and Compliance Testing.

Architected and implemented secure network environments following NIST Risk Management guidelines, Security Assessment and Testing, and Continuous Monitoring.

Implemented and configured Secure Network Architecture and configured SIEM tools using Splunk-Snort IDS/IPS.

Experienced providing Security Related Awareness and Training to executives, stakeholders, and end-users.

Knowledgeable of Vulnerability Assessment and Penetration Testing (VAPT).

Skilled in analysis of results of security, vulnerability, and risk management assessments.

Developed mitigation strategies for security problems and created Incident Response Plans.

Applied Cyber Kill-Chain and Diamond Model for event correlation.

Managed Information Assurance Evaluation tests.

Used Splunk dashboards and visualizations with the ability to configure Splunk for specific uses and reports.

Familiar with various cyber security tools, including Splunk, Snort, Nessus, Wireshark, and Metasploit.

Experienced in working with Amazon Warehouse Services (AWS) cloud security.

Involved in Data Management Policy, implementing Data Management Policies and Disaster Recovery Plans that define Recovery Point Objective (RPO) and define recovery time objective (RTO).

Ensured that the Security Assessment and Authorization process followed the National Institute of Standards and Technology (NIST) Special Publication (SP) 800.

Evaluated cloud computing services, cloud service providers, and cloud brokers using the CSA CCM domains to align the VA’s cloud-based needs with regulatory security compliance and in accordance with NIST framework for cloud computing networks.

Used the Cyber Kill Chain steps to trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data:

oReconnaissance (Observation): Attackers typically assess the situation from the outside-in to identify both targets and tactics for the attack.

oIntrusion: Based on what the attackers discovered in the reconnaissance phase, they are able to get into your systems, often leveraging malware or security vulnerabilities.

oExploitation: The act of exploiting vulnerabilities and delivering malicious code onto the system to get a better foothold.

oPrivilege Escalation: Attackers often need more privileges on a system to get access to more data and permissions, and for this they need to escalate their privileges, often to an Admin.

oLateral Movement: Once they are in the system, attackers can move laterally to other systems and accounts to gain more leverage, whether that is higher permissions, more data, or greater access to systems.

oObfuscation / Anti-forensics: To successfully pull off a cyberattack, attackers need to cover their tracks, and in this stage, they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.

oDenial of Service: Disruption of normal access for users and systems to stop the attack from being monitored, tracked, or blocked.

oExfiltration (Extraction stage): Getting data out of the compromised system.

Incorporated FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.

Applied the Hyper FPE SecureData data-centric platform to provide high-strength encryption of data:

oVoltage SecureData Enterprise: End-to-end data encryption solutions available across the enterprise, cloud, and mobile.

oVoltage SecureMail Cloud: SaaS service for the protection of your most sensitive information and your email transition to Office 365.

oVoltage SecureMail On-Premises: Achieving email security with an end-to-end email encryption solution without impacting the user experience.

oVoltage SmartCipher: Voltage SmartCipher simplifies unstructured data security, providing persistent file encryption and complete control and visibility over file usage and disposition.

Experienced working with Azure cloud.

Used NIST, ISO, CSA CCM, FISMA, and FedRAMP guidelines to employ and sustain a secure network defense in concert with authorized cloud services providers.

Used Splunk Enterprise Security to allow team to quickly identify, investigate, and respond to threats based on a broader security context than is possible with legacy security products.

May 2017-April 2019

SMXUSA, Miami, FL

Cyber Security Engineer

SMX Services & Consulting is an information technology outsourcing (ITO) provider with more than 20 years’ experience providing logical solutions to emerging enterprises across a variety of industry verticals, including technology, finance, banking, real estate, insurance, and retail.

My work highlights:

Identified resources needed to reach objectives and managed resources in an effective and efficient manner.

Tracked project expenses to maintain the projected budget.

Presented project updates on a consistent basis to various stakeholders about strategy, adjustments, and progress.

Managed contracts and service level agreements (SLAs) with the supply chain by assigning agreed deliverables on from their end.

Communicated the seriousness of threats and made recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.

Monitored performance of several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.

Monitored and analyzed network traffic security systems such as Firewalls, Servers, and Databases using tools such as Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, and web proxy for system vulnerability.

Developed, tracked, and sustained action plans for the solution of issues discovered during assessments and audits, and delivered necessary assistance with the implementation of those remediation plans.

Developed an internal systems security plan on how to handle procedures to isolate and investigate potential information system compromises.

Assisted internal auditors in completing IT components of audits using computer-assisted audit tools and techniques.

Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems, receiving over eight ATOs.

Upgraded software, patches, and security patches on dev/test and production environments.

Identified and prioritized information security risk and advised business partners about security/privacy requirements and solutions to ensure compliance.

Performed information security assessments in direct support of a major compliance effort (NIST, PCI-DSS, and ISO).

Administered Cyber Security continuous monitoring information security program per NIST framework.

Worked as part of a Cyber Security incident Response team as needed following SOC Incident Response procedures.

Investigated and resolved Cyber Security incidents and events per SOC team policy and procedures.

Utilized Splunk dashboards for Cyber Security incident reports in Splunk and helped create automated reports for greater understanding of, and accountability for, Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance with NIST 800 series guidelines.

Applied Wireshark to troubleshoot and investigate Cyber Security threats.

Performed troubleshooting of various indexing issues by analyzing Splunk logs such as splunkd.log and metrics.log ingested as internal index.

Supported Cyber Security with SIEM tools such as Alien Vault, NMAP, Splunk, Snort, Wireshark, pfSense and Nessus.

Reviewed AD and SIEM reports for user account creation, onboarding and separation per Cyber Security policy compliance following NIST guidelines.

Conducted Cyber Security vulnerability scanning and evaluation of controls.

Automated Cyber Security analysis workflow regarding endpoint detections, sandbox results, and email scanning.

Detected Cyber Security events and reported any and all threats that were directed against systems regardless of classification level or type.

Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.

Evaluated the adequacy of Cyber Security Programs against NIST guidelines and industry best practices.

Stayed abreast of current updates and patches, and ensured all systems were maintained and tested post update/patch implementation.

Provided technical support for continuous monitoring, computer exploitation, and reconnaissance, and performed target mapping and profiling and network decoy and deception operations in support of computer intrusion defense operations.

Led a team that provided next-day solutions for misconfigurations, security issues, and security events that were reported to our office.

Directed and coordinated with management on security projects to include budget, resource acquisition, and security implementations.

Researched developing technologies and identified use cases for inclusion into the security program, which included physical security to critical data assets.

Assisted the SOC team in maintaining SIEM tools, hardware for network security and their configurations, change management, security logging, and assisted in incident response.

Provided analysis of cybersecurity as well as physical security policies and procedures depending on departmental duties and needs.

Worked closely with managers and security personnel to ensure that security policies and controls were effective with provided services, software, hardware, and updates.

Collaborated with IT, Security, Record, and Policies departments about the best practices for moving from physical to digital records keeping in a continuous production environment while ensuring continuity of service.

January 2014-May 2017

Infogaurd Security, San Jose, CA

Threat Intelligence

Infoguard Security is a cyber security solutions and consulting services firm that identifies business network security needs and develops and deploys cyber security solutions to protect organizations’ information assets against a range of cyber threats and mitigates security risks to organizations.

My cyber threat intelligence technical work task highlights:

Performed project management functions such as forecasting, budgeting, and monitoring of data security projects and procedures as they related to the Cyber Security Operations Center.

Provided 24x7x365 level 2 support related to all security incidents.

Experienced configuring Palo Alto firewall.

Worked on Indicators of Compromise (IOC) Vetting and Ingestion.

Performed simulation and incident testing in a lab environment.

Experienced using Windows Environment (Windows 10, newer versions of Server).

Performed Ticketing and CIRT recording.

Experienced with PCI/DSS Compliance.

Performed remediation on the WannaCry ransomware.

Experienced with Sandboxing environments.

Knowledge-based article creation and housekeeping.

Attended industry-based webinars and meetings hosted by reputable organizations and agencies such as FS-ISAC, MS-ISAC, CISA, DHS, and Recorded Future.

Experienced detecting malicious activities through the analysis of User Behavior.

Performed forensic investigations and advanced threat analysis on many cyber security threats and reported on industry standard security information on current trends.

Provided holistic data governance solutions with an emphasis on data classification and data leakage prevention.

Analyzed, monitored, and identified security risks to determine potential impacts.

Oversaw successful SIEM audits by constructing a management action plan.

Conducted weekly meetings with the CISO to review security incidents and trends.

Delivered Splunk into S&P Ratings as the project manager to close a gap against the company logging standard. Led the design of the Splunk architecture.

Analyzed log traffic and PCAPS, read and understood system data, including security event logs, system logs, and firewall logs.

Cyber Security and Information Security program design following NIST-SP 800-37 Risk Management Framework.

Executed risk-based audit programs to assess the effectiveness of controls for critical systems and processes.

Employed security testing techniques such as network discovery, port and service identification, vulnerability scanning using Splunk ES, Snort IDS/IPS, Firewall, Wireshark, and Nessus.

Implemented and configured SIEM tool using Splunk/Snort IDS/IPS, Wireshark for network traffic and packet analysis, and various Cyber Security tools Nmap and Nessus.

Implemented security setting on Firewalls and Switches and Routers.

Implemented DLP Plan with Backup and Recovery/Data Recovery and RAID.

Establish Host Security to protect Application Data

Conducted Security Assessment/Testing per company policy regarding the Risk Management Plan.

Ensured that the Security Assessment and Authorization process are met per NIST SP 800 guidelines.

Conducted system baselining and hardening based on CIS standards

Participated in writing security policy and Standards for security controls according to NIST SP 800 -37

Generated security documentation, including security assessment reports; system security plans; contingency plans; and disaster recovery plans.

Coordinated and implemented Information security policies, processes, and procedures to ensure information systems security objectives and compliance are met.

Coordinated and performed internal and external vulnerability assessments on computing assets such as hosts, network infrastructure.

Utilized Archer GRC in performing operational risk management of new and existing assigned entities/vendors to identify the risk- level and security posture for each entity.

Information Security Risk Management expert with a focus on FISMA, System security evaluation, validation, monitoring, Risk assessments, and Audit engagements

Worked with a team of Information System Owners, Developers, and System Engineers to select and Implement tailored security controls in safeguarding system information.

Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines.

Reviewed system vulnerability scans and audit logs and work with system administrators to remediate findings and document non-remediated findings in the POA&M and performed security categorization of systems using FIPS199 & NIST SP 800-60 and initiated compliance and vulnerability scan requests to identify and report weaknesses and potential security breaches in accordance with SP 800-34.

Participated in weekly meetings to discuss the status of the risk assessment process.

February 2013-January 2014

Barracuda Networks, Ann Arbor, MI

SOC Analyst

Barracuda Networks provides network security solutions to businesses by delivering cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. Barracuda’s solutions protect email, networks, data, and applications. More than 150,000 organizations worldwide trust Barracuda to protect them

Technical work highlights:

Responsible for following Response Playbooks/Incident Response Plans (IR Plans) used by SOC team.

Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.

Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.

SOC Team worked with NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.

Created a formal Cyber Weekly Report for reporting to Senior Management/Executives.

Actively conducted open-source research to find new threats and IOCs.

Served as the system tool owner for our security applications (Splunk, Carbon Black, etc.).

Completed Threat Intelligence using Cyber Kill Chain and Diamond Model in Cyber Security.

Provided Cyber Security support for complex computer network exploitation and defense techniques and conducted e-mail analysis on suspicious e-mails.

Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.

Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external web integrity scans to determine compliance.

Responsible for leading and delivering accurate and expedient handling of end-user support requests.

Responsible for creating, maintaining, and enforcing Information Security Policies and Procedures in compliance with PCI-DSS regulations and NIST cyber security best practices.

Worked with IT teams to assess weaknesses, identify solutions and develop security policies.

Monitored Firewalls and database activity while maintaining confidentiality, integrity, and availability of the network environment.

Identified and evaluated foreign communications for intelligence purposes, mission support and the handling of classified communications for threat intelligence.

Performed Threat Intelligence using Cyber Kill Chain and Diamond Model.

Analyzed security breaches using

Contact this candidate