Professional Profile
o**+ consecutive years focused on Cyber Security.
oCyber Security professional with experience in collaborative team management and concept development.
oExperience executing network administration, performing cybersecurity administration, implementing audits, conducting security assessments, and assessing risk management.
oSecurity-related awareness and training.
oConduct threat hunting exercise and ensure safe environments through best practices aligned with market-standard cybersecurity frameworks such as NIST, COBIT, ITIL, and ISO/IEC.
oExpert in Microsoft Office Suite including Excel, and use of Cyber Security Monitoring tools (i.e., pfSense Firewall Manager, Nessus, Nmap, Alien Vault, and Wireshark).
oExperienced investigating and analyzing Cyber Security events found in vulnerability scans and monitoring using Nmap/Zenmap, Hping 3, QRadar, Nessus to name the most prevalent.
oExperienced reporting Cyber Security events and issues found in vulnerability assessment scans through exhaustive documentation for stakeholders.
oExperienced with Cyber Security vulnerabilities and risks in computer networks as a means to reduce the threat landscape for multiple organizations.
oImplemented swift resolution for vulnerabilities based on various risk score matrices, CVSS, and CVEs, in accordance with NIST SP-800 37 security controls and best practices.
oProficient in defining, organizing, and monitoring risk management, compliance, and cybersecurity programs.
oProficient in Pen Testing, vulnerability analysis, research planning & execution, and security configurations.
oAdept at training and educating internal users on relevant cybersecurity procedures and preventative measures.
oSkilled in Information Security/Assurance Analysis, Compliance, Governance of the CIA triad.
oExperience with monitoring and vulnerability scanning, penetration testing following a highly methodical approach to ensure a high degree of all vulnerabilities have been addressed.
oSkilled in incident response following SOC procedures in Incident Response Plan based on the MITRE ATT@CK framework.
oPerformed security assessments and audits for compliance with the NIST Risk Management Framework on critical information systems to implement recommended security controls.
oExceptional interpersonal skills with documentation and verbal communication abilities.
oOrganizational service skills ensuring technical security planning, testing, verification, and risk analysis in accordance with security regulations, frameworks, and company needs.
Regulatory and Technical Knowledge and Skills
Security Evaluation
Compliance Evaluation, Network Auditing, Risk Management, MBSA
Monitoring
Intrusion Detection
Security Analytics
Intrusion Prevention
Penetration Testing
FireEye
Mitigation
Mobile Protection Tools (MDM)
Network/wireless sniffers (e.g., Wireshark, Airsnort)
Port scanning tools (e.g., Nmap, Hping)
Vulnerability scanner (e.g., Nessus, Qualys, Retina)
Vulnerability management and protection systems (e.g., Founds tone, Ecora)
Intrusion Detection Tools (e.g., Snort, FireEye)
Splunk Enterprise Security (SES)
Metasploit
pfSense Firewall Manager
Kali Linux
Alien Vault
Network Hardware and Software (e.g., Comodo Firewall, Cisco ISR, Cisco ASA, Meraki, Cisco Smart Switches)
Honeypot tools (e.g., KFSensor)
Cloud security tools (e.g., Core Cloud Inspect)
Cryptography tools (e.g., Advanced Encryption Package)
Cryptography toolkit (e.g., OpenSSL)
Cyber Security Tools
Splunk, Nessus, Metasploit, Ettercap, Nmap, Hping3, Telnet, Burp Suite, IDA Pro, MDM Solutions, Cyber Kill Chain, Diamond Model, Intrusion Detection Tools (e.g., Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Hardware and software firewalls (e.g. Comodo Firewall), Honeypot tools (e.g., KFSensor), IDS/Firewall evasion tools (e.g. Traffic IQ)
Framework and Compliance
NIST 800 Series
Risk Management Framework (RMF)
HIPAA, SOC (1,2,3) FedRAMP, ISO
Enterprise Mission Assurance Support Service (eMASS)
Owasp Top 10, Consulting on OWASP best Coding Practices, CVSS, CVE’s, CIS Benchmarks
Enterprise Mission Assurance Support Service (eMASS)
DoD Information Assurance Certification and Accreditation Process (DIACAP)
PCI – DSS
ISO 27000 series
COBIT
HIPAA
Professional Work Experience
Cyber Security Engineer
Trinity Industries June 2019 – Present
Dallas, TX
Trinity Industries Inc. is an American industrial corporation that owns a variety of businesses that provide products and services to the industrial, energy, transportation, and construction sectors. Trinity operates five business groups: Rail Group, Construction Products Group, Inland Barge Group, Energy Equipment Group, and Railcar Leasing & Management Services Group.
•Worked with stakeholders across the enterprise to establish and implement a security policy within the company that would allow for Confidentiality, Integrity, and availability of company resources throughout the transition in accordance with North Carolina's data privacy law.
•Assessed, planned, and enacted security measures to help protect clients from security breaches and attacks on computer networks and systems.
•Performed asset tracking, loss prevention, and hardware/software remediation, as well as change management for onsite network equipment.
•Communicated the seriousness of the threats and recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.
•Identified and prioritized information security risk; advise business partners on security/privacy requirements and solutions to ensure compliance.
•Performed information security assessments in direct support of a major compliance effort (NIST, PCI-DSS, and ISO).
•Assisted internal auditors in completing IT components of audits using computer-assisted audit tools and techniques.
•Tasked with security, hardware, and software installation and upgrades for remote sites as well as local users, ensuring that newly established security and group policies were followed during the transition and migration of data.
•Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.
•Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.
•SOC Team worked with NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.
•Actively conducted open-source research to find new threats and IOCs.
•Served as the system tool owner for our security applications (Splunk, Carbon Black, etc.).
•Completed Threat Intelligence using Cyber Kill Chain and Diamond Model in Cyber Security.
•Provided Cyber Security support for complex computer network exploitation and defense techniques.
•Performed comprehensive Cyber Security monitoring, identifying vulnerabilities, and documenting all events.
•Wrote threat reports and manage recommendations with affected stakeholders.
•Developed documentation for security policies and procedures aligned with industry best practices and security frameworks such as NIST 800-53, 800-171, NIST Cybersecurity Framework, ISO 27001.
•Prepared and created documentation for various IT security engagement deliverables including but not limited to risk assessment results, plan of action and milestone (POAM) lists, system security plan, security gap analysis.
•Predicted resources needed to reach objectives and managed resources in an effective and efficient manner.
•Tracked project expenses to maintain the projected budget.
•Presented project updates on a consistent basis to various stakeholders about strategy, adjustments, and progress.
•Managed contracts, SLAs and agreements with the supply chain, by assigning effectively agreed deliverables on from their end.
•Monitored performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.
•Monitored and analyze network traffic security systems such as Firewalls, Servers, and Databases, using tools like Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, web proxy, for system vulnerability.
•Developed, tracked, and sustained action plans for the solution of issues discovered during assessments and audits. Deliver necessary assistance with the implementation of those remediation plans.
•Developed an internal systems security plan on how to handle procedures to isolate and investigate potential information system compromises.
•Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems, receiving over eight ATOs.
•Upgraded software, patches, security patches on dev/test, and production.
Information Security Specialist
Novelis December 2017 – June 2019
Atlanta, GA
Novelis Inc. is an industrial aluminum company, Novelis is a leading producer of rolled aluminum and the global leader in beverage can recycling.
•Performed threat and vulnerability analysis and providing warnings of anticipated exploitation.
•Executed security monitoring and reporting, analyzing security alerts, and escalate security alerts to local support teams.
•Performed Vulnerabilities Testing and Risk Assessment to prioritize risks and suggest actions.
•Evaluated a range of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to ascertain the correct remediation actions and escalation paths for each incident.
•Monitored and analyzed Intrusion Detection Systems (IDS) alerts to identify security issues for remediation.
•Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.
•Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.
•Researched and identified security vulnerabilities on the networks and systems.
•Used Nessus to run scans on operating systems.
•Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.
•Monitored and tracked security vulnerabilities to ensure affected systems are patched.
•Monitored servers, network gears, and applications in the operation center environment.
•Experienced in analyzing phishing emails when detected, analyze malicious links and attachments, analyze user impact via Splunk, remove phishing emails from exchange servers and block unwanted URL/IP Address.
•Managed development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
•Used Wireshark as sniffer tool for troubleshooting and inspecting packet.
•Developed, implemented, and enforced network security procedures consistent with security policies.
•Worked on different networking concepts and routing protocols like OSPF, RIP, BGP, DHCP, DNS, and other LAN/WAN technologies.
•Analyzed expanding network, ran fiber, and implemented wireless communication networks such as 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac.
•Maintained and managed devices using monitoring tools like Nagios, SNMPv3, and resolving issues effectively.
•Resolved all IP network issues to reduce waste and downtime using ICMP tools such as Ping, IP Config, Nbtstat, Netstat, Tracert, etc
•Performed Ethical Hacking on company network for vulnerabilities, auditing, verifying security controls, exploitation, and generating reports.
•Performed security testing and analysis to identify vulnerabilities and violations of information security.
•Used a safe browser to browse the internet intelligently and safely without executing malicious files or content.
•Assessed security patch implementation according to the patch management program on servers, workstations, and network environments for adequacy and efficiency.
•Handled updates for anti-virus software on systems.
Threat Hunter
Automatic Data Processing (ADP) September 2015 – December 2017
Roseland, NJ
Automatic Data Processing, Inc., commonly known as ADP, is an American provider of human resources management software and services.
•Educated other company associates about security best practices.
•Monitored security patch levels of the servers, workstations, network environments, and anti-virus systems.
•Monitored and hunted for intrusion and incidents.
•Used Tanium and SCCM and designed and implemented search rules on SIEM in support of effort to locate malicious software on servers and endpoints.
•Implemented Splunk for Information System Continuous Monitoring (ISCM).
•Remediated identified cybersecurity threats and vulnerabilities using Splunk.
•Evaluated systems based on Risk Management 800-37 Framework (RMF).
•Implemented cyber security tools (Nessus, Exabeam, Wireshark and Splunk) to facilitate the adoption of the Information System Continuous Monitoring (ISCM) approach and to support the remediation of identified cybersecurity threats and vulnerabilities.
•Utilized Splunk to support dashboard, report and other capabilities to support the Cyber Security Program.
•Followed Plan of Actions and Milestones (POA&M) to implement a network security plan.
•Participated in the implementation of a distributed log aggregation system using Splunk.
•Implemented IPS/IDS rules and rules changes reconfiguring rules in Splunk/Snort IPS/IDS to better detect ongoing threats.
•Configured, maintained, monitored, and troubleshot patching and general OS hardening of Windows Servers and Linux/Unix servers.
•Maintained client/datacenter network environment by identifying network requirements involved in network architecture, installed upgrades and performed troubleshooting and monitoring of network performance.
•Performed advanced troubleshooting using Packet tracer and tcpdump on firewalls.
•Implemented and managed policies dealing with risk assessment, security, and SA.
•Participated in tabletop exercises, Situational Training Exercises (SFX), and Field Training Exercises (FTX) to gauge the effectiveness of these plans/policies (like incident response plans).
•Oversaw System Security Test and Evaluation (ST&E) and provided full security assessment.
•Accountable for maintaining, altering, and examining pc hardware and software.
•Supported IT tech team in maintaining, altering, and examining PC hardware and software.
•Performed IT support for employees, including onboarding procedures according to policy.
•Updated SOPs, IT policies, and memorandums involving IT security for implementation by the organization.
•Evaluated, tested, and debugged hardware and software for end-users to operate private computer systems.
•Identified and solved complex challenges affecting computers and related network equipment.
•Provided functional cybersecurity support for assessments, authorizations, and documentation of enterprise fielded systems.
SOC 2 Analyst
Crown Holdings April 2013 – September 2015
Philadelphia, PA
Crown Holdings Incorporated, formerly Crown Cork & Seal Company, is an American company that makes metal beverage and food cans, metal aerosol containers, metal closures and specialty packing.
•Audited and reported elevated privilege accounts.
•Audited data location and permissions and verified end user service and administrator access to resources.
•Identified changes to systems that impacted security controls. Performed security impact assessment of proposed changes, reported any change in risk posture, and provided recommendations for risk mitigation.
•Audited End protect Protection tool to verify compliance with security controls.
•Investigated network access incidents using Splunk.
•Analyzed the performance and security impact for mobile devices on the network and provided remediation recommendations.
•Identified the likelihood and impact of organizational or technical cyber risks based upon NIST requirements.
•Performed security testing and analyzed the results to identify vulnerabilities and violations of information security policy.
•Communicated and engaged with CISO and system owners to assure information sharing and timely incident response and risk reporting.
•Found vulnerabilities and risks in computer networks and applied measures to correct or exploit those vulnerabilities.
•Performed vulnerability assessment scans using Nessus with recommendations for Risk Management, Incident Response Team and Threat Mitigation.
•Monitored networks for suspicious activity and supported counter cyber-attacks.
•Conducted incident Response and completion of threat analysis using Splunk.
•Conducted network monitoring and incident response operations supporting the client 24x7x365.
•Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.
•Evaluated and tested incident playbooks to see where improvements could be made.
•Performed incident response tabletop exercises to test the processes in our IR plan.
•Performed incident handling and documentation.
•Performed analysis of all threat/vulnerability sources assessing any impacts to infrastructure and systems.
•Initiated, coordinated, and tracked remediation of security weaknesses as they were discovered, via the Plan of Actions and Milestones (POA&M).
•Managed Splunk user accounts (create, delete, modify, etc.).
Network Security Engineer
Fitch Ratings June 2011 – April 2013
New York, NY
Fitch Ratings Inc. is an American credit rating agency.
•Monitored information security controls for compliance and effectiveness.
•Monitored and investigated suspicious network activities utilizing a variety of tools such as Splunk and FireEye.
•Investigated network access errors as well as network logs using Splunk.
•Applied concepts of dual control and split knowledge, integral in applying least-privilege principles and maintaining the security of sensitive keys or data.
•Applied signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector.
•Monitored various client's ePOs, SEPMs, SiteProtectors and NSMs.
•Used various security and monitoring tools to increase production efficiency and reliability.
•Conducted network monitoring and incident response operations supporting the client 24x7x365.
•Communicated and engaged with senior management (ACIO, CISO, and ISSO) and system owners to assure information sharing and timely incident response and risk reporting.
•Responsible for (Intrusion Detection System) IDS/IPS (Intrusion Prevention System) configuration, tuning, deployment and monitoring.
•Performed comprehensive investigations of cybersecurity breaches, analysis on most prevalent vulnerabilities, threats, attack methods, and infection vectors.
•Assisted in the evaluation, testing and recommendation of hardware, software, and network configurations based on customer needs.
•Advised leadership on encryption products, solutions, and issues.
•Analysis of IA requirements related to customers, organization, infrastructure, and support services.
•Analyzed security breaches to determine their root cause.
•Recognized potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
•Produced and submitted appropriate forms to ensure the proper guidance for the protection and handling of security information.
Education
Bachelor of Science - Computer Science - North American University
Certifications
oSplunk Fundamentals Certified Information Security Auditor (CISA)
oCompTIA Security+ (in progress)
oCertified Ethical Hacker (CEH) (in progress)
oAWS Security, Azure Security AZ-500 (in progress)
oCertified Information Systems Security Professional (CISSP) (in progress)