IT Cybersecurity - CFR: Threat Detection & Response
Resume:
LAURA C. STEWART
adu9eo@r.postjobfree.com
PROFESSIONAL SKILLS
https://www.linkedin.com/in/laura-stewart-797732136/
Access Control Administration: I worked with the following systems and applications: SailPoint, ADUC, Microsoft SQL Management Studio 2014 and 2016, Windows Servers 2003-2016, NAS/Isilons, shared folders, Azure AD, ServiceNow (Incident queue and Access Request queue), UNIX/Linux/AIX servers via Putty and Tectia SSH command line and scripts, PowerShell command line and scripts, Business Intelligence, Mainframe, JDA Manuguistics, JDA TMS, Oracle databases (provisioned by either adding users to roles via Oracle EBS, Putty script, or SailPoint), CyberArk (where privileges accounts for my team, or for DMZ servers and service accounts were kept) Splunk, AD Manager Plus, AD Audit, Microsoft Teams/Skype for bridge calls, team meetings, or team collaborations, IBM applications such as IBM InfoSphere ETL, ITIM, and CDC, Splunk (querying events around timeframe of user/account access issues).
Security & Controls: I worked with the following systems and applications: ADUC, Lotus Notes HCL, ProofPoint, Symantec Endpoint Protection Management, Nessus Manager and Professional, ADManager Plus, Tipwire Enterprise, Tripwire Log Center, Employee Provisioning, AirWatch, Soti MDM, Category Analyzer, Retalix HQ, Connected Payments, Logix, myNCR, Fortigate 500, FortiAnalyzer, AS400 Mainframe, Group Policy Editor, Asana, Slack, Radmin
CFR Threat Detection & Response certified: https://www.credential.net/986080d1-418a-4c4e-9cad-a3c6fa5da6f0
EMPLOYMENT HISTORY
Big Y Foods, Inc. Springfield, MA 10/7/2020 –12/5/2022
Data Security Analyst
Reviewed email reports from EDR systems (Symantec, Tripwire) – cleaned up messy/duplicate data from the logs using Excel, analyzed clean data, and investigated any outliers, or any cases where there was no response from the endpoint
Reviewed email reports from our vulnerability scanners (Nessus Manager & Pro), and requested Networking team to address issues where endpoints were not scanned/were marked as invalid targets
oPulled reports from scans as Excel CSV based on criticality (Critical, High, Medium, Low), parsed, cleaned, and sorted the data (sorted on solution and vulnerability name)
oUpdated existing Asana Vulnerability project with new or modified entries after parsing, cleaning, sorting, and analyzing the data in the Excel CSV file (Vulnerability Management)
Updated existing Asana Vulnerability project overall (wrote kb article on how to add/update existing entries, how to maintain project to avoid duplicate entries)
If something needed further investigation & analysis I logged into Symantec, Tripwire Enterprise, Tripwire Log Center, FortiAnalyzer and/or Fortigate, and ran a search or query for the endpoint or account in question. Exported CSV files to better analyze data around given date/time ranges
Created and updated FortiAnalyzer reports using GUI and in one case, custom reports built from SQL query based on Fortinet’s data table syntax (MS SQL based, vendor assisted on issues with getting output to display 2 separate tables within one report)
Provided access to new and existing employees: AD account, email, applications, OneNote for Business via O365 Admin in Azure, and folders in the system
Performed system user audits of applications/groups – typically as Secondary or the week after Secondary rotation ended.
On Call rotation: As primary, I went through the daily checklist, logged numbers/findings in the reports that come in from Tripwire, Nessus, and Symantec and address any findings as needed. Checked ProofPoint Quarantine folders, logged count of Quarantined Outbound, Spam Definite Inbound, SPF Hardfail, and Spoofed folders. Checked emails in those folders and deleted or released where necessary.
Addressed any tickets that come into our queue, or requests sent to our team’s ML. Provisioned any new user requests for new or existing employees, or vendors. If an incident occurs, the On Call person goes through our Incident Response procedures, and in the case of possible card compromises, coordinated with Asset Protection team regarding the investigation (IR, Threat Hunting). Took calls after hours as is standard with all On Call rotations.
Secondary rotation – Week after On Call rotation ended: Terms & Transfers. Checked Employee Provisioning transactions to see who termed from the company, and who transferred to a different job role or department. If the person who termed had any access (typically non-store employees), sent their manager an email regarding the term, began term checklist, and disabled their accounts (AD/Email accounts – all other system/application access was removed save for special extensions if user had OneDrive accounts).
Provided back up to the Primary On Call if they were overwhelmed with other tickets/user requests, and needed help. If rotation occurred during Patch Tuesday, began the process of coordinating testing of Windows Updates in the lab with Business Systems and Networking. If rotation occurred at the end of the month/beginning of the next month, I went through the monthly checklist, reviewed the concerned reports, and logged findings/numbers and addressed any findings as needed. Any time remaining was for tasks assigned by Manager of Security & Controls, or project work assigned by same.
Third week after above rotations are for tasks assigned – typically audits, and project work. I created and completed the Access by Job Title project, which brought about a more modern implementation of IAM at work where access granted to a user is based entirely on the job title they have, and only received the access they need (IAM). Data was extracted from ADManager Plus, cleaned, and organized by department and job title. Work for the project was tracked in Asana.
Worked on the Ecommerce GPO project. This was put on hold prior to my leaving Big Y due to the concerned server needing to be upgraded. This was also based on job title, and used GPOs to control what a user under a certain job title would see on their desktop and in their Applications folder (when working remotely).
I created AD groups for this purpose, and updated the Item-level targeting on the test GPO so that only someone who is a member of a specific AD group would see the shortcut on their desktop Applications folder. Project was still in early testing phases. All testing was tracked in a document, and project work was being tracked in Asana.
TJX Companies, Marlborough, MA 9/25/19-7/10/20
Access Control Administrator
Provided access to over 150 applications via AD groups (usually through PowerShell script, then through SailPoint as it took over more of IAM Access Management), web/application consoles, Putty, and Tectia
Provided access to multiple databases in Windows and Linux environments using Putty and Tectia and in some cases adding users to AD groups within MS SQL Studio based on access level needed
Extracted CSV file from ServiceNow ticketing system to parse, sort, and clean the data of duplicates (of groups/access level and tickets). Submitted CSV file to the DB team so that they could work with the ServiceNow team to clean up tickets I marked as duplicate
Provided AD accounts for multiple Store users at once via PowerShell script pushed to SailPoint for the Domino project at TJX, which was a project to ensure that all Store users that carried the job title of Key Coordinator or higher had a basic AD account that got them an email account (Microsoft O365 account) by default as they were onboarded or transferred to said job role.
Also checked AD accounts and reported any missing AD attributes required for this to work to the SailPoint Team’s project coordinator so he could troubleshoot the issue in SailPoint, get root cause analysis, and fix the issue(s).
As SailPoint took over fully as our IAM Management tool, I switched from using PowerShell scripts to add multiple users to a group, or multiple groups, to running a batch job in SailPoint that did the same thing.
Provided SailPoint team’s project coordinator screenshots of any Java exception errors that popped up so that he could troubleshoot the issue in SailPoint, get root cause analysis, and fix the issue(s). This was made operational within a 1 month timeframe.
Also provided extracted CSV file of tickets where users needed to given access to multiple groups after cleaning the data of duplicates/false positives, and formatting it so that the SailPoint project coordinator could convert it to a batch file that could be uploaded into SailPoint that would provision users access to all groups at once
Last 6 months, I coordinated with the SailPoint team to also provision users access to Oracle databases via SailPoint (you could add users to the required AD group(s) in SailPoint directly and go through the same steps in the documentation that we’d been doing in IBM Oracle before SailPoint took over).
Provided SailPoint team lead screenshots of any error popups, including those containing Java code exceptions so that he could troubleshoot, do root cause analysis, and fix the issue(s). Providing access to Oracle Databases was fully operational by the last 2 months of my contract at TJX.
Ensured the taking of proper evidence in the cases where a user was being provisioned access to a KFA/KCT application (part of SOX1 compliance)
Ensured that the users requesting access were requesting the correct access for their job role and were actively employed in the system (not terminated/LOA, and not asking for inappropriate access level given their job title)
Performed troubleshooting and investigation of access issues that a user reported to our official ML (email) or raised an INC to our queue for. Emailed users asking for ticket numbers and, depending on the type of application or database, asked for someone who had the access they needed in order to compare accounts to find the missing piece that would restore or finish provisioning their needed access (used Splunk, sometimes AD Audit to query and investigate)
Worked with other teams to help troubleshoot account access issues that a user gets out of the box upon being hired and account creation in the system: email, TMS, ServiceNow, The Thread, etc.
Performed analysis of common application issues that occurred for users, or affected a user’s access based on recent termination and rehire or if a contractor was hired as an associate, or recently returned from LOA (Used Splunk to query & investigate, sometimes AD Audit)
Performed analysis of applications and databases that users report a higher number of access issues than the norm to see what the common thread of what goes on in the application or database that causes said issue and whether the issue is something that occurs due to a user’s job title and role changing, an update to the database or server that hosts the application, or if the server itself is down (Splunk, coordination with other teams where necessary)
Worked on the Terms & Transfers rotation where I processed users who had been terminated or transferred. Ensuring that the terminated users were inactive in the system, and access to any KFA applications and/or AD groups had been stripped. Ensuring that transferred users were still active in the system and that Oracle was in compliance with their new job title and role. Taking evidence of the work was done in both cases.
Arclight Information Technology, LLC, Newton, MA 6/25/19-8/9/19
Help Desk Technician
Assisted customers with system, network, and computer issues and failures
Used primarily the Sentinel RMM tool in order to remote in to troubleshoot and directly apply solutions
Used the Ticketing Service ConnectWise to create tickets for issues, track tickets assigned to me, and entered time records of procedure steps taken to troubleshoot, diagnose and apply solutions
Created Knowledge Articles and added them to the ArcLight Knowledge Base and also created Incident Resolution documents based on issues or failures that occurred that were outlier or difficult to resolve for future reference
Baystate Health Systems, Medical Records-Inpatient, Springfield, MA, 10/31/17-6/22/19
EMR Specialist
Quality Assurance of proper documentation such that the correct patient’s clinical charts are committed to the database under the correct naming convention.
Remain current with updates of the OnBase and CIS databases.
Hospital 24 hour turn around/Compliant with HIPAA, Company, and Federal Regulations
Nationwide IT Intern Program, I&O, Columbus, Ohio May 2017-August 2017
I&O Intern, Knowledge Pillar
Knowledge Management: 370 Incident Resolution Documents for P&C updated, 127 published to ServiceNow.
36 Incident Resolution Documents for NW Bank updated, published to ServiceNow.
58 entries in AES Solutions Repository updated for email contact information.
27 AIMS Incident Resolution Documents updated in AES Solutions Repository
2 NCOA Incident Resolution Documents updated in Solutions Repository.
2 Knowledge Management SOPs updated for Problem Incident and Knowledge Feedback Procedures.
Incident Management: 2,000 database entries updated for Cvol database.
Baystate Health Systems, BRL/Medical Records, Holyoke, MA August 2013-May 2017
EMR Specialist
Quality Assurance of proper documentation such that the correct patient’s clinical charts are committed to the database under the correct naming convention.
Remain current with updates of the OnBase and CIS databases.
Compliant with Company Guidelines and Regulations and HIPAA.
EDUCATION
Western New England University, 1215 Wilbraham Road, Springfield MA, 01119
Bachelor’s Degree of Science – Graduated May 2019, Cum Laude
Information Technology
Relevant Classes: Network Security, System Administration, and Network Administration.
Springfield Technical Community College, One Armory Square #1, Springfield, MA 01109
Associate degree – Graduated May 2012
Liberal Arts General Studies
Contact this candidate