Carl Jahi Williams III

SUMMARY

• **+ years combined experience in IT technology and cybersecurity field.

• 10+consecutive years focused on cyber security.

• Cyber Security professional with experience in collaborative team management and concept development.

• Exceptional interpersonal skills with documentation and verbal communication abilities.

• Organizational service skills ensuring technical security planning, testing, verification, and risk analysis in accordance with security regulations, frameworks, and company needs.

• Experience executing network administration, cybersecurity administration, implementing audits, security assessments, risk management, security-related awareness and training, threat hunting and, ensuring safe environments through best practices following prolific cybersecurity frameworks. (NIST, COBIT, ITIL, ISO/IEC).

• Expert in Microsoft Office Suite including Excel, and use of Cyber Security Monitoring tools (i.e., pfSense Firewall Manager, Nessus, Nmap, Alien Vault, and Wireshark).

• Experienced investigating and analyzing Cyber Security events found in vulnerability scans and monitoring using Nmap/Zenmap, Hping 3, QRadar, Nessus to name the most prevalent.

• Experienced reporting Cyber Security events and issues found in vulnerability assessment scans through exhaustive documentation for stakeholders.

• Experienced with Cyber Security vulnerabilities and risks in computer networks as a means to reduce the threat landscape for multiple organizations.

• Performed security assessments and audits for compliance with the NIST Risk Management Framework on critical information systems to implement recommended security controls. EDUCATION, CERTIFICATIONS, AND TRAINING

University of California at Berkeley

Berkeley, CA

EECS (Electrical Engineering Computer Science)

• Network+ (Certified), Security+ (Certified), EC-Council – Certified Ethical Hacker Server+ training

• CompTIA Security+ (Certified)

• Certified Ethical Hacker (CEH) training

• Azure Fundamentals az-900

• AWS Fundamentals

• Azure Security az-500

• AWS Security

• Certified Information Security Auditor (CISA) training

• Certified Information Security Manager (CISM) training

• Certified Information Systems Security Professional (CISSP) training TECHNICAL AND REGULATORY SYSTEMS/PROTOCOL KNOWLEDGE/SKILLS Security Evaluation

• Compliance Evaluation, Network Auditing,

Risk Management, MBSA

Monitoring

• Intrusion Detection

Security Analytics

• Intrusion Prevention

• Penetration Testing

• FireEye

Mitigation

• Mobile Protection Tools (MDM)

Cyber Security Tools

• Splunk, Nessus, Metasploit, Ettercap,

Nmap, Hping3, Telnet, Burp Suite, IDA Pro,

MDM Solutions, Cyber Kill Chain, Diamond

Model, Intrusion Detection Tools (e.g.,

Snort, pfSense Firewall Manager, Kali Linux,

Alien Vault, ArcSight), Hardware and software

firewalls (e.g. Comodo Firewall), Honeypot tools

(e.g., KFSensor), IDS/Firewall evasion tools

(e.g. Traffic IQ)

Framework and Compliance

• NIST 800 Series

• Network/wireless sniffers (e.g., Wireshark,

Airsnort)

• Port scanning tools (e.g., Nmap, Hping)

• Vulnerability scanner (e.g., Nessus, Qualys,

Retina)

• Vulnerability management and protection

systems (e.g., Founds tone, Ecora)

• Intrusion Detection Tools (e.g., Snort, FireEye)

• Splunk Enterprise Security (SES)

• Metasploit

• pfSense Firewall Manager

• Kali Linux

• Alien Vault

• Network Hardware and Software (e.g.,

Comodo Firewall, Cisco ISR, Cisco ASA,

Meraki, Cisco Smart Switches)

• Honeypot tools (e.g., KFSensor)

• Cloud security tools (e.g., Core Cloud Inspect)

• Cryptography tools (e.g., Advanced Encryption

Package)

• Cryptography toolkit (e.g., OpenSSL)

• Risk Management Framework (RMF)

• HIPAA, SOC (1,2,3) FedRAMP, ISO

• Enterprise Mission Assurance Support Service

(eMASS)

• Owasp Top 10, Consulting on OWASP best

Coding Practices, CVSS, CVE’s, CIS

Benchmarks

• Enterprise Mission Assurance Support Service

(eMASS)

• DoD Information Assurance Certification and

Accreditation Process (DIACAP)

• PCI – DSS

• ISO 27000 series

• COBIT

• HIPAA

WORK EXPERIENCE

Fannie Mae, Reston, VA(Remote)

Security Engineer/ Architect with AWS (11/2021–08/2022)

• Utilized Slack for instant messaging between team members and clients.

• Focus on AWS Cloud security, Planning, Design, Road maps, POC implementations for AWS Cloud technologies.

• Worked with AWS security services, and ELB, ElastiCache, CloudWatch, CloudTrail, S3, Lambda, Kinesis, App Mesh.

• Worked with security standards for REST standards and best practices.

• Worked with tools like NIST and FEDRAMP – cyber security.

• Worked with DevOps principles and technologies for IaC.

• Maintaining ACL, Security Groups and firewall configurations IBM, Oakland, CA

Cyber security Engineer(01/2021–07/2021)

• Utilized Slack for instant messaging between team members and clients.

• Utilized ServiceNow to process incidents from alert to resolution or escalation as necessary.

• Used QRadar (proprietary application) for incident investigation.

• Applied Microsoft ATP (EDR) for incident investigation.

• Used Crowdstrike Falcon (both crowd and on prem) for incident investigation.

• Used Microsoft Azure for user/asset tracking.

• Utilized IBM inventory for user/asset tracking.

• Used BeeKeeper for user/asset tracking and monitored assets using Armis Dashboard.

• Worked with Mixed Address Database (MAD) for user/asset tracking.

• Used Virus Total for investigation of Malware.

• Used X -force Exchange (proprietary) for investigation of Malware.

• Used Threat Connect for investigation of Malware.

• Used Proofpoint Targeted Attack Protection (TAP) to prevent/respond to email-based attacks.

• Tracked status of personal tickets using MS Excel.

• Utilized IBM Notes for email and ran network reporting using Kibana.

• Utilized Jamf Pro Dashboard to manage Apple devices in the environment.

• Used explainshell investigate utility to decode and modify Linux Shell Scripts.

• Used IP void for IP address investigation (blacklist, whitelist, reporting).

• Used Cisco umbrella to manage/investigate user VPN usage/issues.

• Applied the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, P.I.A., E- Authentication ST&E (Security Test & Evaluation), POA&M.

• Worked with Splunk to extract relevant data from machine logs.

• Directly responsible for analyzing and implementing Cybersecurity (IA) requirements into accreditation packages that meet accreditation standards.

• Provided assessment reports on the severity of findings/weaknesses and recommend corrective actions for mitigating vulnerabilities and exploits to the information and information system. AT&T (Lenovo), San Ramon, CA

IT SecurityEngineer (07/2016–01/2021)

• Investigated and responded to Tier 1, 2, and 3 alerts from ArcSight SIEM.

• Cross-referenced alerts from other sources against ArcSight to rule out false positive and false negatives.

• Designed metrics to assess how long before an alert is triggered vs. how much time it took to be placed in the queue for proper incident responses.

• Using ArcSight, information such as the source IP, ports, payload and destination address, gave insight as to how to create a response action plan in the event of a real-time incident.

• Devised a playbook for tabletop exercises on how to respond to hypothetical incidents.

• Assisted in the architecture of how to configure Splunk for threat feeds alongside ArcSight and Sourcefire.

• Experienced in working with AWS SME cloud security.

• Used Sourcefire IDS to inspect packets and payloads that triggered ArcSight alerts.

• Install anti-malware, HIDS, host-based firewalls, MDM, DLP and monitoring software on various devices.

• Used the Cyber Security Kill chain as part of the Intelligence driven defense initiative initiated during the merger at AT&T. It provided greater visibility for identification and prevention of cyber intrusions/malicious activity.

• Throughout my tenure have been involved in all steps from initial reconnaissance through intrusion and exploitation, privilege escalation, lateral movements, obfuscation, and exfiltration.

• Used as a framework for performing penetration testing on systems/networks prior to adding them to the existing environment.

• Provided information on vulnerabilities that were at risk of being exploited and allowed for patching, mitigation or elimination of discovered risks improving the security posture of the organization.

• Employed FireEye sandboxing solutions where added to the AT&T environment to allow for Dynamic malware analysis.

• Gained insight into company’s threat intelligence portfolio during assessment of inclusion into security environment, native managed vs SaaS based solution.

• Provide high-level consultation and security analysis for best practices on safeguard data across several interoffice departments (e.g., H.R., Finance, R&D, I.T., Coding, Risk Management)

• Utilized CrowdStrike Falcon Platform by providing endpoint security with antivirus solutions (falcon prevent), Threat detection and Response (falcon insight) and device control (falcon Device control).

• Cloud native endpoint protection allowed for scalability and real-time threat intelligence, combined with security and IT operations to provide security platform that was robust and lightweight. VA Hospital, San Francisco, CA

Sr. Cyber Security SOC Analyst, (05/2011-07/2016)

• Administered Cyber Security continuous monitoring information security program per NIST framework.

• Worked as part of Cyber Security incident Response team as needed, following SOC Incident Response procedures.

• Investigated and resolved Cyber Security incidents and events per SOC team policy and procedures.

• Utilized Splunk dashboards for Cyber Security incident reports in Splunk and helped create automated reports for greater understanding of, and accountability for, Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance with NIST 800 series guidelines. Used WireShark to troubleshoot and investigate Cyber Security threats.

• Responsible for troubleshooting various indexing issues by analyzing Splunk logs such as splunkd.log, metrics.log ingested as internal index.

• Automated Cyber Security analysis workflow regarding endpoint detections, sandbox results, email scanning.

• Detected Cyber Security events and reported on any and all threats that are directed against systems regardless of classification level or type.

• Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.

• Conducted Cyber Security Awareness Training with SOC Team for all end-users and management.

• Evaluated the adequacy of Cyber Security Programs against NIST guidelines and industry best practices.

• Work with SOC team to provide 24/7 Cyber Security coverage, responding to any and all alerts per SLAs.

• Stayed abreast of current updates and patches, and ensued all systems were maintained and tested post update/patch implementation.

Bank of America, CA

Security Deployment Engineer,(07/2005-05/2011)

Provided tier 2-3 desktop support, (Windows, Mac, and Linux) to clients both onsite as well as remotely UC Berkeley, Berkeley

Network Technician, (09/2002-05/2005)

Provided tier 2-3 desktop support, (Windows, Mac, and Linux) to student organizations

Contact this candidate