ERIC BELCHER

CYBER SECURITY ENGINEER/ARCHITECT/CONSULTANT

Phone: 747-***-**** Email: ady7iu@r.postjobfree.com

Professional Summary

•11+ years of experience in Cyber Security, Networking, Security audit, security assessments, Risk Management, Security Awareness and Training, and Information Systems Management.

•Experienced in the creation of reports on Cyber Security events and Vulnerabilities found in vulnerability assessment scans using tools such as (Nessus, OpenVAS, and Retina CS).

•Investigated and analyzed Cyber Security events found in vulnerability scans and suggest countermeasures to mitigate the threats.

•Penetrated tested systems and networks for vulnerabilities and auditing by performing Footprinting and Scanning using tools such as Nmap, Hping3, Whois lookup, Path Analyzer Pro, OpUtils, and Google hacking.

•Skilled in finding Cyber Security vulnerabilities and risks in computer networks and resolving those vulnerabilities by ensuring patch management, security in-depth, and updating systems.

•Performed security assessments and audits for compliance with the NIST Risk Management Framework.

•Followed Incident Response Plan to mitigate system breach, document findings, and perform post-incident analysis to update the Incident Response Plan.

•Performed Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.

•Experienced in evaluating systems for Cyber Security best practices and vulnerabilities by performing systems Footprinting and scanning with tools such as Whois Lookup, DNSstuff, and Social Engineering Toolkits.

•Experienced in performing log analysis, intrusion detection/prevention, and incident management as SOC Analyst by reviewing alerts from various SIEM tools.

•Hands-on experience in using tools such as IDA Pro, ArcSight, Splunk, LogRhythm, AlienVault, Nessus, Wireshark, ForgeRock, Tcpdump, and Nmap.

•Skilled in collecting network traffic and performing analysis from network devices such as Firewalls, IDS/IPS, Antivirus, Switches, and Router traffic through Log and Event-based on TCP/IP.

•Experienced with AWS Cloud Security and architectural technology.

•Experienced in monitoring systems for any anomalies, proper updating, and patch management by taking systems baseline.

•Proficient in using encryption and hashing tools such as the MD5 online tool, Hash Calc, and Crypto Demo.

•Experienced in malware analysis including viruses, worms, trojans, botnets, and rootkits using both static and dynamic analysis.

•Good background knowledge of common protocols such as HTTP, FTP, SSH, DNS, DHCP, SNMP, SMB, TLS, and SSL.

•Expert in using applications such as Microsoft Office Suite/365 (Word, Excel, PowerPoint).

•Skilled in Networking protocols and packet analysis tools, Computer Networking, and TCP/IP stack

Cyber Security Technical Skills

Risk Management:

Incident Management, Incident Response, Access Control, Identity Access Management (IAM), Security Policy, Security information and event management (SIEM), Security Training

Security Frameworks:

NIST Risk Management Framework 800 Series

Information Security:

Symantec Endpoint Protection (SEP), Public Key Infrastructure (PKI)

Firewall:

PfSense Firewall Manager for Cyber Security

Frameworks/Processes:

Intrusion NIST Risk Management Framework, Cyber Security Audit, Detection, Incident Response and Planning, SOC Analysis, Penetration Testing, Vulnerability Assessment, Security Related Awareness and Training, Identity Access Management (IAM)

Security Assessment:

Vulnerability Assessment, Penetration Testing, Root Cause Analysis, Risk Assessment, Threat Assessment

Cyber Security Tools:

WireShark, Splunk, Metasploit, SNORT, Nessus, Nmap, Core Impact, Network Miner, Alien Vault

Programming Languages: Java, Python, C/C++

Scripting Languages: HTML/CSS, PHP, JavaScript SQL, MySQL, Unix Shell Scripting

IDE/Environments:

Visual Studio, Eclipse, PowerShell

Operating Systems:

Unix, Linux, Windows, MacOSX

Directory Services:

Active Directory

Professional Work Experience

LAUSD Los Angeles, CA

CS Engineer since - Mar 2023 to Present

Project Summary

Conducted security assessment for Azure, and undertook a comprehensive evaluation of the cloud environment's security posture for MiSIS application. This involved analyzing the configuration of Azure services, network architecture, access controls, identity and authentication mechanisms, data encryption methods, and compliance measures. Identified potential vulnerabilities and threats, assessed the effectiveness of existing security controls, and proposed improvements to enhance overall security resilience. I also considered best practices and industry standards, such as the shared responsibility model, to ensure that both Azure's and the organization's security responsibilities are clearly defined and properly implemented. Collaborated with stakeholders to provide actionable recommendations that align with the organization's risk tolerance and business objectives, ultimately striving to create a robust and resilient Azure environment against cyber threats.

App: My Integrated Student Information System (MiSIS)

My Integrated Student Information System (MiSIS) is a modernized all-in-one student information solution that:

•Provides teachers, counselors, administrators, and others with access to student information all in one place.

•Shows how a student is progressing toward graduation at any point in time.

•Follows every student through his or her educational lifespan—from pre-kindergarten to graduation.

•Allows the user to view student information for as long as that student has been in the district.

•Is designed around the educational life of a student, bringing together attendance, assignments, grades, test scores, health, program eligibility, and more.

•Is being improved with the help of educators and others who use it every day to support students.

•Is the first fully-integrated student information system in LAUSD.

•Is the largest and most complex student data system in the United States.

•Has the flexibility to adapt quickly to evolving needs and requirements.

•Provides new ways for parents to stay informed of their student's progress.

Responsibilities:

•Assess, design, implement, automate, and document solutions leveraging Amazon Web Service (AWS) and other third-party solutions.

•Install and maintain SIEM and other security tools in cloud environments.

•In-depth knowledge of tools and technologies being used in the cloud environment to provide security controls and assessments of the applications.

•Serve as a senior cyber security consultant to the various lines of businesses by providing subject matter expertise as it relates to new cloud platforms and emerging cloud technologies.

•Educate and communicate cloud security requirements, policies, standards, and procedures to business/internal stakeholders as it relates to projects and strategic initiatives.

•Provide strategic direction for the migration of cloud workloads, infrastructure, business units, business processes, and external suppliers for information security risks, and identify the potential threats and exposures.

•Conduct security architecture reviews of planned cloud migration initiatives across the organization and produce high-quality Threat models for cloud environments clearly articulating risks.

•Accountable for functional architectures, design specifications, and implementation plans for requirements documents, architecture diagrams, solution designs, and other written and verbal information for cloud initiatives.

•Weigh business needs against security concerns and provide risk-based recommendations to enhance cloud-based information systems security, which is practical and achievable, thereby allowing the Lines of Business to make informed risk decisions related to the cloud platforms.

•Work with third-party teams and internal development groups to provide guidance and direction on penetration tests and vulnerability scans.

•Provide strategic direction and recommendations to development and operational teams to address security weaknesses and identify potential new security solutions in cloud environments.

•Represents security interests in the development and implementation of the overall global enterprise cloud architecture.

•Information security consulting, advisory, or training experience, 3 of which are specific to Azure and AWS cloud platforms.

•Expert-level knowledge of I/P/SaaS platforms with 3 years of demonstrable experience in each deployment model.

•Direct experience with information security frameworks including ISO 27002:2005. NIST, PCI, and COBIT.

•Represent Corporate Information Security in the development and implementation of the overall enterprise cloud architecture.

•Lead technical forums, serving as both a formal and informal mentor to share knowledge across Information Security and technologies teams.

•Seek opportunities to continually improve on current solutions.

•Design and develop security architectures for cloud and hybrid cloud-based systems. Possess a firm understanding of the offerings within both Amazon Web Services (AWS) and the Microsoft Azure platforms. Based on business requirements, designs and implements cloud-native architectures with appropriate security controls present.

•Provide thought leadership in Public Cloud Architecture and how to deliver it at scale in a large enterprise.

•Assist in developing the Enterprise Architecture for the Cloud program.

•Support the Information Security and Cyber Security programs.

•Execute security architecture for RBC’s external cloud technology.

•Serve as a trusted advisor to key business and technology partners – Head of Cloud, CISO, Head of DevOps, Head of Risk, Innovation Dev Teams

Jenius Bank Los Angeles, CA

CS Engineer May 2022 - Mar 2023

Jenius Bank is a new division of Los Angeles-based Manufacturers Bank and represents the commercial-focused firm’s expansion into digital consumer banking.

Technical Skills: Crowdstrke, Microsoft Sentinel, Defender for Cloud, GCP, Azure, Varonis, Okta, Expel, Rapid7, Nessus, JIRA, Service Now, SonaType, Axonius, Insights and FireEye

App: Digital Banking App for Loans, Savings and Checking account

•Define cloud network architecture using Azure virtual networks, VPN, and express route to establish connectivity between on-premise and cloud

•Assist leadership with the ongoing development of policies and procedures for consistent product delivery

•Develop custom features in Visual Studio based on specifications and technical designs

•Develop PowerShell scripts and ARM templates to automate the provisioning and deployment process

•Participate in internal and customer meetings assisting with the ongoing evolution of technology offerings

•Provide technical guidance on building solutions using Azure PaaS and other services

•Troubleshoot and identify performance, connectivity, and other issues for the applications hosted in the Azure platform

•Azure API Management, Security, Cloud-to-Cloud Integration (Public, Private)

•Windows Azure (Website, web role, and worker roles)

•Be a critical part of our core team that is defining and launching exciting “Next Generation” services

•Responsible for collaborating on and setting cloud vision; providing thought leadership in cloud infrastructure and cloud services architecture to meet operational objectives for cloud solutions

•Educate customers of all sizes on the value proposition of managed services on Azure, and participate in architectural discussions to ensure solutions are designed for successful deployment in the cloud

•Advanced knowledge of databases (SQL Server and MySQL) o Advanced knowledge of relevant web services, mail, backup, and application monitoring

•Act as a liaison between customers, sales, service engineering teams, and support

•Assist in securing consulting services wins in support of Ciber’s MS Azure business

•Define cloud architecture, design, and implementation plans for hosting complex application workloads on MS Azure

•Architect solutions using MS Azure PaaS services such as SQL Server, HDInsight, service bus, etc

•Provide technical oversight and guidance during clients engagement execution

•Provide Cloud / Azure thought leadership through regular publications and speaking engagements

•Provide Azure technical expertise including strategic design and architectural mentorship, assessments, POCs, etc., in support of the overall sales lifecycle or consulting engagement process

•Support the development and growth of Ciber’s Cloud Services and Consulting Practice

•Performing a discovery of the environment and designing a technical onboarding process for their Azure/O365 tenants.

•I.e., endpoint manager, Identity protection, Conditional access, O365 ATP, Azure ATP, RBAC.

•Integrating salesforce, workday, and other SaaS application rest API with Microsoft Cloud App Security to manage and enforce DLP policies over our sensitive data.

•Leveraging passwordless authentication to mitigate the risk of password attacks from privileged accounts and enabling MFA on accounts that are not capable of having passwordless authentication.

•Enabling Azure Defender on subscriptions to protect our Azure and hybrid resources to protect management ports of VMs with Just-in-time and adaptive applications controls.

•Azure/O365 security center – Compliance manager i.e., Azure Benchmark, CIS, O365/Azure GDPR, NIST 800-53.

•Protecting virtual machines' data by using Azure Disk Encryption (ADE) that is using BitLocker for Windows VMs and DM-Crypt for Linux VMs.

•Leveraged Azure Sentinel to integrate Azure Security Center, Azure AD, Firewalls, MCAS, F5, Symantec Endpoint Security, Nessus scanner for vulnerability scans, authenticated and unauthenticated scans for newly built servers, O365 ATP, Windows Defender, Microsoft ATP and third-party security tools like Symantec EP.

•Set up and configure Endpoint Protection ATP, EXO ATP policies, and Email Security, and implement post-breach defense with ATA, DLP, Mail flow, Information governance, AIP, and SIEM.

•Microsoft Endpoint Manager; InTune, MDM & MAM I.e., Device enrollment, Device Configuration, Device Security, Conditional Access policy, and Device compliance

Altria Group, Inc. Richmond, VA

Cyber Security Consultant May 2020 – May 2022

Altria Group is one of the world's largest producers and marketers of tobacco, cigarettes, and related products.

•Oversaw development of training content for issues related to IT Cybersecurity.

•Identified threats, assessed risks, and recommended best-practice solutions and cybersecurity controls.

•Deployed and maintained cyber controls to ensure the project development team adhered to established cybersecurity and development standards.

•Collaborate with stakeholders, including project managers, architects, and other technical leads around all issues cybersecurity related.

•Make recommendations to mitigate risks during the development and production cycle.

•Ensured compliance with IT structures/processes/guidelines/technologies.

•Advise about analyzing security situations and environments and mapping out solutions and integrating cybersecurity controls within the solutions.

•Evaluated security measures that protected against threats or hazards to data.

•Engaged with external auditors and third parties in support of security activities.

•Produced project plans, estimations, specifications, flowcharts, and presentations.

•Worked with management stakeholders to plan, budget, oversee and document all aspects of the cyber security projects being planned and/or worked on.

•Optimized processes for the cybersecurity program, including document control reviews, change management processes, auditing/assessment preparation for controls, staff communications coordination, threat artifact finding, coordinating with data owners on vulnerability remediation plan development, tracking remediations for vulnerabilities, and reporting and incident response escalation.

•Evaluated QoS for products and deliver an exceptional level of technical assistance that benefits the company.

•Identified resources needed to reach objectives and manage resources effectively and efficiently.

•Tracked project expenses to maintain the projected budgets.

•Presented project updates to stakeholders about strategy, adjustments, and progress.

•Work with contracts and SLAs within the supply chain.

•Communicate the seriousness of threats and propose recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.

•Scanned and monitored network vulnerabilities on servers and network infrastructure devices using vulnerability scanning solutions.

•Led scrum meetings, made presentations to stakeholders, and trained staff about security best practices.

•Oversee troubleshooting of complex technical situations by providing solutions based on established cybersecurity standards.

Masco Corporation Livonia, MI

Cyber Security Architect May 2018 – May 2020

Masco Corporation is a global leader in the design, manufacture, and distribution of branded home improvement and building products. Our products enhance the way consumers all over the world experience and enjoy their living spaces. Our portfolio of industry-leading brands includes Behr® paint; Delta® and Hansgrohe® faucets, bath, and shower fixtures; Kichler® decorative and outdoor lighting and HotSpring® spas, to name a few.

•Performed Risk Assessments by NIST Risk Management Framework.

•Applied Regulatory Compliance (HIPAA, FISMA, CFAA, CIPPA, COPPA, SOX, GLBA).

•Used Risk Management Frameworks in the design and development of Network Security Design, Network Perimeter Security, Wi-Fi, MDM, Endpoint Security, DLP, and Business Continuity Plans.

•Conducted kick-off meetings to collect systems Information (Information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-37.

•Developed scheduled alerts, reports, and correlated searches on Splunk.

•Conducted Security Control Assessments to assess the adequacy of management,

•operational privacy, and technical security controls implemented using the NIST 800 framework.

•Assessed and updated System Security Plan (SSP) and created a Security Assessment Report (SAR) for stakeholders.

•Designed and implemented IT Strategy and Enterprise Security Architecture.

•Developed Plan of Action & Milestones (POA&M).

•Followed OWASP Top 10 to develop the web portal security plan.

•Provided plan to harden the network through Firewall rules and port settings, configuration of Cisco routers and switches, and Windows and Linux servers.

•Reviewed Disaster recovery plans (DR) and participated in Business Continuity Plan Tests (BCP).

•Worked with internal stakeholders to create a matrix that mapped project requirements to the National Institute of Standards and Technology (NIST) security controls.

•Reviewed and updated System Security Plans (SSP) using NIST 800 series requirements.

•Refined IPS/IDS rules to better detect ongoing threats.

State Street Corporation Boston, MA

Cyber Security Engineer February 2016 – May 2018

State Street Corporation is an American financial services and bank holding company.

•Assessed, planned, and enacted security measures to help protect clients from security breaches and attacks on computer networks and systems.

•Developed documentation for security policies and procedures aligned with industry best practices and security frameworks such as NIST 800-53, 800-171, NIST Cybersecurity Framework, and ISO 27001.

•Developed, tracked, and sustained action plans for the solution of issues discovered during assessments and audits. Deliver necessary assistance with the implementation of those remediation plans.

•Developed an internal systems security plan on how to handle procedures to isolate and investigate potential information system compromises.

•Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems.

•Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.

•Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.

•Conducted open-source research to find new threats and IOCs.

•Served as the system tool owner for security applications (Splunk, Carbon Black, etc.).

•Completed Threat Intelligence using Cyber Kill Chain and Diamond Model in Cyber Security.

•Provided Cyber Security support for complex computer network exploitation and defense techniques.

•Wrote threat reports and manage recommendations with affected stakeholders.

•Prepared and created documentation for various IT security engagement deliverables including but not limited to risk assessment results, plan of action and milestone (POAM) lists, system security plan, and security gap analysis.

•Predicted resources needed to reach objectives and managed resources effectively and efficiently.

•Tracked project expenses to maintain the projected budget.

•Presented project updates consistently to various stakeholders about strategy, adjustments, and progress.

•Managed contracts, SLAs, and agreements with the supply chain, by assigning effectively agreed deliverables from their end.

•Communicated the seriousness of the threats and recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.

•Monitored performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.

•Monitored and analyze network traffic security systems such as Firewalls, Servers, and Databases, using tools like Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, and web proxy, for system vulnerability.

•Upgraded software, patches, and security patches on dev/test, and production.

•Identified and prioritized information security risk; advise business partners on security/privacy requirements and solutions to ensure compliance.

International Paper Memphis, TN

Cyber Threat Detector/Hunter June 2014 – February 2016

International Paper is a leading global producer of renewable fiber-based packaging and pulp products with manufacturing operations in North America, Latin America, North Africa, and Europe. The company produces corrugated packaging products that protect and promote goods and enable worldwide commerce, and pulp for diapers, tissue, and other personal hygiene products that promote health and wellness.

•Communicated and engaged with senior management (ACIO, CISO, and ISSO) and system owners to assure information sharing and timely incident response and risk reporting.

•Investigated cybersecurity breaches and analyzed prevalent vulnerabilities, threats, attack methods, and infection vectors.

•Advised leadership about the most current encryption products, solutions, and issues.

•Conducted analysis of IA requirements related to customers, organization, infrastructure, and support services.

•Monitored and investigated suspicious network activities utilizing a variety of tools such as Splunk and FireEye.

•Investigated network access errors as well as network logs using Splunk.

•Assisted in the evaluation, testing, and recommendation of hardware, software, and network

•Applied concepts of dual control and split knowledge, integral in applying least-privilege principles and maintaining the security of sensitive keys or data.

•Applied signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector.

•Responsible for (Intrusion Detection System) IDS/IPS (Intrusion Prevention System) configuration, tuning, deployment, and monitoring.

•Monitored various clients' ePOs, SEPMs, SiteProtectors, and NSMs.

•Used various security and monitoring tools to increase production efficiency and reliability.

•Efficiently facilitated and expedited the tracking, handling, and reporting of all security events and computer incidents.

•Implemented deep-dive analyses on alerts received from enterprise security tools and acted on the remediation process.

•Deployed, configured, and maintained Splunk forwarder on different platforms.

•Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities were functional.

•Produced and submitted appropriate forms to ensure the proper guidance for the protection and handling of security information.

•Ensured the confidentiality, integrity, and availability of systems, networks, and data through security programs, policies, procedures, and tools.

•Implemented, validated, and maintained Information Assurance controls.

•Conducted network monitoring and incident response operations supporting the client 24x7x365.

The Vanguard Group, Inc. Malvern, PN

Penetration Tester April 2013 – June 2014

The Vanguard Group, Inc. is a registered investment advisor with about $7 trillion in global assets under management. Vanguard offers mutual funds and ETFs, brokerage services, variable and fixed annuities, educational account services, financial planning, asset management, and trust services.

•Identified security vulnerabilities on the networks and systems.

•Conducted risk assessments and collaborated with management and technical teams to provide recommendations regarding changes being implemented on assigned systems.

•Conducted system security evaluations and assessments and documented and reported security findings using NIST 800 guidance per continuous monitoring requirements.

•Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, IBM App Scan, Kali Linux, and many other open-source tools.

•Analyzed security vulnerabilities and the impact of mobile devices on networks using mobile device management (MDM) tools.

•Performed Vulnerability Assessments and Penetration Tests using tools such as Burp Suite, Nessus, and Kali Linux.

•Performed security vulnerability assessments and penetration tests to ensure client environments and data were secure, as well as satisfied regulatory compliance requirements for such regulations. Burp Suite, DirBuster, Hp Fortify, N-map, and SQL Map tools were used as part of the penetration testing daily to complete the assessments.

•Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.

•Used Nessus to run scans on operating systems.

•Monitored daily event collection, security intelligence, and emerging threat information sources, including SIEM, vendors, researchers, websites, newsfeeds, and other sources.

•Monitored controls post-authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and worked with IT staff for mitigation actions.

•Reviewed the PAOM to validate items uploaded in the POAM tracking tools, supported the closed findings, and coordinated promptly with stakeholders to ensure timely remediation of security weaknesses.

•Scanned a range of operating systems and test beds using the SCAP compliance tool and Nessus vulnerability scanner for independent security analysis.

•Implemented deep drive analyses on alerts received from Splunk and took action on remediation processes.

•Researched emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise.

•Monitored security patch levels of the servers, workstations, network environments, and anti-virus systems.

•Recommended and addressed the acceptability of software products for a continuous monitoring project.

•Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.

•Assisted in planning and developing the security of a system aimed to establish a security infrastructure,

•Developed and maintained security implementation policies, procedures, and data standards.

•Differentiated potential intrusion attempts and false alarms and prioritized responses using Splunk and Snort.

•Scheduled a Penetration Testing Plan throughout the organization and completed all tasks in each time frame.

•Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.).

Lumen Technologies, Inc. Monroe, LA

SOC Analyst April 2012 – April 2013

Lumen Technologies, Inc. is a telecommunications company that offers communications, network services, security, cloud solutions, voice, and managed services.

•Supported day-to-day data security operations.

•Monitoring security patch levels of the servers, workstations, and network environments, and anti-virus systems.

•Performed proactive network monitoring and threat analysis.

•Recommended and addressed the acceptability of the software products for continuous monitoring projects.

•Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.

•Developed and maintained security Implementation policies, procedures, and data standards.

•Documented and logged technical incident detail for future reference.

•Assessed business processes to identify potential risks.

•Researched emerging cyber threats to gain a deeper understanding of hacker methods and tactics and presented information to stakeholders.

•Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

•Monitored and analyzed

Contact this candidate