Risk Management Cyber Security
Resume:
Albert A Quarshie
SILVER SPRING, MD *****
Phone: 301-***-**** Email: ****************@*****.***
PROFILE:
A certified accomplished Cyber Security Analyst with 3 years solid professional background in a fast-paced enterprise environment with active Secret clearance. Knowledge in vulnerability management, security control implementation, assessment and authorization, PO&AM management, continuous monitoring, and Risk Management Framework (RMF). Experience tracking and managing incidents and system monitoring for suspicious events in a 24x7 Security Operation Center (SOC) within a team environment as well as on individual basis.
EDUCATION:
.University of Baltimore, MPA – In Progress
.University of Ghana - Bachelor of Arts, Political Science
.CompTIA Security+ - COMP001021687388
.CompTIA A+ COMP001021687388
.CCNA CSCO14007349
.Certified Authorization Professional (CAP)- pending
COMPUTER SKILLS:
Experienced with:
Vulnerability Scanning- Continuous Monitoring Tools – CSAM and Archer, Wireshark, Splunk Enterprise SIEM tool, DLP tools, Microsoft office suite, GDPR, HIPAA, NIST, ISO 27001, PCI DSS, and SOC, experience with NIST 800-53, IT Audits, cybersecurity risk analysis. NIST 800-53 controls. XACT 360, and Risk Vision. Cyber Kill Chain methodology and MITRE ATT&CK framework.
Familiar with:
Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF). ISO 27001, SOC 2, PCI DSS requirements, NIST Risk Management Framework and Authorization and Accreditation (A&A)/SAA Authority to Operate (ATO) process. Microsoft Sentinel SIEM, Microsoft Purview Data Loss Prevention (DLP), Microsoft Entra, ManageEngine Log360. Sumo Logic, NIST Cyber Security Framework. OSINT tools such as VirusTotal, URLScan.io and Hybrid Analysis
SkyTech Entyerprise Systems
Incidence Response Analyst/SOC Analyst - 11/2022 – Present
In this position my role involves identifying IT security vulnerabilities, developing risk management strategies, and ensuring compliance with regulatory standards. I report directly to the CIO and work collaboratively with other IT teams performing data analysis and reports.
My general responsibilities include the following:
Use the Cyber Kill Chain and MITRE attack framework in investigating threats and alerts as detected by our IDS/IPS and SIEM tools. Harnessed OSINT tools to investigate threats, hack attempts and phishing campaigns.
Create and manage service accounts in Microsoft Azure Active Directory. These accounts are often used in system configuration scenarios to simulate different permission user or system sets. Continuously updating system specific policies and procedures.
Utilize Microsoft Sentinel SIEM to filter out and monitor o365 Azure
Prioritized continuous monitoring on all Authorization to Operating (ATO) systems in the department (6 systems in total).
Utilize interactive dashboards in Sumo Logic data analytics to analyze structured metrics data and unstructured log data. Splunk is also used in this environment as a SIEM for specific systems and application platforms.
Investigate malware attacks, phishing incidences utilizing advanced threat Tactics, Techniques and Procedures (TTPs).
Review vulnerability scans using Qualys for added insight. Make recommendations to server teams based on vulnerability scan findings. Compile compliance report to address areas of deficiency.
logs for red flags, false positives, user login patterns, anomalies and unauthorized access as well as unauthorized access events.
Maintained incident logs and document investigation results and lessons learned sessions.
Providing daily ticket reviews, updates, and reports with ticketing tool. Installing system updates on specific platforms, patched programs and optimized functionality.
Document and alert team of vulnerability scans that reveal incomplete OS patching for remote users. This is a high-risk scenario since the majority of users were remote and thus may miss systems Operating Systems and Microsoft Office patches overnight. Present these documentations/findings during periodic team meetings to highlight vulnerabilities, since although the domain/network may be behind a robust firewall infrastructure, unpatched laptops are a weak link that provide a potential for catastrophic breaches.
Create group policies, provision permissions for devices, govern authentication methods and policies for certain user groups as well as service application accounts.
Extract and analyze data from vulnerability scan to support recommendations for informed business decisions and actions. Harness the native transfer protocols detection capability of Wireshark to analyze IP address packets and zero in on malicious traffic during network traffic analysis investigations. While adhering to the incidence response playbook, I create/update lesson learned reports to document findings, post investigations.
Compile compliance report to address areas of deficiency.
Write SPL (Search Processing Language) scripts to filter out and extract data from systems log files. Create dashboards depicting KPI for CIO as well as for team use relating to specific anomalies and incidents.
Install apps from the Splunk app store for review and recommendation for purchase. Add multiple dashboards to specific pages in Splunk depending on the business and functional requirements from team lead. Adding new users to Splunk and configuring permissions. Configure Splunk instance resource settings and preferences for optimal usage and manage indexes (Hot, Cold warm).
Create and manage (disable/enable) user accounts and service accounts using Microsoft Entra for specific scenarios.
SmartThink, Columbia, MD
Security Control Assessor - January 2017 - October 2019
This role involved general security responsibilities across the enterprise. I was responsible for identifying IT security vulnerabilities, developing risk management strategies, and ensuring compliance with regulatory standards and to work collaboratively with other IT teams
performing data analysis and reports. My general responsibilities include but were not limited to the following:
●Provide training and awareness to the staff regarding security best practices. Create comprehensive reports and presentations for various audiences, including technical teams and senior management.Engage in proactive threat hunting to identify potential threats such as Man-in-the-Middle (MitM) Attacks, Data breaches, unauthorized logins and login attempts, credential stuffing.Review Vulnerability scans to detect unpatched software and systems including Windows/Linux servers, SharePoint Servers, ASP.Net servers and internal WordPress platforms.
●Attend meetings with Server and Active Directory teams based on findings such as weak passwords or password expiration policy settings and especially improperly patched user laptops.
●Maintain detailed and accurate records of security incidents, actions taken, and outcomes
●Conduct audits to ensure that our unit follows Compliance and regulatory guidelines.
●Update Shift hand off documents to reflect any incidents that occurred during the shift.
Contact this candidate