Hands-On Information Security

ABDUL LATIF BAISSE

Hephzibah, GA, ***** *****************@*****.*** +1-943-***-**** LinkedIn A highly driven Cybersecurity Professional with over 7 years’ experience in responding to both existing and emerging threat actors. Excellent reputation with conducting Hands-on analysis using a variety of tools, and methodologies to help identify, respond, mitigate, and protect against threats. Able to resolve security incidents quickly and efficiently at scale to reduce the impact of security events and incidents, including investigation, containment, and eradication. EDUCATION

MSc. Computational Science 08/2022 -05/2024

University of Texas (El Paso, TX. USA)

BSc, Mathematics/ Economics 08/2014 -05/2018

University of Cape Coast (Cape Coast, GHANA)

TRAINING & CERTIFICATIONS

CompTIA Security+

ISACA: Certified Information Security Manager (CISM) AWS Certified Solutions Architect – Associate

Certified Ethical Hacker CEH (In-progress)

CYBERSECURITY

● Strong knowledge of Security Applications or Tools: Splunk Essential Security, Nessus, Palo Alto, Wireshark, Imperva WAF, RSA Net witness, McAfee Intrusion Prevention System, Symantec, FireEye, Thread Grid.

● Sourcefire (Snort), McAfee Endpoint, Symantec DLP and various Open-Source Intelligence Tools (OSINT).

● Knowledge of general attack stages (e.g., foot printing and scanning, gaining access, enumeration, escalation of privileges, network exploitation, maintaining access, covering tracks, etc.) - Skill in recognizing and categorizing types of vulnerabilities and associated attacks

● Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, race conditions, PL/SQL and injections, replay, covert channel, return-oriented attacks, and malicious code)

● Knowledge of Computer Network Defense policies, procedures, and regulations

● Perform QA, lead and train Tier 1 and Tier 2 incident responders in the steps to investigate and resolve computer security incidents while encouraging teamwork and growth.

● Excellent knowledge of industry-standard frameworks (e.g., MITRE ATTACK and its evaluation Process).

● Use the Security Incident Event Management (SIEM) platform to perform incident response identification.

● Teams I am/have closely worked with NOC, DLP Engineers, Splunk Engineers, Threat Intel Team, Hunt Team,

● I have unique skills in Windows, Linux, OSX environments, Unix Shell scripts, PowerShell, etc.

● Networking: TCP/IP, LANs, VPNs, Routers, Firewalls, Palo Alto, etc.

● Security Tools: Log Management, Anti-Virus Tools, FireEye, IronPort, Sourcefire, McAfee Web Gateway,

● Splunk, Qradar, Qualys, McAfee DLP, Wireshark; (Norton, Symantec). ASA/ESA/Firepower from Cisco,

● MSFT Defender, Tanium, SESC,

● OSINT / Online tools: VirusTotal, Zscaller, Active Trust, Scamalystics, Cyber Gordon, IPVOID,

● URLVOID, Cyber Chef, AnyRun, MXTOOLBOX, URLVOID.COM, URLScan. Geolocation, etc.

● Knowledge of Computer Network Defense policies, procedures, and regulations.

● Ongoing review of SIEM dashboards, system, application logs, Intrusion Detection Systems (IDS) and custom monitoring tools

● Perform sophisticated malware detection and threat analysis.

● Teams I work with are DLP Engineers, Splunk Engineers, NOC, Threat Intel Team, Red Team, Hunt Team, Forensic Investigators, Database Analyst, Scan Team.

● AWS- Knowledge of DevOps or CI/CD security integration, Kubernetes, Docker, Terraform and automation PROFESSIONAL EXPERIENCE

Senior SOC Analyst (Global Security Operations Center Operator (GSOC) Corporate CLOUDCONVO SOLUTION Royal Bank of Canada 06/2023 – Present

Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation.

Pushed monthly Windows security patch across the company wide network for machines to stay compliant.

Performed incident response management role during major outages and cyber-attacks.

Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of postmortem/root cause analysis.

Successfully lead and participated in Incident Response team in all proactive and incident handling measures for SOC customers including Threat Detection, Response, and Remediation

Developed timeline during incident occurrence, provided companywide updates, following disaster recovery procedures during major outage.

Monitored phish emails, investigating malware threats, blocking unwanted senders, and analyzing impact level of malware links via Splunk and Iron port.

Participated in the incident as the commander role, effectively communicated issues, and provided recommendations to come up with resolutions.

Conduct security control and risk assessment on the organization and information systems based on security policy and security best practices and guidelines.

Utilized Carbon Black monitoring daily user activities, restricting access to services after vulnerability and impact level is analyzed.

Developed process and procedure for SOC team to follow for disaster recovery procedures, provided monthly testing and training to assure accurate response for real life scenario.

Extract and analyze daily reports through NORSE SIEM tool and Netcool monitoring system for potential threats within enterprise systems.

Continually monitored, assessed, tested, and implemented new security technologies to help improve network security.

Monitored servers, network gears, and applications in the operation center environment.

Use the Security Incident Event Management (SIEM) platform to perform incident response identification.

Use Wireshark for troubleshooting and inspecting, packet analyzing.

Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.

Experience in analyzing phish emails when detected, analyzing malicious links and attachments, analyzing user impact via Splunk, remove/delete phish emails from exchange servers and block unwanted senders.

Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.

SOC Analyst - Contract

NEWMONT GHANA GOLD LIMITED 02/2020 - 08/2023

Managed enterprise email security using O365 Defender to detect and mitigate email-based threats.

Conducted vulnerability assessments and provided risk mitigation recommendations.

Assess and improve security control mechanisms for operating systems, network infrastructures, and cloud environments to ensure optimal protection against external and internal threats.

Acted as a subject matter expert in incident response, disseminating threat intelligence, and handling escalated SOC incidents.

Investigated and resolved security incidents, including malware infections, phishing attacks, and unauthorized access attempts.

Performed log analysis using SIEM tools to identify and respond to potential threats.

Stay informed about security regulatory requirements and emerging technologies to ensure compliance and enhance security posture. Collaborate on implementing improvements to defend against evolving cyber threats.

Developed and implemented playbooks for streamlined and consistent incident response processes.

Monitored Phish emails, investigating malware threats, blocking unwanted senders, and analyzing

Advanced analysis of the results of the monitoring solutions, assess escalated output from Level 1&2 Analysts.

Experience with identifying and responding to advanced threats and threat actor TTPs (using tools such as ThreatConnect, HSIN, CISA, FS-ISAC, FBI Cyber, Mandiant, DFIR etc.)

Provide intermediate event analysis, incident detection, and escalate as needed to Level 3 Analyst with documented procedures.

Remain current on cyber security trends and intelligence (open source and commercial) to guide the security analysis & identification capabilities of the SOC team.

Conduct deep-dive investigations on computer-based crimes establishing digital media and logs associated with cyber intrusion events.

Responsible for identifying training needs for the junior analysts

Oversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Operational Level Agreements (OLAs)

Coordinate response, triage and escalation of security events affecting the company’s information assets and activities with the Incident Response team.

Provides guidance to build the necessary controls to provide automated and proactive detection and prevention.

Continuously monitor threat intelligence feeds to stay ahead of new and evolving attack vectors. Information Security Analyst

NATIONAL HEALTH INSURANCE AUTHORITY 08/2018 - 02/2020

Managed information security risks associated with third parties.

Ensured enterprise compliance with (but not limited to) NIST, ISO, NISP SOX, and HIPAA industry standards and requirements.

Assisted with the maintenance, enhancements, and monitoring of a strategic, risk management based, information security program to ensure the availability, integrity, and confidentiality of information across CIN and its service providers.

Provided risk assessment of current and new technology and developed mitigation strategies for associated risks.

Maintained accurate reporting of existing vendor inventory and track movements of vendor records migrating to Coupa Risk Assess.

Reviewed financial statements, credit reports, legal contracts, and business licenses.

Leveraged recognized frameworks like NIST (National Institute of Standards and Technology) Special Publication 800-53, CIS (Center for Internet Security) Controls, or FAIR (Factor Analysis of Information Risk) to enhance risk analysis and align with industry best practices.

Provided front-line defense for cyber incidents, analyzing alerts and escalating critical events.

Supported endpoint security solutions, ensuring robust configurations to block unauthorized access.

Conducted digital forensics investigations and maintained chain-of-custody protocols.

Monitored network traffic and managed firewall configurations to support secure network access.

Maintained and updated security documentation, ensuring alignment with regulatory standards and internal security policies.

Trained staff on security protocols, conducting workshops on recognizing phishing attempts and secure access practices.

Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls, and host-based security systems.

Provide customers with incident response support, including mitigating actions to contain activity.

Work with threat intelligence and threat-hunting teams. Maintain awareness of threat intelligence sources.

Coordinate and collaborate with peer technical teams in a multi-vendor environment for the investigation, remediation, and implementation of preventative measures for cybersecurity events and incidents.

Contact this candidate