PROFESSIONAL SUMMARY
I am an experienced Cyber Security Professional who adapts well to ever-changing, fast-paced environments. Proven ability to work well collaboratively as well as independently. Skilled in Log Management, Network Security, Multiple (SIEM) experiences (Azure Sentinel, ArcSight, Splunk, Qradar, Crowdstrike, etc), and (IDM/PAM/) user OS log Auditing. I have gained a strong knowledge of tools – network/Flow analysis with good analytical skills. Prime work includes Incident handling, Network, and host forensics, real-time monitoring, Malware analysis, threat hunting, Threat Intelligence, and Security operations along with Mitre-enriched reporting.
EDUCATION & CERTIFICATIONS
Information Technology Security Administration My Computer Career 2022
Certifications & Degree Earned:
Degree: Associate of Science
CYSA+
CompTIA Network+
CompTIA Server+
CompTIA Mobility+
MTA Networking
MTA Security
MTA Mobility
AZ-900
CompTIA A+
CompTIA Security+
CASP+
SSCP
IT WORK-RELATED EXPERIENCE
Comcast
PCI-as-a-service
provides input into the creation of hardening standards.
researches security best practices and other industry security trends to use as input into the improvement of the information security program.
Lead for MDR SIEM security events and Vulnerability Management
Asset management & reconciliation for device health
Exceptions tracking, alerting and renewal - including false positives and risk acceptance
Managing SIEM rules, whitelisting required for other services, i.e. scanning/pen testing
Recon of network templates & VLANs or other PCU requirements in scope
Vulnerability Remediation start 8-2022 to Current
Worked with data security protection, security, and privacy by designing concepts in the cloud and on-prem.
Exposed to cloud-native technologies
Familiarity with development and programming including Agile development
Understanding of hardware, embedded software, cloud, or application architectures to communicate technical requirements to related teams
Experience with Vulnerability Scanning software (Qualys, DAST, Prisma Cloud, etc)
Ability to communicate complex security concepts to technical and non-technical stakeholders
Ability to engage development teams to develop remediation plans that align with development schedules. Knowledge of complex network operating environments, including remotely hosted or cloud-based service offerings
Knowledge of cloud security in the public cloud (AWS, AZURE, Kubernetes)
Comfortable with interfacing with other internal or external organizations regarding incident response situations.
Facilitate compensating controls & vulnerability exceptions.
Solid understanding of common security vulnerabilities and vulnerability management practices
Serve as a key liaison between Comcast Cybersecurity and Comcast Business product and application development teams.
Defined and drove creative security solutions in line with Comcast Cybersecurity Policies & Standards
Applied the Secure Development Lifecycle (SDL) principles to evaluate the variety, velocity, volume & veracity of the cyber-threat landscape.
Collaborated with various cross-functional technology, product, experience, and security teams helping to instill best practices
Partnered with engineering teams to lead the definition of security architectures and solutions while balancing security risk against product and application development priorities
Drove best practices surrounding Github sensitive data storage.
Best practices around risk and privacy.
Security Engineering, 1-2021-8/2022 (Security Incident Response)
Perform intensive analysis of application/platform access control data structures, defined and articulated to developers the data attributes/elements required to meet the requirements of the Access Management Remediation Project
Responsible for performing regular network and application security/ vulnerability assessments against corporate network and production applications using various open source and proprietary tools
Merge database into incident tracking system providing ability to monitor support trends. Identified root causes of suspicious issues and implemented resolutions that increased efficiency and customer satisfaction and lowered overall support costs
Development and formulation of specifications for computer programmers to use in coding, testing, and debugging of computer programs
Reviewed security violation investigation reports and recommended corrective and disciplinary action for employee who committed the violation
Security Analyst, 2019-2020
Monitored organization’s networks for security breaches and investigate a violation when one occurs
Installed and used software, such as firewalls and data encryption programs, to protect sensitive information
Prepared reports that document security breaches and the extent of the damage caused by the breaches
Planned the organization’s way of handling security and developed security standards and protocols
Logged analysis for investigations with HP ArcSight Logger for problem isolations, event log viewing, identifying hosts and owners, and Demisto for problem isolations
Troubleshooted connectivity issues with proxy, firewalls, and VPN including tunneling, AAA, VPN, Firewall, and Proxy for user and service issues.
Application Auditing for incident response for Corporate and Business Partner Operations
Supported MFA issues including AD, Radius, VIP access, Kerberos
Audited compliance and tracked incident patterns, server Threat Analytics, Group IOC monitoring, and Incident Handling.
DXC Technology 2020-2021
Seim and Threat Analyst II
Performed daily operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Monitoring tools, network, and host-based intrusion detection systems, firewall /system logs (Unix & Windows), mainframes, applications, and databases.
Experienced in assisting in the development and maintenance of tools, procedures, and documentation. (Ex. Source code, hex, binary, regular expression, etc.) along with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs).
(Splunk, Azure Sentinel, Epo, Qradar, Demisto, Archer, Archsight, Network Security Manager, Crowdstrike) alerts in real-time, researching threat information, and escalating legitimate security incidents to the client
Reviewed SERVER/NAC logs and messages to identify and report possible violations of security.
Documented and reported on internal investigations of security violations to understand their security needs; assists in the development and implementation of procedures to accommodate the developing analytical threat models
Coordinated with the threat study teams and offer guidance to avoid any malicious activities
Reversed engineer attacker encoding protocols (Fireye, SEP, etc)
Performed network traffic analysis by using raw packet data, net flow, and IDS as it relates to cyber security and communication networks (Wireshark, IDS Dash, Tipping Point, etc)
Reversed malware engineering & analysis, web tracking and proxy services, and web gateway and endpoint response/management
Tracked threat campaigns and exp with OSINT, source verification, TTP, dark web tracking
Multi-tool utilization to support case investigation (IPS, IDS, Proxy, Sandbox, Firewall, Pcaps, Threat Intelligence Research, etc.)
Strong experience in Analytical Frameworks for Cyber Threat Intelligence (Diamond Model, Mitre, Cyber Kill Chain)
Maintained emerging technologies, supported security posture & IOC adversary tracking
SAP 2018-2019
Data Engineer
Offered Global team and business partners to coordinate ongoing/new rollout(s)
Escalated break/fix incidents with Asset Owners along with asset management team for server migration
Informed Cloud Team of the status of bare metal server maintenance/repair
Coordinated with vendors (Cisco, Fujitsu, HP, Dell, etc.) Engineer and onsite Technician
Encrypt/Decrypt HDD for export and import with hashing software
Evaluated server logs for appropriate break/fix remediation to vendor
Worked with multiple data center business partners and/or contractors (32+ data centers)
Responsible for high-priority bridge calls with executives and business partners
Handled high-priority incidents such as data center power outages
Incident handling for a server, switch, or router failures as (MI) Major Incidents
Provided exact device location per asset management software for Engineer or onsite Vendor Tech
Power cycle, reseat HDD, upload flash drive data, trace cable, server, router, or switch within data center as requested per asset owner
The Governor Morehead School January 2018-April 2018
Network Analyst
Diagnose and resolve software and hardware incidents, including operating systems (Windows and Mac) and across a range of software applications
Promoted system security and awareness by adhering to IT security policy and standards
Utilize BMC Track-It Software, Security Administration, EMC SAN & Data Domains,
Cisco firewalls, Dell and Avaya switches & Software