Cyber Security Information Technology

PROFESSIONAL SUMMARY

I am an experienced Cyber Security Professional who adapts well to ever-changing, fast-paced environments. Proven ability to work well collaboratively as well as independently. Skilled in Log Management, Network Security, Multiple (SIEM) experiences (Azure Sentinel, ArcSight, Splunk, Qradar, Crowdstrike, etc), and (IDM/PAM/) user OS log Auditing. I have gained a strong knowledge of tools – network/Flow analysis with good analytical skills. Prime work includes Incident handling, Network, and host forensics, real-time monitoring, Malware analysis, threat hunting, Threat Intelligence, and Security operations along with Mitre-enriched reporting.

EDUCATION & CERTIFICATIONS

Information Technology Security Administration My Computer Career 2022

Certifications & Degree Earned:

Degree: Associate of Science

CYSA+

CompTIA Network+

CompTIA Server+

CompTIA Mobility+

MTA Networking

MTA Security

MTA Mobility

AZ-900

CompTIA A+

CompTIA Security+

CASP+

SSCP

IT WORK-RELATED EXPERIENCE

Comcast

PCI-as-a-service

provides input into the creation of hardening standards.

researches security best practices and other industry security trends to use as input into the improvement of the information security program.

Lead for MDR SIEM security events and Vulnerability Management

Asset management & reconciliation for device health

Exceptions tracking, alerting and renewal - including false positives and risk acceptance

Managing SIEM rules, whitelisting required for other services, i.e. scanning/pen testing

Recon of network templates & VLANs or other PCU requirements in scope

Vulnerability Remediation start 8-2022 to Current

Worked with data security protection, security, and privacy by designing concepts in the cloud and on-prem.

Exposed to cloud-native technologies

Familiarity with development and programming including Agile development

Understanding of hardware, embedded software, cloud, or application architectures to communicate technical requirements to related teams

Experience with Vulnerability Scanning software (Qualys, DAST, Prisma Cloud, etc)

Ability to communicate complex security concepts to technical and non-technical stakeholders

Ability to engage development teams to develop remediation plans that align with development schedules. Knowledge of complex network operating environments, including remotely hosted or cloud-based service offerings

Knowledge of cloud security in the public cloud (AWS, AZURE, Kubernetes)

Comfortable with interfacing with other internal or external organizations regarding incident response situations.

Facilitate compensating controls & vulnerability exceptions.

Solid understanding of common security vulnerabilities and vulnerability management practices

Serve as a key liaison between Comcast Cybersecurity and Comcast Business product and application development teams.

Defined and drove creative security solutions in line with Comcast Cybersecurity Policies & Standards

Applied the Secure Development Lifecycle (SDL) principles to evaluate the variety, velocity, volume & veracity of the cyber-threat landscape.

Collaborated with various cross-functional technology, product, experience, and security teams helping to instill best practices

Partnered with engineering teams to lead the definition of security architectures and solutions while balancing security risk against product and application development priorities

Drove best practices surrounding Github sensitive data storage.

Best practices around risk and privacy.

Security Engineering, 1-2021-8/2022 (Security Incident Response)

Perform intensive analysis of application/platform access control data structures, defined and articulated to developers the data attributes/elements required to meet the requirements of the Access Management Remediation Project

Responsible for performing regular network and application security/ vulnerability assessments against corporate network and production applications using various open source and proprietary tools

Merge database into incident tracking system providing ability to monitor support trends. Identified root causes of suspicious issues and implemented resolutions that increased efficiency and customer satisfaction and lowered overall support costs

Development and formulation of specifications for computer programmers to use in coding, testing, and debugging of computer programs

Reviewed security violation investigation reports and recommended corrective and disciplinary action for employee who committed the violation

Security Analyst, 2019-2020

Monitored organization’s networks for security breaches and investigate a violation when one occurs

Installed and used software, such as firewalls and data encryption programs, to protect sensitive information

Prepared reports that document security breaches and the extent of the damage caused by the breaches

Planned the organization’s way of handling security and developed security standards and protocols

Logged analysis for investigations with HP ArcSight Logger for problem isolations, event log viewing, identifying hosts and owners, and Demisto for problem isolations

Troubleshooted connectivity issues with proxy, firewalls, and VPN including tunneling, AAA, VPN, Firewall, and Proxy for user and service issues.

Application Auditing for incident response for Corporate and Business Partner Operations

Supported MFA issues including AD, Radius, VIP access, Kerberos

Audited compliance and tracked incident patterns, server Threat Analytics, Group IOC monitoring, and Incident Handling.

DXC Technology 2020-2021

Seim and Threat Analyst II

Performed daily operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Monitoring tools, network, and host-based intrusion detection systems, firewall /system logs (Unix & Windows), mainframes, applications, and databases.

Experienced in assisting in the development and maintenance of tools, procedures, and documentation. (Ex. Source code, hex, binary, regular expression, etc.) along with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs).

(Splunk, Azure Sentinel, Epo, Qradar, Demisto, Archer, Archsight, Network Security Manager, Crowdstrike) alerts in real-time, researching threat information, and escalating legitimate security incidents to the client

Reviewed SERVER/NAC logs and messages to identify and report possible violations of security.

Documented and reported on internal investigations of security violations to understand their security needs; assists in the development and implementation of procedures to accommodate the developing analytical threat models

Coordinated with the threat study teams and offer guidance to avoid any malicious activities

Reversed engineer attacker encoding protocols (Fireye, SEP, etc)

Performed network traffic analysis by using raw packet data, net flow, and IDS as it relates to cyber security and communication networks (Wireshark, IDS Dash, Tipping Point, etc)

Reversed malware engineering & analysis, web tracking and proxy services, and web gateway and endpoint response/management

Tracked threat campaigns and exp with OSINT, source verification, TTP, dark web tracking

Multi-tool utilization to support case investigation (IPS, IDS, Proxy, Sandbox, Firewall, Pcaps, Threat Intelligence Research, etc.)

Strong experience in Analytical Frameworks for Cyber Threat Intelligence (Diamond Model, Mitre, Cyber Kill Chain)

Maintained emerging technologies, supported security posture & IOC adversary tracking

SAP 2018-2019

Data Engineer

Offered Global team and business partners to coordinate ongoing/new rollout(s)

Escalated break/fix incidents with Asset Owners along with asset management team for server migration

Informed Cloud Team of the status of bare metal server maintenance/repair

Coordinated with vendors (Cisco, Fujitsu, HP, Dell, etc.) Engineer and onsite Technician

Encrypt/Decrypt HDD for export and import with hashing software

Evaluated server logs for appropriate break/fix remediation to vendor

Worked with multiple data center business partners and/or contractors (32+ data centers)

Responsible for high-priority bridge calls with executives and business partners

Handled high-priority incidents such as data center power outages

Incident handling for a server, switch, or router failures as (MI) Major Incidents

Provided exact device location per asset management software for Engineer or onsite Vendor Tech

Power cycle, reseat HDD, upload flash drive data, trace cable, server, router, or switch within data center as requested per asset owner

The Governor Morehead School January 2018-April 2018

Network Analyst

Diagnose and resolve software and hardware incidents, including operating systems (Windows and Mac) and across a range of software applications

Promoted system security and awareness by adhering to IT security policy and standards

Utilize BMC Track-It Software, Security Administration, EMC SAN & Data Domains,

Cisco firewalls, Dell and Avaya switches & Software

Contact this candidate