OBJECTIVE:

• Over 10 years of Government Contracting focused on cyber security.
• I have conducted analysis and reporting of Cyber Intelligence activities such as Targeted Attacks and Advanced Persistent Threats (APTs).
• Monitored, detected, and analyzed cyber events using SIEM and IDS/IPS tools. .
• Utilized intelligence methodologies to determine potential illicit computer network operations.
• My experience includes broad range of technical analytic roles including Sigint Analysis, Counterintellingece Analyst, and Cyber Security Analysis.

TECHNICAL SKILLS:

Operating Systems: Windows 95/98/ME/XP/2000/2003,7, UNIX,(FreeBSD, Solaris), Linux (RedHat, Gentoo, Fedora Core, Suse, Ubuntu).

Intelligence: Writing, Reporting, WISE, TAC, M3, HOTR, NSANET, ALL - SOURCE, SIGINT and other highside skills

Security Tools: FireEye, ArcSight, Splunk, Tanium, Stealth Watch, Carbon Black, BlueCoat, Solera, Retina, DISA Gold Disk, SourceFire, Snort, Enterasys Dragon, Tenable’s Nessus, ArcSight’s Enterprise Security Management (ESM), Cisco Security Manager and Monitoring, Analysis, and Response System (MARS), ePolicy Orchestrator, Tripwire, TCPDump, WIRESHARK, MacAfee Data Loss Prevention (DLP), McAfee ePolicy Orchestrator (EPO)

Networking: TCP/IP, network cabling, Design layout, Routers, VPN, Switches, hubs, MRTG

PROFESSIONAL EXPERIENCE:

Confidential, El Dorado Hills, CA

IT Security Cyber Defense Analyst

• Identified and handled cases involving adhoc analysis where security tools have not detected malware found
• Monitor external event sources for security intelligence and actionable incidents
• Write technical articles for knowledge sharing
• Maintain incident logs with relevant activity
• Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders
• Perform hunting for malicious activity across the network and digital assets
• Created intellgencence reports of identified malicious activity providing analysis and IOC
• Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
• Event monitoring, analysis, and reporting to alerts from the following security tolls: and Bluecoat, FireEye, Imperva, Proofpoint, Splunk, Stealth Watch, Tanium, ThreatPulse, Symantec Endpoint Protection (SEP)
• Identify and act on malicious or anomalous activity
• Run malware in sandbox environment to assist with threat research
• Create, manage, and dispatch incident tickets relating to Lost/stolen assets, spam emails, malware, and data spillage

Confidential, Washington, DC

Cyber Defense Analyst

• Cyber Defense Analyst, provide first/second level IDS monitoring (SourceFire), analysis and incident response to information security alerts events. Analyze network traffic and IDS alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms. Compose and send alert notifications. Recommend IDS filters to eliminate false positives
• Plan, organize, and support Vulnerability Management activities. Tasks include vulnerability scanning, scan results analysis, vulnerability tracking, and Independent Validation and Verification (IV&V) activities.
• Perform PCAP analysis of IDS events; utilize Bluecoat to further investigate malicious activity.
• Use RSA Archer Information Security Management product to log and report security incidents.
• Utilized MacAfee Data Lost Prevention (DLP) product in effort to prevent confidential data from being leaked out of organizations boundaries.
• Create, publish, and brief Government Chief Information Security Officer (CISO) providing highlights on the latest security incidents and threats.
• Generate end of shift reports and pass down current operational data to oncoming shift.

Confidential, Virginia

Counterintelligence Cyber Security Specialist

• Responsible for monitoring and analyzing the DTRA Enterprise information systems for events with Counterintelligence implications.
• Create Intelligence Information Reports (IIR) on cyber events that have a Counterintelligence nexus
• Identify unauthorized system access, insider threat activity, penetration attempts from suspected foreign or terrorist origin, and the presence of APT with suspected foreign nexus
• Identify and create indicators of CI events, identify vulnerable computers and systems that may be used for computer network exploitation, data exfiltration, and data compromise.
• Deliver weekly and monthly summary, and status reports documenting incidences of network/computer events with CI implications.
• Assist in developing and reporting events, incidents and other internal anomalous behavior indicative of Insider Threat activity.
• Identify vulnerable computers and systems that may be used for computer network exploitation and computer network attack.
• Implement, configure, maintain and operate Insider Threat tools.
• Research, identify, and analyze technical threats to information systems, personnel, activities and cyberspace—as well as threat-appropriate countermeasures.

Confidential, Virginia

Senior Computer Network Defense (CND) Analyst

• Supported the Agencies counterintelligence (CI) insider threat mission through event analysis & traffic analysis performing CI investigations and audits of user activity
• Monitor information security alerts though the use of a Security Information and Event Manager (SIEM) ArcSight. Created cases, triaged, mitigated, and escalated events
• Monitor and analyze alerts from IDS/IPS devices such as Snort and FireEye in effort to identify security issues.
• Performed Computer Security Incident Response activities, and coordinated with other government agencies to record and report incidents.
• Utilized bluecoat in effort to monitor and trend network activity. Utilized Wireshark for more in-depth analysis of PCAP.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

Confidential, Virginia

Mid-Level Counterintelligence (CI) Analyst

• As Mid-Level CI Analyst provided support to A Federal Agency CI/HUMINT mission. Working within the cell of A Federal Agency, Directorate of Operations (DO), Office of Counterintelligence (OCI), Strategic Technical Threat Branch conducted All-Source CI analyses.
• Authors, researches, edits, reviews, and contributes to counterintelligence threat analysis and other finished intelligence products based upon all source analysis of foreign intelligence service (FIS) threats, motivations, and methods.
• Interpreted, evaluated and analyzed intelligence from various sources by initiative and/or in response to production requirements in effort of identify and tracking technologies used by Foreign Intelligence Entities (FIE) that have/may have nefarious implications for U.S. intelligence capabilities and operations
• Gathers, evaluates, and incorporates Intelligence Community (IC) and open source reporting to provide accurate, logical analysis to senior level officials
• Utilized HUMINT On-Line Tasking and Reporting (HOT-R) to evaluate Intelligence Information Reports (IIRs) in effort to moderately steer collection for our collection requirements.
• Provided assessments on short and long term assignments while working jointly with intelligence agencies and combined assets publishing documents such as Defense Intelligence Note (DIN) and Defense Intelligence Short (DIS)
• Utilizes various intelligence tools such as INTELINK, TAC, M3, Palantir, and Web Intelligence Search Engine (WISE) on daily basis

Confidential, Arlington, Virginia

Cyber Security Analyst

• Worked as a cyber security analyst supporting NPPD/CS&C/NCCIC/US-CERT within Alert and Warning Section of the Detection Branch
• Conducted research and evaluated technical and all-source intelligence with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures (TTP) focused on the threat to networked weapons platforms and US information networks.
• Worked on Focused Operation (FO) as pertaining to foreign cyber threats. Analyzed and correlated information in effort to identify Advanced Persistent Threat (APT) attacks and protect systems with the .GOV domain space.
• Review IDS/IPS alerts for potentially malicious activity associated with Advanced Persistent Threats (APT).
• Collaborate with intelligence community (IC) partners to share and collect cyber threat data for use in strategic threat assessments.
• Monitored network traffic patterns and trends by Netflow analysis, took action on signature alerts from Einstein. Use custom Perl and Python scripts to parse through Netflow data getting specific desired results. Analyzed Zero Day and DDOS activities in real-time; identify indicators that can be used to better detect these activities.
• Conduct packet analysis within WIRESHARK reporting findings to different agencies within the scope of US-Cert
• Create custom Sourcefire signatures from emerging Cyber threats, push approved Signature sets to IDS sensors
• Write up technical documents alerting agencies within Intelligence Community (IC) about new emerging threats

Confidential

Cyber Info Assurance Analyst 2 / Security Engineer

• Support the detection, protection, and response portion of the MCNOSC MARCERT (Marine Critical Emergency Response Team) mission by maintaining intrusion detection, protection, and event correlation infrastructure
• Review and update existing signatures and correlation rules to improve detection efficiency
• Implement IDS and IPS signatures and use case correlation rules
• Responsible for maintaining all CND gear (IDS/IPS/ArchSight) this includes HBSS, IntruShield, Sidewinder and FortiAnalyzer Firewalls, Sav, Cyberguard
• Deploy, manage, and maintain the Legacy Network Defense gear specific to the MARCERT
• Coordinated with POC's at other sites in order to get non MCEN assets back operational
• Support testing of new technologies for integration into the sensor grid and analysis capabilities
• Provide technical support for the MCEN sensor grid
• Primary focused on Information Assurance of Simulation Operation Systems supporting AEGIS
• Perform vulnerability scans using Retina & Disa Gold Disk, mitigating findings and or documents findings
• Responsible for reporting of Information Assurance Vulnerabilities Alerts (IAVA) and Information Assurance Vulnerability Bulletins (IAVB).
• Keeping up with the latest security threats and working to eliminate risk
• Patch Management verifying the patch did not impact/Break SIM Systems and removes failed patches as needed, and determining how to deploy patch without impacting daily operations.
• Assist in the certification and accreditation processes (C&A) for Astats, CCD, UMG, and MLST3 using DICAP methodology.
• Created Plan of Action and Milestones (POAM) for Confidential Grumman Next Generation System (NGS)
• Responsible for determining IA controls (IAC) for Retina related findings.
• Constructed RDTE network for simulation systems for Technology Integration and Assessment Capability (TIAC) to facilitate ongoing Information Assurance requirements following STIG requirements for systems
• Conduct PIT Risk Approval (PRA) for Simulation Systems which entails the DIACAP score card, Plan of Action and Milestone (POA&M), DIACAP Implementation Plan (DIP), and System Information Profile (SIP).

Confidential, Virginia

Security Analyst

• Supported DHS SOC in a 24/7 environment working within Computer Security Incident Response Center (CSIRC).
• Responsible for performing network security monitoring expertise and analysis of events from network intrusion detection systems (NIDS), host intrusion detection systems (HIDS), and log data; opening/updating trouble tickets; and providing call support for DHS component agencies.
• Collect, analyze, and correlate network flow data using the US-CERT Einstein Program and share computer security information across the federal government agencies to improve our nation's situational awareness.
• Monitored ArchSight SIEM and intrusion detection systems (IDS) such as Enterasys Dragon, SourceFire, and Cisco Mars.
• Provided incident response and remediation activities for Customs and Border Protection, and the 10 component agencies of the Department of Homeland Security. Some of these incidents include classified spillages, PII, and other IT Security Incidents to other components making sure incidents are properly documented and ensuring that all remediation efforts are taken care of quickly.
• Utilized Bluecoat proxy for investigative purposes in effort gauge bigger picture of host and come up with my analytic assessment for the incident at hand.
• Analyzed security events to determine if false positive, letting security engineers know my finding so they could fine tune their IDS devices to help cut down on false positive events.