Splunk Security SME
Gassco
Schlagwörter
Skills
Information Security professional with almost 20 years of experience in Cyber Defense (from Hardening, to Detection).
- 15y in SOC, SIEM and Threat Detection
- 10y in SIEM, Splunk & Security Analytics
Career includes senior/leadership roles in Security Architecture, Engineering and Operations, with the last 8-10 years focused on enabling enterprise SecOps (SOC/MSSP/CSIRT) teams build and mature their Cyber Threat Detection Engineering practices.
** Splunk's Top Professional Services (PS) Sales contributor FY'16 **
Currently working as a Security Leader for a major American financial organization after working for 5 years as an independent Security Analytics SME in Europe. Customers include Financial, Telco and ICS/OT in Switzerland, Germany, Netherlands, Belgium and Norway.
Bachelor degree in Computer Science and post-degree in Computer Forensics with an extensive background in software development, Statistics/Machine Learning and Win/Nix scripting.
Keywords
Splunk, Big Data, Active Directory/Eventlogs, Sysmon/EDR, Web Proxy, FW, H/NIDS, Office 365, Applocker, Linux audit, Vuln, AWS, DNS, JIRA, SIEM, analytics, RSA, Unix scripting, GIAC, Information Security, Network Security, Microsoft Active Directory, IT Security, Unix operating systems, Cisco, IPS, Firewall, Cisco PIX, Stonesoft Stonegate, LAMP, PHP, MySQL, Linux, Apache, MySQL PHP, Perl, Python
- 15y in SOC, SIEM and Threat Detection
- 10y in SIEM, Splunk & Security Analytics
Career includes senior/leadership roles in Security Architecture, Engineering and Operations, with the last 8-10 years focused on enabling enterprise SecOps (SOC/MSSP/CSIRT) teams build and mature their Cyber Threat Detection Engineering practices.
** Splunk's Top Professional Services (PS) Sales contributor FY'16 **
Currently working as a Security Leader for a major American financial organization after working for 5 years as an independent Security Analytics SME in Europe. Customers include Financial, Telco and ICS/OT in Switzerland, Germany, Netherlands, Belgium and Norway.
Bachelor degree in Computer Science and post-degree in Computer Forensics with an extensive background in software development, Statistics/Machine Learning and Win/Nix scripting.
Keywords
Splunk, Big Data, Active Directory/Eventlogs, Sysmon/EDR, Web Proxy, FW, H/NIDS, Office 365, Applocker, Linux audit, Vuln, AWS, DNS, JIRA, SIEM, analytics, RSA, Unix scripting, GIAC, Information Security, Network Security, Microsoft Active Directory, IT Security, Unix operating systems, Cisco, IPS, Firewall, Cisco PIX, Stonesoft Stonegate, LAMP, PHP, MySQL, Linux, Apache, MySQL PHP, Perl, Python
Projekthistorie
02/2020
-
01/2021
02/2019
-
12/2019
Splunk Security Lead
Magellan Splunk Partner (DE)
02/2017
-
12/2018
Threat Detection Engineer / Security Use Cases Architect
SWIFT
05/2015
-
01/2017
Senior Security Consultant/Engineer (EMEA Professional Services - PS)
Splunk Inc.
Responsible for developing custom, tailored content after threat modeling exercises with Splunk, enabling
highly mature SOC/CERT/CSIRT teams leverage Splunk as a detection and hunting platform.
Main accomplishment: consultant of the year (2016) leading the biggest PS contract in EU (Telenor Norway).
highly mature SOC/CERT/CSIRT teams leverage Splunk as a detection and hunting platform.
Main accomplishment: consultant of the year (2016) leading the biggest PS contract in EU (Telenor Norway).
09/2012
-
04/2015
Lead Security Engineer - EMEA Security analytics lead (previously Tier-3 SOC Analyst)
Verizon
Member of Verizon Cyber Intelligence Center (VCIC), the group dedicated to develop and deliver innovative
Security Solutions to Verizon's customers. Mainly leading RSA and Splunk SIEM projects internally.
Main accomplishments: multiple "Ovation awards" received for driving automation (Unix scripting) and
process improvements across Global SOCs; Self-though Splunk developer with dozens of dashboards and
metrics reports delivered; SANS/GIAC evangelist, encouraging the team to get trained and certified.
Security Solutions to Verizon's customers. Mainly leading RSA and Splunk SIEM projects internally.
Main accomplishments: multiple "Ovation awards" received for driving automation (Unix scripting) and
process improvements across Global SOCs; Self-though Splunk developer with dozens of dashboards and
metrics reports delivered; SANS/GIAC evangelist, encouraging the team to get trained and certified.
09/2011
-
08/2012
Senior Information Security Consultant
Kahuna Network Security Consulting
Acting as member of ArcSight specialists team focused on SIEM consulting services for large organizations in
the Netherlands, including project design, content building and support.
Main accomplishments: primary team member responsible for delivering ING's SOC ESM platform in Central
Europe, with focus on content building (reports/dashboards) and on boarding new data feeds. Active brown
bag sessions (knowledge transfer) facilitator.
the Netherlands, including project design, content building and support.
Main accomplishments: primary team member responsible for delivering ING's SOC ESM platform in Central
Europe, with focus on content building (reports/dashboards) and on boarding new data feeds. Active brown
bag sessions (knowledge transfer) facilitator.
09/2010
-
10/2011
Senior Security Architect
Itaú BBA
- Budget management, Information Security market research and products evaluation (PoC)
- PoC results comparison, management/board presentations
- Security projects delivery, training and handover
Main accomplishment: Web Security Gateways migration project owner, reporting to CIO. Responsible for
market research, PoCs, design and implementation (plus handover) of the whole solution, based Cisco
IronPort, integrated with Microsoft Active Directory.
- PoC results comparison, management/board presentations
- Security projects delivery, training and handover
Main accomplishment: Web Security Gateways migration project owner, reporting to CIO. Responsible for
market research, PoCs, design and implementation (plus handover) of the whole solution, based Cisco
IronPort, integrated with Microsoft Active Directory.
08/2007
-
08/2010
IT Security Engineer
Nextel Telecommunications
- Project leader: SIEM ArcSight, EnCase, IronPort Anti-SPAM, Security Portal
- Hardening / Security baselining for Unix operating systems and Cisco devices
- SecOps and Forensic tools evaluation (ArcSight, EnCase, other)
Main accomplishments: ArcSight project delivery, focused on compliance and auditing. Email relays migration
project owner, based on Cisco IronPort technology.
- Hardening / Security baselining for Unix operating systems and Cisco devices
- SecOps and Forensic tools evaluation (ArcSight, EnCase, other)
Main accomplishments: ArcSight project delivery, focused on compliance and auditing. Email relays migration
project owner, based on Cisco IronPort technology.
08/2005
-
07/2007
Lead Security Engineer - Security Operations Center (SOC)
BM&F BOVESPA (Brazil's Stock Exchange)
- SOC/CSIRT Technical leader, assisting with SOC Engineers duties
- Incident Response Team support and training
- IDS/IPS tuning, Firewall administration (Cisco PIX and Stonesoft Stonegate)
Main accomplishment: fully integrated case management system development and delivery, based on LAMP
stack (PHP and MySQL), with specialized charts and shift handover reports.
Previous roles include: ISP administrator, LAMP (Linux, Apache, MySQL PHP/Perl/Python) web developer.
- Incident Response Team support and training
- IDS/IPS tuning, Firewall administration (Cisco PIX and Stonesoft Stonegate)
Main accomplishment: fully integrated case management system development and delivery, based on LAMP
stack (PHP and MySQL), with specialized charts and shift handover reports.
Previous roles include: ISP administrator, LAMP (Linux, Apache, MySQL PHP/Perl/Python) web developer.
Reisebereitschaft
Weltweit verfügbar
Within Europe.
Sonstige Angaben
Last 10y in Europe always working on Threat Detection and Security Monitoring domains (ArcSight, Splunk SME). Multiple Splunk partners supported (one building an MSSP offer).
SOCs/MSSPs supported either as a consultant or as an FTE: Verizon, SWIFT, Swisscom, Telenor, Brazil Stock Exchange, Nextel among others enterprise SecOps teams.
Splunk Professional Services consultant of the year award FY 2016.
Splunk Blog https://spl.ninja
SOCs/MSSPs supported either as a consultant or as an FTE: Verizon, SWIFT, Swisscom, Telenor, Brazil Stock Exchange, Nextel among others enterprise SecOps teams.
Splunk Professional Services consultant of the year award FY 2016.
Splunk Blog https://spl.ninja
