Senior Security Consultant
Schlagwörter
Informationssicherheit
Mcafee Virusscan
Siem
National Institute Of Standards And Technology (NIST)
Splunk
Penetration Testing
Linux
Mysql
Firewalls
Soziale Entwicklung
Skills
Operating systems, Windows Server +++, Linux +++, Pentesting Social Engineering ++, BurpSuite +++, SQLmap ++, Kali based tools ++ 4+ Scanner (Web Application, Vulnerability Scanners, Social Engineering Toolkit +++, Programming, Java + 1, C# +, PowerShell ++ 8, Python + 8, Data Protection +++ 17, Report Development +++ 6, Security Plan Development +++ 6, NIST Aredadation Documentation +++ 6, MS Active Directory +++ 10, MS Group Policy +++ 10, Hyper-V ++ 10, VMware vCenter ++ 3, MS SQL (Mostly Attacking) ++, MySQL (Mostly Attacking) ++, MySQL Hardening ++, DameWare Remote Support +++ 10, MS Office ++ 12, Norton Ghost +++ 6, ePO +++ 6, VSE +++ 6, HIPS +++ 6, Splunk +++ 8, Firewalls +++ 6, SOC Services, SIEM +++ 8, Use-Case Entwicklung +++ 8, Regulations, NIST +++ 6, Requirements, FISMA +++, MDR, FDA, ISO NIST +++, HIPPA, GDPR, DNS +, IOT, XDR, IP address, SaaS, Social Media, OEM, SIEM, Cyber Security, penetration testing, Information Security, BSD, Splunk Servers, linux, Cloud, monitoring systems, white-box, phishing, data extraction, Firewall, Wireshark, DDOS, Splunk, McAfee SIEM, McAfee IPS, McAfee, VMWare, ESXi, IT Security, DMA, OWASP, remote assistance, Windows 7
Projekthistorie
05/2022
-
bis jetzt
Support the company, teams, staff, foundation teams, and the security foundation team on events resulting in a priority 1 incident. Investigated, documented, explained and presented the cause and effect which resulted from the investigation. Designed, documented, drew, and explained deployment requirements of an XDR solution. Conducted a gap analysis of systems, alerting and other solutions which are used within an XDR solution architecture. Explained the differences between (open and closed XDR) solution types. Deployed an Automation solution which was used for the preliminary of improving response capabilities and augmented the data with live threat intel data and sending direct messages to the teams which were affected. Used an automation solution to compare logins from IP addresses to known threat sources and created tickets, closed the tickets and blocked the IP address within a short time range. Used the same automation solution to ask developers if they conducted changes and created tickets with threat intel data and data from the events. Designed, wrote, and created road maps for XDR deployment and other solutions and or teams which should also be considered. Wrote reports based on gap analysis and explained other areas which should be considered. Conducted market research based on other solutions which supported the business and explained what the market reported on the product and solutions. Explained the difference between various threat models and demonstrated the issues from those threat models and how to use the MITRE ATT&CK® framework and explained how other frameworks from MITRE work together. Conducted both on the spot pentest with the teams and requested tests of internal solutions or solutions used by SaaS providers. Reviewed, explained, demonstrated and wrote custom Alerting UseCases to identify possible exploitation based on posts published to the open internet (blogs, Social Media, ect) about security vulnerabilities or risks. Conducted reviews of current configurations of solutions based on CIS Benchmarks, OEM recomendations or various other sources which was used within the current business model and presented the findings and recomendations. Created an email alerting system which reviewed the internet for keywords based on the company and connected it with the Automation solution to provide a communication of what is happening within the Cyberspace based on the company's internet presence and solutions which were used within the business. Explained, demonstrated, designed, and implemented an External to Internal Domain and IP review system to show items which were missed or not easily visible. Conducted Live Hacks via-teleconferences with various stakeholders to show how a bad-actor conducts their attacking steps.
10/2016
-
bis jetzt
Faculty Adjunct
Developed course instruction. Developed pentesting labs for UMUC, labs for Yara Rules, and Wireshark. Built a lab network which simulates a DDOS attack in which the students are required to learn the attack and defend the systems. Advised the Cybersecurity program on advancements within the program to improve the educational experiences for students. Taught undergraduate classes in person and online on the subject of offensive security.
11/2021
-
04/2022
SIEM Security Architect
Developed the SIEM deployment concept for MBB. Explained the issues related to BaFIN security requirements, GDPR, ISO27k. Developed the SIEM use cases based on MITRE ATT&CK and mapped those use cases to NIST CSF and back to all global security standards. Imported tuned and created use cases to reduce the workload for the GRC staff. Planned, developed, and implemented all aspects in response to use cases for the siem setup and implementation. Documented the concepts of use cases and the successful alarms or triggers combined with company documentation requirements. Documented incidents based on a custom combination of MITRE ATT&CK and Cyberkill Chain for management, technology staff and security staff to understand the missing gaps. Explained security concepts with comparison of basic human understanding (for example: comparing Corona Warn App to the use of IOC, or explaining threat landscape with Soccer).
08/2020
-
10/2021
Manager Offensive Security
BDO Cybersecurity
BDO Cyber Security (Munich, Germany) planned business plans for Offensive Security. Standardised Offensive Security documentation process. Defined Red Teaming, Different types of penetration testing engagements, and social engineering testing. Part of or managed testing engagements for various customers within many industries. Spoke with customer stakeholders about the findings and provided customers with recommendations for fixing the findings. Conducted retesting as needed by customers. Explained to both internal and externals about how testing engagements provide details about good and bad SOC habits. Developed a finding ID tracking system which mapped findings back to customers policies, documentations and guidelines.
01/2019
-
08/2020
Senior Manager (f/m/d) Information Security (CISO)
Developed a vulnerability management program. Explained to top level management, and other mission partners on the best practices of implementing Security and Privacy by design. Developed Risk Management Framework that mapped to GDPR, BSD Neu, GSDVO, and other international requirements and back to the framework. Identified a server environment which needs care. Conducted application testing and explained to business partners how to fix the problems. Conducted incident analysis and explained how the Kill Chain broke down. Developed, implemented, designed, tested and deployed Splunk Servers and infrastructures. Imported Log sources from applications, Servers (windows, and linux), Clients, Cloud Systems as well as other log locations. Developed Use-Cases for other departments such as privacy, and regulatory. Explained to the Work Council the importance of monitoring systems with comparing children, libraries and the need for those children to read and a Live Hack in front of them.
08/2017
-
12/2018
Sr. Pentester
Conducted white-box pentesting engagements against applications and networks. The assessments ranged from researching published vulnerabilities to looking for unknown vulnerabilities. Documented deficiencies identified during application, and network assessments. Explained to customers the issues
identified and how they can improve the security posture of their networks, and applications. Helped with the incident response after a customer incident. Spoke at the Daimler Global Security conference about Cyber-Killchain and how to use the model.
05/2017
-
08/2017
Director of Offensive Security
Served as a Director of Offensive Security (JR Executive). Developed the redteam operations for both knowledge and nonknowledge redteam engagements. Built the templates for redteam questionnaire, rules of engagements and other documentation used for redteam engagements. Conducted Social Engineering attack through the means of email (spear phishing, and whaling), vishing, or in person. Developed the external network used for redteam engagements (servers, workstations, and email systems). Conducted all meetings with customers to keep them informed of the processes and stages. Conducted meetings with the CISO, and Deputy CISO, and other mission partners to explain the findings from the redteam, and pentesting engagement. Additionally, provided information or demonstrations on the risk of redteam finding, or other vulnerabilities reported within the industry. Explained to higher management very complexe cyber security problems in a simple and clear but very understandable way. Directed a team of offensive security read team and pentesters members, and provided operational support to the Security Operation Center (SOC). Provided support for other directors while absent. Mapped all security findings to RMF controls for proper documentation. Conducted interviews for possible candidates. Meet with internal and external partners
12/2016
-
05/2017
Director of Cybersecurity Eng SOC
Reviewed system, tools, application and provided information on improvements. Responded to security events to include analysing data to understand the event, and provide steps to stop the kill chain of similar attacks. Explained to executive management the attacks and how to mitigate similar attacks. Reported all other work directly to the CISO. Conducted review of current topology, tools, and made plans to improve the security posture of the Bank. Improved the end-point (Server and Client systems) security by over 95% to improve the overall security posture of the network. Explained areas missing to higher management, and how to improve those missing aspects by using current tools or tools that were missing. Showed to other managers how current implemented applications can be abused and used for Social Engineering attacks, data extraction as well as other aspects. Made recommendations to separate internal or trusted email sources from unknown or non-trusted sources to reduce the impact of Social Engineering campaigns. Helped with the development and implementation of a better security training program which showed real world attack and how users can protect themselves. Implemented a Social Engineering attack plan and an after action training program for users. Developed a plan for Web Application scanning and implementation of a Web Application Firewall (WAF).
09/2015
-
12/2016
Sr Security Engineer and Sr Pentester
Worked as a Pentester, and SR Security Engineer. Developed social engineering plans, engagements, and conducted attacks. Used all stages of a cyber attack to test the system, and reported on findings. Used the attacks on one customer to develop security controls for another customer. Developed, implemented, and tested Splunk, McAfee SIEM, McAfee IPS, McAfee ePO products for 40,000+ Systems. Used various systems to develop a reporting, and alerting for mapping security controls to Continue Monitoring strategy which was used by system owners, SOC Operators, and other users. Conducted training for SOC analysts, and other end-users on the use of Splunk, and other SOC tools. Used Cloud systems, for Pentesting, and development of other Security tools. Administered VMWare environment with 10+ ESXi host.
05/2014
-
09/2015
IT Security Engineer
Security Engineer conducted all operations of security tools. Conducted whitehat, and blackhat testing of 800+ WEBSites. Located, identified, and explained major issues with the public facing websites. Mapped all findings to NIST, and OWASP to better explain the best practises. Improved, and documented security tools to meet federal requirements for NIST and other regulations. Developed early warning / alerting systems based on application, software, and operating systems to proactively notify other team members of vulnerabilities before other department notifications.
07/2007
-
05/2014
Information Assurance Manager
Deployed System hardening of all radio, TV Automation Systems, and other endpoints based on Group Policies and Department of Defense (DoD) requirements. Troubleshoot end user problems, Documented current systems, improved policies, and explained to higher management on security requirements. Provided over the phone, and remote assistance for end users. Implemented NIST standards, and documented all requirements for assessments. Insured documentation matched the network, systems, and requirements. Tracked user training to maintain accreditation.
03/2007
-
07/2007
IT Specialist
Provided support to end users for MS Windows Operating Systems, Office Products, Application, and across different endpoint systems. Built a system baseline for new hardware. Used the baseline image to deploy to new hardware. Remotely change emergency account password on a 90 day window.
09/2000
-
09/2006
IT Specialist
Provided support to the military units on varying systems. Troubleshoot desktop, servers, and other communication systems. Installed applications, and hardware for end-users
Reisebereitschaft
Verfügbar in den Ländern
Deutschland
