Profiles search
James A.
Sr. Engineer, Cybersecurity Advanced Threat at Travel + Leisure Co.
United States
Details
Education:
Master of Science - MS
Cyber Operations
University of Maryland Global Campus
2023
Informations Systems Technology
Community College of the Air Force
2020
Bachelor’s Degree
Cybersecurity
University of Maryland University College
2012 : 2017
Cyber Operations
University of Maryland Global Campus
2023
Informations Systems Technology
Community College of the Air Force
2020
Bachelor’s Degree
Cybersecurity
University of Maryland University College
2012 : 2017
Experience:
• Create, update, and maintain signatures/triggers in the deployed endpoint tool for detecting current and new/emerging threats
• Identify needs for new technologies and solutions as needed based on threats and security concerns; Review, recommend solutions, and lead deployment for best course of action to minimize production outages and costs
• Hunt for threats throughout the enterprise, to include misconfigurations, actors, and malware
• Track cyber threats for countermeasure development and deployment in various appliances, such as firewalls, NIDS, EDR, and host level configurations
• Utilize open source intelligence and tippers to enrich data to aid investigations and incident response
• Research emerging threats, Common Vulnerabilities and Exposures (CVE), and newly released zero-day threats to recommend mitigation actions
• Develop and lead implementation of plans for upgrading and deploying security appliances/tools
• Propose change and implementation to overall security posture while providing oversight during deployment of new solutions
2018 : Present
Travel + Leisure Co.
Sr. Engineer, Cybersecurity Advanced Threat
Current MD ANG Member
Cyber Protection Team Feb 2016 – Present
• Demonstrate an ability to methodically and pro-actively analyze problems and offer solutions.
• Develop and employ TTPs and methodologies for emulating attack vectors and conduct in-depth forensics analysis on AF/DoD systems
• Plan and lead execution of mission elements towards achieving the desired end state of higher headquarters
• Maintains proficiency in common cyber threat terminology, methodologies, incident response, and current events
• Enforce national, DoD, and Air Force security policies and directives; employ hardware and software tools to enhance the security by installing, monitoring, and directing proactive and reactive information protection and defensive measures to ensure Confidentiality, Integrity, and Availability (CIA) of IT resources
• Identify potential threats and manage resolution of security violations
• Establishes performance standards, training, and conducts evaluations to ensure personnel are proficient, mission qualified, and always ready for the mission
2005 :
United States Air Force
Cyberspace Operations NCO
• Communicate and coordinate Defensive Cyberspace Operations (DCO) between teams within the Army Cyber Command (ARCYBER)
• Track and investigate malicious threat actor(s) actions and attempts to compromise the network/hosts, analyze the events, and document the Tactics, Techniques, and Procedures (TTPs)
• Utilize SIEM, EDR, HIPS, and big data platform (BDP) to hunt for network intrusions, malware, and vulnerabilities from insider threats and external actors, analyze results, and recommend mitigation and remediation of the event(s) to ensure network integrity
• Research emerging threats, CVEs, and newly released zero-day threats to recommend mitigation actions
• Report network security incident to higher authority as required by regulation, policy, or law
• Support LE/CI personnel as requested
• Create new content and signatures to alert on new and emerging threats based on behavioral findings
• Monitor sensor signature baseline and facilitate global working group to tune and provide capabilities to all subordinate units
2017 : 2018
US Army
Threat Analyst
• Selected to move from sub to prime into the team lead role; led a team of five threat analysts, to include training, supervision, and mentorship
• Coordinate resolution of threat events and security incidents while maintaining communication lines with military leadership within the ops center.
• Develop Standard Operating Procedures (SOPs) for the Attack Sensing & Warning team and ensure continuity and standards
• Communicate and coordinate Defensive Cyberspace Operations (DCO) between teams within the Army Cyber Command (ARCYBER)
• Utilize SIEM, EDR, HIPS, big data platform (BDP), and other network sensors to hunt for network intrusions, malware and vulnerabilities - from insider threats and external actors, analyze results, and recommend mitigation and remediation of the event(s) to ensure network integrity
• Review Forensic & Malware Analysis reports for indicators and recommend any additional actions for prevention and remediation of vulnerabilities/bad practices
• Perform operational information assurance activities in a computing, network, or enclave environment
• Observe NIST 800-53 security controls and respond to security incidents in accordance with policy/laws
• Performs routine IA administrative tasks in accordance with applicable instructions and pre-established guidelines
2016 : 2017
Booz Allen Hamilton
Cyber Threat Analyst
• Coordinate resolution of threat events and security incidents while maintaining communication lines with military leadership within the ops center.
• Develop Standard Operating Procedures (SOPs) for the Attack Sensing & Warning team and ensure continuity and standards
• Communicate and coordinate Defensive Cyberspace Operations (DCO) between teams within the Army Cyber Command (ARCYBER)
• Utilize SIEM, EDR, HIPS, big data platform (BDP), and other network sensors to hunt for network intrusions, malware and vulnerabilities - from insider threats and external actors, analyze results, and recommend mitigation and remediation of the event(s) to ensure network integrity
• Review Forensic & Malware Analysis reports for indicators and recommend any additional actions for prevention and remediation of vulnerabilities/bad practices
• Perform operational information assurance activities in a computing, network, or enclave environment
• Observe NIST 800-53 security controls and respond to security incidents in accordance with policy/laws
• Performs routine IA administrative tasks in accordance with applicable instructions and pre-established guidelines
2015 : 2016
Insight Global
Cyber Threat Analyst
• Identify needs for new technologies and solutions as needed based on threats and security concerns; Review, recommend solutions, and lead deployment for best course of action to minimize production outages and costs
• Hunt for threats throughout the enterprise, to include misconfigurations, actors, and malware
• Track cyber threats for countermeasure development and deployment in various appliances, such as firewalls, NIDS, EDR, and host level configurations
• Utilize open source intelligence and tippers to enrich data to aid investigations and incident response
• Research emerging threats, Common Vulnerabilities and Exposures (CVE), and newly released zero-day threats to recommend mitigation actions
• Develop and lead implementation of plans for upgrading and deploying security appliances/tools
• Propose change and implementation to overall security posture while providing oversight during deployment of new solutions
2018 : Present
Travel + Leisure Co.
Sr. Engineer, Cybersecurity Advanced Threat
Current MD ANG Member
Cyber Protection Team Feb 2016 – Present
• Demonstrate an ability to methodically and pro-actively analyze problems and offer solutions.
• Develop and employ TTPs and methodologies for emulating attack vectors and conduct in-depth forensics analysis on AF/DoD systems
• Plan and lead execution of mission elements towards achieving the desired end state of higher headquarters
• Maintains proficiency in common cyber threat terminology, methodologies, incident response, and current events
• Enforce national, DoD, and Air Force security policies and directives; employ hardware and software tools to enhance the security by installing, monitoring, and directing proactive and reactive information protection and defensive measures to ensure Confidentiality, Integrity, and Availability (CIA) of IT resources
• Identify potential threats and manage resolution of security violations
• Establishes performance standards, training, and conducts evaluations to ensure personnel are proficient, mission qualified, and always ready for the mission
2005 :
United States Air Force
Cyberspace Operations NCO
• Communicate and coordinate Defensive Cyberspace Operations (DCO) between teams within the Army Cyber Command (ARCYBER)
• Track and investigate malicious threat actor(s) actions and attempts to compromise the network/hosts, analyze the events, and document the Tactics, Techniques, and Procedures (TTPs)
• Utilize SIEM, EDR, HIPS, and big data platform (BDP) to hunt for network intrusions, malware, and vulnerabilities from insider threats and external actors, analyze results, and recommend mitigation and remediation of the event(s) to ensure network integrity
• Research emerging threats, CVEs, and newly released zero-day threats to recommend mitigation actions
• Report network security incident to higher authority as required by regulation, policy, or law
• Support LE/CI personnel as requested
• Create new content and signatures to alert on new and emerging threats based on behavioral findings
• Monitor sensor signature baseline and facilitate global working group to tune and provide capabilities to all subordinate units
2017 : 2018
US Army
Threat Analyst
• Selected to move from sub to prime into the team lead role; led a team of five threat analysts, to include training, supervision, and mentorship
• Coordinate resolution of threat events and security incidents while maintaining communication lines with military leadership within the ops center.
• Develop Standard Operating Procedures (SOPs) for the Attack Sensing & Warning team and ensure continuity and standards
• Communicate and coordinate Defensive Cyberspace Operations (DCO) between teams within the Army Cyber Command (ARCYBER)
• Utilize SIEM, EDR, HIPS, big data platform (BDP), and other network sensors to hunt for network intrusions, malware and vulnerabilities - from insider threats and external actors, analyze results, and recommend mitigation and remediation of the event(s) to ensure network integrity
• Review Forensic & Malware Analysis reports for indicators and recommend any additional actions for prevention and remediation of vulnerabilities/bad practices
• Perform operational information assurance activities in a computing, network, or enclave environment
• Observe NIST 800-53 security controls and respond to security incidents in accordance with policy/laws
• Performs routine IA administrative tasks in accordance with applicable instructions and pre-established guidelines
2016 : 2017
Booz Allen Hamilton
Cyber Threat Analyst
• Coordinate resolution of threat events and security incidents while maintaining communication lines with military leadership within the ops center.
• Develop Standard Operating Procedures (SOPs) for the Attack Sensing & Warning team and ensure continuity and standards
• Communicate and coordinate Defensive Cyberspace Operations (DCO) between teams within the Army Cyber Command (ARCYBER)
• Utilize SIEM, EDR, HIPS, big data platform (BDP), and other network sensors to hunt for network intrusions, malware and vulnerabilities - from insider threats and external actors, analyze results, and recommend mitigation and remediation of the event(s) to ensure network integrity
• Review Forensic & Malware Analysis reports for indicators and recommend any additional actions for prevention and remediation of vulnerabilities/bad practices
• Perform operational information assurance activities in a computing, network, or enclave environment
• Observe NIST 800-53 security controls and respond to security incidents in accordance with policy/laws
• Performs routine IA administrative tasks in accordance with applicable instructions and pre-established guidelines
2015 : 2016
Insight Global
Cyber Threat Analyst
Company:
Travel + Leisure Co.
Years of Experience:
18
Spoken Language:
English
Skills
ArcSight, Customer Service, Cyber-security, Cyber Operations, Cyber Threat Intelligence (CTI), DoD, Help Desk Support, Information Security, Leadership, Management, Military, Mobile Communications, Network Administration, Networking, Network Security, Problem Solving, Security, System Administration, Vulnerability Assessment
About
Cybersecurity professional and current U.S. Air Force National Guard member offering over 17 years of experience in IT and cyber operations. Detail oriented with a strong technical background and history of accomplishing tasks with outstanding quality as a leader. Extensive knowledge of cybersecurity and practical application of network and security devices/best practices, to include installation and configuration. Proven ability to plan, manage, and implement network security measures, policies, and employ capabilities to protect data, software, and hardware. Active security clearance and current Security+ CE and C|EH certifications.
Profile Photo
