Profiles search
Steven H.
VP security operations
United States
Details
Education:
Associate of Science - AS
Munitions Systems/Ordinance Technology
Community College of the Air Force
1989
Munitions Systems/Ordinance Technology
Community College of the Air Force
1989
Experience:
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
Provides correlation and trending of Program’s cyber incident activity
Create TTPs, AARs, and ability to do deep dive investigations on complex incidents.
Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SEIM run books and training documentation.
Acts as the service owner for security operations and monitoring.
Confirming event collection, enrichment, and correlation, and escalating issues to a separate SIEM engineering team.
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
2022 : Present
BNY Mellon
Vice President Information Security
Manages SOC, CIRT, Network Security (firewall team), Splunk team, and forensic team.
Introduced new processes to allow for quicker mitigation and containment.
Assisted with a rewrite of CIRP in support of new IT and Cyber direction.
Principal in moving outsourced firewall support to internal firewall support.
Replacing outdated outsourced Splunk for Cloud Splunk and full SIEM support internally.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SIEM runbooks and training documentation.
Supports various audits, GSOC requests, and legal requests.
Assists in the evaluation of new products, tools, and procedures.
Manages 10 direct reports and one intern(summer only).
Evolving the current processes to Cloud-based monitoring and support. (M365 and cloud migration is a multiyear project)
2020 : 2022
Corning Incorporated
Incident response / SOC Manager
Manages SOC/CSIRT and forensic programs.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SEIM run books and training documentation.
Acts as the service owner for security operations and monitoring.
Advice on strategy and convert them into policies and standards.
Supporting various audits and legal requests.
Supports various legal and HR forensic needs.
Training and educating senior-level execs and managers on the ROI and value the Cyber program offers.
Creating SOAR run books.
Creates policies and rules in Proofpoint.
Participates in various PCI, SOX, and SOX2 audits.
2019 : 2020
7-Eleven
Senior Cyber Security Operations Lead
Assisting and building/consulting an incident response program for an undisclosed medical client, heavy with HIPAA.
Research, develop various dashboards and queries in Splunk for analyst need to decrease triage time.
Create new processes to streamline cyber response and allow for quicker mitigation and containment.
Assist in the evaluation of new products, tools, and procedures.
Consult with clients on how to determine what is critical to their business.
Introduce new reports that streamline effectiveness.
Investigate network intrusions and other cybersecurity breaches to determine the cause and extent of the breach.
2018 : 2019
NTT DATA Services
Cyber Security Associate Director
Promoted to IAM- neutral control manager to assist in the audit, security, and legal review of cyber requirements.
————————
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
Provides correlation and trending of Program’s cyber incident activity
Create TTPs, AARs, and ability to do deep dive investigations on complex incidents.
Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SEIM run books and training documentation.
Acts as the service owner for security operations and monitoring.
Confirming event collection, enrichment, and correlation, and escalating issues to a separate SIEM engineering team.
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
2017 : 2018
BNY Mellon
Vice President Information Security - SOC manager
Provides correlation and trending of Program’s cyber incident activity
Create TTPs, AARs, and ability to do deep dive investigations on complex incidents.
Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SEIM run books and training documentation.
Acts as the service owner for security operations and monitoring.
Confirming event collection, enrichment, and correlation, and escalating issues to a separate SIEM engineering team.
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
2022 : Present
BNY Mellon
Vice President Information Security
Manages SOC, CIRT, Network Security (firewall team), Splunk team, and forensic team.
Introduced new processes to allow for quicker mitigation and containment.
Assisted with a rewrite of CIRP in support of new IT and Cyber direction.
Principal in moving outsourced firewall support to internal firewall support.
Replacing outdated outsourced Splunk for Cloud Splunk and full SIEM support internally.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SIEM runbooks and training documentation.
Supports various audits, GSOC requests, and legal requests.
Assists in the evaluation of new products, tools, and procedures.
Manages 10 direct reports and one intern(summer only).
Evolving the current processes to Cloud-based monitoring and support. (M365 and cloud migration is a multiyear project)
2020 : 2022
Corning Incorporated
Incident response / SOC Manager
Manages SOC/CSIRT and forensic programs.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SEIM run books and training documentation.
Acts as the service owner for security operations and monitoring.
Advice on strategy and convert them into policies and standards.
Supporting various audits and legal requests.
Supports various legal and HR forensic needs.
Training and educating senior-level execs and managers on the ROI and value the Cyber program offers.
Creating SOAR run books.
Creates policies and rules in Proofpoint.
Participates in various PCI, SOX, and SOX2 audits.
2019 : 2020
7-Eleven
Senior Cyber Security Operations Lead
Assisting and building/consulting an incident response program for an undisclosed medical client, heavy with HIPAA.
Research, develop various dashboards and queries in Splunk for analyst need to decrease triage time.
Create new processes to streamline cyber response and allow for quicker mitigation and containment.
Assist in the evaluation of new products, tools, and procedures.
Consult with clients on how to determine what is critical to their business.
Introduce new reports that streamline effectiveness.
Investigate network intrusions and other cybersecurity breaches to determine the cause and extent of the breach.
2018 : 2019
NTT DATA Services
Cyber Security Associate Director
Promoted to IAM- neutral control manager to assist in the audit, security, and legal review of cyber requirements.
————————
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
Provides correlation and trending of Program’s cyber incident activity
Create TTPs, AARs, and ability to do deep dive investigations on complex incidents.
Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
Author Standard Operating Procedures (SOPs) and training documentation.
Author SEIM run books and training documentation.
Acts as the service owner for security operations and monitoring.
Confirming event collection, enrichment, and correlation, and escalating issues to a separate SIEM engineering team.
Triaging alerts to eliminate false positives, including analysis of network data and endpoint data in both structured and unstructured methods.
2017 : 2018
BNY Mellon
Vice President Information Security - SOC manager
Company:
BNY Mellon
Years of Experience:
13
Spoken Language:
Danish, English
About
Mr. Hull has more than twenty years of security operations experience and has a strong incident response and operations experience. He has demonstrated the ability to analyze operations and make strategic decisions to identify existing and potential problems and take corrective actions. Mr. Hull also possesses a strong technical background and takes on additional training as well as attends various conventions to enhance performance.
Profile Photo
