Profiles search
Tom Ona
Security Consultant at Tata Consultancy Services
Minneapolis, MN, United States
Details
Experience:
• Create and tune security alerts for Security Operations Center (SOC). Track results of tuning for reduction of false positive alerts. Update SOC playbooks.
• Review L1 incidents and respond as needed to escalated security incidents. Update SOC playbooks.
• Track action items and escalations for daily and weekly metrics.
• Provide discussion items for daily SOC daily operations call and weekly meetings with client L2 and L3 teams.
• Maintain Splunk Health including log sources and security alerts. Perform audit of alerts. Fix broken alerts from migration, parsing changes, upgrades.
• Work with other teams on log source integration for Splunk. Expanded DMZ log sources. Identified and fixed gaps in logging.
• Worked as part of a team to migrate previous SIEM to Splunk (2021)
2020 : Present
Tata Consultancy Services
Senior Information Security Consultant (Insurance Industry)
System Information and Event Management (SIEM) Expert
• Deploy and migrate security monitoring to LogRhythm SIEM solution (6/15).
• Expand LogRhythm hardware to increase indexed logs capacity
• Responsible to lead team for security and engineering activities for System Information and Event Management (SIEM) function.
• Responsible for upgrades, maintenance, and support for LogRhythm.
• Evaluate, collect, parse logs for Cargill, 3rd party vendors, and acquisitions.
• Collaborate with other teams as needed for testing or review of log sources.
• Experience with ELK (Elastic, Logstash, Kibana) components including log collection and parsing review.
2014 : 2020
Tata Consultancy Services
Senior Information Security Consultant (Cargill)
• Responsible for upgrades, maintenance, and support for IBM QRadar System Information and Event Collection (SIEM).
• Design new custom rules, alerts and tune system for Cargill Security Incident Response Team.
• Evaluate, collect, and parse logs from various sources at Cargill including network (flows, firewalls, VPN Gateways), Security (IDS, antivirus), and servers (active directory, exchange), etc. Team with other departments to ensure log sources are accurate.
• Collaborate with Security Incident Response Team on incidents.
2012 : 2014
Cargill
Senior Security Analyst, Technology Governance Risk and Controls – Engineering
• Responsible for security incidents globally utilizing various security tools (SIEM, Intrusion Detection, Antivirus, Data Loss Prevention, etc).
• Discovered foreign traffic on internal network through network flow analysis which led to security improvements with vendors.
• Completed extensive tuning of SIEM alerts. Enabled team to focus on valid alerts.
• Investigated anomalies that involved network traffic, authentication, zero day malware, and other threats.
• Investigated phishing attacks to determine number of users affected, related malware infections, and URL’s to be blocked.
• Collaborated with Security Engineering to create custom rules and alerts.
• Tracked security incidents in Archer or Remedy (Viatil).
• As an ITIL change planner, trained team members to ensure change and peer review processes were being followed.
2011 : 2012
Cargill
Senior Security Analyst, Technology Governance Risk and Control, Security Incident Response
• Designed, implemented, and supported Checkpoint firewalls, Cisco routers, and Microsoft ISA web proxies.
• Technical lead for Remote Access services (IPSEC, SSL, SecurID, Radius) for 10,000+ users and 250+ third party vendors.
• Redesigned remote access solution adding dedicated firewalls which resulted in increased security for non-Cargill connections and future growth.
• Improved security for third party users by designing internal remote access audit procedures for my team.
• Led move of 3rd party firewall connections to a new data center.
• Mentored and trained others on both remote access and firewall technologies which improved compliance with Cargill’s policies.
• Collaborated with Risk and Control Department to design global policies for Remote Access services.
• Partnered with Web Development Team to design and maintain a registration web site for remote access services. Website automation improved enforcement of policies before request submittal.
• Created, maintained and audited firewall policies for Internet, 3rd parties, Joint Ventures, and Acquisitions. Used firewall monitoring tools such as Tufin.
2004 : 2011
Cargill
Senior Network Analyst
• Review L1 incidents and respond as needed to escalated security incidents. Update SOC playbooks.
• Track action items and escalations for daily and weekly metrics.
• Provide discussion items for daily SOC daily operations call and weekly meetings with client L2 and L3 teams.
• Maintain Splunk Health including log sources and security alerts. Perform audit of alerts. Fix broken alerts from migration, parsing changes, upgrades.
• Work with other teams on log source integration for Splunk. Expanded DMZ log sources. Identified and fixed gaps in logging.
• Worked as part of a team to migrate previous SIEM to Splunk (2021)
2020 : Present
Tata Consultancy Services
Senior Information Security Consultant (Insurance Industry)
System Information and Event Management (SIEM) Expert
• Deploy and migrate security monitoring to LogRhythm SIEM solution (6/15).
• Expand LogRhythm hardware to increase indexed logs capacity
• Responsible to lead team for security and engineering activities for System Information and Event Management (SIEM) function.
• Responsible for upgrades, maintenance, and support for LogRhythm.
• Evaluate, collect, parse logs for Cargill, 3rd party vendors, and acquisitions.
• Collaborate with other teams as needed for testing or review of log sources.
• Experience with ELK (Elastic, Logstash, Kibana) components including log collection and parsing review.
2014 : 2020
Tata Consultancy Services
Senior Information Security Consultant (Cargill)
• Responsible for upgrades, maintenance, and support for IBM QRadar System Information and Event Collection (SIEM).
• Design new custom rules, alerts and tune system for Cargill Security Incident Response Team.
• Evaluate, collect, and parse logs from various sources at Cargill including network (flows, firewalls, VPN Gateways), Security (IDS, antivirus), and servers (active directory, exchange), etc. Team with other departments to ensure log sources are accurate.
• Collaborate with Security Incident Response Team on incidents.
2012 : 2014
Cargill
Senior Security Analyst, Technology Governance Risk and Controls – Engineering
• Responsible for security incidents globally utilizing various security tools (SIEM, Intrusion Detection, Antivirus, Data Loss Prevention, etc).
• Discovered foreign traffic on internal network through network flow analysis which led to security improvements with vendors.
• Completed extensive tuning of SIEM alerts. Enabled team to focus on valid alerts.
• Investigated anomalies that involved network traffic, authentication, zero day malware, and other threats.
• Investigated phishing attacks to determine number of users affected, related malware infections, and URL’s to be blocked.
• Collaborated with Security Engineering to create custom rules and alerts.
• Tracked security incidents in Archer or Remedy (Viatil).
• As an ITIL change planner, trained team members to ensure change and peer review processes were being followed.
2011 : 2012
Cargill
Senior Security Analyst, Technology Governance Risk and Control, Security Incident Response
• Designed, implemented, and supported Checkpoint firewalls, Cisco routers, and Microsoft ISA web proxies.
• Technical lead for Remote Access services (IPSEC, SSL, SecurID, Radius) for 10,000+ users and 250+ third party vendors.
• Redesigned remote access solution adding dedicated firewalls which resulted in increased security for non-Cargill connections and future growth.
• Improved security for third party users by designing internal remote access audit procedures for my team.
• Led move of 3rd party firewall connections to a new data center.
• Mentored and trained others on both remote access and firewall technologies which improved compliance with Cargill’s policies.
• Collaborated with Risk and Control Department to design global policies for Remote Access services.
• Partnered with Web Development Team to design and maintain a registration web site for remote access services. Website automation improved enforcement of policies before request submittal.
• Created, maintained and audited firewall policies for Internet, 3rd parties, Joint Ventures, and Acquisitions. Used firewall monitoring tools such as Tufin.
2004 : 2011
Cargill
Senior Network Analyst
Company:
Tata Consultancy Services
About
I/T Security professional with 10+ years of experience. Strong interest in security engineering and operations. Solid understanding of large enterprise networks. Experienced at writing custom security rules in SIEM. Skilled at maintaining security with 3rd Party vendors, Joint Ventures, and acquisitions. Provide leadership for other Security Engineers.
Tools: LogRhythm, QRadar System Information and Event Collection (SIEM), ELK
Past experience: Checkpoint Firewalls, Tufin, Web Proxy, Remote Access VPN, RSA SecurID, Cisco routers.
Profile Photo
