Nawaf Abudawaood

Expert
•Log aggregation, data analysis, Splunk queries, dashboard design, correlation queries.
•Set-up and configuration of Splunk ES along with monitoring and reporting using Splunk dashboards.
•Configuration of Splunk in tandem with Snort for a comprehensive SIEM (IDS/IPS).
•Able to use log data from SIEM tools (Splunk, AlienVault) to conduct analysis of Cyber Security incidents.
•Conducts detailed vulnerability analysis and provides support documentation to per NIST Risk Management Framework.
•Understanding control types (administrative controls, technical controls, physical controls).
•Implementing virtualization using VMWare, Virtual Box.
•Using command-line tools in Linux, Windows OS and various tools such as Nessus and Nmap.
•Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
•Responsible for SIEM systems, rules and actions in Snort for incident response and set alerts to intrusion attempts.
•Experience implementing & managing Data Loss Prevention.
•Performs network traffic analysis using Wireshark and manages Firewall Vulnerability with pfSense firewall manager.
•Adheres to NIST guidelines in continuous monitoring as part of Cyber Security program.
•Enforces Cyber Security best practices per NIST guidelines and SOC procedures.
•Executed risk-based Cyber Security audit programs, in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
•Knowledgeable of IAM Concepts and IAM Models; Access Protocols and Account Practices.
•Kerberos Authentication Protocol
•Risk mitigation and use of necessary controls proactively address vulnerabilities and threats, through intrusion detection, controls and security assessment and training.
•Familiar with various cyber security tools including, Splunk/Snort IDS/IPS, Nessus, Wireshark, and Metasploit.
•Expertise in Mobile Security and Access Control Identity Management.
•Understanding of attack scenarios and common vulnerabilities.
•Active in continuously updating knowledge with new security procedures and protocols and adapting to rapid changes in the security landscape.
•Skilled in use of Symantec Endpoint Protection (SEP) and PfSense.
•Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response and Threat Mitigation.
•Experience with policy exceptions with management of Business Unit requesters.
•Experience in risk mitigation and deployment of necessary controls proactively address vulnerabilities and threats, through intrusion detection, controls and security assessment and training.
•Use of different Vulnerability Assessment and Penetration Testing (V.A.P.T.) tools.
•Use of Cyber Kill Chain and Diamond Model in threat intelligence.
•Support of security compliance initiatives and assessments including responses to client security organization audits, questionnaires.
•Strong analytical skills, including the ability to problem solve to make value-added control recommendations.
•Understanding with software and security architectures as well as Intranet and Extranet security practices.
•Experience developing Incident Response Playbooks/Incident Response Plans (IR Plans).
•Experience coordinating annual security exception review process.
•Risk Management using NIST guidelines, Security Assessment and Testing, and Continuous Monitoring.
•Skillful use of industry tools for traffic monitoring such as WireShark and PFSense.
•Assisted with the development of Incident Response Plans (IRP) and implemented tools for each stage.
•Skilled in analysis of results of security, vulnerability and risk management assessments.
•Analyzed cyber security controls and how they align to business objectives.
•Analyze, monitor and identify security risks to determine their impact.
•Trained users on risks, social engineering, security controls and best practices to ensure security and safety of assets.
•Experience in NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.
•Understanding of electronic investigation, forensic tools, and methodologies. Including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes.


EXPERIENCE AND RELATIVE PROJECTS

EXCHANGE HUB LLC: OCT 2021 - CURRENT
SUBJECT MATTER EXPERT (ATLANTA, GA)
•Assisted with Technical Recruiting by interviewing potential employees/consultants to ensure candidates will be successful in Cyber Security and information assurance roles.
•Act as a primary resource and provide detailed/hands-on support to the Cyber Security Engineers working on project at client sites through the United States of America and United Kingdom.
•Provided mentorship to ensure value-add at client site.
•Prepared training modules to mock interview situations to enhance the learning process provided by the company.
•Interacted with the company’s Executives and Sales team to ensure that projects and employees are appropriately matched to assignments.
•Prepped consultants for interviews for spice assignments involving development and Implementation of Cyber Security.
•Responsible for the design, development, and maintenance of the company’s Cyber Security training materials.
•Assisted in training and cyber security awareness to organization staff.
•Applied qualitative and quantitative risk assessment methods.
•Identified and modeled information and network security risks. Control Identity and Access Management.
•Articulated information security risks as business consequences.
•Supported all technical subject matters on Cyber Security, while also overseeing information assurance internally.
•Used in Advanced threat protection, PKI, and Cryptography.
•Experienced with Endpoint Detection and Response, Software integrity, Access control, and volume forensics, Authentication, File encryption, Volume encryption, Network monitoring, POP, DNS, Email security, Network crypto, and Certificates.
•Used top Frameworks and Standards (NIST/ITIL/ PCI DSS/ISO/CIS)
•Experienced in using SIEM Tools (Splunk, Qradar, AWS Guard Duty, Azure Sentinal, Alien Vault, and ArcSight)
•Performed incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
•Responsible for making suggestions to change playbooks to keep up with the changing threat landscape.
•Fine-tuned and analyzed SIEM and its events to identify trends and potential vulnerabilities.
•Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.
•Hands-on SIEM tools to protect organization from threats and cyber security attacks. Also, created and modified Use cases for Splunk.
•Evaluated, recommended the acquisition of, implemented, and disseminated IT security tools, procedures, and practices to protect information assets.
•Responded to intrusions and threats detected by endpoint security tools.
•Performed security vulnerability assessments and penetration tests to ensure environment and data were secure as well as satisfying regulatory compliance requirements.
•Met with respective Business OU to discuss updates to DLP policies and rules.
•Performed log correlation analysis using Splunk and implemented risk and threat mitigation processes.
•Responded to computer security incidents and coordinated efforts to provide timely updates to multiple business units during response.
•Utilized Splunk to support dashboard, report, and other capabilities to support the Cyber Security Program.
•Monitored and analyzed SIEM events to identify trends and potential vulnerabilities.
•Collaborated with system owners, senior management (CIO, CISO etc., ) and executive leadership to determine remediation strategies. Experience in Office 365 Protection to investigate and remediate phishing threats.
•Assisted I.T staff with understanding and resolving system vulnerabilities.
•Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.
•Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.
•Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.
•Used Nessus to run scans on operating systems and applications to identify vulnerabilities and compliance.
•Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.

(ATLANTA, GA)
•Used log data from SIEM tools (Splunk and Qradar) to conduct analysis of cyber incidents.
•Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.
•Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.
•Documented policies and procedures in support of Risk Management Framework (RMF) process.
•Worked with security compliance policies, programs, processes, and metrics.
•Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
•Monitored the general support system for vulnerabilities and threats including patch management, weak password settings, and weak configuration settings.
•Reviewed the PAOM to validate the items uploaded in the POAM tracking tools supported the closed findings and coordinated promptly with stakeholders to ensure timely remediation of security weaknesses.
•Conducted system security evaluations and assessments, documented, and reported security findings using NIST 800 guidance per the continuous monitoring requirements.
•Researched emerging threats and vulnerabilities to aid in the identification of network incidents.
•Implemented deep drive analyses on alerts received from Splunk and took actions on remediation process.    
•Participated in the creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer.
•Performed incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. 
•Evaluated, recommended the acquisition of, implemented, and disseminated IT security tools, procedures, and practices to protect information assets. 
•Responded to intrusions and threats detected by endpoint security tools.
•Performed security vulnerability assessments and penetration tests to ensure environment and data were secure as well as satisfying regulatory compliance requirements.
•Met with respective Business OU to discuss updates to DLP policies and rules. 
•Performed log correlation analysis using Splunk and implemented risk and threat mitigation processes. 
•Responded to computer security incidents and coordinated efforts to provide timely updates to multiple business units during response. 
•Utilized Splunk to support dashboard, report and other capabilities to support the Cyber Security Program. 
•Monitored and analyzed SIEM events to identify trends and potential vulnerabilities. 
•Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.
•Worked with NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.
•Worked with IT teams to assess weaknesses, identify solutions and develop security policies.
•Completed Threat Intelligence using Cyber Kill Chain, MITRE Attack Framework and Diamond Model.
•Delivered accurate and expedient handling of end-user support requests.
•Created, maintained, and enforced Information Security Policies and Procedures in compliance with PCI-DSS regulations and NIST cyber security best practices.
•Identified and evaluated foreign communications for intelligence purposes, mission support and the handling of classified communications for threat intelligence.
•Conducted open-source research to find new threats and IOCs.
•Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level.
•Adhered to Response Playbooks/Incident Response Plans (IR Plans) used by SOC team, wrote threat reports and manage recommendations with affected stakeholders.
•Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.
•Created a formal Cyber Weekly Report for reporting to Senior Management/Executives.
•Provided Cyber Security support for complex computer network exploitation and defense techniques and conducted e-mail analysis on suspicious e-mails.
•Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.
•Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external web integrity scans to determine compliance.

(Colorado Springs, CO)
•Assisted up to 50 Computer Science students in 2 courses by explaining programming assignments in JavaScript and PHP, leading to a 100% pass rate for all individuals tutored.
•Supported engineering professors by grading over 120 assignments for the Mobile Web Development course through code validation.

(Colorado Springs, CO)
•Performed tests including SQL injection on websites that contained secured data modified by unauthorized users through the command-line injection and cross-site scripting language.
•Patched websites after finding vulnerabilities.

C for Socket programming to connect servers with clients using TCP and UDP. Ensured transferred data by dividing the files into small packets and delivered packets in an efficient way. Identified unsecured ports to recognize the server and the client were protected from unauthorized access.

CRYPTOGRAPHY: PRIVATE AND PUBLIC KEYS CREATION (Colorado Springs, CO)
•Performed calculations on programs to get cryptographic keys that are secured with an approval of a certificate authority that provided a digital signature for user’s authentication on the secured network for authentication, non-repudiation, and integrity.