Profiles search
Alan F.
Cybersecurity Analyst/Engineer
Boston, MA, United States
Details
Experience:
While working Enterprise Cybersecurity- Internal Audit Engagement :
• Combine traditional cybersecurity analysis with auditing methodologies to gain a wholistic view of IT systems and associated risk
• Conduct Control-Risk-Assessments (CRAs) using the Factor Analysis of Information Risk (FAIR) methodology
• Routine NIST assessments
• Collaborate with stakeholders within various Product Areas to prepare different business units for external auditing
• Work closely with GRC to fine-tune assessments based on regulatory nuances when assessing different Product Areas
2023 : Present
Fidelity Investments
Cybersecurity Risk Analyst
While working in the Security Operations Center (SOC),
• Respond to security incidents and tickets
• Document runbooks and playbooks to outline incident response and threat escalation protocol for users
• SIEM using Splunk to monitor the IT infrastructure, and investigate potential IOCs
• Issue cybersecurity recommendations to business leaders based on industry best-practices and security frameworks such as National Institute of Standards and Technology (NIST)
• Corporate email defense and triaging phishing/malware incidents through Proofpoint (TAP, TRAP, IMD, POD) and ServiceNow (SNOW)
• Remediate incidents, patch endpoints/servers, and identify key vulnerabilities through Rapid7 InsightVM
2022 : 2023
Cengage Group
Jr. Cybersecurity Analyst (SOC)
Tech startup where I gained a part time role consulting with stakeholders
• Training company owners on use of FDE (Veracrypt and LUKS)
• Demonstrated proof of concept for common cybersecurity threats in the cryptocurrency domain as well as the applications of the CIA Triad based on the NIST Cybersecurity Framework
2021 : 2022
STARGATE VENTURES
Security Analyst and Technical Writer
Penetration Testing (Red Team & Blue Team) :
Gained experience with security tools and exploited the following vulnerabilities : SQL Injection, XXE, LFI, Sensitive Data Exposure, SSI, Broken Access Control, Insecure Configurations, Application Logic Flaws, Log4J, and Kernel Exploits. Each vulnerability was patched on CISA and NIST guidance.
Cyber Defense (Blue Team) :
Spawned a web server with a MySQL database back-end using vulnerable PHP plugins and successfully exploited the database using Sqlmap. Then, by updating the PHP APIs, using prepared statements, and sanitizing user-input, I nullified the SQL injection attack-vector. Further research included a project on DMZs for webservers, and ways to mitigate automated attacks to increase bandwidth availability and decrease the impact of DDOS attacks.
2019 : 2021
Home Lab Experience
Cyber Security Analyst Practice
• Combine traditional cybersecurity analysis with auditing methodologies to gain a wholistic view of IT systems and associated risk
• Conduct Control-Risk-Assessments (CRAs) using the Factor Analysis of Information Risk (FAIR) methodology
• Routine NIST assessments
• Collaborate with stakeholders within various Product Areas to prepare different business units for external auditing
• Work closely with GRC to fine-tune assessments based on regulatory nuances when assessing different Product Areas
2023 : Present
Fidelity Investments
Cybersecurity Risk Analyst
While working in the Security Operations Center (SOC),
• Respond to security incidents and tickets
• Document runbooks and playbooks to outline incident response and threat escalation protocol for users
• SIEM using Splunk to monitor the IT infrastructure, and investigate potential IOCs
• Issue cybersecurity recommendations to business leaders based on industry best-practices and security frameworks such as National Institute of Standards and Technology (NIST)
• Corporate email defense and triaging phishing/malware incidents through Proofpoint (TAP, TRAP, IMD, POD) and ServiceNow (SNOW)
• Remediate incidents, patch endpoints/servers, and identify key vulnerabilities through Rapid7 InsightVM
2022 : 2023
Cengage Group
Jr. Cybersecurity Analyst (SOC)
Tech startup where I gained a part time role consulting with stakeholders
• Training company owners on use of FDE (Veracrypt and LUKS)
• Demonstrated proof of concept for common cybersecurity threats in the cryptocurrency domain as well as the applications of the CIA Triad based on the NIST Cybersecurity Framework
2021 : 2022
STARGATE VENTURES
Security Analyst and Technical Writer
Penetration Testing (Red Team & Blue Team) :
Gained experience with security tools and exploited the following vulnerabilities : SQL Injection, XXE, LFI, Sensitive Data Exposure, SSI, Broken Access Control, Insecure Configurations, Application Logic Flaws, Log4J, and Kernel Exploits. Each vulnerability was patched on CISA and NIST guidance.
Cyber Defense (Blue Team) :
Spawned a web server with a MySQL database back-end using vulnerable PHP plugins and successfully exploited the database using Sqlmap. Then, by updating the PHP APIs, using prepared statements, and sanitizing user-input, I nullified the SQL injection attack-vector. Further research included a project on DMZs for webservers, and ways to mitigate automated attacks to increase bandwidth availability and decrease the impact of DDOS attacks.
2019 : 2021
Home Lab Experience
Cyber Security Analyst Practice
Company:
Fidelity Investments
About
Holding a BS in Information Technologies, with a concentration in Cybersecurity. Began working incident-response in a Security Operations Center, and am now working as a Cybersecurity Risk Analyst in Internal Audit. I have experience in a cross-platform environment performing Windows and Linux administration. Working knowledge of BASH scripting, Python, SQL, and various security tools. Penetration testing experience includes exploits for Log4j, Overlayfs, LFI, and XSS, among others from the OWASP top 10 cyber threats. Experienced in FAIR and NIST analysis, particularly NIST 800-53 and CSF. I stand for a free and neutral internet, and aim to safeguard the confidentiality, integrity, and availability of information systems.
Profile Photo
