Profiles search
Dave Carrill
Senior Cyber Security Engineer / Senior Information Security Analyst
Brighton, MI, United States
Details
Experience:
Develop, deploy, and maintain vulnerability scanning architecture. Create and deliver complex security reports to appropriate teams and assist & advocate for remediation efforts. Validate and approve false positive, risk acceptance, and security exception tickets. Perform third party risk management assessments. Escalation point and mentor for team members.
Key Accomplishments :
• Implemented and maintained Symantec DLP solution throughout enterprise.
• Documented and streamlined various vulnerability management processes and procedures.
• Greatly increased the scope and quality of logs flowing into SIEM to improve incident response capability. Built custom alerts in SIEM and tuned false positives.
• Successfully migrated from one Managed Detection and Response (MDR) MSSP vendor to another.
2018 : Present
Undisclosed
Senior Information Security Analyst / Engineer
Responsible for the design, implementation, maintenance and integration of cyber security monitoring, detection and prevention equipment. Examples include SIEM, Vulnerability Management, Firewalls, IDS/IPS, etc. Designed defensive security architecture by establishing the logical and physical boundaries that control data transfer between boundaries based on business need and security requirements. Maintained current knowledge of NERC CIP, HIPAA and SOX compliance regulations. Developed security documents, policies and control procedures. Assisted in security assessment requests including developing responses to internal and external audits, penetration tests and vulnerability assessments. Collaborated with others throughout the company to remediate vulnerabilities, assist in testing controls, and suggest configurations to strengthen systems. Mentored junior level team members.
Key Accomplishments :
• Demonstrated computer attacks for management to gain support and resources to fix vulnerabilities using tools like Metasploit, Maltego, oclHashcat, Cain and Abel.
• Prioritized vulnerabilities to enable most effective remediation efforts.
• Cyber Security Incident Response Team Leader for all incident handling.
• Deployed Checkpoint gateways throughout company in both IT and OT environments. Gateways were configured with Intrusion Prevention System (IPS), Gateway Anti-Virus, Threat Emulation (Sandboxing), URL filtering and Firewall all in prevent mode.
• Coordinated annual third party penetration testing. Responsibilities included vendor selection, statement of work, scoping, rules of engagement, and working with other departments to resolve findings.
• Evaluated new projects to ensure cyber security requirements were built in.
• Created phishing program to increase employee awareness and reduce clicks on malicious emails.
2015 : 2018
ITC Holdings Corp.
Senior Cyber Security Engineer
Researched technical and IT security topics; maintained information on industry trends. Developed, documented and maintained IT security systems such as SIEM, Configuration management, vulnerability scanning etc. Periodically reviewed firewall rules and router access control lists. Monitored and reviewed SIEM to identify adverse patterns and coordinated mitigation responses. Communicated with leadership and others within the company, as necessary, to accomplish responsibilities.
Key Accomplishments :
• Tuned false positives, created alerts, cleared offense backlog, and reconciled log sources to ensure comprehensive log coverage for the enterprise with QRadar SIEM.
• Migrated QRadar SIEM environment to new hardware.
• Implemented Tripwire Enterprise from proof of concept to full production across the enterprise in both IT and OT environments for change and configuration management.
• Deployed Rapid7 Nexpose vulnerability scanning solution and migrated data from Qualys.
• Installed, configured, and deployed RedSeal with over 1,000 devices.
2014 : 2015
ITC Holdings Corp.
Cyber Security Analyst
Member of a server infrastructure team supporting over 700 servers. Supported business critical hardware/software. Part of on call rotation responding to incidents 24/7. Responsibilities include project work and operational tickets.
Key Accomplishments :
• Reviewed weekly vulnerability scan reports and resolved patchable and configuration vulnerabilities. I resolved configuration issues with Dell KACE and completely automated workstation patching. I migrated us from a physical appliance to a VMWare virtual appliance to improve performance and availability.
• Built a new Microsoft Server 2012 certificate PKI with an offline root CA and subordinate issuing CAs. Migrated from an existing insecure PKI seamlessly with no outage.
• Deployed Symantec Endpoint Protection throughout organization with host based intrusion detection, Anti-Virus, and host firewalls.
• Built Citrix Xen App 6.5 and Xen Desktop 7 environment. All traffic in the environment is encrypted with SSL. Integrated with PKI to require 2 factor authentication for all connecting machines including Windows PCs, Surface Tablets, Apple Mac, iPad, and iPhones.
• Scaled existing Commvault Simpana 9 infrastructure from 4 servers to 20 servers to support explosive growth. Planned and migrated from Simpana 9 to 10. Protected 123 TB of data with scheduled backups. Reviewed and resolved failures and worked with auditors.
2013 : 2014
Ciber at ITC Holdings
Server Engineer
Responsible for network and telephony infrastructure, server management, backup and restoration, IT security, disaster recovery planning and testing, IT purchasing, user support, and user training. Met SAS70 / SOC1 audit requirements and worked with auditors annually during testing. Used extensive experience and judgment to plan and accomplish goals with a wide degree of creativity and latitude. Collaborated with users at different levels of the organization and varying personality types. When a technology need arose I gathered requirements from stakeholders, researched solutions, got competing quotes, and recommended the best solution to management with supporting documentation Once approved I placed the order, configured the equipment and/or software, tested the solution and rolled it out to the company with training and documentation.
Key Accomplishments :
• Always maintained 99.9% server/network uptime during business hours.
• Completed business impact analysis and data classification to determine criticality of data. Then used that information to create a disaster recovery plan including full documentation for each server detailing how to rebuild it from backup. Tested plan with parallel processing at warm site and maintained it as systems changed over time.
• Established new IT security policies standards and procedures which included defined acceptable use of IT assets within the organization and disaster recovery plan.
• Implemented Solutionary SIEM solution, tuned unnecessary alerts and investigated alerts.
• Implemented PGP whole disk encryption and Computrace on all company laptops.
• Implemented WSUS as a patching solution for all servers and workstations.
• Created a test environment for major system upgrades.
2005 : 2013
Freedom One Financial Group
Systems Engineer
Key Accomplishments :
• Implemented and maintained Symantec DLP solution throughout enterprise.
• Documented and streamlined various vulnerability management processes and procedures.
• Greatly increased the scope and quality of logs flowing into SIEM to improve incident response capability. Built custom alerts in SIEM and tuned false positives.
• Successfully migrated from one Managed Detection and Response (MDR) MSSP vendor to another.
2018 : Present
Undisclosed
Senior Information Security Analyst / Engineer
Responsible for the design, implementation, maintenance and integration of cyber security monitoring, detection and prevention equipment. Examples include SIEM, Vulnerability Management, Firewalls, IDS/IPS, etc. Designed defensive security architecture by establishing the logical and physical boundaries that control data transfer between boundaries based on business need and security requirements. Maintained current knowledge of NERC CIP, HIPAA and SOX compliance regulations. Developed security documents, policies and control procedures. Assisted in security assessment requests including developing responses to internal and external audits, penetration tests and vulnerability assessments. Collaborated with others throughout the company to remediate vulnerabilities, assist in testing controls, and suggest configurations to strengthen systems. Mentored junior level team members.
Key Accomplishments :
• Demonstrated computer attacks for management to gain support and resources to fix vulnerabilities using tools like Metasploit, Maltego, oclHashcat, Cain and Abel.
• Prioritized vulnerabilities to enable most effective remediation efforts.
• Cyber Security Incident Response Team Leader for all incident handling.
• Deployed Checkpoint gateways throughout company in both IT and OT environments. Gateways were configured with Intrusion Prevention System (IPS), Gateway Anti-Virus, Threat Emulation (Sandboxing), URL filtering and Firewall all in prevent mode.
• Coordinated annual third party penetration testing. Responsibilities included vendor selection, statement of work, scoping, rules of engagement, and working with other departments to resolve findings.
• Evaluated new projects to ensure cyber security requirements were built in.
• Created phishing program to increase employee awareness and reduce clicks on malicious emails.
2015 : 2018
ITC Holdings Corp.
Senior Cyber Security Engineer
Researched technical and IT security topics; maintained information on industry trends. Developed, documented and maintained IT security systems such as SIEM, Configuration management, vulnerability scanning etc. Periodically reviewed firewall rules and router access control lists. Monitored and reviewed SIEM to identify adverse patterns and coordinated mitigation responses. Communicated with leadership and others within the company, as necessary, to accomplish responsibilities.
Key Accomplishments :
• Tuned false positives, created alerts, cleared offense backlog, and reconciled log sources to ensure comprehensive log coverage for the enterprise with QRadar SIEM.
• Migrated QRadar SIEM environment to new hardware.
• Implemented Tripwire Enterprise from proof of concept to full production across the enterprise in both IT and OT environments for change and configuration management.
• Deployed Rapid7 Nexpose vulnerability scanning solution and migrated data from Qualys.
• Installed, configured, and deployed RedSeal with over 1,000 devices.
2014 : 2015
ITC Holdings Corp.
Cyber Security Analyst
Member of a server infrastructure team supporting over 700 servers. Supported business critical hardware/software. Part of on call rotation responding to incidents 24/7. Responsibilities include project work and operational tickets.
Key Accomplishments :
• Reviewed weekly vulnerability scan reports and resolved patchable and configuration vulnerabilities. I resolved configuration issues with Dell KACE and completely automated workstation patching. I migrated us from a physical appliance to a VMWare virtual appliance to improve performance and availability.
• Built a new Microsoft Server 2012 certificate PKI with an offline root CA and subordinate issuing CAs. Migrated from an existing insecure PKI seamlessly with no outage.
• Deployed Symantec Endpoint Protection throughout organization with host based intrusion detection, Anti-Virus, and host firewalls.
• Built Citrix Xen App 6.5 and Xen Desktop 7 environment. All traffic in the environment is encrypted with SSL. Integrated with PKI to require 2 factor authentication for all connecting machines including Windows PCs, Surface Tablets, Apple Mac, iPad, and iPhones.
• Scaled existing Commvault Simpana 9 infrastructure from 4 servers to 20 servers to support explosive growth. Planned and migrated from Simpana 9 to 10. Protected 123 TB of data with scheduled backups. Reviewed and resolved failures and worked with auditors.
2013 : 2014
Ciber at ITC Holdings
Server Engineer
Responsible for network and telephony infrastructure, server management, backup and restoration, IT security, disaster recovery planning and testing, IT purchasing, user support, and user training. Met SAS70 / SOC1 audit requirements and worked with auditors annually during testing. Used extensive experience and judgment to plan and accomplish goals with a wide degree of creativity and latitude. Collaborated with users at different levels of the organization and varying personality types. When a technology need arose I gathered requirements from stakeholders, researched solutions, got competing quotes, and recommended the best solution to management with supporting documentation Once approved I placed the order, configured the equipment and/or software, tested the solution and rolled it out to the company with training and documentation.
Key Accomplishments :
• Always maintained 99.9% server/network uptime during business hours.
• Completed business impact analysis and data classification to determine criticality of data. Then used that information to create a disaster recovery plan including full documentation for each server detailing how to rebuild it from backup. Tested plan with parallel processing at warm site and maintained it as systems changed over time.
• Established new IT security policies standards and procedures which included defined acceptable use of IT assets within the organization and disaster recovery plan.
• Implemented Solutionary SIEM solution, tuned unnecessary alerts and investigated alerts.
• Implemented PGP whole disk encryption and Computrace on all company laptops.
• Implemented WSUS as a patching solution for all servers and workstations.
• Created a test environment for major system upgrades.
2005 : 2013
Freedom One Financial Group
Systems Engineer
Company:
Undisclosed
About
Throughout my IT career I have done desktop, server, network and information security. Along the way I have been driven to learn and become the best. This has formed me into a well rounded security professional that can connect all the dots and understand how to improve an organizations security posture.
SANS GIAC
http://www.giac.org/certified_professionals
ISC2 Certifications:
https://webportal.isc2.org/custom/certificationverification.aspx#!
Member ID: 465055
Microsoft Certifications:
Link to transcript: https://mcp.microsoft.com/authenticate/validatemcp.aspx
Transcript ID: 1113358
Access Code: Pass12345
Cisco Certifications:
Link to transcript: https://i7lp.integral7.com:443/durango/status?key=kxEkCFZrUBusNrEXIqug
Authorization Code: RfYxOUiX
Comptia Certifications:
Link to transcript: https://www.certmetrics.com/comptia/public/transcript.aspx?transcript=JVF6BWV1BJR412VZ
Cybersecurity
Security Operations
Troubleshooting
Security Solutions
Information Technology
Unix
Azure
Profile Photo
