Eric Espinosa

Cyber Security Analyst at Department of Homeland

Ft. Washington, MD, United States

Details

Experience: Technical Program Manager (remote/onsite support) Code and Media Analysis (CMA) Malware Mission Support, Department of Homeland Security, Cyber Infrastructure Security Agency (CIS) 2018-2022

• Liaison for triaging requests and prioritization of malware analysis.

• Attends classified cyber meetings with Vendors, Federal Agencies, State and Local Law Enforcement, Tribal Entities, and Industry.

• Responsible for on-going coordination with internal and external customers who have provided malware data for analysis.

• Performs identification and mitigation for Advanced Persistent Threats (APT).

• Single point of contact with Vendors, Federal Agencies, State and Local Law Enforcement, U.S. Corporations, Tribal Entities and Private Industry.

• Process Request for Information (RFI) with 3rd party trusted vendors : FireEye, VirusTotal, Recorded Future, etc.

• Manages ticketing systems, SharePoint and conducts tracking for malware analysis reports.

• Approve analysis reports for public distribution from CMA organization.

• Coordinates engagement and transfer of analysis to US and international law enforcement agencies.

• Conducts static analysis of malicious code, vulnerability management and security operations with exploitation tools using industry standard runtime analysis, reverse-engineering, and debugging tools for malicious artifacts.

• Responsible for receiving, organizing, and reporting on malware artifacts.

2019 : Present

U.S. Department of Homeland Security

Technical Program Manager (remote support) Code and Media Analysis

Forensic Analyst, Hunt Incident Response Team (HIRT) Department of Homeland Security, CISA

Provide incident response, management and coordination activities for cyber incidents occurring in the critical infrastructure sectors as well as government entities at the Federal, State, Local, Tribal, and Territorial levels.

Involved in tracking, remediating, and developing cyber strategies to thwart cyber incidents and share cyber intelligence across all agencies.

Perform customer engagements as remote assistance, advisory deployment, remote and on-site deployment for malware infections, data theft, data corruption, and ransomware encryption, denial of service, control systems intrusions and threats against assets.

Meet with the organization to identify compromised systems, review network topology, image drive for deeper analysis.

Conduct a preliminary diagnosis to uncover the extent of the compromise. Collect necessary data on an as-needed basis for complete analysis and investigation.

Work with constituents to identify and contain adversary activity and develop mitigation plans for removal and remediation of root cause.

Manage incidents to ensure safety, reduce risk, limits damage and reduce recovery time and costs.

Provide technical expertise to constituents in responding to incidents.

Find root cause of an incident by searching for TTPs along with behaviors and associated artifacts in the victim network.

Deliver Engagement Report (ER) to the customer within 30-60 days. The ER provides the background, scope, findings, security best practices, and conclusions relevant to the hunt.

Provide mitigation strategies, post analysis to restore service, and offers recommendations for improving overall security of the organization’s network and control systems.

2019 :

U.S. Department of Homeland Security

Cybersecurity Analyst

Technical solution advisor for Pentagon Executive Staff.

Digital Advisor for new and emerging technologies

Identify customer business challenges/requirements and recommend/deliver/support aligned services/technologies. Continually support engineering environment, leverage data analysis to develop responses to complex technological issues, and design/implement/document international business processes.

Expertly authored international cybersecurity JAG and Naval Legal Service Commands (NLSC) Users Policy/Security Controls, serves as Associate Member Inspector General Article 6 Inspector JAG and NLSC Worldwide.

Successfully configured hardware requiring implementation and documentation of national security case at Naval Station Norfolk, Virginia.

Developed. Evaluated, Implemented, and documented courtroom enhanced technology pilot project that utilized Surface Hubs, Surface Pro and Surface Books using W-10 Secure Host Base (SHB) operating systems.

Designed Naval Justice School initial pilot project utilizing MS O365 cloud services and Bring Your Own Device (BYOD) program; also served as technical advisor for new courtroom construction and security systems in Bahrain, Norfolk, Virginia, Pensacola, Florida, Japan, Italy, and Spain.

Developed and implemented business workflow process worldwide for naval access control systems and network permissions.

Developed /designed/implemented/documented worldwide inventory and secure supply chain management system for the JAG.

Developed/designed/implemented/documented and automated business process improvements for worldwide computer patching programs, data transfer agents (DTA), standalone, recovery key management and classified systems.

Authored and developed SOP’s and policies

Experience with eMASS, NIST Risk Framework SP 800-53, 37,210 Cloud Security controls, ISO 27001, COBIT, PCI

Authored and developed content, SOP’s, and baseline procedures. Identified workflow deficiencies and created improvements.

2015 : 2019

US Navy

Systems Architect, Infomation System Security Officer (ISSO)

Directed Network Solutions/Vulnerability Training for Nassau Police Department

Reported directly to unit CIO regarding consulting on and improving information security/privacy risk/compliance management for Police Department IT Operations; provided training to ensure compliance and reduce security risks, which included training on Cybersecurity (CS) and Computer Network Defense (CND) for organizations within Police Department.

Additionally, conducted technical risk assessments using kill chin analysis/network vulnerability identification in support of an integrated government/contractor security engineering team that included intranet/perimeter security systems; was coordinator of various aspects of server operating system builds/upgrades/software configurations, including security, for major imagery applications.

2013 : 2015

Bahamas

Information Security Consultant/Instructor

Provided exceptional in-depth support for Internet/network technologies/designs, protocols and computer audit tools/techniques utilized by organization; was considered forensic authority providing guidance on digital forensic and computer crime investigations, with responsibilities for monitoring auditing/logging procedures, network enumeration and information environment mapping, and analyzing active directory, routing protocols, vulnerability scanners and network communication protocols.

Held multiple responsibilities for other relevant services including Information Security (INFOSEC), Project Management, Performing Complex Analytical Investigative Support, Strategic Communications, Conducting/Coordinating Criminal, Civil and Administrative Investigations, Identifying Intelligence Resource Gaps, Providing Expert High Level of Technical and Analytical Expertise, Maintaining In-Depth Knowledge of Criminal Groups, and Creating/Designing Databases.

2013 : 2015

Charles County Sheriff's Office

Cyber Intelligence Analyst

Company: U.S. Department of Homeland Security

Spoken Language: English, Spanish

About

L Long-term career built in performing improvements on a broad array of information technology design and operational assignments; oversee business processes, deliver support technologies, provide technical support, perform data analysis, author user policies, playbooks, INFOSEC training, secure supply chain, configure computer hardware, access, Microsoft M365 & G-suite tenant admin, operation management, program management, control management, network operations

 Exceptionally knowledgeable in all aspects of providing technical advisement to indirect teams or agency partners, for new and established enterprise security across geographically dispersed locations. Develops/tests/ implements/documents modern and emerging technology pilot programs using DEVOPS and VM’s.

 Highly skilled in assessing client vulnerabilities/risks and providing crucial advice toward mitigating/remediating issues and problems; problem resolution actions often resulted in recouping high dollar amounts

 Subject matter expertise (SME) to provide operational Cybersecurity (CS) and Computer Network Defense (CND) training for international and U.S. law enforcement agencies. Serves as forensic authority providing best practices/guidance regarding digital forensics and computer crime investigations

 Notable capacity for monitoring auditing/logging procedures, network enumeration and information environment mapping; skilled in analyzing active directory, routing protocols, vulnerability scanners and networks

Acknowledgement of subject matter expertise (SME) resulted in selection to provide operational Cybersecurity (CS) and Computer Network Defense (CND) training for law enforcement; also serve as forensic authority providing best practices/guidance regarding digital forensics and computer crime investigations across multiple operating systems

Notable capacity for monitoring auditing/logging procedures, network enumeration and information environment mapping; skilled in analyzing active directory, routing protocols, vulnerability scanners and networks

Security Clearance

Bilingual – Spanish/English