I am a professional in the field of Cybersecurity with experience in host and network based security monitoring and engineering. I look forward to tackling complex security problems and solving them with creative solutions.
root@drogers:~$ cat david.txt
Interests:
• Intrusion Detection 🕵
• Data Visualization 📊
• Analytics 🔍
• Home Brewing 🍻
root@drogers:~$_
SecurityOnion
Kibana
Azure Sentinel
Splunk
Snort
Suricata
Lucene
SQL
SPL
KQL
Python
Bash
Powershell
Spark
Perl
Active Directory
Group Policy
ESXi
WSUS
Netbackup
Zeek
DNS
Windows EVTX
Office 365
AWS Cloudtrail
AWS VPCFlow
Netflow
HBSS
Blue Coat Proxy
Palo Alto Pan-OS
Tanium
Appgate
Lead NIST 800-53 Rev 5 audit and annual security assesment evidence gathering and team interviews
Utilize data visualizations for high priority security monitoring and senior level awareness utilizing Kibana
Standardized, normalized, and enriched hostname, username, MAC address, IP address and many more data fields and data to the U.S. Air Force specification to allow for cross feed analytics
Configured big data analytics searching hundreds of normalized data sets up to 20 petabytes in size
Created scripts using Python, Bash, and Powershell to extract IOCs, generate cyber hunt queries, search BGP ASN, associate IP attribution, generate and send Nessus scan vulnerability patch information, audit user roles, and generate failed login alerts
Automated extracting malicious LDAP server IP addresses identified in log4j scanning and exploitation attempts to be used in blacklists throughout the Department of Defense
2014-2018
• Bachelor of Science - Computer Science / Computer Security Track
ADG Creative, Columbia Maryland | 2017 - 2018
• Converted a static HTML/CSS site into WordPress where a content manager can edit content without seeing a line of code
• Used PHP to create a interactive job posting board that deleted cells when there was no content in them and adds cells when there is content
Army Material Systems Analysis Activity, Aberdeen Proving Ground Maryland | 2018 - 2019
• Selected to take part in ORISE Software Development Summer Internship with the U.S. Army
• Created a full stack web application using Java as the back end to connect to an
Oracle database and XHTML, CSS, JavaScript, and Java Server Faces for the front end
• Created multiple tables in the Oracle database using SQL to be referenced throughout the web application
• The project allowed for a more streamlined process resulting in increased productivity
• Participated in weekly Scrum meetings and presented the final project for the organization
Defense Occupational and Environmental Health Readiness System – Hearing Conservation (Concept Plus), Aberdeen Proving Ground Maryland | 2019 - 2020
• Developed and maintain a Java EE web application deployed on Oracle WebLogic integrated through web services with a distributed Windows .NET (C#) desktop application
• Utilized Java, Oracle products, Microsoft .NET C#, Microsoft TFS, SharePoint, Crystal Reports
Valid 2019-2026
Defense Occupational and Environmental Health Readiness System – Hearing Conservation (Concept Plus), Aberdeen Proving Ground Maryland | 2019 - 2020
• Maintained Dell EqualLogic SAN's, Avocent KVM, and Dell PowerEdge servers housing a VMware vSphere client, VMware ESXi cluster, Oracle databases, SharePoint 2016, and other administrative servers
• Performed weekly tape backup via Veritas NetBackup
• Conducted weekly ACAS scans against the network consisting of 50 servers and 15 workstations
• Maintained compliance with HBSS including HIPS and other tools in the HBSS suite
• Maintained Active Directory by adding and removing users and computers as needed
• Maintained Group Policy by adding GPO's to our organizations OU
• Implemented monthly OS, and software patches on the servers and workstations via WSUS, remote PowerShell, and SCCM maintained by the hosting site
• Tracked IAVAs and POA&Ms as applicable to the servers and workstations on the network
• Created Powershell scripts to automate patching
• Ensured network health by maintaining a WhatsUp server
• Tracked installed software and software versions by maintaining a TrackIt server
Valid 2020-Present
U.S. Army DEVCOM C5ISR Center (EmeSec), Adelphi Maryland | 2020 - 2021
• Analyzed and evaluated anomalous network and system activity utilizing Microsoft Sentinel, and the ELK stack (Elasticsearch, Logstash, Kibana)
• Monitored intrusion detection systems using Snort and other proprietary IDS/SIEM tools
• Monitored Azure, AWS, o365, and ServiceNow cloud environments via a dedicated Elastic server
• Created Snort rules to match malware and unauthorized activity signatures from OSINT and IOC
• Utilized tcpdump, sed, awk, and grep for pcap analysis
• Developed and modified scripts to monitor network traffic using Bash, Perl, and Python in a Red Hat Linux environment
• Implemented monthly OS, and software patches on the servers and workstations via WSUS, remote PowerShell, and SCCM maintained by the hosting site
• Tracked IAVAs and POA&Ms as applicable to the servers and workstations on the network
• Created technically detailed reports based on intrusions and events
• Provided assistance in computer incident investigations
Valid 2020-2026
Valid 2020-2026
U.S. Army DEVCOM C5ISR Center (EmeSec), Adelphi Maryland | 2020 - 2021
• Lead a team of 4 DCO analysts in hunting for malicious and unauthorized host and network activity
• Work closely with senior leadership for defining monitoring requirements
• Assign duties based on monitoring requirements
• Recommend and implement improvements to monitoring capabilities
• Lead incident response investigations
• Test for efficacy of proposed Snort rules to be added to the IDS
• Publish monthly cyber threat research to be used throughout DoD
• Lead troubleshooting and problem solving a wide variety of client issues
• Created technically detailed reports based on intrusions and events
• Recommend courses of action to prevent and mitigate intrusions
U.S. Department of Defense Big Data Platform (Enlighten IT Consulting), Linthicum Heights Maryland | 2021 - 2022
• Create Kibana dashboards to visualize data of interest
• Analyze, enrich, and parse data feeds including Zeek, Palo Alto Pan-OS, Windows EVTX, AWS Cloudtrail, AWS VPCFlow, O365, Cisco Router, McAfee HBSS, Kubernetes, Netflow, AppGate, Tanium, Blue Coat Proxy, PowerShell and more
• Standardize data fields across multiple data feeds for better analytic queries
• Create Python scripts utilizing pandas, numpy, and regex to parse various file types including json, xml, yaml, and csv
• Gather requirements for data analytics
• Map various data feeds to the Elastic Common Schema
Valid 2021-2024
U.S. Department of Defense Big Data Platform (Enlighten IT Consulting), Linthicum Heights Maryland | 2021 - 2022
• Lead a team of 8 Cybersecurity Analysts and Data Scientists in hunting for malicious and unauthorized host and network traffic
• Perform cyber hunting for anomalous or malicious activity in customer data sets up to 20 petabytes in size
• Search for IOCs and associated TTPs identified via OSINT and internal intelligence
• Utilize the MITRE ATT&CK matrix for tracking TTPs used by APTs and other cyber threat actors
• Assist customers with cyber requirements and provide solutions
• Create technical presentations with cyber hunt findings for senior leadership and use throught the DoD
• Train users of the BDP trough bi-weekly technical presentations for 50+ Air Force civilians and contractors
Valid 2022-Present
U.S. Department of Labor (Booz Allen Hamilton), Herndon Virginia | 2022 - Present
• Administer, monitor, analyze, and respond to security alerts in Splunk, Security Onion, Kibana, and Symantec Endpoint Protection
• Lead vulnerability management for all NCFMS environments
• Research vulnerability mitigation steps and work closely with the system administration team for servers including Windows, and Oracle Enterprise Linux servers, ESXi, F5 load balancers, Cisco routers, switches and firewalls, and various Oracle enterprise applications
• Modify Suricata rules from Emerging Threats to limit false positives
• Implement Yara rules provided by CISA to be used in SecurityOnion
• Hunt for IOCs including domains, IP addresses, and hashes in Zeek and PCAP data
• Utilize tcpdump and Wireshark for analyzing PCAP data
• Conduct web application scanning utilizing Burp Suite for application releases and compliance
• Scan network assets for vulnerabilities utilizing Nessus
• Respond to CISA directives that require patching for affected network assets
• Utilize Python, PowerShell, and SQL scripts for automating patching tasks and querying user account details
• Administer access for all 100+ NCFMS users utilizing role-based access controls
• Maintain cybersecurity documentation deliverables including system access, network processes, patch management, PII data management, and change control SOPs
• Provide guidance for cybersecurity initiatives such as implementing zero trust, IPv6 transition, data encryption, FISMA assessments, and NIST SP 800-53 Rev 5 compliance
More coming soon..