Kyle Cheek Email & Phone Number

Redwood City, CA, US

Santa Clara, CA, US

• Create and execute Detection and Response Program Roadmapso Designed and ensured the program meets all relevant FFIEC CAT Baseline and Advancing statements
• Oversee the development and maintenance of program documentation including:o Investigation, Mitigation and Operation Runbooks o Tool Documentationo Policies and Standards
• Lead and advise the development of program functions including:o Threat Hunting Programo Tool SME Rotation Program o Automated Shift Turnover
• Provide guidance to all Security Operations team members during security investigations and incidents
• Manage program relationships with other departments including Cyber Threat Intelligence, Counter Measures (Threat Detection), Security Engineering, Cloud Security, End User Services, Fraud, and Digital Forensics.
• Conduct Security Operations Tabletops to identify knowledge, process, documentation, and technology gaps

San Francisco, CA, US

• Provide consulting and technical services for IR tasks
• Assist in the development of new processes and procedures for gathering, handling, searching, and retrieving, digital and/or physical evidence concerning incidents
• Ensure forensically sound procedures are documented
• Coordinates with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response to security events
• Integrate Cyber Security Incident Responses with technology incident management, business continuity, crisis management and corporate security processes and frameworks
• Experience in all phases of Incident Response including preparation, notification, response, recovery, analysis, and post-mortem

San Francisco, CA, US

• Spent three months in Japan at the Tokyo GSOC where I achieved the following goals:o Teach Tier 1 Analysts how to effectively work through Standard Operating Procedures, and how to use the various security tools during.
• Define, review, and enforce information security policy, standards and guidelines for business operations and technology requirements
• Provide communication and escalation support throughout the incident lifecycle per the standard operating procedures
• Works directly with data asset owners and business response plan owners during high severity incidents
• Provide tuning recommendations to administrators based on findings during investigations or threat information reviews
• Design, develop, test, and implement SIEM rules to increase detection of security events for Tier 1 Security Analysts to investigate

• Enforce information security policy, standards and guidelines for business operations and technology requirements
• Identify IT security risks from technical and functional perspectives
• Conduct technical security assessments, audits, penetration testing, and forensic IT functions
• Configure and work with SIEM tools
• Monitor suspicious traffic using various tools including SIEM McAfee Nitro, Log Manager SumoLogic, NIDS Metaflows
• Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders

Montreal, Quebec, CA

• Design and document processes and procedures for the Security Operations Center
• Responsible for monitoring over 90 client networks, including over 5,000 client systems
• Acted as a Shift Lead, designating daily assignments, monitoring scopes, and personal project time
• Adhere to and support NIST 800-53 guidelines, FISMA and FedRAMP compliance
• Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders
• Interact with both vendors and partnering data centers to complete investigations

• Perform initial monitoring and analysis of security related events such as malware infections, policy violations and intrusions
• Provided escalation support to other analysts
• Performs real-time log analysis from multiple data sources
• Monitor suspicious internal/external traffic with SIEM ArcSight, IDPS SourceFire, Log Manager Splunk
• Conduct threat intelligence research and response against trending cyber-criminal activity
• Configure rules in Check Point Firewall, Blue Coat Proxy

Charlotte, North Carolina, US

• While at Honeywell I achieved multiple certifications including the GCIH and Reid: Invterview and Interrogation Training.
• Conduct investigations regarding company policy violations and potential computer crime
• Perform interviews with employees regarding investigations
• Use forensics tools such as EnCase, FTK, Intella, and IEF
• Ensure the protection of evidence, both digitally and physically

Tempe, Arizona, US

• I was a summer intern performing enterprise level information security. Everything from password audits to daily event monitoring on the network. I also established their first Malware Analysis lab, and created.
• Daily intrusion detection and event monitoring with SIEM QRadar
• Perform tuning of the SIEM filters and correlations to continuously improve monitoring
• Design and operate behavioral and static-analysis Malware Analysis Lab
• Establish and document EnCase Enterprise Server for forensic investigations

Bachelor Of Science - Bs, Technology Forensics

Bachelor Of Science - Bs, Network Security