Matthew O'Connor Email and Phone Number

• Incident Commander - Served as incident commander for a range of incidents types that involved communicating summaries to legal counsel and upper management while directing incident response staff, internal engineering efforts, and third party consultants. Project Management - Led a project to move away from a managed service provider that monitored our cloud environments. This involved preparing written summaries for upper management and project plans in addition to developing detections in Python and SQL to replicate those provided by the managed service provider. Response Automation - I automated parts of our incident response process by leveraging a low code solution to automatically create and manage Slack channels, manage tasks, create executive summaries, create Zoom rooms, and manage incident notes in AWS DynamoDB. This was coupled with documentation and process updates to result in a more efficient incident response process by automating non-judgement administrative tasks. Detection Creation - Created detections and response actions in Python and SQL. I also onboarded various log sources by reviewing the data, creating custom pullers, creating data schemas, and developing supporting infrastructure in Terraform.

• AWS Cloud incidents – Acted as subject matter expert and incidentcommander for AWS cloud related incidents. • AWS Development - Helped architect, develop, andimplement an automated forensic analysis environment in AWS using native AWSservices and COTS products. The environment provided a global collection capabilitywhile automating the collection and processing of forensic artifacts for on and offpremises assets. • AWS purple team and vulnerability assessments - Helped review AWS accounts for common security misconfigurations and vulnerabilities. Conducted purple team exercises on AWSinfrastructure in order to help develop use cases to identify common attack patternsof AWS resources. • AWS CTF - Developed an AWS themed capture the flag competition usinginfrastructure as code that replicated aspects of the CapitalOne AWS incident attackpattern to serve as a training exercise to other incident responders.

• Malware Analysis – Analyzed a wide range of types of malware using static anddynamic methods. Communicated related indicators of compromise to incidentresponders. Communicated malware summaries to various stakeholders.• Forensics – Performed forensics on Linux, Windows, and OSX hosts leveraging a widerange of COTS and open source tools for incidents involving a variety of threat actors. Developed artifact retrieval lists for Linux and OS X hosts to shortencollection times. Assisted in implementing and developing remote collectioncapabilities for OS X and Linux.• Insider Incidents – Helped respond to insider incidents while performing the technical work in addition to overseeing other incident responders.

• Performed forensics for a variety of types of incidents that focused on user behaviorand the detection of malware.• Coordinated incident response efforts with multiple parties while documenting theresults and reporting them to upper management.• Worked to improve incident response capabilities for OS X devices.• Implemented improvements to the forensics lab that included a backup process,acquiring and implementing new software and hardware, and implementing newprocesses in order to maintain and improve operational capabilities.

Performed financial and IT audits

Team leader for a group of Forward Observers. Served in various infantry units in multiple oversea deployments.