Michael Poindexter Email and Phone Number

• Developed immediate Threat Hunt packages/strategies for several critical and emerging cybersecurity events including Sunburst/Supernova and Zerologon; provided new detections and response plans to Incident Response Team and Network Operations Center.• Leads Enterprise Threat Hunting Team focusing on identifying and characterizing Advanced Persistent Threats (APTs) the Air Force Information Network; develops and optimizes static defenses including IDS/IPS detections and HIDS signatures with integration into SIEM alerts based on threat hunt findings.• Employs Endpoint Detection and Response tools such as Tanium to identify and respond to host-based indicators of compromise; performs initial triage of intrusions and advises Incident Response Team on subsequent investigations.• Utilizes established Cybersecurity frameworks such as MITRE ATT&CK to develop and focus proactive threat hunts on adversary tactics, techniques and procedures where automated detection gaps exist and develops potential fix actions to remediate static defense shortfalls.

• Managed over 5k cybersecurity investigations across 800k+ endpoint, geographically diverse networks which handle a variety of information including Classified, PII, and HIPAA information.• Served as key communication point between SOC analysts and higher authorities and mission partners; coordinated investigations involving many disparate network enclaves and informed C-level executives on incidents and investigations.• Coordinated incident reconstitution efforts between multiple geographically separated units; reviewed and optimized incident handling procedures and SOPs for both analysts and responding sysadmins.

• Acquired and analyzed forensic artifacts on Windows/Linux workstations using a variety of tools including Encase, Volatility, and Sysmon; characterized threats/adversary activity, and outlined remediation recommendations.• Identified a wide variety of malicious Indicators of Compromise (IOCs) including rogue autoruns, processes, and installed applications to characterize compromises across the Air Force’s Enterprise Network.• Applied Host Forensic principles to identify initial access attack vectors, persistence mechanisms, lateral movement, command and control, and evasive actions across affected hosts; integrated a variety of data sources into comprehensive incident reports for both technical and high-level audiences.

• Analyzed near-real-time SIEM alerts for potentially malicious traffic using security products such as Arcsight, Splunk, Fidelis, and Solera’s BlueCoat DeepSee.• Investigated packet capture (PCAP) utilizing Wireshark and other network forensic tools, created cases for follow-on investigation by Incident Response Team.• Applied Network Forensics techniques to identify callback domains, malicious web attacks/traffic, and data exfiltration across the Air Force Network.

• Performed All-source intelligence analysis supporting Crisis Action Planning and Target Analysis; analyzed adversary target systems and points of interest to determine weaknesses and single points of failure for exploitation.• Instructed 30+ Targeting Analysts in both the key principles and technical skills of the Joint Targeting Process, Joint Operational Planning, and Intelligence Fundamentals and Fusion. Key skills taught included Weaponeering, Target Development, and Precise Point Mensuration.