Developed the Company's Information Security Program from CMM level 1 to CMM level 5 using a hybrid of SOC 2, ISO 27001, SANS Top 20 Critical Controls, FFIEC, and NYDFS Risk Management Frameworks.Reported on Program metrics for areas of the program from controls implementation to individual program components such as Vulnerability Management and SSDLC to Company's C-Level and GRC teams.Assisted GRC and C-Level team to meet compliance regulations for Federal and Industry standards and report on the status of the Cybersecurity program to the Board of Directors.Managed the Security Team and SecOps incident management and project implementations.Developed and managed the following areas of the Information SecurityProgram;Asset Management using Solarwinds and AWS API to inventory and manage data for On-Prem and Cloud based assets.Software Asset Management using a combination of Azure, Solarwinds, AWS API, and Vulnerability Assessments.Managed secure configurations for IAAS using Cloud Security Posture Management for cloud based assets and DISA STIGS for On-Prem server, device, endpoint configuration hardening.Managed the Continuous Vulnerability Management program for On-Prem and Cloud assets using the Arctic Wolf Vulnerability Scanner and outsourced network penetration tests, and managed the SSDLC using Veracode's MPT Services and SAST, DAST, and SCA scanners.Performed Quarterly IAM audits for Azure, On-Prem devices, and all of the Company's business and security applications as well as SaaS services.Managed Incident Management Lifecycle including management of in-house and third-party SOC teams, development of SOPs, run books, and playbooks.Managed procurement, implementation and operations of Company's Email Security using Mimecast and Microsoft 365 E5.Managed administration and operations of Company's Anti-Virus solutions.Developed and managed Red Team Tabletop exercises with C-Levels, GRC Team, and key players in IT and Development.

Performed incident management for employee reported, O365 ATP, and SIEM based incidents.Provided SME for security related requests from business units and management teams.Provided SME on security related issues to C-Level and GRC team.Performed GAP assessment for SANS Top 20 Critical Controls.Promoted to Director as FTE after 6 months.

Worked as an application Steward for a project converting mainframe based financial operations to cloud based services.Provided control implementation analysis and status updates based on information from the IA and project teams using NIST RMF, and CMMC.Managed PO&AMs and ATO documentation in eMass.

Reported to Director of Information Security and provided assistance with controls implementation and operations for daily security duties such as HIPAA violation monitoring and reporting, PAM authentication IAM integration, and Microsoft GPO development.

Worked on the security services team providing support for controls and secure systems implementations projects.Developed controls verification scripts for Windows and Linux systems using Powershell and Python.Performed network boundary defense verification and DLP controls efficiency testing.Assisted with scoping and requirements gathering for Red Team engagements.

Managed reporting and tuning of Imperva WAF's for VA hosted web applications.Reviewed alerts daily and customized signatures to reduce false positives and optimize WAF rules.Developed and tuned SIEM signatures for IBM Qradar.

Managed development of analytics for AEP Comparative Analysis reporting using custom defined queries, reports, and dashboards with Splunk and Elasticsearch (ELK) SIEMs, Python, and SQL to compare large data sets of security product event output against thousands of test cases of custom malware and security threat simulations.Assisted with management of test lab consisting of over 1000 endpoints and the following list of Advanced Endpoint (AEP) products using a combination of PowerShell, Python, and VMWare PowerCLI.AEP products deployed, managed, and tested;CrowdStrikeCybereasonMcAfeeSymantec SEPTrend MicroPanda Advanced DefenseF-SecureMalwarebytesMicrosoft DefenderCheckpointCylanceElastic EndpointFortinetPalo AltoSophosCisco AMPWorked with Product Managers and Specialists from each AEP company to ensure deployment and operation of each product was optimized for general deployment and that test results and operation reflected their products expected operational capabilities. Worked with development team and third-parties to create and test a custom suite of Malware and Zero Day exploits.https://nsslabs.com/author/ntaylor-hoover/https://nsslabs.com/tested-technologies/

Developed an automated Continuous Vulnerability Management System using a hybrid Cloud and On-Prem Tenable Nessus deployment and JIRA using JQL and Python.Threat hunting for 0 days and recently published exploit techniques using information from multiple Threat Intelligence services.Developed custom security event data correlation rulesets and fine tuning of event management for Splunk SIEM using SPL and Python.Reduced false positives of SaaS Behavioural Analytics data set from tens of thousands of daily events to less than a hundred pertinent events per day using a combination of probabilistic reasoning and security event data cross correlation.Provided support and mentoring to Security Analyst team for incidents and event analysis.Worked directly with CSO for project planning of additional SecOps projects.Managed Splunk Deployment and Operational Capabilities;Deployed and configured Splunk servers (Main Indexer, Forwarders, and Search Head).Configured indexing for security event data from IPS, Firewall, WAF, SaaS UBA, Tenable VM data, Microsoft EMET, Malwarebytes, Endpoint Agent Forwarders (Windows Security Event Log), VPN session data etc., and prepared the data for analysis by mapping the data to the Splunk CIM.Developed SOAR automation for endpoint control based on ES signatures with high RBA scores.Installed and managed App configurations for security products (Palo Alto, Imperva, etc.).Developed dashboards for reporting metrics on individual program components.Configured ES event correlations using all-source intellgience (event data + threat intelligence) and event suppressions using probabilistic reasoning to reduce false positives and alerting on non-pertinent event data.Configured Risk Based Alerts (RBA) in ES for SaaS AAA User Behaviour Analytics to highlight most suspect user activity and prioritization of analysts incident investigations.

Provided troubleshooting support for Cisco Ironport (CES) devices and email security services using app level and OS level system administration and debugging of system daemon operations including low level troubleshooting with tools like systrace.Assisted customers with configuring security features for DKIM, DMARC, and SPF

Penetration testing of Web Applications, Thick Clients, and Mobile Apps using Burp Suite, and custom developed plugins for Burp Suite and Python scripts for parameter fuzzing and exploitation of vulnerabilities in business logic.Tested web and mobile applications for OWASP Top 10 vulnerabilities.

Managed project and team for testing of AEP products using Metasploit, Cobalt Strike, and custom developed exploits (ExploitDB) and evasion techniques (in-house developed).Managed deployment and operation of test lab for project using VMware ESXi and Microsoft Windows.Developed custom security product tests and reports to client specifications. (load testing, comparisons of actual technical capabilities, etc.)

Researched vulnerabilities from publicly announced vulnerability alerts and developed custom exploits per CVE to add to the BreakingPoint products security test suite.Committed exploit code and strikepack configurations into the BreakingPoint code repository using SVN.Researched and developed exploits using IDA Pro, OllyDbg, WinDbg, Ruby, Python, x86 Assembly Language, and XML.

Provided network, application, and social engineering Red Team services using Kali Linux, Burp Suite, AppScan, and in-house developed reconnaissance and attack scripts (BASH, Ruby, Python).Working as a Symantec authorized partner performed large scale enterprise deployments and operational tuning of Symantec Endpoint Protection (1500+ endpoints).Provided incident handling and forensics consulting for clients who had networks compromised with malware variants that were not able to be remediated by current AV signatures (contracted by Symantec). Reverse engineered and developed threat hunting and remediation scripts using behavioral analysis of malware samples and developed mitigation and removal scripts which were run from the clients primary DC's and remediated the threats from entire networks by targeting replication capabilities, primary storage areas, and persistence strategies.

Reported to Manager of Testing Services and provided web application testing using IBM Webscan, Paros, BurpSuite.Tested and provided ATO for newly deployed systems using the IP360 vulnerability scanner, NMAP, and other service fingerprinting and vulnerability analysis tools.Performed network penetration tests and proof of concept exploit demonstrations such as MITM attacks at the network and application layer.XML/SOAP endpoint fuzzing with in-house developed Ruby web service endpoint to consume and fuzz zOS XML/SOAP based APIs.Used Ruby to develop custom scripts to verify deployed systems were configured according to hardened system configuration guidelines.Assisted GRC team to assess and manage remediation of issues to ensure the Company's Security Program complied with the newly released PCI DSS 1.0 specifications.

Worked in Cisco's MSP providing support for LAN/WAN troubleshooting, security event analysis, and IDS/IPS and Firewall engineering services.Developed custom meta signatures to reduce false positives in Cisco's first in-house developed SIEM product.Worked with IPS and IDS development team to develop and fine tune IPS and IDS signatures.Developed tools with Ruby for Security Analysts to identify and correlate security events and OSINT data for security analysis for commonly seen attack patterns.Developed and published Knowledge Base articles for security event analysis and LAN/WAN troubleshooting.Performed as team lead for the 3rd shift team of Security Analysts.Provided training for Jr. Analysts and weekly grading and feedback on Security Analysts Teams incident reports.Developed and provided custom reporting and security briefings for key clients.

Provided level I tech support for TSA.Troubleshooting and service requests for Microsoft Windows endpoints and Domain as well as provisioning services for devices and other equipment such as X-ray backscatter, Blackberry devices, radios, etc.