Ross Stewart Email & Phone Number

Washington, DC, US

Denver, Colorado, United States

• Programmed and tuned detection scripts in Ruby to identify suspicious activity and eliminate false positives, staying ahead of emerging threats and reducing time spent by analysts on alert triage.
• Identified, investigated, and remediated threats utilizing Microsoft Defender for Endpoint, Carbon Black, CrowdStrike Falcon, and SentinelOne, ensuring the security of customer environments.
• Analyzed telemetry from Azure AD, Okta, and Microsoft Office 365 to promptly investigate alerts related to account compromise, phishing, and suspicious email activity, protecting key business assets.
• Investigated and resolved security alerts from AWS CloudTrail, GuardDuty, Google Cloud, Microsoft Entra ID, and Microsoft Defender for Cloud, maintaining the security of customer environments against threats.
• Provided customers with detailed threat reports, highlighting critical processes, files, and network activity, and collaborated with internal teams to escalate and resolve urgent security issues.
• Stayed updated on emerging threats by leveraging open-source threat intelligence feeds, correlating customer activity with known threat actors for enhanced security awareness.

Fort Eisenhower, Georgia

• Acted as one of the team’s technical priority leaders, managed and organized the efforts of five team members to successfully enable computer network operations.
• Regularly presented team updates and findings to senior-level executives, enabling prompt and informed decision making of top-level leaders.
• Analyzed large volumes of telemetry to enumerate the topography of target networks, enabling the planning of numerous offensive cyber operations.
• Created and maintained security architecture representations, including physical, logical, and functional network diagrams to effectively communicate target knowledge.
• Combined knowledge of exploitation techniques and target networks to recommend options for computer network operations to operation planners.
• Authored technical reports to disseminate information to the Intelligence Community and meet customer requirements.

• Routinely engaged in on-net computer network operations to provide support to combatant commander priorities.
• Developed scripts in Bash and Python to automate exploitation processes, resulting in shorter offensive cyber operation times.
• Stayed informed of emerging security threats, including zero-day exploits, vulnerabilities, and hacking campaigns to contribute a better understanding of the current cyber landscape to the team.
• Provided recommendations as the technical expert on exploitation tools and processes to mission commanders, resulting in a greater success rate of operations.

• Audited several enterprise-sized government networks for STIG misconfigurations using SCC and provided recommendations to the customer on how to remediate the issues discovered.
• Analyzed network traffic and system logs by leveraging SIEMs including Splunk, Elastic Stack, and QRADAR to discover network intrusions, clearing several enterprise-sized networks of adversary presence.
• Automated several security functions, significantly improving team productivity by eliminating repetitive tasks.
• Created in-depth technical guides for new analysts to follow, allowing for a smooth transition as team staffing changed over time.
• Applied research on known threat group tactics to protect networks by creating SIEM queries designed to discover intrusions using those techniques.
• Analyzed system artifacts and network traffic to create intrusion timelines, identifying affected systems for quarantine, remediation, and clearing networks of adversary presence.