Ryan Black Email & Phone Number

Denver, NC, US

Pleasanton, California, US

• Built and managed integrations between Threat Intel Vendors, ThreatConnect, and SIEM/SOAR
• Responsible for daily reporting on trending cyber threats as well as quarterly reports related to trends specifically impacting Workday
• Collaborated with Incident Response to provide intel and enrichment on security investigations
• Worked with Customer Support and Legal teams during investigations involving customer data
• Built tools that assisted with vulnerability prioritization by integrating threat intel data with vulnerability data
• Managed Workday's Threat Intel Platform and all integrations

Pleasanton, California, US

• Develop a suite of detection rules (Python/SQL) used for early detection and prevention of payroll fraud
• Provide data for training Machine Learning algorithms in order to predict malicious activity and alert before actions on objective
• Manage and configure AWS roles & permissions for Threat Intel team including any cross-account/shared IAM access
• Build lookup tools that increase efficiency of security investigations by allowing multiple threat intel sources to be queried directly from Slack
• Design and implement integrations between Threat Intel sources and security tools
• Automate process of monitoring new and trending security events while providing context as to how these events impact business and enriching with both internal data and external threat intelligence

Pleasanton, California, US

• Create and implement a method for detecting malicious activity on customer accounts
• Identify and track TTPs of multiple threat actors that targeted Workday customers
• Collect OSINT from various sources and use it to enrich existing internal intelligence
• Analyze intelligence reports and generate a quarterly security bulletin for executives
• Develop Maltego transforms to assist with investigations and data visualization
• Manage Threat-Intel sharing platform for customers

Boise, Idaho, US

• Generate actionable Threat Intelligence reports by collecting IOCs during investigations
• Participate in R-CISC by submitting threat intelligence reports, and utilize intel submitted by other R-CISC members to proactively hunt for threats that have gone unnoticed by our security tools.
• Using Powershell, develop tools for CSIRT team to detect and remediate email threats in Office 365
• Responsible for responding to all high-severity and critical incidents
• Establish and rationalize processes for Email Protection and Threat Hunting
• Collaborate with IT Email Team to implement and configure new email protection tools

Boise, Idaho, US

• Utilize vulnerability management tools to prioritize top most vulnerable servers for remediation on a monthly basis
• Create internal security bulletins for IT/GRC to update on new/relevant vulnerabilities as they are announced and prioritize bulletins by criticality
• Validate remediation efforts by IT using vulnerability management tools and generate detailed reports of findings
• Organize team projects and delegate responsibilities to increase coordination and ensure deadlines are met
• Identify and enumerate all hosts with vulnerabilities found during penetration testing
• Engage vendors to find best practices for using specific security tools and ensure Safeway is utilizing tools to fullest capabilities

Cyber Security

Education record

Cultural Anthropology