Senior Manager, Cyber Threat Intelligence
• Collaborated with other cyber defense teams to understand their needs and obtain feedback on the CTI team’s ability to satisfy their needs when providing technical reports and information involving TTPs, YARA/Snort rules, etc.• Reviewed domain monitoring alerts involving potentially malicious domains and analyzed the domains. Submitted blocks for all potentially malicious domains and requested domain take-downs when evidence of malicious use was available and able to be provided to the domain registrars.• Created a Python script to read a CSV file received weekly from the National Cyber Collaboration Center, group indicators listed by threat actor group, and add each group’s indicators to their MISP (Threat Intelligence Platform) event.• Created a Python script to check for new CVEs by vendor, get the CVE’s information, and add it to a CSV file if the CVSS score was 7.0 or higher.• Configured VisualPing to monitor over 30 vendor website vulnerability announcement pages, perform checks twice a day, and send email alerts if changes were noticed.• Wrote Intelligence Advisories and Vendor Reports on current topics that meet corporate customer Priority Intelligence Requirements.• Documented a process that uses XSOAR to automate the ingestion of domain monitoring alerts, obtain information for the alerted domains, and have the information presented in a ticket for CTI Analysts to analyze and action.• Created How-To guides outlining daily tasks for Domain Monitoring and checks of newly announced vulnerabilities.• Instructed CTI Analysts on technical skills related to Notepad++ macros, GitHub, Splunk, scripting and more.• Received three RStar awards within a four month period providing recognition for accountability, innovation, and collaboration in work performed including domain monitoring and Python scripting automation.