Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Generic

Austin Heath

Colorado Springs,CO

Summary

To obtain knowledge and focus on a career in incident response. Interested in malware analysis, digital forensics, and incident response specifically within cloud environments such as AWS, Azure, and GCP.

Overview

5
5
years of professional experience
1
1
Certification

Work History

CSIRT - Incident Response Analyst

CrowdStrike
Remote, CO
08.2022 - Current
  • A member of the internal CSIRT team at CrowdStrike, effectively triaging all incidents and tickets that occur directly within CrowdStrike's environment.
  • Perform triaging of multiple event types which occurred in CrowdStrike's internal environment such as phishing, network forensics, host-based forensics (Mac/Win/Linux), memory analysis, and other OSINT involved investigations.
  • Identified and resolved problems within Crowdstrike's environment through root cause analysis and research.
  • Perform Insider Risk investigations which require communicating very closely to senior leadership and presenting cases on a regular basis to higher-ups in management.
  • Write executive and technical level summaries and reports for senior management based off the Insider Risk investigations I am involved in.
  • Write Splunk and LogScale queries to further my forensic skills and to assist in rule logic/creation to better protect CrowdStrike's environment.
  • Developed a Window's Forensics Triaging tool in-house that utilizes other open-source tools which allowed for live investigations of machines without affecting the user or needing to rely on full disk imaging.
  • Assist in writing playbooks for the greater CSIRT team and newer employees at CrowdStrike.
  • Create and present active Live-Fire exercises and tabletops that involve full scale compromises in a simulated environment.
  • Assist in mentoring newer employees and other team members on CSIRT, especially in the realm of Incident Response and Windows Forensics.
  • Helped meet changing demands by recommending improvements to business systems or procedures.

IR Forensic Investigator

CFC Insurance / Solis Security
Remote
02.2021 - 08.2022
  • Cyber Incident Response; experience with active ransomware incidents, containment, prevention, and remediation procedures.
  • Actively use static and dynamic methods to analyze malware/ransomware to determine new IOCs and to collect intel for the threat intel team for future engagements.
  • Actively participate/lead forensic engagements with infections of Ryuk, TrickBot, Emotet, Sodinokibi, Maze, Clop, Darkside, Pysa, and Dopplepaymer threat groups.
  • Use Open Source parsers and forensic tools such as the EZimmerman (SANS) tools as well as Cylr and Velociraptor to initiate collection of forensic artifacts.
  • Write high level executive and technical reports for legal teams and the insured.

Sr. Incident Response Analyst

Dell
Remote
08.2020 - 01.2021
  • Recommend improvements in security systems and procedures regarding CMMC model.
  • Created and modified existing rules in Splunk in order to effectively monitor and prevent attacks on Dell infrastructure.
  • Investigated phishing emails and managed process of blocking malicious URLs and domains.
  • Assisted in writing runbooks for Malware Analysis, Phishing Email Analysis, and Ransomware Remediation.
  • Conducted investigations of network traffic using NetWitness and WireShark.
  • Monitored and responded to security events for Dell's Federal environment.

Security Analyst

SpearTip
Saint Louis, MO
08.2019 - 07.2020
  • 24/7 SOC Operations Center with focus on incident response and digital forensics.
  • Monitored and responded to security events for 24/7 MDR (Managed Detection and Response) clients.
  • Security events included Adware/PUP and advanced malware.
  • Cyber Incident Response; experience with active ransomware incidents, containment, prevention, and remediation procedures.
  • (Travel Required).
  • Actively participated/lead engagements with infections of Ryuk, TrickBot, Emotet, Sodinokibi, Maze, Clop, and Dopplepaymer.
  • Lead Business Email Compromises (O365 E-Discovery) and regularly analyzed .eml files and phishing emails.
  • Managed phishing campaigns and wrote full reports on analyzed email payloads.
  • Forensic Imaging and Digital Forensics experience related to the above incidents.
  • Host Based Forensics on MacOS and Windows with Axiom Process/Examine and FTK Imager.
  • Decoded PowerShell scripts related to Cobalt Strike and Meterpreter.
  • Communicated and collaborated with outside legal counsel regarding data exfiltration and legal responsibilities of victims of ransomware.
  • Specifically relating to PHI and PII.
  • Vulnerability management, Web Application Penetration Testing, Internal/External Security Assessments, Phishing Campaigns.
  • Nessus and Qualys.
  • Professional report writing for incident response cases, security assessments, and business email compromises; as well as monthly executive and technical reports for senior level management.

Admin Infrastructure (I)

Maritz Holdings Inc
Fenton, MO
01.2019 - 08.2019
  • Resolved first - second tier questions and issues from many different sources throughout Maritz.
  • Supported around 5,000 users, with an average of 20-40 calls a day.
  • Resolved technical questions such as general PC troubleshooting, networking issues, Office 365, Citrix Virtual Desktop and Published Apps, and other business custom applications.
  • Software and Applications used often ~ Citrix, Remote Desktop, SCCM, Active Directory, Exchange and O365 Admin Portal, PUTTY.
  • Provide thorough documentation and communicate to Tier 2/3 support to provide service at a timely manner.
  • Job Rotation - (Twice a year) Deskside Support, hands on, imaging computers, troubleshooting port issues, providing front facing customer support.
  • On call Rotation every 6 weeks (7 days a week, 24 hours).

Education

Associate of Science - Computer Information Support

Jefferson College
Arnold, MO

Skills

  • Active Directory
  • Endpoint, Detection, and Response Tools (SentinelOne, Crowdstrike, Carbon Black)
  • Jira
  • ServiceNow
  • OSINT
  • SIEM (ELK Stack Logstash)
  • Splunk
  • Proofpoint
  • Linux Forensics
  • Malware Analysis - Static and Dynamic (Flare VM, Remnux)
  • Host Based Forensics Mac and Windows (Axiom)
  • Incident Response
  • Triage Based Digital Forensics
  • Memory Analysis - Volatility
  • Eric Zimmerman Forensic Tool Suite (SANS)
  • Cylr and Velociraptor
  • Ransomware Remediation
  • Office 365
  • Business Email Compromises and eml analysis
  • Phishing Campaigns and Analysis
  • 24/7 On Call Experience
  • AWS Infrastructure
  • AWS Incident Response
  • Technical and Executive Report Writing

Websites

Certification

CompTIA

  • A+
  • Network+
  • Security+
  • CySA+
  • CASP+


Cloud

  • AWS Solutions Architect - Associate


eLearnSecurity

  • eJPT (Junior Penetration Tester)
  • eDFP (Digital Forensics Professional)

Timeline

CSIRT - Incident Response Analyst

CrowdStrike
08.2022 - Current

IR Forensic Investigator

CFC Insurance / Solis Security
02.2021 - 08.2022

Sr. Incident Response Analyst

Dell
08.2020 - 01.2021

Security Analyst

SpearTip
08.2019 - 07.2020

Admin Infrastructure (I)

Maritz Holdings Inc
01.2019 - 08.2019

Associate of Science - Computer Information Support

Jefferson College

Similar Profiles

CREATE PROFILE
Austin Heath