Brian Williams

• Utilize Mandiant and FireEye technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence.
• Assisted with triage, prioritization, and response to cyber-security events and incidents, facilitating timely and effective incident management.
• Perform malware reverse engineering and behavioral analysis.
• Specialize in network centric analysis utilizing a variety of tools (e.g. ELK, StealthWatch, Cisco Umbrella, etc.).
• Develop, maintain, upgraded, patched, and secured both Splunk and Red Hat Enterprise Linux in multiple enclaves.
• Develop strategies to safeguard computer files against modification, destruction, or disclosure, ensuring data integrity.
• Responded to security breaches and conducted initial investigations for further analysis.
• Analyzed logs from various sources including web servers, application servers, databases, IDS and IPS systems. for possible security breaches.
• Monitor network traffic for potential threats and vulnerabilities.

• Conducted risk and vulnerability assessments, delivering actionable results and recommendations to senior management.
• Applied leading theories and concepts to development, maintenance, and implementation of information security standards, procedures, and guidelines.
• Monitored classified agency data and mitigated hacking risks through timely network systems updates.
• Encrypted sensitive data and established firewalls to safeguard confidential information.
• Monitored computer virus reports to update virus protection systems.
• Built relationships and fostered effective communication with legal personnel ISSO to conduct practical investigations.
• Worked flexible hours; night, weekend, and holiday shifts to handle NGA Splunk events.

• Coordinated with third-party SIEM providers to enhance threat detection and response capabilities.
• Installed and maintained commercial firewall solution, working with security vendors to consistently apply best practices and software updates.
• Evaluated and selected Intrusion Detection Systems (IDS) to enhance security at DIA facilities.
• Developed standardized incident response program to ensure swift and uniform remediation of security breaches.
• Designed standardized incident logging system to track historical incursions while helping prevent future breaches.
• Provided preventive training to equip personnel against intrusion vectors like phishing and ransomware.
• Provided results of network retina scanner software audits.

Daily management and maintenance of government security technologies (firewalls, DLP, SEIM, AV) and managed services

• Delivered cutting edge network defense solutions to IC customers
• Deployed Cisco AMP Endpoint agents to enhance security in enterprise and lab environments.
• Implementing system security hardening guidelines on systems and performing functional testing on the system after system security hardening is in place
• Led information security leadership board to develop strategies and plans for automated enforcement of security requirements and risk mitigation.
• Developed mitigation plans in response to reviewed violations of computer security procedures.
• Monitored computer virus reports to update virus protection systems.
• Regulated access to data files and monitored usage to safeguard secure information.
• Prepare deliverables (e.g., weekly status reports, monthly PMR inputs, schedules, processes, procedures and requested documentation

• Directed in-house cybersecurity auditing program to detect flaws and weaknesses Microsoft and ArcSIGHT.
• Assessed effectiveness of network security measures against DDOS through external intrusion testing services.
• Monitored ARCSIGHT data, user logins, and file permissions to ensure data safety and optimize end-user efficiency.
• Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
• Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
• Contributed to development of device hardening techniques and protocols, enhancing overall security posture.