Summary
Overview
Work History
Education
Skills
Affiliations
Timeline
Generic

Cynthia Elwell

Cyber Security And Forensic Analysis
Manassas,VA

Summary

Digital Forensic Analyst with significant experience in ransomware and business email compromise investigations. Possesses a master’s degree in Digital Forensics from the University of Central Florida. Experienced with network and host-based monitoring within a corporate SOC, forensic investigations, malware analysis, and incident response. Has worked in engineering and system administrator capacity to rollout forensic tool to the enterprise.

Overview

12
12
years of professional experience
6
6
years of post-secondary education

Work History

SENIOR CYBERSECURITY ANALYST

Visa
Ashburn, Virginia
07.2023 - Current
  • Performed forensic investigations for a variety cases ranging from employee misuse, insider threat, malware investigations, and supporting investigation post vulnerability findings.
  • Lead forensic analyst for Americas region.
  • Proactively hunted for possible insider threat concerns.
  • Improved detection and response capabilities for Mac systems by creating queries within our corporate toolset to obtain useful data for investigations.
  • Worked as engineer and system administrator for rollout of a new enterprise forensics tool. Troubleshot issues throughout the deployment lifecycle ranging from network issues, to permissions, to navigating corporate policy.
  • Developed AI integrations into work cycle.
  • Worked with acquired companies to plan tabletop exercise.
  • Improved documentation and processes though creation of SOPs.

CYBER SECURITY ANALYST, LEAD

CareFirst BCBS
Owings Mills, MD
12.2022 - 07.2023
  • Analyzed escalated event alerts to determine if true or false positive
  • Tuned alerts, where possible, to improve accuracy
  • Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.

FORENSIC ANALYST

Tetra Defense, An Arctic Wolf Company
Madison, WI
04.2021 - 12.2022
  • Forensically examined triages and images to determine Root Point of Compromise (RPOC), data exfiltration, and other Threat Actor activities
  • Directed acquisition of systems or triages based on evidence
  • Assisted junior analysts
  • Provided security recommendations to clients
  • Performed investigations for Business Email Compromises (BEC)
  • Provided clients with written reports of findings for possible future litigation
  • Interacted directly with clients and legal counsel to explain findings, answer questions, and provide recommendations for remediation
  • Shared tools, techniques, and unique investigation findings with other analysts to increase company skillsets and knowledge

FORENSICS AND MALWARE ANALYST

Critical Solutions
Springfield, VA
11.2019 - 04.2021
  • Analyzed malware and reports for possible countermeasures
  • Forensically examined hosts to assess root cause of compromise or loss of data
  • Provided assistance to junior analysts in network monitoring and email/malware analysis tasks
  • Created brown bag training sessions
  • Wrote SOPs and other documentation of tools and processes
  • Created YARA rules based on malware analysis findings
  • Member of fly-away team
  • Performed incident response to actively compromised networks
  • Performed compromise assessments of suspected compromised networks
  • Architecture review of network to determine weak points
  • Forensically imaged systems and memory for forensic analysis
  • Maintained chain of custody of evidentiary images

CYBER SECURITY ANALYST/SHIFT LEAD

Critical Solutions
Springfield, VA
01.2019 - 11.2019
  • Assigned tasks to shift analysts
  • Reviewed block requests and investigations in ticketing system
  • Used Splunk to monitor network traffic
  • Assisted in training junior analysts
  • Preliminary malware analysis
  • Recommend course of remediation
  • Examined email for malicious content
  • Monitored network and email traffic for malware or other security threats
  • Prepared SITREPs of ongoing high visibility investigations for federal leadership
  • Decreased open service tickets from over 130 tickets to less than 10 at any given time

SR. CYBER ANALYST/IR Lead

DXC Technology/Perspecta
Herndon, VA
11.2017 - 01.2019
  • SOC IR Lead for government customer
  • Assisted in training junior analysts in network monitoring and log analysis
  • Developed Incident Response plans for future corporate SOC
  • Developed and ran tabletop exercise with members of Public Sector SOC
  • Looked for new IOCs via maldoc/malware analysis and vendor reports
  • Monitored VirusTotal Intelligence for APT activity

DIGITAL FORENSIC ENGINEER

Sylint, Inc
Sarasota, FL
02.2017 - 11.2017
  • Forensically investigated intrusions and other events using X-Ways
  • Determined cause of intrusions and recommend possible remediation
  • Reported findings in reports that may be used for legal proceedings
  • Malware analysis
  • Reviewed Carbon Black alerts; hunt for potential compromises using Carbon Black
  • Created new detections to improve client security using Carbon Black

CYBER ANALYST SR

BAE Systems, Inc
Reston, VA
05.2015 - 02.2017
  • Access Protection Lead- created and evaluated rules for global enterprise
  • Monitored global network of BAE Systems employees using SIEM tool
  • Investigated network and host-based indicators and email for possible infection or intrusion attempts
  • Wrote IDS/IPS and custom Access Protection signatures to combat future attacks or infections
  • Forensically investigated hosts to verify infections or intrusions as member of Endpoint Threat Detection team
  • Malware analysis/triage
  • Assisted Threat Intelligence team in identifying actionable intelligence for signature creation
  • Suggested remediation based on findings

INTERN

St. Johns County Sheriff’s Office, UNIT
St. Augustine, FL
01.2014 - 04.2014
  • Created forensic images of suspect hard drives
  • Wiped hard drives
  • Assisted with examination of computer media
  • Completed mock forensic investigation from beginning to end
  • Assisted in cell phone examination using Cellebrite

Education

Master of Science - Digital Forensics

University of Central Florida
Orlando, FL
08.2012 - 12.2014

Bachelor of Science - Criminal Justice

University of Central Florida
Orlando, FL
08.2004 - 05.2008

Skills

    Ollydbg, IDAPro, RegShot, ProcessMonitor, ProcDOT, PEStudio, DIE

Wireshark

Mandiant Redline, Volatility

FTK, X-Ways Forensics, Encase, Cellebrite, FTK Imager, Axiom Cyber

Affiliations

  • SANS FOR:610- GREM Reverse Engineering Malware Analyst
  • SANS FOR:508- GCFA Certified Forensic Analyst
  • SANS FOR:408- GCFE Certified Forensic Examiner
  • SANS FOR:518- Mac and iOS Forensic Analysis and Incident Response

Timeline

SENIOR CYBERSECURITY ANALYST

Visa
07.2023 - Current

CYBER SECURITY ANALYST, LEAD

CareFirst BCBS
12.2022 - 07.2023

FORENSIC ANALYST

Tetra Defense, An Arctic Wolf Company
04.2021 - 12.2022

FORENSICS AND MALWARE ANALYST

Critical Solutions
11.2019 - 04.2021

CYBER SECURITY ANALYST/SHIFT LEAD

Critical Solutions
01.2019 - 11.2019

SR. CYBER ANALYST/IR Lead

DXC Technology/Perspecta
11.2017 - 01.2019

DIGITAL FORENSIC ENGINEER

Sylint, Inc
02.2017 - 11.2017

CYBER ANALYST SR

BAE Systems, Inc
05.2015 - 02.2017

INTERN

St. Johns County Sheriff’s Office, UNIT
01.2014 - 04.2014

Master of Science - Digital Forensics

University of Central Florida
08.2012 - 12.2014

Bachelor of Science - Criminal Justice

University of Central Florida
08.2004 - 05.2008

Similar Profiles

CREATE PROFILE
Cynthia ElwellCyber Security And Forensic Analysis