Cynthia Elwell
Cyber Security And Forensic Analysis
Manassas,VA
Summary
Digital Forensic Analyst with significant experience in ransomware and business email compromise investigations. Possesses a master’s degree in Digital Forensics from the University of Central Florida. Experienced with network and host-based monitoring within a corporate SOC, forensic investigations, malware analysis, and incident response.
Overview
8
8
years of professional experience
6
6
years of post-secondary education
Work History
CYBER SECURITY ANALYST, LEAD
CareFirst BCBS
Owings Mills, MD
12.2022 - Current
- Analyzed escalated event alerts to determine if true or false positive
- Tuned alerts, where possible, to improve accuracy
FORENSIC ANALYST
Tetra Defense, An Arctic Wolf Company
Madison, WI
04.2021 - 12.2022
- Forensically examined triages and images to determine Root Point of Compromise (RPOC), data exfiltration, and other Threat Actor activities
- Directed acquisition of systems or triages based on evidence
- Assisted junior analysts
- Provided security recommendations to clients
- Performed investigations for Business Email Compromises (BEC)
- Provided clients with written reports of findings for possible future litigation
- Interacted directly with clients and legal counsel to explain findings, answer questions, and provide recommendations for remediation
- Shared tools, techniques, and unique investigation findings with other analysts to increase company skillsets and knowledge
FORENSICS AND MALWARE ANALYST
Critical Solutions
Springfield, VA
11.2019 - 04.2021
- Analyzed malware and reports for possible countermeasures
- Forensically examined hosts to assess root cause of compromise or loss of data
- Provided assistance to junior analysts in network monitoring and email/malware analysis tasks
- Created brown bag training sessions
- Wrote SOPs and other documentation of tools and processes
- Created YARA rules based on malware analysis findings
- Member of fly-away team
- Performed incident response to actively compromised networks
- Performed compromise assessments of suspected compromised networks
- Architecture review of network to determine weak points
- Forensically imaged systems and memory for forensic analysis
- Maintained chain of custody of evidentiary images
CYBER SECURITY ANALYST/SHIFT LEAD
Critical Solutions
Springfield, VA
01.2019 - 11.2019
- Assigned tasks to shift analysts
- Reviewed block requests and investigations in ticketing system
- Used Splunk to monitor network traffic
- Assisted in training junior analysts
- Preliminary malware analysis
- Recommend course of remediation
- Examined email for malicious content
- Monitored network and email traffic for malware or other security threats
- Prepared SITREPs of ongoing high visibility investigations for federal leadership
- Decreased open service tickets from over 130 tickets to less than 10 at any given time
SR. CYBER ANALYST/IR Lead
DXC Technology/Perspecta
Herndon, VA
11.2017 - 01.2019
- SOC IR Lead for government customer
- Assisted in training junior analysts in network monitoring and log analysis
- Developed Incident Response plans for future corporate SOC
- Developed and ran tabletop exercise with members of Public Sector SOC
- Looked for new IOCs via maldoc/malware analysis and vendor reports
- Monitored VirusTotal Intelligence for APT activity
DIGITAL FORENSIC ENGINEER
Sylint, Inc
Sarasota, FL
02.2017 - 11.2017
- Forensically investigated intrusions and other events using X-Ways
- Determined cause of intrusions and recommend possible remediation
- Reported findings in reports that may be used for legal proceedings
- Malware analysis
- Reviewed Carbon Black alerts; hunt for potential compromises using Carbon Black
- Created new detections to improve client security using Carbon Black
CYBER ANALYST SR
BAE Systems, Inc
Reston, VA
05.2015 - 02.2017
- Access Protection Lead- created and evaluated rules for global enterprise
- Monitored global network of BAE Systems employees using SIEM tool
- Investigated network and host-based indicators and email for possible infection or intrusion attempts
- Wrote IDS/IPS and custom Access Protection signatures to combat future attacks or infections
- Forensically investigated hosts to verify infections or intrusions as member of Endpoint Threat Detection team
- Malware analysis/triage
- Assisted Threat Intelligence team in identifying actionable intelligence for signature creation
- Suggested remediation based on findings
INTERN
St. Johns County Sheriff’s Office, UNIT
St. Augustine, FL
01.2014 - 04.2014
- Created forensic images of suspect hard drives
- Wiped hard drives
- Assisted with examination of computer media
- Completed mock forensic investigation from beginning to end
- Assisted in cell phone examination using Cellebrite
Education
Master of Science - Digital Forensics
University of Central Florida
Orlando, FL 08.2012 - 12.2014
Bachelor of Science - Criminal Justice
University of Central Florida
Orlando, FL 08.2004 - 05.2008
Skills
Ollydbg, IDAPro, RegShot, ProcessMonitor, ProcDOT, PEStudio, DIE
Affiliations
- SANS FOR:610- Reverse Engineering Malware
- SANS FOR:508- GCFA Certified Forensic Analyst
- SANS FOR:408- GCFE Certified Forensic Examiner
Timeline
CYBER SECURITY ANALYST, LEAD
CareFirst BCBS
12.2022 - Current
FORENSIC ANALYST
Tetra Defense, An Arctic Wolf Company
04.2021 - 12.2022
FORENSICS AND MALWARE ANALYST
Critical Solutions
11.2019 - 04.2021
CYBER SECURITY ANALYST/SHIFT LEAD
Critical Solutions
01.2019 - 11.2019
SR. CYBER ANALYST/IR Lead
DXC Technology/Perspecta
11.2017 - 01.2019
DIGITAL FORENSIC ENGINEER
Sylint, Inc
02.2017 - 11.2017
CYBER ANALYST SR
BAE Systems, Inc
05.2015 - 02.2017
INTERN
St. Johns County Sheriff’s Office, UNIT
01.2014 - 04.2014
Master of Science - Digital Forensics
University of Central Florida
08.2012 - 12.2014
Bachelor of Science - Criminal Justice
University of Central Florida
08.2004 - 05.2008
Similar Profiles
Laura Marie JudgeLaura Marie Judge
Account Consultant I at CareFirst BCBSAccount Consultant I at CareFirst BCBS
Stephanie Wynn-JonesStephanie Wynn-Jones
Executive Director, TPA Operations, PMO, and Technology at - CareFirst BCBSExecutive Director, TPA Operations, PMO, and Technology at - CareFirst BCBS
Mani ChalasaniMani Chalasani
Lead(PRPC Projects Upgrade) at CareFirst BCBS D.CLead(PRPC Projects Upgrade) at CareFirst BCBS D.C
Keara JonesKeara Jones
Billing Technician II at CareFirst BCBSBilling Technician II at CareFirst BCBS
Amanie Bonchu StokesAmanie Bonchu Stokes
Behavior Therapist at BreakThru ServicesBehavior Therapist at BreakThru Services