EHIS “Mac” IREDIA
Houston,TX
Summary
Bilingual Certified Cybersecurity Professional with Active Top Secret (TS) Clearance, a strong academic foundation, and proven experience in cybersecurity, vulnerability management, data analysis, and risk mitigation. Skilled in incident response, security process improvement, and resolving complex technical challenges in fast-paced, high-security environments. Known for delivering high-impact results on time-sensitive projects while enhancing overall security posture.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Cybersecurity Specialist II - IT
Loomis U.S.
07.2024 - Current
- Investigate information security breaches to identify vulnerabilities and evaluate damages.
- Forensic analysis, uses tools like FTK, Wireshark, Microsoft's Sysinternals tools such as ProcDump, Procmon, recover and verify data, create copies, and document digital evidence.
- Vulnerability management, analyze patch Tuesdays, use SCCM and Patch-MyPC.
- Use Azure Cloud for analysis, logs analysis, investigation, managing data and more.
- Threat hunting, investigate APT group, using SentinelOne, Defender, Yara, CrowdStrike and many more. Use PE-Studio for generating strings.
- Use Microsoft Exchange-Onprem (Exchange Server), & Exchange-online (Cloud base) for analysis and investigation.
- Incident Response, respond to threats, via CrowdStrike, DarkTrace, Cisco Umbrella.
- Perform PenTest using Nmap, WireShark, Metasploit.
- Investigate phishing emails, carry out url sinkhole, initiate sender block and removal.
- Perform both dynamic and static malware analysis using Sandboxingo tools like Any.Run, JoeSandBox. Analyze & investigate malicious code. Use Malwarebytes
- Perform DLP (Data Loss Prevention) using ForcePoint, Maas360 and DriveStrike.
- Use CyberArk, RDP into servers, DC, in order to monitor Active Directory activities.
- Use SolarWinds, ArcticWolf, Rapid7, Microsoft Purview, Riverbed, Abnormal, KnownBe4, PowerBI, Pleasant-Password for investigation, monitoring, and analysis.
- Use F5 for load balancing, renewing & reactivating certificates.
- Use Cisco Umbrella to perform whitelisting, blacklisting, API risk & health.
- Use Splunk as a SIEM tool, SOAR, EDR, MDR, and Zscaler for analysis.
- Managed patch management procedures effectively, ensuring timely updates to mitigate vulnerabilities in the organization''s systems.
- Reduced cyber risks by conducting regular vulnerability assessments and penetration tests.
Cybersecurity Analyst II - IT
Sempra Infrastructure - Oil & Gas
02.2024 - 07.2024
- Used Microsoft Defender, Azure Cloud, CrowdStrike to investigate, analyze alerts, and respond to threats. Investigated incidents carried out SandBoxing.
- Used YARA for threat hunting, YARA to create rules, detected threats & analysis.
- Conducted Forensics analysis using tools like FTK, Wireshark and Sysinternals to recreate, analyze, verify, copy, and present digital evidence for further investigation.
- Performed incident response, worked with NIST SP 800-53, NIST SP 800-61, SANS incident response plan, ISO 27001, ISO 27018, NIST 800-171 - CUI control.
- Coordinated the SOC, provided analysis of network, host-based security events and trends of security log data from many heterogeneous security devices.
- Reviewed alerts & data from sensors, and documented formal, technical incident.
- Investigated phishing emails, sinkhole malicious links, performed email removal, email block, used Splunk to monitor alerts, diagnose & investigate.
- Utilized ProofPoint to monitor emails, investigate email and studied header.
- Used WireShark to investigate, analyzed packets, request Base events using PCAP.
- Studied HTTP code, HTTP method such as POST, GET, PUT & DELETE.
- Provided re-imaging for infected devices, used ProofPoint Trap to quarantine malicious emails.
- Consulted MITRE ATT&CK framework to support Cybersecurity analysis. Created IOC reports and participated in alert tunning and phishing campaigns.
- Provided deep incident response by threat Hunting on malware. Performed incident response by being reactive and proactive.Contacted and coordinates with vendors.
- Used Powershell script to investigate queries. Monitored IPS,IDS, TLS,TCP,UDP.
Cybersecurity SOC Analyst II
NASA - National Aeronautics and Space Administration
06.2023 - 02.2024
- Used WireShark to investigate, analyze packets, request Base events using PCAP.
- Performed vulnerability report on every CVE on Patch Tuesdays and beyond.
- Created controls such as implementing DLP policies in Microsoft Purview, whitelisting & blacklisting using Cisco Umbrella.
- Performed Forensics analysis with FTK, Procmon, ProcDump,Wireshark, to recover, verify, trace, copy, and notated digital evidence.
- Utilized Fire-Eye for HX-Package, forensics investigation & device monitoring.
- Used YARA for threat hunting, created rules with YARA, used pestudio for analysis
- Analyzed DNS-Sinkhole alert, Unauthorized software alert, Network traffic alert.
- Carried out incident response by performing Threat Hunting on APT, latest malware, phishing, social engineering, new strains of known ransomware, collect and process intelligence. Used MITRE ATT&CK framework to support Cybersecurity analysis.
- Performed incident response by analyzing beaconing alerts, tracing a C2 request, pull IP logs via Fortinet-Firewall in Splunk, Pull DNS logs Via DNS investigation, pull WCF logs in Splunk for accurate analysis. Performed malware analysis regularly.
- Used SentinelOne to investigate alerts, analyze malicious files, analyze SHA-1 hashes and report the findings as needed. Use PowerShell to run .exe, build script
- Sinkhole malicious links as needed, create Nomad Blocks on malicious emails, study email headers manually for spoofed identity by involving DKIM and SPF.
- Used CrowdStrike, used Splunk as a SIEM for diagnosis, analysis and investigation.
- Utilized Nessus for vulnerability scanning, investigate IPS (Source IPs & Dest IPs).
- Mobile Device Management, used Maas360, Drive-Strike to request wipes on phones that did not follow rules, request PKI revocation on Laptops, request IP/MAC Address Block, DNS sinkhole, recorded mobile travel request, used Druva for backups, used Cisco Jabber for teleworking, used RSA for mobile identity & also performed vulnerability management and identity management. Used IPS, IDS, TLS.
- Used DarkTrace for detecting threats and abnormal activities. Used TCP, UDP, SSL.
- Used Urlscan, Virustotal, IPAbuse, CyberChef, WhereGoes, PDF-StreamDumper and many more as OSINT to support analysis and investigation.
Cybersecurity SOC Analyst I
NASA - National Aeronautics and Space Administration
06.2022 - 06.2023
- Investigated and reported phishing emails, social engineering, requested blocking on malicious emails, quarantined malicious activities, and mitigated any future threats.
- Identified threats, analyzed the scenarios with OSINT, Splunk, and created Blocks.
- Sinkholed malicious domains through a drive-by or targeted, Utilized VM to carry out several functions, used VMWare, VirtualBox, and Linux ArcSight.
- Manually studied email Headers for spoofed identity or email address, return path, and used DKIM and SPF to investigate anti-phishing.
- Used URLscan, VirusTotal, WhereGoes, MS-Decode, UrlVoid, CyberChef, PDF-StreamDumper, and IP-Abuse to research malicious and suspicious activities.
- Performed cybersecurity duties on customer networks (proactively and re-actively).
- Threat hunted with YARA, created rules, performed static analysis with PEstudio.
- Performed and analyzed vulnerability scans using Nessus scanning tool.
- Utilized Splunk in connection with SIEM tool to analyze and correlate event logs from network security devices and mission-critical infrastructure (e.g., network and host-based security systems, firewalls, routers, switches, servers, workstations, etc.
- Authenticated with RSA, Encrypt with S/MIME, PGP, TLS, and many more.
- Analyzed tickets, administered submitted tickets, and created journals on findings.
- Analyzed DLP, IPS, IDS, EDR, IOC, TCP, UDP, TLS, SSL, S/MIME and firewall.
- Performed SandBoxing on malware and other malicious investigations.
- Followed NASA incident response guidelines to contain threats & eradicated them.
- Participated in Phishing Exercise/Employee awareness education using KnownBe4.
Cybersecurity Data & Supply Chain Associate
Walmart Distribution Center
01.2021 - 06.2022
- Analyzed initiatives for data integrity and normalization including generating reports.
- Performed Data Encryption & Data Loss Prevention. Knowledge of NIST SP 800-53, NIST SP 800-61 incident response, ISO 27001, ISO 27018, NIST 800-171.
- Administered Data Governance - varonis datadvantage (gives users visibility & control over their data). Used Splunk as SIEM to collect logs from multiple source.
- Managed data at rest, data in motion, and data in use. Watched the data for anomalies.
- Performed Data Retention and Destruction. Monitored on-boarding of data into Splunk.
Sr. Cybersecurity Analyst & Information Security
Christy Grace Health Center & Borngreat Foundation
09.2013 - 01.2021
- Developed and maintained a set of operational and forward-looking security metrics including answering calls while delivering exceptional customer service.
- Used YARA to threat hunt, created rules with YARA, detected threats with YARA.
- Worked with NIST SP 800-53, NIST SP 800-61, ISO 27001, ISO 27018, NIST 800-171 - CUI control, SANS incident response plan, MITRE ATT&CK and many more.
- Provided Incident response by regularly monitoring, triage, and tuning to automated security alerts. Threat hunting using available logs and resources. Provided timely detection and identification of possible attacks, intrusions, misused activities and distinguish if events are benign activities or true-positives.
- Conducted DNS security research on threats and remediation methods by observing Port Control, VPN security, encrypting of data with RSA, AES, and many more.
- Used McAfee Suite operations in data loss prevention, used Cisco TACAS+ for authentication, monitored Security Operation Center (SOC), audited IPS, IDS, IOC, firewall.
- Monitored Network Access Control (NAC), Network security, and VPN connections as well as reviewing Cloud Storage and authenticating remotely using RADIUS.
- Performed Data Loss Prevention (DLP) by encrypting files with Pretty Good Privacy (PGP), AES, RC4, regular Patches, backup of data, and Clean Desk policies.
- Used Forensics Tool Kit (FTK) to trace fragments, certify the integrity of the data, create copies of computer data, harsh reports, and trace evidence regularly.
- Used Splunk to perform capturing, indexing, and correlating the real-time data.
- Provided incident response by analyzing log ingestion, aggregation, and retention.
- Demonstrated In-depth understanding of fundamental basics of the Splunk infrastructure, components such as: Forwarder, indexer,and search head.
Education
Master of Security Management - Cybersecurity
University of Houston-Downtown
Houston, TX12.2020
Bachelor of Science - Public Affairs & Political Science
Texas Southern University
Houston, TX05.2017
Skills
- Microsoft Office Suite
- Microsoft Defender
- Microsoft Azure Cloud
- Risk Analysis
- Incident Response
- Cybersecurity
- Malware Analysis
- Data Loss Prevention
- Mobile Device Management
- Vulnerability Management
- Cryptography
- Threat Hunting
- Network Security
- Forensics Analysis
Certification
- ISACA - CISM (Certified Information Security Manager) - Issued 2023
- CompTIA Security+ ce (SY0-601) Certified - Issued 2022 - Expires 2026
- Splunk - Intro to Dashboards - Issued 2022, No Expiration Date
- Graduate Certificate, Cybersecurity, University of Houston-Downtown, 2020
- CompTIA SecurityX Formally known as CASP+ Issued 2023 - Expires 2026
Timeline
Cybersecurity Specialist II - IT
Loomis U.S.
07.2024 - Current
Cybersecurity Analyst II - IT
Sempra Infrastructure - Oil & Gas
02.2024 - 07.2024
Cybersecurity SOC Analyst II
NASA - National Aeronautics and Space Administration
06.2023 - 02.2024
Cybersecurity SOC Analyst I
NASA - National Aeronautics and Space Administration
06.2022 - 06.2023
Cybersecurity Data & Supply Chain Associate
Walmart Distribution Center
01.2021 - 06.2022
Sr. Cybersecurity Analyst & Information Security
Christy Grace Health Center & Borngreat Foundation
09.2013 - 01.2021
Master of Security Management - Cybersecurity
University of Houston-Downtown
Bachelor of Science - Public Affairs & Political Science
Texas Southern University
SECURITY CLEARANCE
Active - Top Secret Clearance (TS), Issued 2022 - DOD Sponsored
Awards
International Dean’s List 2016, Texas Southern University Dean’s List 2017
Similar Profiles
Lee R. HendryLee R. Hendry
Armed Service Technician at U.S. Loomis Armored LLCArmed Service Technician at U.S. Loomis Armored LLC
Evan ScottEvan Scott
Intern at Loomis Chaffee SchoolIntern at Loomis Chaffee School
Nardin SalamaNardin Salama
Teller Service Representative at Loomis Armored USTeller Service Representative at Loomis Armored US
Leonela DuranLeonela Duran
Front of House Manager at Center HoustonFront of House Manager at Center Houston
Enrique CanovaEnrique Canova
Instrument Fitter/Orbital Welder at Stratus SystemsInstrument Fitter/Orbital Welder at Stratus Systems