Frank Sowah

• Contribute to analyzing cyber incidents and alerts for potential escalation, playing a crucial role in supporting the Cyber Fusion Center to prevent and mitigate cyberattacks.
• Conduct in-depth analysis of security events, identify indicators of compromise (IOCs), perform intrusion and root cause analysis, and proactively take measures to minimize potential damage to the cyber ecosystem.
• Detect and respond to security incidents using detection/response platforms, triage incidents, and analyze them through cyber threat intelligence and protection devices.
• Follow playbooks and SOPs to escalate cybersecurity events and assist in containment and remediation efforts during incidents, tracking details in the internal ticketing system.
• Conduct threat hunting activities based on internal and external threat intelligence and assist with service requests from customers and internal teams.
• Identify, recommend, coordinate, and deliver timely knowledge to support teams, keeping management informed of project progress, issues, and changes.
• Report information to supervisors and upper management, responding to requests for information and assistance.
• Develop comprehensive documents and manuals for team members and management, working on establishing repeatable and continually improving processes.
• Serve as a mentor and provide training to other team members as needed.
• Identified security threats, vulnerabilities and potential malicious activities through log analysis.
• Developed and implemented strategies to detect emerging cyber threats.
• Monitored network traffic for suspicious activity using SIEM tools such as Splunk and LogRhythm.
• Performed incident response and root cause analysis on security incidents.
• Installed firewalls, intrusion detection systems, anti-virus software and other security measures to protect networks from outside attacks.
• Conducted vulnerability assessments of IT systems and applications.
• Analyzed logs from various sources including web servers, application servers, databases, IDS and IPS systems. for possible security breaches.

• Assist in handling escalated computer security incidents and cyber investigations, encompassing computer and network forensics, root cause analysis, and malware analysis.

• Recognize areas requiring updates in data security policies and procedures, guiding and training team members accordingly.

• Collaborate with Information Security teams, risk officers, and technology management to shape cybersecurity strategy.

• Document assessment findings on security control implementation, conducting risk assessments based on control status and examination results.

• Act as a coordinator for escalated cyber threats/incidents, ensuring adherence to policies and regulatory requirements.

• Utilize XSOAR for investigating common security threats and work on enhancing security monitoring tools with contextual information.

• Deliver cyber intelligence services and insights to IT and business leaders, identifying new threat tactics used by cyber actors.

• Manage real-time monitoring of third-party security feeds, forums, and mailing lists, utilizing Splunk to investigate threats in the network environment.

• Utilize Netflow analysis, Gigamons, and HPNA for operational support and monitoring of the network infrastructure.

• Developed and implemented security policies and procedures.
• Monitored network traffic to detect suspicious activities or policy violations.
• Performed vulnerability scans on systems, networks, applications and databases.
• Analyzed system logs and identified potential threats or risks.
• Provided guidance and technical support for security related projects.

· Led and participated in Incident Response for SOC customers, covering Threat Detection, Response, and Remediation. Served as incident commander, effectively communicated issues, and provided recommendations for resolutions. Developed timelines and provided companywide updates during incidents, following disaster recovery procedures. Monitored phishing emails, investigated malware threats, and analyzed malware impact via Splunk and IronPort. Established disaster recovery procedures for SOC team, conducting monthly testing and training. Conducted security control and risk assessments based on security policies and best practices. Analyzed daily reports through NORSE SIEM and Netcool monitoring system for potential threats. Utilized Carbon Black to monitor user activities and restrict access based on vulnerability and impact analysis. Continuously assessed, tested, and implemented new security technologies to enhance network security.

· Supported internal and external users through troubleshooting, issue escalation, and deploying hardware/software.

· Assisted with installations, upgrades, and provided advanced troubleshooting for Windows and Mac OS.

· Identified and recommended upgrades to IT and communications infrastructure.

· Collaborated with unit personnel on infrastructure development.

· Addressed performance and capacity issues.

· Provided onsite and remote technical support.

· Managed equipment installations, removals, and monitored network infrastructure.

· Utilized ticketing systems Remedy and ServiceNow for documentation and issue resolution.