Summary
Overview
Work History
Education
Skills
Projects
References
Core Skills
Timeline
Generic
HOWARD V. MCKINNEY

HOWARD V. MCKINNEY

Tulsa,OK

Summary

SOC Analyst specializing in threat hunting and SIEM engineering. Automated 90% of IOC enrichment processes, significantly accelerating investigations. Experience in building Splunk dashboards and mentoring junior analysts, coupled with a strong foundation in API-driven workflows and incident response.

Overview

2
2
years of professional experience

Work History

SOC Analyst I

ONEOK
Tulsa, OK
05.2024 - Current
  • Led threat hunting initiatives, ensuring alignment with IOCs and CISA/DRAGOS/CTI feeds; automated 90% of enrichment process to enhance response time.
  • Built Splunk dashboards to monitor enterprise-wide IOC activity (IPs, hashes, domains), identifying anomalies from port scanning to policy violations for proactive threat detection.
  • Developed Python programs to automate IOC ingestion and enrichment (VirusTotal, AbuseIPDB), exporting data into lookup tables for Splunk dashboards, streamlining threat analysis.
  • Designed and deployed an internal IOC database to support in-house threat hunting.
  • Mentor and train new SOC analysts; serve as de-facto night shift lead (3–12 shift), handling escalations and team dynamics.
  • Certified member of Incident Response Team, trained to deploy with tactical vehicles and mobile command posts.

Education

Bachelor of Science - Cyber Security

Northeastern State University
Tahlequah, OK
12-2025

Skills

  • Threat hunting
  • Malware detection
  • Phishing analysis
  • Traffic analysis
  • IOC correlation
  • SOAR workflows
  • Splunk
  • FireEye
  • Carbon Black
  • Palo Alto
  • Proofpoint
  • Netskope
  • Bluecoat
  • O365 Security
  • SecureAuth
  • Okta
  • Python
  • Bash
  • API automation
  • VirusTotal
  • AbuseIPDB
  • Bit9
  • Collaboration techniques
  • Incident collaboration
  • Training new hires
  • Problem-solving skills
  • Customer engagement
  • Customer engagement

Projects

  • In-House IOC Database (MongoDB + Internal Hosting), Designed and deployed an enterprise-grade IOC database to be hosted on internal servers using MongoDB. Provides centralized, continuously updated IOC intelligence to support proactive threat hunting and reduce reliance on external feeds.
  • Splunk ES Mission Control Dashboards, Developed multiple dashboards integrated directly into Splunk Enterprise Security’s Mission Control SIEM. Built entirely from scratch, these dashboards automate IOC correlation, accelerate investigations, and are now core tools used by the SOC team.
  • IOC Automation Pipeline, Engineered Python-based automation tools to enrich domains, IPs, and file hashes via VirusTotal and AbuseIPDB APIs. Outputs structured CSV/Excel lookup tables for seamless Splunk integration, transforming manual IOC checks into fully automated workflows.
  • Threat Hunting Dashboards, Authored dashboards for real-time detection of anomalies such as port scanning, policy evasion, and suspicious domain activity. Reduced investigation times from hours to minutes and directly contributed to multiple incident discoveries.

References

  • Dr. Monica Mattox, PHD, Meteorology Professor, University of Oklahoma, 517-605-1853, Mmattox724@gmail.com
  • Dr. Rene Moquin, Ph.D., CISSP, Professor of Information Systems, Northeastern State University, 254-721-5262, moquin@nsuok.edu
  • Derek England, Manager, Security Operation, ONEOK Enterprise Security, 918-261-5050

Core Skills

Splunk (Enterprise & ES), FireEye, Bit9/Carbon Black, Proofpoint, Palo Alto, Bluecoat, Netskope, O365 Security, SecureAuth, Okta, Python, Bash, JavaScript, Threat hunting, Log and network traffic analysis, Malware detection, Phishing analysis, IOC correlation, SOAR workflows, Team leadership, Mentoring junior analysts, Incident response collaboration, Strong problem-solving and client service background

Timeline

SOC Analyst I

ONEOK
05.2024 - Current

Bachelor of Science - Cyber Security

Northeastern State University
HOWARD V. MCKINNEY