James Banday

Adept at mastering new technologies and concepts, with a comfort level in utilizing command-line interfaces. Track record of resolving intricate technical challenges and steering support-focused projects to success. Expert understanding of the MITRE ATT&CK framework, adept in analyzing Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and leveraging Tools, Techniques, and Procedures (TTPs) for Advanced Persistent Threat (APT) hunting Profound involvement in Capture The Flag (CTF) development on HTB, showcasing deep comprehension of threat landscapes coupled with inventive problem-solving capabilities Accomplished in data analysis, utilizing sophisticated tools such as Jupyter Notebook Comprehensive understanding of security principles, with the capability to communicate complex security concepts to diverse audiences, both technical and non-technical Specialized in crafting Snort rules and intrusion detection signatures, playing a pivotal role in maintaining system security Experience of creating Elastic Dashboards and Elastic rule alerts Experienced in the construction of Elastic Dashboards and in the orchestration of rule alerts to enhance security responsiveness Over three years of enriched experience in threat detection and hunting, bringing depth and expertise to security roles Proficient in leveraging industry-leading tools such as Splunk, Elastic, Trellix ESM, and Zeek to enhance organizational cybersecurity Expertise in mitigating a wide spectrum of security events, responding effectively to incidents involving viruses, malware, and ransomware on Windows and Linux endpoints Highly skilled in detecting intrusions through host and network-based intrusion detection technologies, including Snort, ensuring robust security infrastructure Outstanding collaborative skills in high-pressure environments, effectively working in teams to address time-sensitive incidents Profound knowledge in network troubleshooting and security assessments through Wireshark, including protocol implementations and PCAP analysis, safeguarding network integrity Expert utilization of Tychon’s Rapid Query (Elastic) for detailed hash analyses, enhancing incident response through precise analysis Collaborative leadership in scheduling and testing HBSS upgrades and maintenance, ensuring system readiness and stability through meticulous coordination Cybersecurity Operation Analyst / CTR US USA RCC-P | Vectrus Systems | Fort Shafter, Hawaii | 09/2019 – 02/2021 Ability to write Snort Rules. Employ forensic analysis and digital evidence over a wide range of technologies (like networks, mobile devices, Windows and Linux). Capturing file system and memory changes of an operating (victim) host. Operated Nessus to test each port on computer, determining what service it is running and then test this service to make sure there are no vulnerabilities that could be used by a hacker to carry out malicious attack. Operated Wireshark for network troubleshooting, examine security problems and debug protocol implementations and PCAP analysis. Coordinate with all stakeholders to schedule and test HBSS upgrades and maintenance. Experience with Network intrusion detection system (NIDS) software such as SNORT. Experience with Army Cyber Security (CS) guidance and regulations. Knowledge of hacker tactics, techniques and procedures (TTP). Use attack signatures and tactics, techniques and procedures (TTPs) to aid in Zero-Day detection. Ability to conduct basic malware analysis. Comprehensive understanding of common Windows APIs. Experience working with DoD / Government Leaders at all levels. Enterprise Service Desk Level 2 / CTR US USA RCC-P | Apex Systems | Fort Shafter, Hawaii | 02/2017 – 09/2019 Assist with managing escalated customer issues and creation of updates to process and procedure documentation. Plan, coordinate, schedule, and monitor authorized and non-authorized system interruption events to ensure availability of systems, network, and data for maintenance cyber security operations. Ensure all users receive initial and annual IA awareness training, and are authorized on a need-to-know only basis before granting access to the command information systems. Proficient in setting up virtual machines in VMware. Proficient with troubleshooting all Windows Operating systems. Strong knowledge of TCP/IP protocols, ports, and services. Using Active Directory to unlock and reset passwords. Knowledge of network monitoring, analysis, troubleshooting and configuration control technologies. Ability to coordinate and respond to events on all monitored networks and the systems on those networks. Proficient knowledge and understanding of Microsoft Office software: Excel, Word, PowerPoint. Proficient in the utilization of operating systems and production of documents, spreadsheets, presentations, databases and web pages. Experienced with collecting, analyzing and interpreting qualitative and quantitative data from multiple sources for the purposes of documenting results and analyzing findings to provide meaningful products.

• Supervised team of 8 staff members.
• Collaborated with team of 2 in the development of RCCP-DCOD Dashboard in Elastic.

• Department of Defense Active Top Secret/SCI Clearance (Active)