MOMO TULAY
DACULA,GA
Summary
2+ years of information assurance experience inclusive of Incident Response (IR), working in Cyber Security Operation Centers (CSOC, SOC, CIRT, CSIRT) in an enterprise environment. Skilled at mitigation of risk, threats, and vulnerabilities, as well as forensic investigation, detection, monitoring, remediation. Experienced with OSINT analysis, researching data from multiple intel platforms and databases, and analyzing the findings. Hands-on experience with Security Information and Event Management (SIEM) tools, as well as with router and switch configuration, firewalls, Autopsy/EnCase Forensic Toolkits, Deep Packet analysis, Risk Assessment and Management, IDPS, Malware Analysis, Vulnerability Scanning Tools, NIPS/HIPS, Spam Filters. Competent in recognizing and categorizing types of vulnerabilities and associated attacks in preventing network, host, and email-based attacks. Practical skill in installing, managing, and configuring Palo Alto Networks Generation Firewall OS 9.0. Proficient knowledge in various industry standards and frameworks along with critical security controls. Excellent communication and interpersonal skills Proficient in malware analysis, incident response, Data Loss Prevention and improving SOC processes by utilizing top industry security solutions.
Developed key analytical and problem-solving skills in high-pressure security environment. Expertise in identifying, analyzing, and mitigating cybersecurity threats, with focus on real-time monitoring and incident response. Seeking to transition into new field, leveraging these transferrable skills to contribute effectively in dynamic environments.
Overview
5
5
years of professional experience
1
1
Certification
Work History
SOC Analyst Tier II
Navy Supply System Command Weapon System Support
08.2023 - Current
- Utilized digital forensic tools including EnCase to execute digital investigations and perform incident response activities
- Performed hunting for malicious activity across the network and digital assets
- Conducted analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
- Collaborated with technical and threat intelligence analysts to provide indications and warnings and contributed to predictive analysis of malicious activity
- Detonated malware to assist with threat research
- Performed information security incident response and incident handling based on risk categorization and in accordance with established procedures
- Assisted in the administration and integration of security tools to include new data/log sources, expanding network visibility and automation
- Provided expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee DLP
- Monitored security events using a SIEM and other feeds, looking for significant events, and processing reports of unexpected network activity
- Handled escalated security events that require in-depth review and analysis, including ability to troubleshoot an event, research the potential cause, and recommend a course of action
- Coordinated incident response activities, including written and verbal communication with other IT groups and IT management
- Managed hand offs at shift boundaries for any open response activities
- Identified security incidents through 'Hunting' operations within a SIEM and other relevant tools
- Performed assessment and security evaluation for systems, network and perimeter controls, log and event correlation, and system and network component
- Support ongoing tracking and remediation of security issues, ensuring that tickets are closed, and issues are addressed in a timely manner
SOC Analyst Tier I
Navy Supply System Command Weapon System Support
10.2022 - 09.2023
- Provided effective security monitoring through triage, investigation, communication, and reporting
- Reviewed, prioritized, and processed malicious alerts from various security tools focusing confirmation a real security incident is taking place
- Operated as fore front analyst for log reviews of recent security issues, exploits, attacks, and other nefarious activities
- Minimized SLAs by effective security event triage by leveraging existing security device alerts
- Investigated alerts generated by differing data sources including SIEMs, EDR solutions, and cloud-based security offerings
- Recommended tuning of alerts after analyzing security device logs
- Performed preliminary threat hunting and investigations into potential threats based on log data and provided results of analysis to management
- Deciphered the meaning of network traffic captures using Wireshark and Snort
- Analyzed firewall logs and network access control (NAC) logs can identify questionable host and network connectivity for unauthenticated as well as authenticated devices and to identify abnormal activity which could indicate a security compromise
- Utilized cloud-based methods such as cloud packet capturing and centralized security monitoring to identify potential security problems in the cloud
- Implemented continuous monitoring and interpretation of correlated log events needed to gain the best possible picture of network security events
- Provided as-needed technical assistance to end-users or the Help Desk
- Implemented creative thinking in problem solving and identifying opportunities for improvements in security
Cyber Security Support Engineer
Logs N Pacific
03.2020 - 10.2022
- Implements secure cloud configurations using Azure Private Link, Network Security Groups, Microsoft Defender for Cloud, and Azure Regulatory Compliance for NIST 800-53, PCI DSS, and HIPAA/HITRUST, resulting in a 90% reduction in security incidents over the same time interval
- Troubleshoots and supports Microsoft Azure services, including Microsoft Sentinel (SIEM), Virtual Machines, Azure Monitor, and Azure Active Directory, resolving X number of issues per week on average
- Develops KQL queries to support Log Analytics workspace and Microsoft Sentinel, resulting in hundreds of new SIEM dashboards and workbooks
- Provides effective security monitoring through triage, investigation, communication, and reporting
- Reviews, prioritizes, and processes malicious alerts from various security tools focusing confirmation a real security incident is taking place
- Operates as fore front analyst for log reviews of recent security issues, exploits, attacks, and other nefarious activities
- Minimizes SLAs by effective security event triage by leveraging existing security device alerts
- Investigates alerts generated by differing data sources including SIEMs, EDR solutions, and cloud-based security offerings
- Recommends tuning of alerts after analyzing security device logs
- Performs preliminary threat hunting and investigations into potential threats based on log data and provided results of analysis to management
- Deciphers the meaning of network traffic captures using Wireshark and Snort
- Analyzes firewall logs and network access control (NAC) logs can identify questionable host and network connectivity for unauthenticated as well as authenticated devices and to identify abnormal activity which could indicate a security compromise
- Utilizes cloud-based methods such as cloud packet capturing and centralized security monitoring to identify potential security problems in the cloud
- Implements continuous monitoring and interpretation of correlated log events needed to gain the best possible picture of network security events
- Provides as-needed technical assistance to end-users or the Help Desk
- Implemented creative thinking in problem solving and identifying opportunities for improvements in security
- Ensured compliance with industry best practices and company policies throughout all support activities undertaken by the team.
- Improved customer satisfaction by promptly addressing support tickets and providing accurate solutions.
- Collaborated with outside departments to implement system-wide improvements.
Education
Master of Science - Computer Science
Norfolk State University
Norfolk, VA05.2022
BBA - Finance concentration
Georgia Gwinnett College
Lawrenceville, GA05.2017
Skills
- Cyber Kill Chain framework
- APT
- MITRE ATT&CK
- Diamond Model
- Network Forensics
- Network Security Monitoring
- Snort
- Zeek/Bro
- Wireshark
- Kali
- EnCase
- Autopsy
- Alert analysis
- Flow/session analysis
- Traffic analysis
- PCAP analysis
- IT infrastructure technologies
- Applications
- Servers
- Networks
- Storage
- Routers
- Switches
- Firewalls
- Policy Management
- Configuration
- Hardware Load Balancers
- FISMA
- ISO 27001
- NIST SP 800 series
- PCI DSS
- HIPAA
- CSF
- Nessus Security Scanner
- IDPS
- Authentication Technologies
- Vulnerability Detection Tools
- ServiceNow
- Jira
- HEAT
- Splunk ES
- SIEM
- SOAR
- XSOAR
- MS Defender for Endpoint
- FTK
- Palo Alto NGFW
- Azure Sentinel
- Microsoft SCCM
- IronPort
- MS 365 Defender
- CrowdStrike
- Zscaler
- Azure
- Vulnerability assessment
- SIEM management
- Endpoint security
- Log analysis
- Incident response
- TCP and IP protocols
Websites
Certification
CompTIA Security+ CE, 03/2024
Timeline
SOC Analyst Tier II
Navy Supply System Command Weapon System Support
08.2023 - Current
SOC Analyst Tier I
Navy Supply System Command Weapon System Support
10.2022 - 09.2023
Cyber Security Support Engineer
Logs N Pacific
03.2020 - 10.2022
CompTIA Security+ CE, 03/2024
Master of Science - Computer Science
Norfolk State University
BBA - Finance concentration
Georgia Gwinnett College
Similar Profiles
Damien LeDamien Le
Director of Site Operations - Officer In Charge at Navy Service Support Advanced Training CommandDirector of Site Operations - Officer In Charge at Navy Service Support Advanced Training Command
Edward Faulkner IIIEdward Faulkner III
Marine Machinery Mechanic (5334) Nuclear at Naval Sea System CommandMarine Machinery Mechanic (5334) Nuclear at Naval Sea System Command
Russell BarkerRussell Barker
Information Technology Specialist 2210-03 at United States Information System Engineering CommandInformation Technology Specialist 2210-03 at United States Information System Engineering Command