Marshall Bull

Projects:

• Led a transformative initiative to optimize the vulnerability management program for an enterprise-level company, resulting in a significant reduction in the time taken to remediate vulnerabilities from discovery to resolution. Prior to the program's implementation, vulnerabilities remained open for an average of 513 days. Through strategic enhancements and procedural improvements, the average remediation time was dramatically reduced to 85 days for all vulnerabilities identified in 2023, demonstrating a marked improvement in security posture and risk mitigation capabilities.
• Led a comprehensive reboot of the vulnerability management program for an enterprise-level company, driving significant improvements in asset identification, scanning coverage, and remediation processes. Identified approximately 5,000 previously unscanned internal and external assets, ensuring comprehensive visibility and consistent vulnerability assessment across the organization. Additionally, optimized the ticketing system for vulnerability remediation, streamlining the process from identification to resolution for enhanced efficiency and risk mitigation.

Key Responsibilities:

• Develop and maintain a comprehensive vulnerability management program, including policies, procedures, and processes for identifying, assessing, prioritizing, and remediating vulnerabilities across the organization's infrastructure.
• Conduct regular vulnerability assessments and scans of systems, networks, and applications using automated scanning tools and manual testing techniques. Analyze scan results to identify security weaknesses and exposures.
• Prioritize vulnerabilities based on severity, exploitability, and business impact to focus remediation efforts on the most critical security risks. Collaborate with stakeholders to establish risk acceptance criteria and mitigation strategies.
• Coordinate with IT teams and system owners to remediate identified vulnerabilities in a timely manner. Provide guidance and support to ensure effective remediation efforts, including patch management, configuration changes, and vulnerability mitigation techniques.
• Develop and implement patch management processes and procedures to ensure timely deployment of security patches and updates across the organization's systems and applications. Monitor patch compliance and enforce patching deadlines.
• Integrate threat intelligence feeds and information into vulnerability management processes to enhance threat awareness and prioritize remediation efforts based on emerging threats and attack trends.
• Generate regular reports and metrics on vulnerability management activities, including scan results, remediation status, and risk reduction efforts. Provide insights and recommendations to senior management based on vulnerability trends and analysis.
• Identify opportunities for process optimization and automation to streamline vulnerability management workflows and improve efficiency. Implement best practices and industry standards to enhance the effectiveness of the vulnerability management program.
• Provide training and awareness sessions to IT teams, system administrators, and other stakeholders on vulnerability management best practices, tools, and techniques. Foster a culture of security awareness and accountability throughout the organization.
• Ensure compliance with regulatory requirements and industry standards related to vulnerability management, such as PCI DSS, HIPAA, GDPR, and ISO 27001. Participate in audits and assessments to demonstrate compliance and address findings as needed.

Projects:

• Led a targeted initiative to address the influx of false positive alerts overwhelming Security Operations Center (SOC) analysts. Conducted in-depth assessments of each customer environment to identify and mitigate false positives, collaborating closely with clients to fine-tune alert configurations and optimize detection parameters. This proactive approach resulted in a substantial reduction of false positive alerts by 46%, enhancing operational efficiency and allowing SOC analysts to focus on genuine security incidents effectively.
• Successfully deployed multiple Security Information and Event Management (SIEM) solutions across customer environments to bolster visibility, threat detection, and incident response capabilities for the company's Security Operations Center (SOC). Led the planning, configuration, and integration efforts to ensure seamless implementation and optimal performance of SIEM platforms tailored to each client's specific needs and security requirements.

Key Responsibilities:

• Develop and implement strategic plans and objectives for the security operations team aligned with the organization's overall security goals and objectives.
• Provide leadership, guidance, and mentorship to security operations personnel, fostering a culture of collaboration, accountability, and continuous improvement.
• Develop and maintain procedures for the triage, analysis, and escalation of security alerts, ensuring timely and effective response to potential security incidents.
• Collaborate with threat intelligence teams to integrate external threat intelligence feeds into security operations processes, enhancing proactive threat detection and response capabilities.
• Evaluate, select, deploy, and manage security tools and technologies, such as SIEM (Security Information and Event Management) systems, endpoint detection and response (EDR) solutions, and threat intelligence platforms, to support security operations objectives.
• Develop, review, and update security policies, procedures, and guidelines related to security operations, ensuring alignment with industry best practices and regulatory requirements.
• Lead initiatives for continuous improvement of security operations processes, procedures, and technologies, leveraging feedback, lessons learned, and industry trends to enhance security posture and operational resilience.
• Enhanced team member performance through use of strategic and tactical approaches, motivational coaching and training.
• Communicated company directives and programs to associates and ensured all follow-up items were completed accurately and timely.
• Enforced customer service standards and resolved customer problems to uphold quality service.
• Led team meetings and one-on-one coaching sessions to continuously improve performance.
• Recruited and hired qualified candidates to fill open positions.
• Minimized staff turnover through appropriate selection, orientation, and training.
• Conducted quality, timely performance feedback and performance appraisals.

Projects:

• Initiated and led efforts to enhance cybersecurity posture for a customer by recommending and implementing syslog-based logging solutions. Collaborated closely with the client to design and deploy a syslog infrastructure, facilitating the ingestion of logs into a Security Information and Event Management (SIEM) system. This initiative not only bolstered the organization's cyber optics but also provided centralized logging capabilities for improved visibility and threat detection across their assets.
• Identified and addressed deficiencies in vulnerability scanning capabilities for a customer's assets, culminating in the recommendation and implementation of improvements to enhance security posture. Reviewed the existing infrastructure setup, identified limitations in scan coverage, and provided expert guidance to increase scan engines across the environment. Additionally, collaborated with the client to establish comprehensive scan schedules and procedures, while also facilitating the review and prioritization of vulnerability reports to effectively manage security risks.
• Developed a Syslog server to streamline logging processes across multiple assets, enhancing operational efficiency and security measures. Implemented Suricata and Zeek intrusion detection systems within the centralized logging infrastructure to proactively monitor and analyze incoming logs for potential security threats.
• Led a comprehensive program to ensure company-wide compliance with NIST SP 800-171 standards, enhancing cybersecurity posture and regulatory adherence. Orchestrated strategic planning, resource allocation, and cross-functional collaboration to achieve and sustain compliance within established timelines and budgetary constraints.
• Led an incident response operation as the primary point of contact for both the client and internal teams, ensuring clear communication, timely updates, and effective coordination throughout the resolution process. Collaborated closely with the impacted customer to gather crucial details, provide regular status updates, and address concerns promptly. Also played a key role in artifact discovery and report compilation to facilitate comprehensive incident analysis and documentation.

Key Responsibilities:

• Administer and maintain security tools and technologies, such as SIEM, IDS/IPS, antivirus, firewalls, and endpoint detection and response (EDR) systems, ensuring their effective operation and optimal configuration.
• Analyze security procedure violations and developed plans to prevent a recurrence.
• Monitor security events and alerts generated by security systems, such as SIEM, IDS/IPS, and endpoint protection platforms, and conduct in-depth analysis to identify potential security incidents and threats.
• Document security incidents, investigations, findings, and remediation actions in detail, maintaining accurate records and logs for reporting, analysis, and audit purposes.
• Collect, analyze, and interpret threat intelligence data from various sources to identify emerging threats, attack patterns, and trends, and provide actionable insights to enhance threat detection and response capabilities.
• Make recommendations to improve security procedures and systems.
• Improve operations by working with team members and customers to find workable solutions.
• Consistently provide exceptional service and attention to customers and stakeholders.
• Conduct vulnerability assessments and scans, analyze scan results, prioritize vulnerabilities based on severity and risk, and coordinate remediation efforts with relevant stakeholders to address security weaknesses proactively.
• Conduct information security Handler On Duty (“HoD”) activities

• Updated hardware, software and security protections with the latest standards.
• Troubleshooted and resolved software application issues escalated from customers and other departments with 100% success rate.
• Provided customers with advice on computer and relevant applications.

• Built cross-functional relationships with business partners to reduce losses.
• Mitigated risk and oversaw internal and external shoplifter apprehension and detention.
• Planned, organized and scheduled strategy collaboration with other asset protection specialists.

• Assisted in conducting traffic surveys to determine problem areas.
• Interviewed subjects, targets and witnesses for information verification and corroboration.
• Gathered preliminary investigation information as a first responder to crime scenes.