Patricia Fornishi

Conducted routine certification testing and maintained the security and integrity of cyber systems and networks.
Monitored IT security systems into corporate and stored computing environments including systems used for logging, monitoring, intrusion detection, centralized cyber security knowledge base, and behavioral analysis.
Remediated issues occurring with any IT security systems including but not limited to unexplained system outages, cyber security incidents, issues with data collection feeds or interfaces with external MSSP providers.
Collaborated with IT teams to remediate any potential hardware or network issues that prevented detection capability.
Collaborated with senior staff in planning, designing, developing, deploying, integrating, and maintaining cyber security tools.
Provided support in more complex cyber investigations.
Monitored new developments in the cyber security software/hardware marketplace, emerging technology trends and the security risks associated with those technologies.
Supported demonstrating the applicability of tools in real-world applications using a risk- based methodology based on business impact and the threat landscape.
Created, revised, and maintained documentation of processes and procedures in the central knowledge base.
Participated in after incident lessons learned meetings to give input on recommendations for additional tools or other mitigations for future incidents.
Tracked service availability and performance metrics and provided timely updates to management

Perform daily monitoring of security events/alerts, analyze suspicious email, remediate incidents, and escalate as required.
Work closely with the Network Operations Center Analysts and Helpdesk to analyze suspicious events, develop security awareness, and remediate incidents.
Monitor information security industry news and blog posts for internal and external threats.
Monitor and identify security risks to the Company and the relevant technology or behaviors requiring change to mitigate those risks.
Respond to and, where appropriate, resolve or escalate reported security incidents.
Monitor system logs and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
Research threats and vulnerabilities and, where appropriate, act to mitigate threats and remediate vulnerabilities.
Monitor the security access and report probable cyberattacks to a superior employee in the company.
Perform risk analysis and security operations to find any vulnerability that can have an impact on the company.
Find security breaches, along with their root cause.
Create reports that will allow experts to make changes in the security policies as per the needs of the organization.
Come up with improvement strategies for better company security.
Update the company’s security systems regularly to avoid any cyberattack.
Perform security audits

Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.

Develop dashboards and reports to identify potential threats, suspicious or anomalous activity, malware, etc.

Provide forensic analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security, and application logs, as well as logs from various types of security sensors.
Research and uncover the unknown about internet threats and threat actors.
Hands-on experience using SIEM Tools like Symantec DLP manager to monitor DLP Alerts, SPLUNK to search for email logs for further analysis and to validate events are not incidents, IronPort, FireEye, and Cisco Sourcefire to prioritize and differentiate between potential intrusion attempts and false alarms or false positive alerts.
Create incident Tickets using Archer Ticketing System, Documenting analyzing and reporting.
Collaborate with the WINDOWS Team and NETWORK Team in case and incident has occur. Maintain daily shift logs.
Perform rudimentary testing and diagnosis of incidents/events like scanning URLs to confirm if link is malicious or not using OSINT tools like Virus Total, URLVOID, Site check secure…
Validate that incident are not a user error
Formally assign ticket to Senior SOC following escalation procedure especially of incidents that requires expertise response
Monitor events such as Unauthorized user on the network, Unauthorized device on the network, Device out of compliance (antivirus, patching), Suspicious traffic from known, vulnerability host (especially when there is a vulnerability scan of our systems), Multiple loggings from a single source, Excessive port blocking attempts from antivirus, Printer errors throwing alert