Summary
Overview
Work History
Education
Skills
Certification
Soft Skill Technical Experience
Timeline
Generic

Ricky SERRANO

Rockville,MD

Summary

With over 20 years of experience in the security industry, including military, law enforcement, and cybersecurity roles, A highly skilled professional. Currently, holding a position for the Department of Defense (DoD) cyberspace defense operations, contributing as a technical evaluator for defensive cyber operations (DCO) and previously compliance management in a cyber security operations center and in supporting directorates with protecting the Department of Defense. Professional experience extends to handling real-world cybersecurity incidents, encompassing incident response, data breach management, and countering advanced persistent threat groups. Notably, proficiency in understanding malware analysis playing a crucial role in identifying and mitigating cyber threats by providing input for system and application hardening. With a track record of success, with bringing a comprehensive understanding of complex cyber landscapes and the ability to deliver effective solutions to protect enterprise networks. Reliable business professional with experience in project management, process improvement and financial analysis. Proven track record of successfully streamlining business operations and reducing costs. Adept at analyzing data to identify trends and developing strategies to improve efficiency.

Overview

27
27
years of professional experience
3
3
years of post-secondary education
7
7
Certifications

Work History

Defensive Cybersecurity Operations – Cross Functional Team

Leidos
03.2022 - Current
  • Leverage quality control and assurance of network monitoring and detection capabilities (including NetFlow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity to generate and employ detection rules and signatures for system hardening
  • Test and provide input with development of Cyber Fusion standard operating procedures (SOPs), and Cyber Fusion Framework and Methodology based on industry best practice and department of defense (DOD) instruction, guidance, and policy to counter malicious cyber and advanced persistent threat (APT) activities
  • Support various collaborative and cross functional (Intelligence, Current Operations, Future Operations, Logistics, Planning, Resourcing and Requirements) forums to achieve centrally coordinated, threat informed and prioritized vulnerability scoring and mitigation methodology for Continuous Integration and Continuous Deployment (CI/CD)
  • Support development security and operations (DevSecOps) initiatives to address vulnerabilities within system architecture and devise engineering solutions to enhance defenses and minimize exposure to cyber threats
  • Perform analysis by leveraging serialized threat reporting, intelligence product sharing, open-source intelligence (OSINT), and open-source vulnerability information to ensure prioritized plans are developed
  • Analyze and document malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to enterprise operational environment
  • Support deployment of defensive cyber operations strategies to detect and analyze adversary campaigns, identifying anomalies and inconsistencies across sensor outputs, system logs, Security Information and Event Management (SIEM) platforms, and various data sources to proactively thwart malicious cyber threats
  • Identify, investigate, and rule out system compromises, with the capacity to provide written analytic summaries and attack life cycle visualizations
  • Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities
  • Offer recommendations to adjust enterprise or tactical countermeasures to for threats impacting Department of Defense Information Network (DODIN)
  • Collect and analyze metrics and trending data, identify key trends, and provide situational awareness on adversarial cyber threat actors (Advanced Persistent Threat (APT), criminal or state-sponsored threat actors)
  • Perform compliance management and oversee defensive cyber operations DCO supporting Global Security Management Operations program of overseeing current operations command, control, and service cyber components, agencies, and field activities
  • Oversee 24/7 cyber operations for area of operations AO in coordination with USCYBERCOM and other agency partners
  • Oversee and help execute continuous network monitoring and incident/problem resolution
  • Triage events, incidents, and assists with developing Defense Area of Operations (DAO) by generating defensive cybersecurity operational countermeasure recommendations
  • Support various collaborative and cross functional Intelligence, Current Operations, Future Operations, Logistics, Planning, Resourcing and Requirements forums to achieve centrally coordinated, threat informed and prioritized vulnerability scoring and mitigation methodology for system hardening and application security
  • Coordinate and ensure compliance with cybersecurity directives, including task orders (CTOs), operation orders (OPORDs), warning orders (WARNORDs), and track orders (TASKORDs), to update and secure systems, devices, and applications
  • Provide threat analysis, track relevant prioritized incidents, and provide recommended defensive cyber countermeasure on vulnerable systems in coordination with system owners and system architects
  • Integrate cyber threat intelligence reporting with operational data, information, and processes to mitigate cyber threats, by proposing system hardening recommendations to improve security, and reduce enterprise's exposure of vulnerabilities
  • Demonstrated experience presenting complex defensive cyber operation insights to high-level leadership, including Senior Executive Service (SES) and General Officer/Flag Officer (GOFO) ranks, ensuring strategic alignment and informed decision-making
  • Demonstrated proficiency in supporting with designing and implementing advanced cybersecurity analytics frameworks to support defensive cyber operations and providing input to cyber engineering initiatives
  • Experience in developing intelligence-led cybersecurity strategies and employing Cyber Kill Chain framework within systems supporting defensive cyber operation countermeasures.

Cyber Security SME Program Manager

ManTech International Corporation
10.2021 - 03.2022
  • Responsible for successful technical, schedule, and cost performance of a major program, or multiple programs, through subordinate program/project managers, in accordance with contract requirements and company policies, procedures and guidelines for cybersecurity operations and systems engineering
  • Responsible for acquiring follow-on business associated with assigned programs and for supporting new business development by leading proposals or through program/project managers
  • Interacts with U.S Government (USG) stakeholders regarding Systems Engineering technical considerations and for associated problems, issues, or conflicts
  • Functions as expert consultant in all aspects of information security
  • Prepares in-depth studies and analyses
  • Manages major information security efforts
  • Maintains affiliation with national/international organizations
  • Lead enterprise level SOC operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions and provide recommended security inputs to security engineers for system hardening
  • Collaborate within enterprise level SOC operations in conducting vulnerability assessments/penetration tests of information systems and provide input to resolving identified gaps in security posture for system and application hardening.

Cyber Security Operations - Technical Program Manager

ManTech International Corporation
08.2019 - 10.2021
  • Responsible for performance of relatively significant program or multiple smaller programs in accordance with contract requirements and company policies, procedures, and guidelines for cyber security operations center (CSOC) and cyber engineering systems and security applications
  • Oversees technology development and/or application, marketing, and resource allocation within program client base
  • Oversee program execution in areas representing more than three functional areas such as engineering, systems analysis, quality control and administration
  • Responsible for acquiring follow-on business associated with assigned programs and for supporting new business development by leading proposals
  • Function as on-call Technical Lead during critical events as incident response manager
  • Lead coordination in conducting vulnerability assessments/penetration tests of information systems
  • Lead research efforts and proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, and network security and encryption
  • Identifying anomalies at packet level and developing signatures to verify and identify malicious common attack vectors of intrusions
  • Performing network intrusion incident response and network attack characterization and reconstruction
  • Performing in-depth technical analysis with goal of determining if intrusion malware was successfully downloaded and detonated
  • Possess working knowledge of forensic media analysis, performing in-depth diagnostic analysis of host and network intrusions, validating if modifications have been made to victim system(s) and host and identifying common attack vector by which that modification occurred
  • Analyzing network transports and application layer packets and identifying packet details
  • Perform in-depth analysis of host and network intrusion detection incident data and in-depth technical analysis of network traffic with objective of identifying and detecting malicious activity.

Enterprise Cybersecurity Operations Center Lead

ManTech International Corporation
04.2016 - 08.2019
  • Performed Computer Emergency Response Team (CERT) and Security Operations Center (SOC) operations involving intrusion detection, security event monitoring, analysis, security incident handling, incident reporting, and threat analysis
  • Knowledgeable with standard Intrusion Detection Systems, virus and malware behavior, and intrusion methodologies
  • Responsible for determining appropriate response action(s) required mitigating risk and provide threat and damage assessment for security threats that may impact local and global network operations
  • Provides computer forensic support to high technology investigations in form of evidence seizure, computer forensic analysis, and data recovery
  • Coordinated vulnerability assessments/penetration tests of information systems
  • Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and encryption
  • Assisted in development of tools, techniques, training and countermeasures for computer and network vulnerabilities, data hiding and encryption
  • Deter, identify, monitor, and investigate computer and network intrusions by isolating or quarantining devices, network system appliances
  • Provides expert knowledge in computer and network forensics
  • Lead multiple teams in efforts of vulnerability assessments against security tools and executed tabletop exercises
  • While providing collected data in research and input for proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities
  • Lead multiple teams in efforts to identify, deter, monitor, and investigate computer and network intrusions.

Criminal Investigator | Police Officer

Prince George's County Government
12.2005 - 03.2016
  • Task Force Officer – Prince George's County Police Department Representative Department of Homeland Security Homeland Security Investigations
  • Providing computer and mobile forensics acquisitions to support technology investigations in form of computer evidence seizure, computer forensic analysis, data recovery, and document exploitation
  • Performed aggressive targeting and tracking of wanted dangerous persons within U.S By exploiting cellular data and social media account activities leading to crime discovery resulting with locating and apprehending human smuggling/trafficking and transnational organized crime members
  • Leveraged computer and mobile forensics equipment for acquisition of data exploitation to identify, locate, apprehend dangerous transnational organized crime groups having objective of removal or imprisonment
  • Leveraged use of mobile devices tracking equipment to apprehend dangerous transnational organized crime group members conducting nefarious activities within United States of America having objective of removal or imprisonment
  • Performed media exploitation of acquisitioned data from computer and mobile devices to obtain actionable intelligence to counter transnational crime groups: Mara Salvatrucha, 18 Street Gang, Mexican Drug Trafficking Organizations Human Trafficking and Smuggling groups operating in Washington DC/ Maryland/ Virginia/ Delaware region.

Sergeant Infantry Operations Leader

United States Marine Corps
08.1997 - 03.2005

Education

Master in Liberal Arts - Systems Engineering - Systems Engineering

Harvard University Extension School
Cambridge, MA
01.2023 - 05.2026

Master of Science in Cybersecurity Technology - Computer Engineering Technology

University of Maryland University College
Adelphi, MD
05.2018 - 05.2018

Bachelor of Science Degree in Cybersecurity - Computer And Information Systems Security

University of Maryland University College
Adelphi, MD
05.2015 - 05.2015

Skills

Adaptabilityundefined

Certification

ISACA Certified Information Security Manager CISM active certification CISM 2162193

Soft Skill Technical Experience

  • Computer Network Defense: Arc Sight ESM, Arc Sight Logger, Arc Sight Command Center, Splunk Enterprise, FireEye, RSA-NetWitness, Digital Guardian Sentry, McAfee ePO, Cisco IronPort, Cisco Source Fire/Fire Power, Remedy, Wireshark, VMware, Suspicious Dashboard, IBM Big Fix, IBM Web Reporter, Palantir, Blue Coat, MalTAN/Ubuntu Linux “Sandbox”, MIR, Mandiant, DNS/DB, Slipstream, Cuckoo, and CRITS. Microsoft Azure Sentinel, Palo Altos Xpanse & ILI, CrowdStrike Falcon, and Mandiant Threat Intelligence Reporter.
  • Law Enforcement Based: CAD, Software Security Packages; NCIC, LinX, Tiburon, LEO, and RMS (Law Enforcement Databases)
  • Digital Forensics: MalTAN/Ubuntu Linux “Sandbox”, MIR, Mandiant, DNS/DB, Slipstream, Cuckoo, CRITS, FTK Imager, Cellebrite
  • Network Forensics & Analysis: Kali Linux Tools, SNORT, NMAP, PDF-Parser, Metasploit, OphCrack, Dumpzilla, TrueCrypt, YARA, John the Ripper, Cain and Abel, Nitko, Nessus. Microsoft Baseline Security Analyzer MBSA, Open Vulnerability Assessment System OpenVAS
  • Malware Analysis: Cuckoo, CRITS, ExeInfo, Process Monitor 3.20, NetMiner, OllyDbg2-32bit, Assembler, PE Studio, ProcDot, CaptureBat, CFFExplorer, IDAPro, Import Fixer, Scylla, SSViewer, Reg Shot, PDFD Stream, PEBear, HashMyFiles, TCP LogViewer, Socket Sniff, SMSniff, QuickSet DNS, ApateDNS, ImmunityDebugger, Windbg, ILSpy, Fiddler2, Dotnet IL Editor
  • Cybersecurity Compliance Management: Tanium, Carbon Black, Rally, Domain Tools

Timeline

Master in Liberal Arts - Systems Engineering - Systems Engineering

Harvard University Extension School
01.2023 - 05.2026

Defensive Cybersecurity Operations – Cross Functional Team

Leidos
03.2022 - Current

Cyber Security SME Program Manager

ManTech International Corporation
10.2021 - 03.2022

Cyber Security Operations - Technical Program Manager

ManTech International Corporation
08.2019 - 10.2021

Master of Science in Cybersecurity Technology - Computer Engineering Technology

University of Maryland University College
05.2018 - 05.2018

Enterprise Cybersecurity Operations Center Lead

ManTech International Corporation
04.2016 - 08.2019

Bachelor of Science Degree in Cybersecurity - Computer And Information Systems Security

University of Maryland University College
05.2015 - 05.2015

Criminal Investigator | Police Officer

Prince George's County Government
12.2005 - 03.2016

Sergeant Infantry Operations Leader

United States Marine Corps
08.1997 - 03.2005

Similar Profiles

CREATE PROFILE
Ricky SERRANO