Stephen Kagwa
Glen Burnie,MD
Summary
A Cyber Security Professional with over 9 years' experience in securing systems, networks, and data. Holds Security plus, Certified Network Defense Architect, Certified Ethical Hacking and CompTIA Advanced Security Practitioner certifications. Bachelors in network and Cybersecurity and a Masters in Cybersecurity Technology. Maintains a T.S Clearance.
Overview
17
17
years of professional experience
1
1
Certification
Work History
CSIRT/KEV ANALYSIS
kONIAG
Washington, DC
08.2022 - Current
- Gather all Known Exploitable Vulnerabilities (KEVs) from CISA and research on vulnerabilities affecting environment using Nessus
- Validating all assets reported as affected by known exploitable vulnerabilities on Splunk
- Researching new zero days from open-source intelligence and verifying if any of our assets are impacted
- This includes reaching out to respective teams
- Tracking the patch updates of all devices including the high value assets and working with vulnerability team to find current updates
- Responding to all incidents confirmed as malicious or escalated by SOC team
- Incidents may include ransomware, DDoS, data exfiltration, insider threats, phishing campaigns
- Validating that all proof-of-concept exploits released by CISA are documented and vulnerabilities identified and patched
- Ensuring that all new Common Vulnerabilities and Exposures (CVEs) released are matched with devices impacting them and that we are scanning for plugins
- Working on CSIRT tickets from Service Now
- Tickets include incidents associated with malware infection, trojan malware, suspicious apps, impossible travels
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation, [non-nation-state sponsored], and third generation [nation-state sponsored]
- Perform Threat briefs to senior level management in terms of the current ongoing threats and how they impact the environment
- Participated in an on-call schedule.
Threat Analyst /CSIRT
General dynamics
Linthicum, MD
05.2021 - 07.2022
- Received Indicators of Compromise (IOCs) from clients, performed analysis using OSINT tools and categorize threats using the MITRE ATT&CK Framework
- Responding to all incidents confirmed as malicious or escalated by SOC team
- Incidents may include ransomware, DDoS, data exfiltration, insider threats, phishing campaigns
- Use of Enterprise Asset Monitoring System tools (internal tools) that allow authorized users to access enterprise network and system monitoring data
- Creating Vulnerability Assessment Reports which assists in providing the organization with detailed information regarding vulnerabilities
- Querying Splunk to further research on assets identified with potential vulnerabilities, searching for system owners and asset description
- Maintain awareness of Open-Source intelligence threats, identifying risks to agency personnel involved in Open sources breaches, and documented breaches within the agency incident response-ticketing platform
- Receive Tier 2/3 incident escalation from detection operations (soc team) and assist with real-time, continuous (24x7) security event monitoring, response, and reporting
- Coordinate with various Information Security Officer Teams in clarifying security risks, and roles and responsibilities related to ongoing Incident Response cases
- Maintain updated knowledge of best practices in Cybersecurity Operations and Incident Response processes to identify and recommend new technologies and/or processes with the potential to enhance operations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation, [non-nation-state sponsored], and third generation [nation-state sponsored]
- Perform Threat briefs to senior level management in terms of the current ongoing threats and how they impact the environment
- Participated in an on-call schedule.
SOC Analyst/ net defense
ICF International
Adelphi, MD
04.2020 - 05.2021
- Monitor security events (SEIM) from multiple sources, (Splunk and Kibana) analyze the results, and escalate when necessary to the appropriate group for remediation
- Events will originate from but are not limited to DLP, IDS, IPS, antivirus, firewall, and system security logs
- Reviewed violations of computer security procedures and developed mitigation plans
- Comprehensive understanding of Advanced Persistent Threats (APTs), Tactics, Techniques, and Procedures (TTP), Indicators of Compromise (IOCs), and Cyber Threat Awareness
- In-depth knowledge of the Cyber Kill Chain model, Diamond Model, and MITRE ATT&CK Framework
- Use of OSINT tools like Virus total, Domain Dossier, OSINT Framework, Exploit Database, and any
- Run
- Creation of technically detailed reports based on OSINT resources that trigger a response/investigation
- Initiate security incident response events on systems and networks which include unauthorized use of system privileges, packet floods, crashes, and unauthorized access to sensitive data
- Advanced knowledge working with open-source tools like Wireshark to visualize PCAP data and analyze any malicious activity
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and Perform follow-up analysis throughout the incident lifecycle, Cyber Kill Chain, and complete projects and tasks associated with security monitoring, detection, and incident response analyses of relevant event detail and summary information
- Provide Tier 2/3 support services which is a 24
- 7
- 365 coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents
- Monitor Dashboards to ensure that both cloud and traditional sensors are up and producing data.
Security/Sys Administrator
U.S. ARMY NETCOM
Adelphi, MD
03.2019 - 03.2020
- Performed access control and incident management
- Assessing risks and recommending remediation of risks and vulnerabilities, submitting reports on the scans and assessments, and conducting patching of the vulnerabilities
- Strong TCP/IP networking skills used in performing analysis
- Also isolate and diagnose potential threats and anomalous network behavior
- Actively reviewed logs of all windows servers ensuring no breaches of security
- Scheduled, configured, and maintained network security upgrades and daily backups
- Maintained portal roles, web records, LDAP accounts and active directory
- Performed daily maintenance, monitoring of anti-malware and vulnerability scanning and initiated incident response in the event of a vulnerability
- Ensured contract terms and conditions were negotiated in the best interest of the company to mitigate business risk and maximize financial objectives
- Ensure that Incident response processes are in place to provide direction to the responder teams
- Updating software with the latest security patches and ensuring proper defenses are present
- Monitor network traffic for suspicious traffic
- Configuring and supporting security tools such as firewalls and anti-virus software.
Cyber Security Specialist/DBA
U.S. ARMY
Ft. Drum, NY
01.2014 - 01.2019
- Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems
- Interacted with cyber intelligence analysts conducting threat analysis operations as well as numerous IT professionals performing varying technical roles within the client organization
- Utilized Nessus and Wireshark to detect vulnerabilities in operating systems, network devices, and applications
- Performed Open-Source Intelligence research on indicators of compromise domains and host
- Developed coordinated, implemented, and maintained standards and procedures to protect the security and integrity of information systems and data
- Provided detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution
- Continuously monitored, analyzed, and identified security alerts information from all approved security devices, collection techniques and designated system logs
- Applied security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation
- Performs investigation and data loss prevention, data manipulation, and coordination of activities
- Performs actions to address or mitigate risks and vulnerabilities
- Reviews and defines controls
- Reviewed security baseline controls and developed test plan that was used to assess implemented security controls
- Performed Database Installations, Upgrades and Configurations
- Designed and implemented database code objects: schemas, tables, functions, stored procedures, views.
Systems Administrator
Primrose Company
03.2007 - 11.2010
- Applied Network system LAN design principles in connecting different branches in the Company
- Installed and maintained all hardware associated with end-user computing, comprising of printers, switches and workstations that were valued over $200K
- Provided Tier 1 and Tier 2 support for customers and technical staff
- Integrated user workstations with Microsoft server Operating Systems
- Performed security scans for unauthorized networks and prevented local networks from being compromised
- Worked with the client's liaison to establish future growth and development of the IT needs for their organization
- Performed troubleshooting and problem resolution
- Strong knowledge of Microsoft office applications including Word, Excel, Power Point, Outlook, and Access
- Repaired and maintained components of all computers and servers
- Troubleshoot, repaired and configured PCs with Windows 7.
Education
Master of Science - Cloud Computing Architecture
University of Maryland Global Campus
12.2023
Master of Science - Cybersecurity Technology
University of Maryland Global Campus
12.2020
Bachelor of Science - Network and Cybersecurity
University of Maryland - University College
05.2018
Skills
- Incident response
- Cyber Kill Chain
- MITRE Att&ck Framework
- Data and System Encryption
- Cybersecurity
- Remediation
- KEV Analysis
- Risk Assessment/Mitigation
- APT & TTPs
- Network/System Administration
- Ticketing System
- Intrusion Detection/Prevention
- Mitigation
- Threat Hunting/Pyramid of Pain
- SIEM Tools
- OSINT
- Diamond Model
- PCAP Analysis
- SIEM TOOLS - Splunk & Kibana
- TICKET TOOLS - Service Now, Jira, Confluence & Lasso
- PCAP TOOLS - Wireshark, TCP Dump and Redline
- EDR/XDR TOOLS - Crowd strike, Microsoft Defender, FireEye
- SCANNING TOOLS - Nessus
- OSINT TOOLS - Virus Total, Domain Dossier, Domain Tools, OSINT Framework
Certification
- CASP - CompTIA Advanced Security Practitioner
- CEH - Certified Ethical Hacker
- CNDA - Certified Network Defense Architect
- SEC Plus - CompTIA Security Plus
- CISSP - Certified Information System Security Professional (Projected Nov 2023)
Timeline
CSIRT/KEV ANALYSIS
kONIAG
08.2022 - Current
Threat Analyst /CSIRT
General dynamics
05.2021 - 07.2022
SOC Analyst/ net defense
ICF International
04.2020 - 05.2021
Security/Sys Administrator
U.S. ARMY NETCOM
03.2019 - 03.2020
Cyber Security Specialist/DBA
U.S. ARMY
01.2014 - 01.2019
Systems Administrator
Primrose Company
03.2007 - 11.2010
Master of Science - Cloud Computing Architecture
University of Maryland Global Campus
Master of Science - Cybersecurity Technology
University of Maryland Global Campus
Bachelor of Science - Network and Cybersecurity
University of Maryland - University College
Similar Profiles
Ama AgyemangAma Agyemang
Help Desk Technician Intern at KoniagHelp Desk Technician Intern at Koniag
Jalen ProctorJalen Proctor
Administrative Assistant at Koniag Government ServicesAdministrative Assistant at Koniag Government Services
Jacqueline BousquetteJacqueline Bousquette
Product Owner Consultant at Koniag Government ServicesProduct Owner Consultant at Koniag Government Services
Kyleen PlumleyKyleen Plumley
Front Desk Medical Receptionist at Endocentre Of BaltimoreFront Desk Medical Receptionist at Endocentre Of Baltimore
Adetola AkanjiAdetola Akanji
Driver at EmpowerDriver at Empower