Summary
Overview
Work History
Education
Skills
Websites
Certification
Associations
Clearance
Career Experience
Awards
Training
Timeline
Generic

Steven Alejandro

Insider Threat Professional
Fredericksburg,VA

Summary

Tech-savvy and solutions-oriented professional with extensive experience in threat intelligence, incident response, vulnerability management, insider threat, and risk assessment. Proven ability to implement and maintain security controls, policies, and procedures to protect confidential information and critical infrastructure. Skilled in analyzing and interpreting security logs and alerts to rapidly detect and respond to security incidents. Conducts thorough security assessments and audits to ensure compliance with industry standards and regulations. Deep knowledge of security technologies including SIEM, IDS/IPS, DLP, and endpoint security tools. Adaptable and excels in remote and hybrid work environments, collaborating effectively with cross-functional teams to achieve organizational objectives. Strong communication skills, problem-solving abilities, and a dedication to continuous learning and professional development.

Overview

10
10
years of professional experience
4
4

Certifications

Work History

Cyber Analyst III on UAM/Insider Threat Program

Galapagos LLC
10.2023 - Current
  • Extensive experience with User Activity Monitoring (UAM) capabilities and an understanding of common Insider Threat Tactics, Techniques, and Procedures (TTPs)
  • Served as a subject matter expert (SME) for DoD-CIO's User Activity Monitoring (UAM) evaluation program, evaluating DoD Insider Threat UAM Programs
  • Improved decision-making processes, providing senior management with detailed analysis and actionable insights
  • Direct role in delivering an iterative 'Living' Playbook on UAM for DoD CIO
  • Supported the DoD Playbook, by assisting in multiple iterations (Version 1.1, 1.2, and 1.3, incorporating best practices, governance strategies, and technical consideration
  • Provided UAM analysis, risk assessments, strategic guidance, ensuring UAM capabilities align with DoD-wide cybersecurity and insider threat objectives
  • Collaborated with cross-functional teams to identify opportunities for process improvement and increased efficiency across the DoD enterprise
  • Part of the feasibility testing for UAM and cybersecurity integrations, evaluating tools like Microsoft Azure Sentinel, Defender for Endpoint, DTEX and insider threat monitoring solutions to support DoD-wide CIO objectives

Cyber Defense Operator Senior Engineer Team Lead

Athena Technology Group
05.2023 - 10.2023
  • Part of Army Cyber Command G36 skilled personnel who aided in the User Activity Monitoring (UAM) mission in executing a centralized UAM collection, analysis, and reporting operation to observe and record the actions and activities of individual, at any time, on any device accessing Army information on JWICS and SIPR networks
  • Supported the detection of Insider Threat (InT) activity, reported its analytic results to the Army InT Hub, supported authorized investigations, and provided results to programs directed to receive results by the HQDA G-34
  • Received, analyzed, and processed core Insider Threat indicators from User Activity Monitoring (UAM), Computer Network Defense (CND), and cybersecurity sources to detect, deter, and mitigate potential risk indicators for possible Insider Threat activity
  • Monitored and assessed risks to national security
  • Provided timely reporting of potential insider threats per the DITMAC thresholds and the adjudicative guidelines
  • Enabled effective responses and mitigations by investigative and command authorities to protect classified national security systems and information from unauthorized disclosure
  • Performed holistic insider threat risk assessments to identify threats, prioritize risks, and coordinate response or mitigation measures
  • Generated reports to the Army Insider Threat Hub that would be utilized for further investigative efforts
  • Assisted in training new operators, sharing knowledge of best practices and promoting a culture of teamwork amongst peers
  • Collaborated with team members to ensure seamless coordination of tasks and efficient completion of projects
  • Accurately documented all operational data, ensuring up-to-date records for review and analysis

CSM-CND Site Task Lead/Advanced Cybersecurity Analyst

SYSTEM HIGH CORPORATION
04.2021 - 05.2023
  • Leverage expertise in IA policy, procedures, and workforce structure to oversee the development, implementation, and maintenance of a secure enclave environment for the US Navy Missile Defense Agency using eMASS, Agency-wide SharePoint Access, ACAS, HBSS/ESS, DoD411, 4LOE, Jabber, MS Teams, DoD Safe, DOTS, RMF Knowledge Service, Critical Updates SRG/STIGs, Cyber Task Order Tracking/Processing, NIST Documentation, and Defense Counterintelligence and Security Agency and Authorization Processes
  • Utilized the Cybersecurity Business portal for assignments and task development, and authorization through the Missile Defense Agency
  • Provided strategic and operational cybersecurity initiatives to program directors/managers, senior executive leadership, and other stakeholders for numerous weapon and test systems, and remote site partner network connections
  • Obtained DoD Risk Management Framework (RMF) ATO, ATC, and IATT for over 20 systems and sites, employing eMASS, ACAS, and HBSS, in compliance with DoD and agency directives, policies, and procedures, ensuring Confidentiality, Integrity, and Availability (CIA) of systems, networks, and data through accurate selection, implementation, assessment, authorization, and monitoring of all cybersecurity-related activities
  • Collaborated with IT teams to integrate security measures into the development and deployment of new request of ATO's, ATC's, and IATT's for mission defense agency.
  • Conducted security audits to identify vulnerabilities.
  • Played key role in regulatory compliance projects, ensuring adherence to industry standards and legal requirements related to cybersecurity
  • Recommend improvements in security systems and procedures.

Mission Assurance Cyber Desk Officer

CREDENCE MANAGEMENT SOLUTIONS
06.2020 - 04.2021
  • Engaged with the J34 Mission Assurance team within the NGB-J3/4/7 Operations Directorate, providing expert planning, coordination, and situational awareness to joint and interagency mission partners during domestic operations
  • Assisted in promoting the unity of effort for planned events and domestic incidents
  • Monitored the readiness of National Guard force elements for domestic operations and identified capabilities needed for large-scale incidents involving multiple states or regions
  • Supported the Secretary of Defense and Combatant Commanders in ensuring the success of National Guard operations across 54 states and territories, advising on JFHQ-States requirements and coordinating with various mission partners, including DoD components, combatant commands, and military departments
  • Supported decision-making processes with accurate data entry and thorough record-keeping practices
  • Managed sensitive information discreetly while adhering to strict confidentiality guidelines established by the company.

Insider Threat Analyst / Information System Security Engineer

CACI INTERNATIONAL
10.2019 - 06.2020
  • Maintained an automated data mining and analysis capability to identify potential insider threat behaviors, indicators, and concerns, assisting the government in mitigating insider threats
  • Knowledge of evolving insider threat trends and best practices, ensuring consistent adherence to industry standards and protocols
  • Contributed to the development of the standard operating procedures, the concept of operations, and the memorandum of agreement/memorandum of understanding for the User Activity Monitoring Special Access Program
  • Completed all recommended insider threat training on CDSE as directed by OSD, and proactively enrolled in and completed the Insider Threat Concepts and Overview Course by Carnegie Mellon University
  • Demonstrated understanding of the process to document issues, including computer misuse, policy violations, counterintelligence concerns, foreign influence, financial stressors, and threats to self or others, resulting in enhanced security posture for the organization
  • Collaborated with cross-functional teams to identify opportunities for process improvement and increased efficiency

Cyber Defensive Operations Engineer III (AS&W Team Lead)

U.S. ARMY CYBER COMMAND
07.2019 - 11.2019
  • Steered the proactive identification of new collection methodologies for the attack sensing and warning program focusing on improving overall network security
  • Provided expert recommendations for mitigation and remediation of events, ensuring network integrity and close consultation with Intel Analysts regarding (IoC) Indicators of Compromise
  • Effectively tracked malicious threat actor(s) actions, analyzed the events, and documented the tactics, techniques, and procedures within the network incident tracker
  • Researched emerging threats, Common Vulnerabilities and Exposures (CVE), and newly released zero-day threats, verifying Army network security posture and recommending effective mitigation actions to ensure the continued successful operations of the United States Army Network Enterprise
  • Oversaw SIEM application administration and operation including analyzing, monitoring network traffic, identifying threats, and detecting anomalies
  • Executed, maintained, and enhanced standard operating procedures (SOPs) for the AS&W Program, ensuring effective implementation and compliance with DoD standards
  • Applied advanced technologies including ArcSight Logger/ESM, Tanium, JRSS, AESS, and Big Data Platform (BDP) along with DoD-cleared open-source tools to detect, hunt, and mitigate network intrusions, malware, and vulnerabilities
  • Leveraged expertise in detecting, monitoring, analyzing, and mitigating cyber threats, including incident management and cyber response team activities
  • Served as a site lead, ensuring successful coverage of shifts, a clear understanding of team member responsibilities, and strict adherence to quality assurance standards and DoD compliance requirements
  • Troubleshot complex issues under tight deadlines, prioritizing tasks effectively to minimize disruptions to ongoing operations
  • Maintained technical fluency in required equipment and networking hardware for assigned jobs and facilities

Information Assurance Security Assessor

GDIT
10.2018 - 07.2019
  • Ensured that the architecture and design of DoD information systems are functional and secure
  • Maintained up-to-date knowledge of industry best practices, attending professional conferences and participating in ongoing training opportunities.
  • As needed, design and developed IA or IA enabled products, interface specifications, and approaches to secure the environment
  • Assess threats to the environment
  • Provide inputs on the adequacy of security designs and architectures
  • Participate in risk assessment during the certification and accreditation process
  • Ensure that the architecture and design of DoD information systems are functional and secure
  • As needed, design and develop IA or IA enabled products, interface specifications, and approaches to secure the environment
  • Assess threats to the environment
  • Provide inputs on the adequacy of security designs and architectures
  • Participate in risk assessment during the certification and accreditation process

Defensive Cyber Operations Incident Manager

SSI (Storage Strategies, Inc.)
06.2017 - 10.2018
  • Handled high priority incidents with exceptional poise and composure, making quick decisions in effort to reduce overall impact
  • Established strong relationships with stakeholders across various departments to facilitate seamless collaboration during high-pressure situations
  • Enhanced incident response times by streamlining communication channels and implementing efficient escalation procedures.
  • Collaborated with cross-functional teams to identify root causes of incidents, leading to targeted improvements in system stability.
  • Delivered regular training sessions for staff members on incident management procedures, enhancing overall team efficiency and knowledge sharing capabilities.
  • Coordinated with external vendors to resolve incidents involving third-party systems, ensuring minimal impact on business operations.
  • Establish metrics and reporting to measure the effectiveness of case handling and resolution across the Defense Operations organization
  • Build, mentor, and manage a high-performing team of incident response professionals, fostering a culture of collaboration, resilience, and continuous improvement.

Defensive Cyber Operations Specialist

ARCYBER CMD (Active Duty)
08.2015 - 05.2017
  • Enhanced network security by implementing advanced threat detection and mitigation strategies
  • Implemented continuous monitoring solutions to detect potential cyber threats in realtime
  • Performed regular audits of system logs for signs of suspicious activity or potential breaches, allowing for swift action when needed.
  • Coordinated with IT personnel to ensure timely and successful patch management, reducing vulnerabilities and maintaining a secure network environment.
  • Prepared detailed reports on security incidents, trends, and recommendations for management review.
  • Optimized incident response procedures for faster resolution and reduced downtime.
  • Established a strong culture of security within the organization through ongoing education, communication, and collaboration among teams.
  • Streamlined cybersecurity processes, leading to improved efficiency and effectiveness of operations.
  • Delivered training programs to improve employee awareness of cybersecurity best practices and protocols.

Education

No Degree - Cybersecurity

The University of Maryland Global Campus
Online
11-2027

Skills

  • Mission Assurance & Security
  • Threat Analysis & Reporting
  • Security Governance
  • Asset Management
  • User Activity Monitoring
  • Program Management
  • NIST & CNSSI Publications
  • Cyber Operations Planner
  • Crisis Management
  • Process Auditing & Reporting
  • Information Security Management
  • Cyber Operations Management
  • Microsoft office
  • Analytical thinking
  • Time management
  • MS Excel
  • Team collaboration and leadership
  • Project management
  • Information gathering
  • Critical thinking
  • Attention to detail
  • Data research and validation

Certification

  • Certified Information Security Manager (CISM)
  • Certified Advanced Security Practitioner (CASP+)
  • Certified Ethical Hacker (CEH)
  • Certified Network Defense Architect (CNDA)

Associations

  • The Cybersecurity Forum Initiative CSFI
  • Military Cyber Professional Association
  • NITSIG National Insider Threat Special Interest Group

Clearance

Top-Secret/SCI Clearance with CI Poly

Career Experience

  • Cyber Analyst III, Galapagos, Conducting advanced cybersecurity analysis at a senior level., Experience with User Activity Monitoring (UAM) capabilities., Proficiency in navigating the complete lifecycle of cybersecurity threats., Delivering essential services such as cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessments.
  • Cyber Defense Operator Senior Engineer Team Lead, Athena Technology Group, Aid the User Activity Monitoring (UAM) mission., Support the detection of Insider Threat (InT) activity., Provide results to programs directed to receive results by the HQDA G-34.
  • CSM-CND Site Task Lead/Advanced Cybersecurity Analyst, SYSTEM HIGH CORPORATION, Dahlgren, VA, 04/21, 05/23, Oversee the development, implementation, and maintenance of a secure enclave environment for the US Navy Missile Defense Agency., Obtain DoD Risk Management Framework (RMF) ATO, ATC, and IATT for over 20 systems and sites.
  • Mission Assurance Cyber Desk Officer, CREDENCE MANAGEMENT SOLUTIONS, Arlington, VA, 06/20, 04/21, Engaged with the J34 Mission Assurance team., Monitored the readiness of National Guard force elements for domestic operations.
  • Insider Threat Analyst / Information System Security Engineer, CACI INTERNATIONAL, Fort Belvoir, VA, 10/19, 06/20, Developed and maintained an automated data mining and analysis capability., Contributed to the development of standard operating procedures.
  • Cyber Defensive Operations Engineer III (AS&W Team Lead), U.S. ARMY CYBER COMMAND, Fort Belvoir, VA, 07/19, 11/19, Steered the proactive identification of new collection methodologies., Provided expert recommendations for mitigation and remediation of events.
  • Cybersecurity Information Assurance Security Assessor, US ARMY G6 Intelligence and Security Command - General Dynamics Information Technology, 10/18, 07/19
  • ARCYBER Command Defensive Cyber Operations Incident Manager, SSI (Storage Strategies, Inc.), 06/17, 10/18
  • Defensive Cyber Operations Specialist, U.S. Army Cyber Command, 08/15, 05/17
  • Transition Manager, Warrior Transition Brigade National Capital Region, 09/13, 08/15
  • Operations Training and Schools Manager, US Army, 03/12, 08/13
  • Operations Supervisor, US Army, 02/09, 02/12
  • Operations Manager, US Army, 01/07, 01/09

Awards

  • Meritorious Service Medal, US ARMY, 09/17
  • Bronze Order of Mercury, U.S Army Signal Corps Association, 07/12

Training

  • DTEX Insider Risk Management Training
  • Insider Threat Program Manager Training Course (CDSE)
  • Insider Threat Training and Development Course (CDSE)
  • Proofpoint Certified Phishing Specialist, Vendor Training
  • Securonix User and Entity Behavior Analytics (UEBA), Vendor Training
  • SNYPER, Vendor Training
  • Forcepoint Vendor Training
  • JRSS Vendor Training
  • AESS Vendor Training
  • ACDC Vendor Training
  • Tanium Vendor Training
  • Big Data Platform Gabriel Nimbus, Vendor Training
  • HBSS/ESS Administrator Analyst Course ePO5.3 (201-301), Vendor Training
  • ACAS Operator and Supervisor Course Version 5.3, Vendor Training
  • Cyber Operations Planners Course, Vendor Training
  • HP ArcSight ESM 6.5 Administrator and Analyst Course, Vendor Training
  • Centaur, Vendor Training
  • ARL Interrogator, Vendor Training
  • Basic LINUX, Vendor Training
  • Remedy, Vendor Training
  • AMHS, Vendor Training
  • Solar Winds, Vendor Training
  • SMADS, Vendor Training
  • SKIWeb, Vendor Training
  • Mission Assurance Senior Leader Course, Vendor Training
  • EMASS Course, Vendor Training
  • PowerBi Desktop, Vendor Training

Timeline

Cyber Analyst III on UAM/Insider Threat Program

Galapagos LLC
10.2023 - Current

Cyber Defense Operator Senior Engineer Team Lead

Athena Technology Group
05.2023 - 10.2023

CSM-CND Site Task Lead/Advanced Cybersecurity Analyst

SYSTEM HIGH CORPORATION
04.2021 - 05.2023

Mission Assurance Cyber Desk Officer

CREDENCE MANAGEMENT SOLUTIONS
06.2020 - 04.2021

Insider Threat Analyst / Information System Security Engineer

CACI INTERNATIONAL
10.2019 - 06.2020

Cyber Defensive Operations Engineer III (AS&W Team Lead)

U.S. ARMY CYBER COMMAND
07.2019 - 11.2019

Information Assurance Security Assessor

GDIT
10.2018 - 07.2019

Defensive Cyber Operations Incident Manager

SSI (Storage Strategies, Inc.)
06.2017 - 10.2018

Defensive Cyber Operations Specialist

ARCYBER CMD (Active Duty)
08.2015 - 05.2017

No Degree - Cybersecurity

The University of Maryland Global Campus
Steven AlejandroInsider Threat Professional