Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Generic

Walter Cook

Phoenix,AZ

Summary

Innovative Insider Threat Engineer also experienced in DLP, IAM, Data Breach, Incident Response. Built over 200 unique detections using in-house tools and MS Defender and Purview.

Consulted on Insider Threat and Cyber Threat Intelligence, providing onsite services for engineering and process improvement.

Overview

17
17
years of professional experience
1
1
Certification

Work History

Insider Threat Engineer

U.S. Bank
03.2023 - Current
  • Hunt into new and existing datasets to find opportunities to build new detections
  • Constructed new and enhanced existing rules in company's UEBA tool and MS Defender and Purview
  • Capture and respond to detection feedback from ITP analysts
  • Engineered advanced triage scoring model
  • Hunts have resulted in a number of rules in new behavior areas such as after-term, access, recon, discontentment, rogue software
  • Implemented mechanism to update rules parameters seamlessly without altering production
  • Implemented low-touch feedback process to address thousands of false positives

Chief Developer and Co-founder

Reqfast
12.2018 - 03.2023
  • Company Overview: Startup SaaS company improving effectiveness and efficiency of cyber threat intelligence teams
  • Built the company's flagship SaaS platform and continually upgrade.
  • Managed product roadmap and collected customer feedback.
  • Ensured secure network posture.e
  • Oversaw out-tasked resources
  • Designed, built, and launched full-stack deployment of company’s flagship platform on AWS using Angular/TS, Apache, PHP, AWS S3/EC2/Lambda
  • Built and deployed major upgrade to 2.0
  • Built company’s external API

Principal Advisor

Flashpoint Intel
05.2017 - 11.2018
  • Provided program and technical consultative guidance for the development of customers’ insider threat programs
  • Developed and delivered against customized CTI workshop agendas at customer locations in US and Europe
  • Extended company workshop and training offerings.gs
  • Built modules targeted to each phase of the intelligence lifecycle
  • Administered and contributed to Flashpoint insider threat collaboration space and wrote blogs related to intelligence space
  • Supported Walmart for a year, providing ongoing guidance on program, process, and tool designs. resulting in a renewal for year 2 of the contract
  • Delivered ad-hoc guidance to customers on an Insider Threat retainer
  • Authored an extensive 80-page guide on Insider Threat
  • Led effective multi-day workshops in the US, UK, and the Netherlands
  • Collaborated with sales and marketing to craft innovative support materials for new products

Information Security Specialist - Insider Threat

American Express Information Security
06.2014 - 05.2017
  • Played key role in founding team launching Amex's worldwide Insider Threat Program
  • Statistically analyze key technical and other related information to develop controls, statistical models, and analysis processes which are used to identify and mitigate insider threat related risks
  • Conduct investigations into unusual user behavior through analysis of digital evidence
  • Develop operating and leadership metrics
  • Extensive knowledge of process development and improvement, audit and governance, and case management
  • Conceived, designed and built UEBA tools that monitored 125 risk indicators across proxy, mail, IAM, DLP, SOC, HR, PAM, ePV, database monitoring across 120k+ users
  • Developed innovative risk scoring and triage model
  • Extended scoring model to the team level to connect the behaviors of peers
  • Developed risk model based on case data which enabled triage, triggers regulator notification, and trending
  • Designed metrics to monitor KPIs and KRIs

Information Security Specialist - Data Breach

American Express Chief Information Security Office
02.2008 - 06.2014
  • Accountability for all reporting involving data breaches worldwide, including Amex Board, Banks, regulators, leadership, and operations
  • Managed Significant and/or large, multi-site data breach incidents, primarily at merchants
  • Accountability for analysis and process improvement related to the management of data compromises including the development of operational-level and management-level scorecards
  • Streamlined data collection using multiple sources
  • Developed innovative correlations between data breaches and root causes
  • Created automated data capture tools for four external sources
  • Created risk model utilizing case data for enhanced triage and regulatory notification
  • Created database tool to scrape CPP transactional detail
  • Enabled connection of CPPs to data breach cases

Education

Bachelor of Science - Chemistry, Math/Physics minor

University of Arizona
Tucson, AZ

Skills

  • Insider threat engineering, program development and investigations
  • Database administration and querying: mySQL, SQL Server, Aurora, Greenplum
  • Programming Languages: KQL, Angular, TypeScript, JavaScript, PHP, Objective-C
  • AWS and Azure Proficiency
  • MS Defender and Purview
  • Data loss prevention
  • Identity and access management
  • Intelligence lifecycle
  • Data breach management
  • Reporting and analytics
  • Process improvement
  • Certified Six Sigma Black Belt
  • NIST 800-53

Certification

  • Certified Six Sigma Black Belt, American Express
  • CISSP, Active
  • CCSP, Active

Timeline

Insider Threat Engineer

U.S. Bank
03.2023 - Current

Chief Developer and Co-founder

Reqfast
12.2018 - 03.2023

Principal Advisor

Flashpoint Intel
05.2017 - 11.2018

Information Security Specialist - Insider Threat

American Express Information Security
06.2014 - 05.2017

Information Security Specialist - Data Breach

American Express Chief Information Security Office
02.2008 - 06.2014

Bachelor of Science - Chemistry, Math/Physics minor

University of Arizona

Similar Profiles

CREATE PROFILE
Walter Cook