Overview
Work History
Education
Skills
Timeline
Generic

William Arnold

Athens,AL

Overview

13
13
years of professional experience

Work History

Director

Fastly
04.2024 - Current
  • Manage a team of 19 individuals in US, EMEA and APAC regions
  • Drive initiatives with customers and set expectations for service offerings
  • Lead widespread cyber events
  • Coordinate intelligence gathering and hunting efforts and turn output into actionable alerts for customers
  • Own customer relationships and ensure customer satisfaction is a priority
  • Lead executive level briefings regarding quarterly metrics and security posture
  • Manage relationships and operational efforts that contribute to over $12M ARR
  • Partner with Product and Engineering to launch new product offerings
  • Define strategy and roadmap for my business unit
  • Spearheaded and launched our Managed Security Service (MSS) offering 1 year ago, which has secured over $5M in revenue.

Senior Manager

Fastly
05.2022 - 04.2024
  • Manage a team of 19 individuals in the US, EMEA and APAC regions
  • Drive initiatives with customers and set expectations for service offerings
  • Lead widespread cyber events
  • Coordinate intelligence gathering and hunting efforts and turn output into actionable alerts for customers
  • Own customer relationships and ensure we have customer satisfaction
  • Lead executive level briefings regarding quarterly metrics and security posture
  • Manage relationships and operational efforts that contribute to over $12M ARR
  • Partner with Product and Engineering to launch new product offerings
  • Define strategy and roadmap for my business unit
  • Spearheaded and launched our Managed Security Service (MSS) offering 1 year ago, which has secured over $5M in revenue.

Security Operations Manager

CyZen
05.2021 - 05.2022
  • Manage a team of 10 individuals
  • Develop progression paths for my team
  • Manage a budget of over 2 million dollars to include operations cost, ARR, gross and margins
  • Drive initiatives with customers and set expectations for service offerings
  • Lead widespread cyber events
  • Coordinate intelligence gathering and hunting efforts and turn output into actionable alerts for customers
  • Executed the purchase and migration of ticketing platform and threat intelligence platform
  • Lead executive level briefings regarding quarterly metrics and security posture.

Security Operations Manager

deepwatch
09.2020 - 05.2021
  • Manage a team of 16 individuals
  • Develop progression paths for my team
  • Manage a budget of over 6 million dollars to include operations cost, ARR, gross and margins
  • Drive initiatives with customers and set expectations for service offerings
  • Lead widespread cyber events
  • Coordinate intelligence gathering and hunting efforts and turn output into actionable alerts for customers
  • Lead executive level briefings regarding quarterly metrics and security posture.

Lead Security Analyst

deepwatch
02.2019 - 09.2020
  • Spearheaded the strategy, development, structure, organization and creation of Global Runbooks for analysts to standardize analyst response procedures, improving customer satisfaction and experience
  • Identified and created process to enhance global runbooks by including additional steps to identify and record tuning opportunities and outline procedures for performing reviews of event specific investigation processes
  • Provided coaching, shadowing, training for both seasoned and new analysts to standardize event investigation and to enable thorough event analysis
  • Served as a focal point for customers and analysts for all analysis; streamlining the analysis process and improving customer experience
  • Spearheaded the creation of the Analyst New Hire Checklist to enable quicker role assumption, thereby ensuring the completion of all necessary functions in an appropriate manner
  • Created multiple customer specific runbooks while working with customer to understand needs/requirements which identified the necessity of 'global runbooks' to standardize Analyst response procedures
  • Work closely with Squad Threat Hunter for cross-training for better event analysis and further develop skillset to improve triage times
  • Worked with Threat Hunter to create dashboards to improve response times and assist Analysts in investigation and triaging security incidents
  • Created process to perform tuning on Splunk alerts, which alleviates Threat Hunter responsibilities enabling threat hunters to address more critical issues
  • Work closely with squad Engineer for cross-training to further develop skillset and improve understanding of engineering related issues to assist with earlier response / triage times
  • Perform infrastructure tuning on Splunk alerts, enabling squad Engineer to focus on higher priority tasks
  • Worked closed with R&D to create/modify Demisto playbooks to ensure error free automation during event triage process ensuring accurate reporting of security incidents
  • Identified numerous bugs with Demisto affecting customers and worked closely with R&D to create/modify Demisto playbooks to meet operational requirements
  • Created workflows/dashboards to improve response times for Analysts in ServiceNow
  • Routinely work with Analysts, Threat Hunters, Engineers, and Manager to improve processes and procedures
  • Created process to identify tuning and perform tuning under guidance of Threat Hunter to increase skillset, additionally working to document tuning procedures for further Analyst adoption.

Security Engineer

MAD Security
03.2017 - 08.2017
  • Document solutions, process, or procedures effectively in written and verbal delivery methods
  • Assist with the development of incident identification and handling plans, workflows, and SOPs
  • Deploy and maintain security sensors and tools
  • Monitor security sensors and review logs to identify intrusions
  • Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
  • Identify incident root cause and take proactive mitigation steps
  • Perform lessons learned activities
  • Review vulnerabilities and track resolution
  • Review and process threat intel reports
  • Develop and implement detection use cases
  • Develop and implement IDS signatures
  • Assist with incident response efforts.

Network Security Engineer

Hirevergence
10.2016 - 12.2016
  • Lead Cyber Security Analyst for CSIRT (Cyber Security Incident Response Team)
  • Identify gaps and weaknesses and assist with correcting those to expand and building out technical capabilities and infrastructure for SOC
  • Identify, analyze, and respond to Cyber Security threats and incidents
  • Perform log, registry, and file analysis to identify the infection vector related to the potential Cyber Security Incident
  • Executing/detonating malware in a VM (Virtual Machine) or sandbox environment to document and analyze malware characteristics and purpose (e.g
  • Data exfiltration, keylogger, lateral movement, etc)
  • Responsible for monitoring and reviewing the IT Security Inbox for phishing emails, which included analyzing email headers, malicious links and attachments
  • Delegate duties/tasks (e.g
  • Pulling specific logs, reaching out to appropriate individuals, disabling access, etc) when responding to an incident.

Senior Security Analyst

H2H Technology
06.2016 - 10.2016
  • Lead Cyber Security Analyst for CSIRT (Cyber Security Incident Response Team)
  • Identify gaps and weaknesses and assist with correcting those to expand and building out technical capabilities and infrastructure for SOC
  • Identify, analyze, and respond to Cyber Security threats and incidents
  • Create and upload Indicators of Compromise (IOCs) into tools when identified during investigation
  • Perform log, registry, and file analysis to identify the infection vector related to the potential Cyber Security Incident
  • Perform 'hunting' activities within flow data and/or full packet captures looking for anomalies or suspicious activity
  • Executing/detonating malware in a VM (Virtual Machine) or sandbox environment to document and analyze malware characteristics and purpose (e.g
  • Data exfiltration, keylogger, lateral movement, etc)
  • Responsible for monitoring and reviewing the IT Security Inbox for phishing emails, which included analyzing email headers, malicious links and attachments
  • Delegate duties/tasks (e.g
  • Pulling specific logs, reaching out to appropriate individuals, disabling access, etc) when responding to an incident.

Cyber Security Engineer

Science Application International Corporation (SAIC)
03.2015 - 03.2016
  • Lead Security Engineer for five (5) projects, which all had the goal to increase the security posture and visibility for NASA's (National Aeronautics and Space Administration) network
  • Responsible for providing information security risk analysis and security governance functions in the assessment, development, and evaluation of security processes, controls and solutions for NASA's enterprise technology assets
  • Lead and assist team members in researching and evaluating various methods to secure system(s), network(s), database(s), and business application(s) in support of project deliverables, related services and other IT (Information Technology) organizations
  • Responsible for creating requirements for RFP's (Request for Proposals), scoring RFP's, and responding to RFP's when selecting vendors and tools that meet that requirements for the project and the Agency.

Cyber Security Analyst

Zycron
02.2013 - 03.2015
  • Tier two (2) Lead Cyber Security Analyst
  • Technical Lead for the Privacy Program
  • Played key role in building the Cyber Security Team, processes, tools, and Security Operation Center (SOC)
  • Responsible for overseeing and assisting with Cyber Security Investigations
  • Perform analysis of full packet captures (Netwitness)
  • Perform log, registry, and file analysis to identify the infection vector related to the potential Cyber Security Incident
  • Perform 'hunting' activities looking for anomalies and suspicious activity
  • Perform privacy scans for RPII (Restricted Personally Identifiable Information) and PII on servers and workstations
  • Lead and participate in table top exercises
  • Served as a liaison to several business units to promote security awareness and provide metrics and presentations to Senior Management and Vice Presidents
  • Assist the Risk Assessment team with vulnerability scans
  • Create and modify technical documentation for Run Books (e.g
  • Incident Action Plans)
  • Provide technical guidance/mentoring to junior analysts and/or new employees
  • Serve as a Focal Point for Cyber Security incidents that may impact other business units
  • Serve as a Focal Point for incident escalation within our SOC environment and assign tickets/incidents based on workload and severity to Tier 1 and Tier 2 analysts
  • Responsible for monitoring and reviewing the IT Security Inbox for phishing emails, which included analyzing email headers, malicious links and attachments
  • Create daily reports for potential malware infections (Flow Data, Honey Pots, Honey Inboxes)
  • Create and report monthly metrics for malware infections, scanning/reconnaissance on externally facing web servers and phishing emails reported by employees.

Cyber Security Analyst

Sword and Shield Enterprise Security
01.2012 - 02.2013
  • Tier two (2) Lead Cyber Security Analyst
  • Technical Lead for the Privacy Program
  • Played a key role in building the Cyber Security Team, processes, tools, and Security Operation Center (SOC)
  • Responsible for overseeing and assisting with Cyber Security Investigations
  • Perform analysis of full packet captures (Netwitness)
  • Perform log, registry, and file analysis to identify the infection vector related to the potential Cyber Security Incident
  • Perform 'hunting' activities looking for anomalies and suspicious activity
  • Perform privacy scans for RPII (Restricted Personally Identifiable Information) and PII on servers and workstations
  • Lead and participate in table top exercises
  • Served as a liaison to several business units to promote security awareness and provide metrics and presentations to Senior Management and Vice Presidents
  • Assist the Risk Assessment team with vulnerability scans
  • Create and modify technical documentation for Run Books (e.g
  • Incident Action Plans)
  • Provide technical guidance/mentoring to junior analysts and/or new employees
  • Serve as a Focal Point for Cyber Security incidents that may impact other business units
  • Serve as a Focal Point for incident escalation within our SOC environment and assign tickets/incidents based on workload and severity to Tier 1 and Tier 2 analysts
  • Responsible for monitoring and reviewing the IT Security Inbox for phishing emails, which included analyzing email headers, malicious links and attachments
  • Create daily reports for potential malware infections (Flow Data, Honey Pots, Honey Inboxes)
  • Create and report monthly metrics for malware infections, scanning/reconnaissance on externally facing web servers and phishing emails reported by employees.

Field Service Technician

Catalyst Technology
08.2011 - 01.2012
  • Responsible for the installation and troubleshooting of TVA's software applications and operating systems
  • Responsible for removing malware, reimaging systems, and ensuring all necessary patches/updates are on the system(s)
  • Perform installations and/or upgrades to various hardware systems to include, laptops, desktops, printers, and plotters
  • Perform the following hardware replacements/repairs to include, but not limited to; mothers board(s)/system boards(s), LCD screens, CPU, CPU Fan, Power Supply, trailing cable, carriage drive belt, and auto compensatory pick assemblies
  • Create technical documentation and SOP's for junior analysts.

Education

Skills

  • Strategic Planning
  • Verbal and written communication
  • People Management
  • Operations Management
  • Strategies and goals
  • Staff Management
  • Project Coordination
  • Staff Development
  • Hiring and Retention

Timeline

Director

Fastly
04.2024 - Current

Senior Manager

Fastly
05.2022 - 04.2024

Security Operations Manager

CyZen
05.2021 - 05.2022

Security Operations Manager

deepwatch
09.2020 - 05.2021

Lead Security Analyst

deepwatch
02.2019 - 09.2020

Security Engineer

MAD Security
03.2017 - 08.2017

Network Security Engineer

Hirevergence
10.2016 - 12.2016

Senior Security Analyst

H2H Technology
06.2016 - 10.2016

Cyber Security Engineer

Science Application International Corporation (SAIC)
03.2015 - 03.2016

Cyber Security Analyst

Zycron
02.2013 - 03.2015

Cyber Security Analyst

Sword and Shield Enterprise Security
01.2012 - 02.2013

Field Service Technician

Catalyst Technology
08.2011 - 01.2012

William Arnold