Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Yakov Goldberg

Potomac,MD

Summary

Self-motivated cybersecurity leader with over 15 years of experience specializing in programming, digital forensics, incident response, malware analysis, threat hunting, and reverse engineering. CISSP certified professional passionate about programming, reversing and exploit and vulnerability research. High-energy engineer experienced in advising and deploying customized on-premises and cloud security controls for Fortune 500 clients. Creative innovator in cybersecurity tools and methodologies, leading the development of advanced security systems and procedures. Advocate for leveraging Generative AI algorithms to enhance efficiency and productivity.

Overview

19
19
years of professional experience
1
1
Certification

Work History

DevOps and Cloud, SaaS & AppSec Security

Freelancer Consultant
03.2024 - Current
  • Consult on design and implementation of innovative solutions to enhance security posture of cloud, SaaS, and application security (AppSec) environments
  • Provide managed security services for cloud, SaaS, and AppSec platforms
  • Work with multiple customers to deliver tailored security projects, including alert remediation, validation of cloud security measures, and patch management leveraging NIST 800 publications and CIS benchmarks
  • Advise customers on prioritizing patch management strategy focused on CISA Known Exploited Vulnerabilities (KEV) CVEs
  • Develop new prototypes using Python to expand and enhance cloud scanning capabilities, patch management, and cloud security
  • Drive innovation within customers' AWS and Azure cloud environments
  • Leverage Generative AI algorithms using Python to enhance development speed and productivity by about 60 percent
  • Work with cloud security solutions such as ORCA, Adaptive Shield, and Prowler

Senior Manager, Threat Detection & Threat Analysis

Capital One
05.2021 - 03.2024
  • Led and mentored the Reverse Engineering team in threat detection and analysis, ensuring the efficacy of threat detection mechanisms and tuning processes for optimized security measures
  • Directed the development and implementation of innovative security tools, scripts, and configuration extractors to advance threat hunting and analysis capabilities
  • Deployed a new sandbox analysis platform for malware used by all cyber teams for analysis, leveraging the API for integration with other organizational controls
  • Innovated in the design and testing of high-fidelity YARA rules, applying genetic matching and reverse analysis techniques for active threat hunting across various operating systems
  • Performed memory analysis on process dumps produced by multiple endpoint solutions
  • Developed proof-of-concept cyber weapons utilizing advanced programming languages such as C/C++, conducting efficacy tests, and assisting the purple and red teams
  • Worked directly with Capital One’s EDR vendor to develop new detections as a result of efficacy tests
  • Compiled and presented threat intelligence metrics and KPIs to senior leadership, driving strategic decisions and cybersecurity enhancements

Senior Director of Research

Haystax a Fishtech Group
09.2020 - 04.2021
  • Led data science and research teams in developing cutting-edge AWS and GCP cloud solutions, enhancing operational efficiency and cybersecurity with automated technologies
  • Acted as a subject matter expert in User and Entity Behavior Analytics (UEBA) for identifying insider and outsider threats, leveraging advanced analytics and machine learning to enhance threat detection across cyber and non-cyber domains
  • Developed automated Python cloud service for real-time COVID-19 statistics, supporting Haystax's Pandemic Model with web scraping, data science logic, and API management
  • Engineered big data ETL pipelines and implemented machine learning algorithms for anomaly detection, utilizing libraries such as Pandas, NumPy, and Scikit-learn for comprehensive data analysis
  • Designed dynamic dashboards with Python Dash, integrating data analytics from Google BigQuery to visualize insights and drive strategic decision-making

Senior Director of Investigation & Threat Intel

Fortinet (FortiEDR/ enSilo)
07.2017 - 09.2020
  • Led global team of over 10+ professionals in incident response and threat intelligence, enhancing Fortinet's cybersecurity posture through strategic management of forensic alerts, incident analyses, and threat hunting
  • Spearheaded the development of innovative cybersecurity tools and an internal SIEM solution leveraging Elasticsearch and Python, significantly improving event log aggregation and threat detection capabilities
  • Drove comprehensive threat analysis efforts by applying debugging, reverse engineering, and analysis techniques on malware variants, contributing to Fortinet’s technical reports and blog posts
  • Developed Indicators of Compromise (IoCs) and YARA rules, advancing the understanding of adversary Tactics, Techniques, and Procedures (TTPs) and bolstering defenses against emerging threats
  • Authored in-depth forensic and technical reports for real-time incident responses, gaining insights into new cyber threats and leading internal projects that markedly enhanced cybersecurity measures

Incident Response & Research Manager

TrapX Security
05.2015 - 07.2017
  • Invented and developed the TrapX AIR and Intelligence X systems, significantly improving incident management and threat intelligence gathering support TrapX's DeceptionGrid.
  • Managed and trained the Incident Response team, enhancing their capabilities and advancing internal research projects to bolster cybersecurity methodologies
  • Provided crucial support in digital and memory forensics during security breaches and conducted extensive intelligence research to address diverse cyber threats

Incident Analyst

Mandiant a Google Company
07.2012 - 05.2015
  • Conducted high-stakes digital forensics and incident response for Fortune 500 clients, identifying and mitigating Advanced Persistent Threats (APTs) with developed proprietary security tools and scripts
  • Played a key role in Mandiant's global expansion by contributing to the setup of a new security center in Singapore
  • Led the training of over 20 employees in cybersecurity best practices

Network Support Manager

ABNB Federal Credit Union
05.2006 - 06.2012
  • Orchestrated significant IT security upgrades and vulnerability assessments across the organization, leading IT strategy and audit compliance efforts
  • Managed a technical team, fostering a culture of security awareness and implementing critical security training for all new employees

Education

Master of Science - Information Assurance

Capella University
Minneapolis, MN
02.2012

Bachelor of Science - Information System Security

ITT Technical Institute
Norfolk, VA
12.2009

Skills

  • Programming
  • Cloud & SaaS Security
  • Reverse Engineering
  • Threat Analysis & Detection
  • Exploitation
  • Incident Response
  • Strategy Development
  • Stakeholder Engagement
  • Leadership
  • MITRE ATT&CK Matrix
  • Cyber Kill Chain Model
  • Vulnerability Assessment
  • Machine Learning

Certification

  • Certified Information Systems Security Professional (CISSP), ISC2
  • Global Information Assurance Certification Certified Forensics Analyst, 10/10
  • Security+ Certified, CompTIA, 09/09
  • Network+ Certified, CompTIA, 07/07

Timeline

DevOps and Cloud, SaaS & AppSec Security

Freelancer Consultant
03.2024 - Current

Senior Manager, Threat Detection & Threat Analysis

Capital One
05.2021 - 03.2024

Senior Director of Research

Haystax a Fishtech Group
09.2020 - 04.2021

Senior Director of Investigation & Threat Intel

Fortinet (FortiEDR/ enSilo)
07.2017 - 09.2020

Incident Response & Research Manager

TrapX Security
05.2015 - 07.2017

Incident Analyst

Mandiant a Google Company
07.2012 - 05.2015

Network Support Manager

ABNB Federal Credit Union
05.2006 - 06.2012
  • Certified Information Systems Security Professional (CISSP), ISC2
  • Global Information Assurance Certification Certified Forensics Analyst, 10/10
  • Security+ Certified, CompTIA, 09/09
  • Network+ Certified, CompTIA, 07/07

Master of Science - Information Assurance

Capella University

Bachelor of Science - Information System Security

ITT Technical Institute

Similar Profiles

  • Stavankumar Patel

    Stavankumar PatelStavankumar Patel

    Project Manager at Freelancer ConsultantProject Manager at Freelancer Consultant

    View Profile
  • Leonard Maximus Ireneous Mensah

    Leonard Maximus Ireneous MensahLeonard Maximus Ireneous Mensah

    Instructional Designer / eLearning Developer at Private Consultant / Freelancer, RemoteInstructional Designer / eLearning Developer at Private Consultant / Freelancer, Remote

    View Profile
  • Nada M. Makki

    Nada M. MakkiNada M. Makki

    HR & CS Client Partner at Org & Mgmt Consultant Organization Consultant DeptHR & CS Client Partner at Org & Mgmt Consultant Organization Consultant Dept

    View Profile
Yakov Goldberg