Dustin Mock

Strengthened baseline security posture by identifying and addressing configuration and procedure issues in cloud infrastructure, workstations, servers, DNS, and domains. Troubleshot and diagnosed existing parsing and logging issues in Splunk, adding data enrichment and adjusting parsing as needed. Reviewed cloud architecture for proposed service and application additions for security issues in con

Created and tuned alerts and signatures for various SIEM and EDR tools, translating rules across different platforms like Netwitness, Palo Alto Cortex, Splunk, and Crowdstrike. Integrated threat intelligence feeds into multiple SIEMs and created/adjusted parsers to ingest data from relevant log sources. Created comprehensive documentation for rules and parsing in various SIEMs, and assisted analys

Assessed the security posture of the network using vulnerability scanning, log analysis, and policy reviews. Documented findings, suggested solutions, and collaborated with teams to remediate discovered security issues. Tuned Splunk Enterprise Security alerts to a manageable workload and created new correlation alerts and reports.

Investigated alerts, escalated incidents, and worked with clients on recommended remediation actions and incident response measures. Created mandatory training for new analysts and interns, providing shadowing and coaching on alert investigation and SIEM tool usage. Created documentation for SIEM tools and tuned rules and reports in Splunk, Qradar, and Logrhythm.

Investigated alerts and escalated potential incidents, including reported phishing emails. Maintained and updated internal Security Operations Wiki pages, ensuring accuracy and verifying sources. Researched and performed monthly brown bag training for various information technology teams.

Investigated alerts and escalated potential incidents, including reported phishing emails. Reviewed daily and weekly reports to identify suspicious activity and managed the ticket backlog. Investigated user activity as requested by department heads and identified/contacted recipients of suspicious emails.