ryan f
@ryanf
Cybersecurity analyst with extensive experience in incident response.
What I'm looking for
I am a dedicated cybersecurity analyst with a strong background in incident response and digital forensics. My journey in the cybersecurity field began over a decade ago, and since then, I have honed my skills at various esteemed organizations, including the National Renewable Energy Laboratory and Xcel Energy. My primary focus has been on incident response, where I have successfully led initiatives to enhance security protocols and mitigate risks.
Throughout my career, I have engineered innovative solutions such as the KAPE sniper forensic solution integration for Crowdstrike, demonstrating my ability to blend technical expertise with strategic thinking. I take pride in my accomplishments, including creating best practices playbooks for incident response and leading user acceptability testing for new security measures. My experience spans across various tools and technologies, including SIEM platforms, digital forensics tools, and network security protocols, making me a versatile asset in any cybersecurity team.
Experience
Work history, roles, and key accomplishments
IT Professional III – Cyber Security Analyst
NREL (National Renewable Energy Laboratory)
May 2019 - Present (6 years 1 month)
Led incident response and digital forensics activities, serving as a primary analyst. Maintained key security appliances like Endace and Corelight, and trained junior team members. Engineered KAPE sniper integration for real-time response and evaluated new forensic software.
Senior Cyber Security Analyst
Xcel Energy
May 2017 - May 2019 (2 years)
Served as a Senior Cyber Security Analyst, leading case reviews and incident response efforts. Spearheaded the IDS/IPS rollout for the Cyber Defense Center, collaborating across teams to minimize business impact. Developed a DFIR framework, created IR best practices, and built AIE rules for the SIEM platform.
Security Analyst
TIAA-CREF
Sep 2016 - Nov 2016 (2 months)
Functioned as a Security Analyst, triaging and correlating security events from SIEM, DLP, and suspicious emails. Escalated identified events of interest as necessary.
Senior Defense Engineer
MDA CERT
Feb 2016 - Aug 2016 (6 months)
Monitored the Arcsight ESM SIEM and developed indicator of compromise content. Reported suspicious events and drafted documentation to improve work efficiency. Led privileged account audits and revamped documentation processes for better usability.
Security Analyst
Foreground Security
Nov 2014 - Jun 2015 (7 months)
Performed security monitoring and analysis on customer networks, adhering to predefined service level agreements. Conducted proactive malware hunting using both sourced intelligence feeds and open-source information.
Senior Security Analyst
GbProtect, Inc.
Jun 2014 - Oct 2014 (4 months)
Monitored, analyzed, and reported on customer data streams via SIEM (Arcsight ESM) to meet SLAs. Developed SIEM content, performed customer turn-ups, and built reports. Provided consulting expertise on Point of Sale security controls and created a threat matrix for security operations.
Senior Security Engineer
Actionet
Oct 2010 - Jun 2014 (3 years 8 months)
Handled Incident Handling and Response duties for the NOAA Computer Incident Response Team (NCIRT). Led the proof-of-concept deployment for Netwitness Investigator and conducted root-cause investigations. Performed system and network forensics, and consulted on APT malware lifecycles.
Information Security Analyst
Syracuse Research Corporation
Jul 2010 - Oct 2010 (3 months)
Supported mission-critical functions for the ICE Security Operations Center. Key responsibilities included vulnerability scanning, intrusion detection monitoring and response, and patch analysis. Managed risk assessment and remediation within the enterprise environment.
Information Security Analyst
SAIC (Science Applications International Corporation)
Jan 2009 - Jul 2010 (1 year 6 months)
Supported mission-critical functions for the ICE Security Operations Center. Responsibilities included vulnerability scanning, intrusion detection monitoring and response, and patch analysis. Managed risk assessment and remediation within the enterprise environment.
Senior Support Analyst
Dalbey Education Institute
May 2007 - Oct 2008 (1 year 5 months)
Led the Help Desk team, overseeing desktop administration for 400 clients. Managed GPO changes, Windows security patching (WSUS), and provided break/fix support. Administered Cisco IPCC systems and documented procedures.
Web Administrator
Netsoft Associates Inc.
Sep 2005 - Apr 2007 (1 year 7 months)
Administered web sites for the Commodities Maintenance wing at Warner Robins Air Logistic Center. Managed Windows 2003 web server security (PKI/CRL) and SharePoint for the operations center. Designed web applications, created troubleshooting guides, and researched Bluetooth vulnerabilities.
Education
Degrees, certifications, and relevant coursework
Texas State Technical College
AAS, Network Information Management
Focused on practical skills in network administration and information technology. Covered topics such as network infrastructure, security, and data management.
Auburn University
BS, Hotel and Restaurant Management
Studied principles of hospitality management, including operations, finance, and marketing. Gained knowledge in managing hotel and restaurant services.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Interested in hiring ryan?
You can contact ryan and 90k+ other talented remote workers on Himalayas.
Message ryanFind your dream job
Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
