Uploaded File
Anthony
anthony.alao@yahoo.com
281-827-2941
Houston, TX 77001
Cyber Security Engineer
8 years experience W2
0
Recommendations
Average rating
142
Profile views
Summary

An innovative, highly proficient and detail oriented Cyber Security Engineer, with over 4 years of proven IT experience within both the Information/Operational Technology environment, with advanced skills in interpreting, and prioritizing threats using IDS/IPS Systems; Security Incident/Event Management (SIEM) and malware analysis. I have the adaptability to work as a team player or independently to progress vertically through any organization, while having the expertise to grasp technical nuances in support of management analysis and effectively communicate. Authorized to work for any employer in the US. Willing to relocate.

Professional Skills

  • Security plus and CEH certified professional
  • Highly proficient with ICS brands such as Allen Bradley, Rockwell, Siemens and Toshiba. Highly knowledgeable with Industrial protocols such as DNP3, CIP, Profibus, Modbus
  • Working Knowledge of NIST 800- series and Industrial Automation Standards (ISA 90 series), ISO/IEC 27000 series, PCI DSS, and Risk Management Framework (RMF) Process.
  • Advanced knowledge in programming and troubleshooting Programmable Logical Controllers (PLC’s) to ensure availability.
  • Hands on experience in using SIEM monitoring tools (e.g. ArcSight logger6, Alien-Vault and Splunk). And analyzing real time traffic with Wireshark, and Snort IDS.
  • Experience working with ESET antivirus tool, Cisco firewalls, Palo Alto firewall, Windows, Linux and Unix Operating systems.
  • Experience with Pentest tools (Kali Linux, Wireshark, Metasploit, Nmap, Burp suite etc.), Vulnerability Scan tools (Nessus), Network monitoring, packet capturing and analysis.
  • Vast knowledge of IT security best practices and current security threats.
  • Proficient in the development of A&A security packages.
  • Good working knowledge of active TCP/IP network protocols, ports and advanced troubleshooting.
  • Excellent analytical, problem solving skills, and good working/interpersonal relationships with customers, colleagues, and other stakeholders. Excellent written and verbal communication skills.
  • Ability to analyze complex problems and develop new solutions using logical thinking skills and analytical problem solving skills. Ability to multi-task, work under pressure and meet multiple deadlines and milestones as required.

Experience
Industrial Control Systems (ICS)/SCADA Specialist
Information Technology
May 2017 - present
  • Program and Troubleshoot SCADA systems: Responsible for programming automation and control systems involving PLCs (e.g. Siemens, Toshiba), created and read logic and flow diagram supports for program design, programming, simulation, testing and start up, supports IT and SCADA end users.
  • ICS Policies and Procedures: Maintain and enforce ICS-PLC's security policies and procedures. Develop security-related procedures, standards, assess and review ICS security, systems and networks configurations for security vulnerabilities. Analyze and review firewall logs for any suspicious activity.
  • Incident response: Perform periodic administration and maintenance of Cyber Security technologies, incident response investigations, and security testing for new monitoring Technology.
  • Implement Purdue Model around Industrial Control systems, security controls within ICS-PLC's environments, keep up to date with ICS security landscape and emerging threats, and recommend measures to assess and mitigate security risk.
  • Experienced administering vulnerability and patch management using Nessus.
Simulation Siemens Security Testing SCADA Firewall Cyber Security Information Security Patch Management Network Monitoring
Remove Skill
Cyber Security/ IT Analyst
Information Technology
Jan 2014 - May 2017
Houston, TX
  • Risk Management Framework (RMF) assessments: Performed risk analysis around risk management framework (RMF) NIST 800-37 and working with the knowledge of applicable laws and authorization to operate process in accordance with regulations and standards relating to security, data and privacy.
  • SIEM Monitoring and SOC operations: Analyzed security event data from the network (IDS/IPS sensors, firewall traffic and routers). Respond to security incident, event collection, correlation and management, and analyzed full PCAP's from Security logs.
Cyber Security NIST SIEM IPS Firewall Security Analyst Routers Risk Management Information Security Analysis Windows Network Monitoring Risk Analysis SOC
Remove Skill
Cyber Security/IT analyst
Information Technology
Jan 2013 - Dec 2013
  • Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments, using both scanning tools (Nessus) and manual assessment. Assessments include: initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
  • Security Documentation: Performed updates to System Security Plans (SSP), Risk Assessments, and Incident Response plans while creating change control procedures and draft Plans of Action and Milestones (POAMs). Provided continuous gap analysis of current policies, procedures and practices in relation to established guidelines outlined by FISMA, OMB and NIST.
  • Assessment and Authorization package: Developed, updated and reviewed Security Assessment and Authorization (A&A) documentation such as Security Plans, Contingency Plans, Risk Assessment, SAR and Contingency Plan Tests in compliance with NIST 800 SP Series.
  • Experience using Splunk and Splunk Dashboards.
Risk Assessment Cyber Security NIST FISMA Compliance Security Analyst Risk Management Gap Analysis Documentation Splunk Analysis Network Monitoring
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Cyber Security
Maryville University 2018
Record has not been verified.
Chemical Engineering -Prairie View A&M University 2016
Record has not been verified.
Gen Engineering -Houston Community College System 2012
Record has not been verified.
Certifications
CEH certified professional
CompTIA Security+ Certification (COMP001021128219)
EC-Council Certified Ethical Hacking CEHv9 (ECC53320098520)
Skills
Network Monitoring
2021
7
Analysis
2017
4
Cyber Security
2021
4
NIST
2017
4
Risk Management
2017
4
Security Analyst
2017
4
Firewall
2021
3
Information Security
2021
3
IPS
2017
3
Risk Analysis
2017
3
Routers
2017
3
SIEM
2017
3
SOC
2017
3
Windows
2017
3
Linux
2017
2
Cisco
0
1
Compliance
2013
1
Documentation
2013
1
FISMA
2013
1
Gap Analysis
2013
1
IDS
0
1
Patch Management
2021
1
PCI
0
1
Risk Assessment
2013
1
SCADA
2021
1
Security Engineer
0
1
Security Testing
2021
1
Siemens
2021
1
Simulation
2021
1
Splunk
2013
1
TCP/IP
0
1
UNIX
0
1