Multi-Factor Authentication (MFA) Command Center

Assigned a dual role in the IT Risk Management (ITRM) and Identity Access Management (IAM) departments to be team lead in Sharp's command center helping users register for MFA via phone, email, and website posting

​

TASKS​​

• Kept team up-to-date on new solutions, user sign-up phases, network cut overs, and call coverage hours

​

• Scheduling team to cover peak registration hours while being sensitive to team preferences

​

• Updated multiple knowledge bases for MFA and NGFW issues, solutions, and workarounds
   

• Transitioned MFA team to work network issues reported by users after every each phase of next generation firewall (NGFW) cutover
   

• Created NGFW troubleshooting documents and emergency bypass flowchart
   

• Created chart of identified social engineering attacks and trained teams on methods used

​

ACCOMPLISHMENTS

• Lead sign up of over 70% of the 19,000+ employees of Sharp HealthCare network before transitioning to primary technical support team for takeover of MFA registration process

​

• Reduced support calls by revising MFA app installation documentation used by doctors, nurses, administrative staff, volunteers, students, affiliates, and vendors

​

• Created additional identity proofing protocols to have team securely register: volunteers, doctors, and students when low information exist about the user in the system
  ​

• Discovered compatibility issues for registration:

  • TLS checkbox settings in IE browser

  • Lack of Win7 security updates
     

• Trained team members prevented social engineering attempts by sticking to identity protocols. Marked suspicious callers to reduce future risk.

Incident Response and Network Threat Hunting

Investigated security incidents at Sharp's security operations center (SOC) using security information event management (SIEM) system, Ivanti's Service Manager (ISM) ticketing system, and endpoint detection and response (EDR) security platform

TASKS

• Used the next generation firewall (NGFW) to:

  • block threats

  • recategorized sites for access
    ​

• Queried SIEM to pinpoint issues and investigate security events (e.g. user lockout, multi-factor authentication (MFA) issues, server errors, firewall access, mail activity, and web access)

​

• Worked with Sharp's managed security service providers (MSSPs) to resolve alerts and met with the MSSP to discuss trends, process changes, and investigations

​

• Assigned to work "High" alerts in new endpoint detection and response (EDR) system
   

• Provide valuable insight to team members on new threats, ideas to reduce false positives, and techniques to improve alert remediation 
   

• Provided in-depth breakdown of user behavior leading to security events. Provided screenshots of  timeline after questioning user and their web activity
   

• On-call duties to provide solutions after hours and weekends

​

ACCOMPLISHMENTS

• Discovered and removed unauthorized software across a network.

  • Reduced risk of compromise and volume of support calls by orchestrating removal of WebNavigator Browser software causing malicious internet redirects for dozens of users (Pharming threat)

  • Miscellaneous malicious Chrome extensions 

  • Discovered and facilitated resolution of malicious websites found on intranet site used as a source for pharming

​

• Discovered advanced persistent threat (APT) activity across network. Reduced risk of ransomware outbreak by orchestrating refresh of devices with Silverfish APT activity (Linked to worldwide ransomware activity)

  • Investigated APT IoC alert provided by MSSP​

  • Researched APT and found white paper providing more IoC's

  • Found multiple IP IoC's and investigated activity with users

​

• Educated countless staff  to resurrect "phone calling" using previously logged phone information for verification rather than relying on email for:

  • Possible account compromise via phish​

  • Questionable emails with new sender or intent of message
     

• Resolved user access issue to business critical website:

  • Read documentation and discovered website browser requirements​

  • Discovered login path name changes
     

• Facilitated solution to patient critical website:

  • Explained error code to team to help pinpoint source of problem​

  • Identified possible port security access issue

Email Security and Phishing Analysis

Utilized Sharp's secure email gateway (SEG) for secure email administration and phishing analysis
 

TASKS

• Utilized applications to respond to phishing threats and created rules on the SEG to block malicious email

• Answered user concerns to allow legitimate mail traffic and create rules on the SEG for access
   

• Password reset for users and affiliates
   

• Provided staff reports on email activity of vendors
   

• Educated users about:

  • Secure mail (S-mail) functionality

  • O365 encryption constraints

  • Suspected phishing, vishing, and whaling

  • URL isolation
     

ACCOMPLISHMENTS

• Prevented future compromise of countless devices by communicating with owners of hacked email accounts in small business, education organizations, and law firms

  • Contacting website owners of their hacked account

  • Contacting email admins of education institutions and law firms of their users hacked accounts​
     

• Reduced third-party risk by informing business partners to improve email protections using SPF, DKIM, and DMARC 

  • Communicated to application owner of importance of email security​

  • Communicated to vendors on why their emails are blocked by SEG
     

• Solved multiple problems involving text to email from their new critical messaging carrier for doctors and nurses

  • Identified problem with characters in reply message

  • Original intention of messaging platform did not match use of messaging platform​

  • Difference in SMS and MMS
     

• Reduced spam across the enterprise by tagging domains.

  • One vendor's marketing campaign used up to 12 domains and sent thousands of emails a month. Finding was provided to application owner and a cease and desist message for  marketing emails was issued to the vendor
     

• Approximately 2,000 suspected phishing reports analyzed

Proof of Concept (PoC) Projects for Enterprise Security Solutions  

Lead proof-of-concept (PoCs) projects for password management and for network detection and response (NDR) on behalf of the IT Risk Management (ITRM) Director and Security VP

​

TASKS

• ​Compiled success criteria for security solution to match organization's needs

• Recorded system requirements listing and matched to organization's policy and architecture to submit to application review board
   

• ​Assessment of security solution capability and  strength of controls

• Compiled application settings baseline for:

  • login and access controls​

  • default application settings to be in alignment with best practices

​

• Created and/or documented:

  • chart of administrator or access tier structures 

  • flowcharts for incident response

  • flowchart for user onboarding

  • flowchart for account deprovisioning

  • competitive assessment of alternatives

  • user reviews of security tool
     

ACCOMPLISHMENTS

• Presented alongside team members an in-depth and transparent assessment of security tools resulting in executive action
   

• Discovered security gaps & vulnerabilities on the network and presented to the VP and Director 

Vulnerability Management Projects

Supported Sharp's vulnerability management (VM) project by helping track remediation efforts and interfaced with departments across information system development (ISD) teams
 

TASKS 

• Interfacing with multiple IT teams to remediate vulnerabilities
   

• Created methods for:
  • Month-to-month vulnerability tracking​
  • Snapshot for server vulnerabilities, definitions, and remediation progress
  • Track system owners and meetings
  • Automated report creation and revisions
     
• Asset tagging
   
• Vulnerability exception reporting
   
• Broke down technical vulnerabilities to non-technical teams
   

ACCOMPLISHMENTS

• Created "push-button" actions and documented code logic for large vulnerability management vendor. These scripts:

  • Formatted raw vulnerability data

  • Provided month-to-month remediation context according to policy and copied over previous months notes

  • Solutions alongside vulnerabilities to provide clarity on remediation action for all-in-one table
     

• Key role in developing process for creating and tracking automated vulnerability management reports to app owners
   

• Educated new SOC staff and app owners via powerpoint presentation on vulnerability management beginning to end. Presented challenges, pitfalls, and solutions of remediation processes and communication

​

Process Improvement, Documentation,
and Training

Proactively seeking to improve processes,  creating documentation for quick sheets and training where none exist, and training those who need a realistic breakdown of security processes and solutions.

​

TASKS

• Created MFA and NGFW training documents, MS Team pages, quizzes, and flowcharts to assist team to absorb new processes to allow quick onboarding and reduce call time

​

• Provided clarity on alerts from Sharp's database security solution by investigating events with managers and worked with the MSSP to resolve their questions on database best practices

​

• Assisted with onboarding new SOC manager and analyst by providing self-created SOPs, quick sheets of SIEM scripts, listings of tools/resources, and live walk-throughs of security processes

​

• Developed  incident response white board for communicating incident response efforts

  • Reduce status questions by management​

  • Track IR steps, phase completion

  • Make discovered info available to team

​

• Educating users of dangers of legacy protocols or encryption schemes (e.g. SMB1, FTP, RC4, 3DES, MD5, SHA1)

​

ACCOMPLISHMENTS

• Recreated MFA instruction documentation used by entire enterprise:

  • MFA Registration

  • MFA & connecting to VPN

  • MFA & connecting to Citrix

  • MFA & connecting to O365

  • FAQ and common issues​

  • Provided training session to TAC and leadership
     

• Spent personal time to research and create working scripts for log analysis and reporting resulting in significant legal liability cost savings. Helped remove legal liability up to six figures by providing logs and analysis for a HR related case

  • Made the SIEM scripts provided to me "work"

  • Researched Windows codes

  • Isolated elements designating explicit login​

  • Provided summary charts and detailed raw data

  • Provided explanations and limitations of data to stakeholders

​

• Retained 5 personnel during the MFA command center's lifetime as team lead with some personnel promoted to full time positions​ 

​

• Broke down TLS and SSH encryption components to another IT team in a comprehensive document.

  • Aligned encryption protocol options to security and performance needs 

  • ​Provided communication template on protocol switchover to have third-parties understand new security standards​