Security projects (after 2012)
I started a new career in the Cyber Security in 2013.
This section covers the topics that I was responsible for in my role of a Sen. Cyber Security Specialist
- Internal and external advice on strategic, process-oriented and technological issues relating to IT and Cyber Security
- Development and creation of security concepts
- Consulting in security infrastructures and architectures
- Evaluation of IT security measures.
- Definition, implementation, updating and monitoring of IT security policies
- Development and implementation of training in IT security
- Penetration testing of internal and external Systems at Sophos using various tools and techniques, for example; metasploit, xplico, ettercap, Cain&Abel,John the ripper, etc.
- Designing and setting up a company wide, scheduled and automated vulnerability scan using Qualys.
- Analysing, repriotising, and reporting of vulnerabilities found during scans throught the SIEM in Splunk.
- Enhancing Splunk with reputational information of the source of attacking threats. Especially for the snort IDS logs.
- Development, implementation and maintianing a SIEM with Splunk using all available data sources. (Windows Events, Firewall logs, Qualys logs, Cisco logs, Linux logs, AV and sev. propretary logs.
- Security trainings of company internal and external personal
- Developing my pentesting skills to discover and verify vulnerabilitys
- Regular password audit's of the company wide ActiveDirectory
- Regular managing of phishing campaigns
- Creating, maintaining and altering of the internal security policies, according to the needs of the company.
- Started Ethical Hacker Training.
- Ongoing personal education on Cyber Security using several sources (online training, news, information events, chats, etc.)
- Creating my own lab to validate my theories and knowledge with the use of VulnHUB, OWASP and several other sources
- IDS/IPS data analysis, repriotizing and alerting with Splunk
- Building a "reputational database" (public available sources) based on the "Collective Intelligence Framework".
- Getting basic knowledge on forensic analysis.
- Evaluating a Rapid7 Nexpose Enterprise setup to compare with my older setup of the Qualys Enterprise setup.
- Analysing a "RED team" attack.
- Convincing and training of other company wide team's to solve discovered security/vulnerability issues.