Scott Sattler – jobs@scottsattler.com - Will not work in NJ, DC, MA, CA, IL, MD Open to Global work.

PROFESSIONAL EXPERIENCE:

 

Health First

Cyber Security Incident Response Manager 7-1-2016 - Present

 

·  Build Incident Response program, Manage daily incidents across the Enterprise

·  Manage and develop content for QRadar SIEM to identify incidents of compromise

·  Build out Cyber Defense organization, Work with tools such as Forescout, Dark Trace, Varonis, Jask

·  Develop process, procedure, standards and RACI matrixes for Cyber Defense Operations

·  Information security tools performance management, Build threat intelligence capability

·  Malware Analysis, training and mentoring, Employee investigations, Incident remediation

·  System Forensics using Encase Enterprise, Cyber and Analytics, Threat Management

·  Imperva Web Application and Database Application Monitoring, tuning and SIEM integration

 

United Healthcare - Fortune 15

Cyber Security Operations Manager 1-2014 – 7-2016

 

·  Train, mentor and manage Counter Threat, Deep Dive Analyst, Forensic Investigators, SOC Analyst, Cyber Hunters. War rooms to respond and manage Cyber incidents, develop Cyber Remediation plans

·  Acquire, process, analyze, report on forensic images using tools such as FTK, ProDiscover, Autopsy, SIFT, DEFT extensive use of Encase enterprise, Encase analytics, Encase Cyber Security

·  Malware analysis with tools such as Ollydebug, Volatility, MAS, Cuckoo, Viper, IRMA, JOE

·  SIEM developer for RSA, Alienvault, Arcsight, providing content for Investigators and business lines

·  Stand up SIEM’s in other countries and acquired entities, HP logger to HADOOP data lake mining

·  Prove incidents of compromise, supporting 225,000 workstations for a $155-billion-dollar company

·  Tune enterprise Information Security controls to provide meaningful value, increase control and content

·  Cisco, Checkpoint, Palo Alto Firewall rule auditing, assessment and security posture improvement as part of the Information Security Advancement group. Map business flows to security exceptions

·  Build process flows and document Cyber Security Operations, obtain buy in on roles and responsibilities

·  Work with tools such as FireEye, Damballa, Guardium, CyberArk, CyberArk Privileged Threat Analytics, SEP, Palo Alto, Checkpoint, Cisco ASA, F5 ASM, Imperva WAF, LanCope StealthWatch, Brightmail, Ironport, Blue Coat, Kansa, Google Rapid Response, Imperva Incapsula

·  Collect and process threat intelligence, disseminate to external business partners, integrate into workflow, collect with TAXI, STIX compatible platforms such as MISP, Soltra Edge, HP Threat Central

·  Work with acquired companies and external business partners to resolve Cyber Incidents

·  Building virtualized labs to identify and detect malicious activity to enhance toolsets and detection

·  Build proof of concepts and develop security strategies, Manage Offshore staff, Predictive Security Analytics

·  Red Team/ Blue Team Exercises with post mortem remediation efforts and lessons learned

·  Stand up SOC, train staff, develop procedures and integrate with other Cyber Defense business units

 

 

 

 

 

 

 

 

 

Dominion Power and Light

Arcsight SIEM Content Developer Contract 10-2012 – 3/2014

 

·  Develop advanced SIEM content to detect policy violations, data breaches, NERC CIP initiatives

·  Daily investigations, work with internal and external teams

·  Baseline network and security incidents and build advanced correlation rules

·  Map out business data flows and establish patterns of interest

·  Train Dominion Cyber investigators, Palo Alto Firewall rule validation and baselining

·  Develop threat management metrics to reduce attack surface and mitigate risk

·  Malware Analysis, Integrate Threat Intelligence into Arcsight

 

EVO Payments International

Vice President Information Security 10-2011-10/2012

 

·  Responsible for PCI Compliance for Level 1 Payment Processor ($40bn Yearly), Manage TR-39 Compliance

·  Hire, train and retain Information and Network security staff

·  Develop and implement business continuity program

·  Develop and document security daily operations, Direct investigations and manage incidents

·  Develop Imperva Web application firewall policies, Develop Q1 Radar SIEM content

·  Review and investigate compromised devices, SSAE 16 compliance standards

·  Build Incident Response Program, Implement security program, Cisco UCS design and data center migration, Cyber Security Incident remediation, Threat Profiling and Risk Management

·  Physical security management, develop and review network and security architecture

·  Worked with stake holders to insure strategic security decisions and technologies enhanced business processes

 

Fortune 500 Clients – NM Presbyterian Health, Becton Dickinson, Roche, Genentech, Delta Dental, Bank of NY, U of PHX

Cyber Security Architecture and Forensics contract work 10-2009 – 2016

 

·  Work with Arcsight, Q1, RSA Security Analytics, Alien Vault, Splunk, LogRhytm with 15k-300k EPS

·  Working in client environments ranging from 5k-250k end users and 1k-40k cross platform servers

·  Develop advanced SIEM content to detect policy violations and data breaches

·  Built Threat Intelligence and Information sharing platforms using STIX, CYBOX, TAXII

·  Deploy and manage multiple global sensors to collect threat intelligence

·  Deploy and manage deep packet engines like RSA Netwitness, Solera networks, Silent runner

·  Deploy, use and manage case management tools for investigating tracking and reporting

·  Deploy Vontu, Mcafee, RSA Data Loss Prevention systems, develop DLP policies and SIEM content

·  Deploy SSL decryption technologies in proxy or pass thru mode

·  Manage breach investigations, work with internal and external legal support teams and law enforcement

·  Perform forensic imaging of laptops, desktops, servers, phones, tablets and produce report of findings

·  Perform memory and image analysis to identify malware, malicious code

·  Review and negotiate legal contracts, develop corporate policy, standards and procedures

·  Develop security architectures, project plans and implementation plans for global technology deployments

·  Deploy Malware platforms and repositories such as VxCage, Maltrieve, Cuckoo, FireEye, Bromium, Damballa, Lastline, Cyvera, Cuckoo, Invincea and Trusteer

·  Deploy Endpoint solutions such as Symantec or McAfee ePo for antivirus, endpoint encryption, DLP

·  Deploy Imperva, F5 ASM Web application firewalls and database activity monitoring solutions

·  Deploy Network Access Control(NAC)Forescout/Cisco/Aruba to manage networks conenctions

·  Manage PCI, SOX, HIPAA, FTC, GLBA, NERC CIP compliance mandates compliance

·  Develop and implement enterprise vulnerability management solutions with solutions Ncircle, Qualsys

·  Develop Computer Security Incident Response programs to detect and manage global incidents

·  Architect, deploy and tune IPS solutions such as Palo Alto, Sourcefire, Tipping point, IBM Proventia

·  Deploy other security controls such as Bit 9, Tripwire as mitigating controls as identified during risk assessment

·  Develop network architectures and migrate routing protocols, re-architect DMZ networks, core networks and perform migrations to Cisco Nexus and Cisco UCS platforms

·  Build network zoning and defense in depth security architectures

·  Perform packet level inspection by tapping networks and utilize tools such as Gigastor, Sniffer, Wireshark, Airshark, Airdefense, Netscout, LanCope to troubleshoot network issues or forensic investigations.

·  Build application performance monitoring to identify slow-downs and service outages

·  Develop and deliver detailed flow diagrams, develop operational procedures, policies, risk analysis, gap analysis

·  Program manage the enterprise to develop, test and implement business continuity plans

·  Build out security operations centers, interview staff, develop escalation procedures and ticketing system

·  Trained onshore, offshore staff, develop career progression plan and mentor staff

·  Perform daily Cyber Security investigations, hands on with tools and processes

·  Built custom logging, data mining and monitoring solution based on HADOOP

·  Perform Pentesting and Application security scanning and analysis for diverse client base

·  Acquire, process and report on forensic images with Encase, FTK, ProDiscover, Gargoyle, Autopsy, SIFT, DEFT

·  Deploy Threat Management program to identify incident trends, control failures and remediation plans.

·  Migrate Checkpoint, Cisco ASA, Juniper firewalls to Palo Alto Firewalls

·  Build and manage Enterprise Lockdown projects and security enhancement projects

·  Deploy and Implement Google Rapid Response into the workflow

·  Develop metrics and trends to measure performance and cost effectiveness of security services

·  Monitor end user activity with fraud and user based analytics accessing PII, PHI, PCI information

·  Drive “Zero to Compliant” - remediation road map, build burn down lists and drive to completion

 

Risk Management Consultant at Estee Lauder Companies

Security Architect Contract 8-2006 to 10-2009

 

·  Educate and mentor permanent and contract staff on GRC compliance program objectives

·  Develop and deliver implementation project plans for global technology deployments

·  Develop and deliver risk impact statements, risk assessments and report of findings

·  Develop and deploy security controls to meet PCI compliance mandate

·  Deploy proxy solutions globally (Bluecoat, ISA 2006), Deploy and manage Kazeon e-discovery solution

·  Architect, deploy and tune IBM Proventia Intrusion Prevention appliances globally

·  Perform data flow mapping to identify regulated data flows

·  Deploy Data Loss Prevention solution to monitor use of sensitive data, E-discovery and legal holds

·  Perform incident response & Investigations based on RSA Envision SIEM use cases

·  Architect and deploy secure file transfer solutions

·  Virtualize systems with VMware, performed P2V, Vshield Configurations

·  Global firewall migrations on Cisco, Checkpoint and Nokia Appliances

·  Network architecture design, troubleshooting and deployment

·  Policy, standards and procedure development, train and mentor staff on compliance requirements

·  Produce technical Visio documents containing security and network infrastructure diagrams

·  Deploy optical DWDM solutions for high availability networks.

·  Application Penetration testing and Source Code Analysis (Ounce Labs, Fortify, Web Inspect)

·  Perform GRC activities in risk management and compliance group

·  Deploy and configure Cisco routers, switches, NX-OS based switches, MDS platforms, firewalls, Cisco load balancers, troubleshooting layer 2,3 and routing protocols

·  Interview and screen contractors and permanent staff

·  Deploy, manage and application onboarding for 30 Imperva web application firewalls globally

 

State of New York, Albany, NY

Security Project (6-month contract) 2-2006 to 8-2006

 

·  Develop policy, procedure and technical controls to move forward security project within the State of NY

·  Deploy open source SIEM for event correlation

·  Deploy security controls such as IPS, Firewalls, RSA two factor authentication

 

Raytheon, Camp Victory, Country of Iraq

Information Assurance Network Engineer Manager DOD Secret Clearance Contract 10-05 to 2-06

 

·  Worked closely with senior military leadership for all GRC efforts in the Middle East Theatre of Operation

·  Weekly briefings to Sr. Military Leaders on security incidents and Cyber Operations

·  Lead team of Information Assurance (IA) network security engineers at diverse locations throughout Middle East

·  Worked with IA managers to become compliant with DISA security standards and STIG’s

·  Developed detailed documentation and performed security testing for DISA certification & accreditation

·  Deployed and supported all ASA, PIX, Secure Computing Sidewinder and Symantec firewalls in IRAQ, Afghanistan and Kuwait

·  Troubleshoot routers, switches, routing protocols, load balancers, VOIP and LAN/WAN circuits consisting of Frame relay, SONET, MPLS, ISDN, Troubleshoot VPN, QOS, Routing Protocols such as OSPF, EIGRP, BGP and Multicast networks

·  Deploy Cisco routers, switches, firewalls, content switches, Vbrick multicasting solutions in a 220,000 user endpoint multi country WAN infrastructure

·  Support IDS appliances and work with Kuwait TNOSC on Arcsight SIEM events

·  Security monitoring on MNC, NIPR and SIPR classified networks

 

State of Connecticut Hartford, CT

Program Manager – HIPAA Information Security Project 5-2003 to 9-2005

 

·  Develop agency HIPAA security program and gained executive acceptance

·  First State agency to become compliant with HIPAA security mandates for State of CT

·  Deploy wireless network statewide to achieve cost savings by eliminating point to point circuits

·  Business continuity program for continued care for State hospitals in the event of a declared disaster

·  Deployed centralized HIDS, NAC and Antivirus management solution to reduce virus infections and security incidents by 95%, freeing up two FTE's for other project work

·  Performed Malware identification, analysis and remediation

·  Implemented patching and vulnerability process

·  Configured, deployed and supported Cisco routers and switches for wired and wireless networks statewide

·  Deployed identity management and single sign-on solution

·  Monitored State networks with ISS Site protector IDS System

·  Deployed, configured and supported McAfee EPO & HIDS agents for agency

·  Train and mentor agency staff

·  Developed project plans, operational manuals, procedures and response plans

 

HIPAA Security Projects 1-2002 – 5-2003 Clients:

Berkshire Health Systems, Pittsburgh, MA, Blue Cross of Puerto Rico

Principal Consultant

 

·  Trained and educated hospital executive management on HIPAA compliance mandates

·  Project management, security strategy development, perform assessments, gap analysis and remediation

·  Developed and deployed technical and procedural controls, Develop security and network architectures

·  Troubleshoot networks and systems, Deploy single sign on solutions and identity management

·  Deploy Dragon and SNORT IDS system, Web application security testing using Cenzic for regulated systems

·  Implemented vulnerability management program, Workstation forensics

·  Support client during network outages to resolve complex routing or network issues

 

Glasspath Minneapolis, MN

Chief Technology Officer 10-2000 to 1-2002

 

·  Worked closely with the CEO and CFO to overcome funding challenges for Internet startup

·  Designed and implementing Internet data center, develop and implement network infrastructure design

·  Worked closely with contractors to build out and commission datacenter

·  Developed company security, network strategy and drove budget process

·  Implemented security strategy to insure zero security incidents for hosted customer environments

·  Maintained VOIP hosted solution, Developed and managed Incident response program

·  Design and deploy LAN/WAN/MPLS networks, Troubleshoot routing protocols (BGP, OSPF, RIP, EIGRP), deploy routers, switches, load balancers, security appliances

·  Deploy and support IDS/IPS solutions, mitigate DDOS attacks, Deploy PIX, ASA, Sidewinder, Checkpoint and Smoothwall firewalls. Support servers and Operating systems

·  Configure reverse proxies, Load balancers, 3rd level support for hosted client solutions

·  Deploy SIEM platform for event correlation and logging

·  Deploy application and networking monitoring

·  Forensic investigations to support intellectual property claims

·  Managed 24 indirect reports, 3 direct reports

·  Develop Physical Security program for secure data center

·  Develop CSOC, NOC and CSIRT capabilities and managed daily high priority events

 

Consulting Projects – Network, Server, Security Engineering and Architecture Projects 1994-2000

 

Pacific Computers Systems & Custom Computers, Tacoma, WA

Technical Services Manager 1988 to 1993

 

US Military (Honorable Discharge) K9 Narcotics / Explosive Law Enforcement

1983 to 1987

 

 

 

 

 

 

 

 

 

 

 

 

CAREER CERTIFICATIONS AND TRAINING

CISA Certified Information Systems Auditor # 0125802

CRISC - Certified In Risk and Information System Control

CISM Certified Information System Manager

CISSP #11890 Certified Information Systems Security Professional

CCFP Certified Cyber Forensics Professional 11890

HCISSP HealthCare Information Security and Privacy Practitioner 11890 4-2015

ENCE, Palo Alto CNSE, CCIE in progress

Arcsight Certified Security Analyst 5.2 2012, Completing Arcsight 6.8 certification

Arcsight Certified ESM Administrator 5.2 2012, Completing Arcsight 6.8 certification

Symantec Certified Specialist Endpoint Protection

Symantec Certified Specialist Dataloss Prevention (Vontu DLP 11.5)

F5 Certified Technology Specialist ASM

CBCP #4432 Certified Business Continuity Planner 2001

Cisco CCNA, Cisco CCDA, Cisco CCNP, Cisco CCDP Routing Switching 2001

CIW Certified Security Analyst 2009

NSA IAM - National Security Agency

CFE Certified Fraud Examiner 101517 2001

Passed CCIE written test, Cisco Nexus Training, Cisco UCS Training

Imperva Web Application and Database Protection

Raptor (Symantec) Firewall Certified, Check Point, Cisco ASA, Netscreen/Juniper

Legato High Availability Clustering Certification

ICSA Security Auditor Certification 1995, Keane Project Manager Training

US ARMY IA Certification for Retina and Harris STAT

DISA 2005, 2011 IA Training

OWASP Training, Fortify Application Security Source Code Scanning Training

ForeScout NAC, Lancope StealthWatch for Security Operations, Stealthwatch Administrator

EDUCATION - CCAF LAW Enforcement 1983-1985

NERC Unescorted Access Cleared, DOD Clearance, Public Trust, NACI

 

Past Speaking engagements

State of New York Cyber Security Conference, 2008 Web Application Security

State of New York Cyber Security Conference, 2010 SIEM Value Proposition

State of New York Cyber Security Conference, 2016 Threat Intelligence, Gather and Processing

Orlando B-sides Security Conference 2015, Threat Intelligence

Jacksonville B-Sides Security Conference 2015 Sourcing and Using Threat Intelligence

Tampa B-Sides Cyber Security Conference April 2016

CEIC (Encase Enfuse) Threat Intelligence and Encase 2016, Las Vegas

HP Protect 2015 Threat Intelligence and SIEM Integration

HP Protect 2016 SOC Development and Case Management