anon-responder
$10000 / mo
Category:
Protect and Defend
Specialty area:
Incident Response
Сountry:
United Kingdom
City:
Dartford
Employment options:
Full Time
Part-Time $60 per hour
Work & Experience:
Here are a few summarized examples of specific incident response cases I've encountered during my tenure:
1. Ransomware Attack Mitigation: Led a response team in mitigating a sophisticated ransomware attack on a financial institution, swiftly containing the breach, restoring systems from backups, and implementing enhanced security measures to prevent future incidents.
2. Data Breach Investigation: Orchestrated a comprehensive investigation into a data breach at a healthcare organization, conducting forensics analysis to identify the attack vector, collaborating with law enforcement, and establishing protocols for affected patient data protection.
3. Phishing Incident Response: Developed and executed a proactive response plan to combat a series of targeted phishing attacks on a multinational corporation, involving incident simulation exercises, employee training, and implementing email security enhancements.
4. Supply Chain Compromise Resolution: Oversaw the response efforts for a supply chain compromise impacting a tech conglomerate, coordinating with multiple vendors, performing risk assessments, and instituting supply chain security improvements to prevent similar exploits.
5. Insider Threat Detection: Investigated an insider threat incident in a government agency, conducting digital forensics, deploying user behavior analytics, and enhancing access controls to mitigate the risk of future insider attacks.
Knowledges:
K0001
Knowledge of computer networking concepts and protocols, and network security methodologies.
K0002
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0004
Knowledge of cybersecurity and privacy principles.
K0005
Knowledge of cyber threats an`d vulnerabilities.
K0021
Knowledge of data backup and recovery.
K0034
Knowledge of network services and protocols interactions that provide network communications.
K0041
Knowledge of incident categories, incident responses, and timelines for responses.
K0042
Knowledge of incident response and handling methodologies.
K0046
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
K0058
Knowledge of network traffic analysis methods.
K0070
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0161
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
K0162
Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
K0221
Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
K0230
Knowledge of cloud service models and how those models can limit incident response.
K0332
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
K0565
Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
Skills:
S0047
Skill in preserving evidence integrity according to standard operating procedures or national standards.
S0077
Skill in securing network communications.
S0078
Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
S0173
Skill in using security event correlation tools.
S0365
Skill to design incident response for cloud service models.
Abilities:
A0121
Ability to design incident response for cloud service models.
A0128
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.