Purple Team Researcher Looking for Hunts!

Summary

Hey all! My name is Vien and I have 3 Years within Cybersecurity. Within those years I've accumulated experience varying from Help Desk, Security Operations "eyes on glass", and Incident Response. In my free time, I conduct security research through my personal Homelab (Malware static and dynamic analysis, shell popping, learning Assembly and RE, and the occasional Dark Web Lurking). My goal for the next adventure is to make an impact, provide value to the company, and really immerse myself in and lead day-to-day operations!

Certifications

Industry Related Certifications Include
SANS GIAC GCFA FOR508
Security+

Other Certs:
Project+
PMAT (Practical Malware Analysis by TCM)
Netskope NSCO&A

Tools Used

Microsoft Defender Splunk 
CrowdStrike 
McAfee/Trellix ePO 
Wiz 
AWS GuardDuty
E. Zimmerman
Elastic 
ServiceNow 
Armis 
Confluence 
Jira 
Azure & Sentinel 

Experience

Senior Cybersecurity Analyst Nov. 2022 - Current

· Provided comprehensive real-time “eyes on glass” monitoring, incident response, and threat analysis for a Fortune 100 Bio-Pharmaceutical Enterprise client with over +75k users globally.

· Present incident response metrics to update C-Suite personnel on cyber-attacks; advised clients on countermeasures, resulting in a decrease in successful phishing attempts.

· Lead active threat investigations to uncover potential IoCs, evaluated stakeholder impact, compiled detailed analytical reports, and executed root cause solutions.

· Identified, designed, curated, revamped, and revitalized Confluence runbook processes.

· Implemented tuning rules to reduce Alert fatigue for Analysts, focusing on real threats in real-time.

· Initiated domain and IP blocks, removal of potentially unwanted programs (PUPS), and isolation of
remote or stolen devices.

· Utilized ServiceNow to create, update, and resolve incidents, overcoming incident backlog and
improving overall SOC incident management efficiency by within six months.

· Conduct Purple Team Threat Research to investigate phishing incidents, creating false email
addresses & SMS phone numbers to retrieve access codes to bypass Adversarial Security.

· Deploy Threat Hunting tactics on phishing emails through KQL queries to determine 3rd party Business Email Compromise (BEC); create documentation of possible compromised accounts.

· Leverage Cyber Fusion Centers CTI Reports into conducting thorough analysis of clients’ cyber
threat landscape and risks associated within the organization’s environment.

· Orchestrated major incident response efforts, through collaboration of cross-functional teams.

· Mentor T1 Analysts in delivering clear, consistent, tailored, and effective security reports for clients.

AdvIntel

Intelligence Trainee September 2022 – October 2022

· Executed in-depth OSINT research on attributed entities, identifying key vulnerabilities that led to an increase in proactive threat mitigation strategies.

· Investigated and mapped threat actors' habits, targets, and motivations, working closely with the
Intelligence team to refine APT profiles.

· Identified threat vectors and possible indicators of compromise on victims’ networks.

· Threat hunt on Kibana to successfully aggregate confirmed hits on targets.

· Generate daily threat intelligence, and adversary reports for ISAC and other Intelligence Vendors.

Cybersecurity Intern

Western Union June 2022 – September 2022

· Responsible for creating a weekly executive summary of current cyber threats and trends for the CEO.

· Established a repository of historic phishing campaigns, including screenshots, completions, and
key metrics.

· Authored and delivered Cyber Security awareness content for Western Union’s global
10,000+ employees.

· Shadowed multiple functions within the Security Operations team; gained an understanding of
XSOAR systems, playbooks, and internal triaging.

· Leveraged Jira, Box, ServiceNow and collaborated across teams within the Data Leakage
Protection project.

Education

Western Governors University

BSBA – IT Management 2022-2025

 Languages: KQL (in progress), Assembly (in progress), GoLang (in progress)

Thank you!