Keylin Bonilla
Sterling,VA
Summary
While in possession of an active TS/SCI with CI polygraph government clearance I am currently seeking a Cyber Security, Consultant position whose qualifications include: Achieving an Undergraduate and a Masters in Information Technology. While obtaining a detailed knowledge of security tools, technologies, and best practices. Total of 10 years of experience in IT telecommunications and knowledge of deploying solutions to protect networks, systems, and information assets for diverse companies and organizations. Five of those years specializing in Network Intrusion while performing in-depth cyber security analysis, incident response reporting processes and procedures as well as intelligence analysis. Several years of leading multiple teams, training consultants in different fast-paced environments such as SOCs or NOCs. Insightful Information Technology Manager with 8+ years of IT leadership experience including oversight of infrastructure, application support and security services. Dedicated to customer satisfaction with focused delivery of technical solutions. Proven leader in directing operations, maintenance and support of complex systems. Develops creative business solutions, leveraging diverse methodologies and delivering engineering solutions for leading organizations. Highly adept in request for proposal development, technology needs assessments and staff training.
Overview
16
16
years of professional experience
1
1
Certification
Work History
Deputy Project Lead/ Cyber SOC Manager
IBM
09.2019 - Current
- Perform technical analysis on network activity and data; to include: network flow or any related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types)
- Work closely with machine learning specialists and data scientists, employing their network analysis expertise to inform the development of algorithms for network discovery and mapping, anomaly detection and other related goals
- Perform analysis related to IOT device characterization, monitoring and warning of suspected unauthorized network activity and relationships that may pose a threat to our networks
- Dynamic learning and analytical thinking by helping to improve learning based on outcomes to get smarter with each iteration and interaction
- Liaison between high level executives, customers, and researchers
- Host and guide high level meetings that drive innovation
- Responsible for effective communication between the project team and customer
- Provide day-to-day instructions to the project team and provide regular status updates to the customer, coordinating with team members to understand requirements and discuss roadblocks
- Prepared in-depth summaries of data from extensive research and analysis to set forth recommendations for investigations, lead follow up, and potential risks
- Finalize after action reports and deliver meaningful results associated to the customer’s mission and goals
- Initiative and project-related support to provide Security Operations and Incident Response perspective as a subject matter expertise
- Coordinate appropriate response activities across teams or directly with stakeholders to rapidly remediate potential threats
- Support a Multi Shared services SOC of 50+ government customers in healthcare, education and financial sectors
- Owner of incident response cycle
- Provide project management for initiatives, deliver people management skills of 12-16 analysts while identifying problems and room for growth.
Lead Cyber Intelligence and Operations Consultant/Trainer
HPE
01.2017 - 09.2019
- Work closely with customers as a trusted advisor
- Liaison with internal and external vendors
- Main point of contact to Unit Chiefs, Directors, Project Managers, Priority Clients and Senior Analysts
- Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions while effectively using extensive analytical and verbal communication skills
- Perform analysis related to the detection, characterization, monitoring and warning of suspected unauthorized network activity and relationships that may pose a threat to our networks
- Reviews reported tips and leads for threat information and situational awareness, including determining location, activity, severity, and leverage OSINT reporting
- Analyze large structured and unstructured data sets to identify trends, TTPs and anomalies indicative of malicious activities regarding cybercrimes such as DNS attacks, spam, ransomware, blockchain, phishing/whaling and APTs
- Create deliverables and oversee documentation in the form of SOPs, Processes, Policies, Trainings, OLAs Content within customer space
- Conducts cyber intelligence analysis utilizing open-source and classified research on emerging/trending threats and vulnerabilities and importing information into databases
- Assisted in tuning and filtering of events and information, creating custom views and content and removing unnecessary rules/issues in SIEMS
- Provide finished written intelligence products, including high quality papers, briefings, recommendations, and findings for senior leaders, C-Suite, internal and external teams, sales and law enforcement to communicate effectively and strategic
- Collaborate with security and IT operations for clients directly or remotely to implement remediation plans in response to incident response
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity to customer.
Senior Cyber Intrusion Detection Analyst
ManTech Corp.
02.2013 - 12.2016
- Monitoring and analysis of alerts triggered on sensors to determine malicious activities and unwanted traffic and initiating and monitoring requests to address relevant vulnerabilities and other security event data sources on a 24x7x365 basis
- Deploy, troubleshoot, and maintain network-based vulnerability scanners at subscriber sites to ensure appropriate coverage of scanning services
- Perform analysis related to the detection, characterization, monitoring and warning of suspected unauthorized network activity and relationships that may pose a threat to our networks
- Reviews reported tips and leads for threat information and situational awareness, including determining location, activity, severity and reporting trends
- Managing systems security monitoring, IDS, IPS and computer incident handling and response capability, in managing a 24x7x365 systems security monitoring operations
- Conducts open-source and classified research on emerging/trending threats and vulnerabilities
- Conducts cyber intelligence analysis utilizing open-source and classified research on emerging/trending threats and vulnerabilities and importing information into databases
- Assisted in tuning and filtering of events and information, creating custom views and content and removing unnecessary rules such as in Arcsight and SourceFire
- Cross checking malicious IPs and domains to determine if they have been blacklisted and keeping a daily log of such domains for analysis
- Selected to be part of additional teams such as Advanced Threat and COOP (continuity of operations planning) during essential missions
- Scanned for rogue (unknown) hosts on the network, which includes unauthorized network peripherals such as printers, laptops, PDAs, and taking them of the network for compliance and proper identification.
Senior Incident Coordinator/System Administrator
CSC
12.2011 - 02.2013
- Central point for immediate escalation to critical support personnel and management
- Ensure that incidents are classified, prioritized, diagnosed and routed correctly to expedite the course to resolution
- Ability to interact with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing and user acceptance
- Ability to design, evaluate and document processes and lead teams in accomplishing process review and improvement
- Managing systems security monitoring, IDS, IPS and computer incident handling and response capability, in managing a 24x7x365 systems security monitoring operations
- Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content
- Ability to provide after-hours coverage to support incident management and response.
Emergency Operations-IT Contractor
United States Army Corps of Engineers
06.2008 - 12.2011
- Maintain United States Army Corps of Engineers Emergency Operations Webpage (Macromedia Contribute)
- Microsoft SharePoint Administrator able to configure SECRET accounts within Active Directory
- Prepare and participate in briefings to officials, generals, law officials that include FEMA, Department of Homeland Security
- Assisting teams in reviewing/writing issues, work submissions, analyzing data and coordinating efforts to communicate with all teams
- Provide assistance to senior specialists in collecting information to study estimates, efforts, errors
- Identify intelligence information is properly classified, stored and handle in accordance with government guidelines.
Education
Masters of Science - Information Technology, Cyber Security, Networking and Software
Virginia Polytechnic Institute And State University
Blacksburg, VA05.2016
Bachelors of Science - Information Technology
Marymount University
Arlington, VA05.2009
Skills
- MS Office Suite
- Project Coordination
- Threat Intelligence
- Incident Response
- Digital Forensics
- Business Continuity
- Intrusion Detection
- Project Leadership
- Staff hiring
- Department management
Certification
- ITILv3
- CEHv10
- CySA+
- Splunk Power User
- ArcSight 6.5 Admin
- SAFE Scrum Master
- SAFE Practitioner
- AWS Cloud
- Oracle Cloud Data Mangement
- Oracle Cloud Infrastructure
Clearance
ACTIVE TS/SCI with CI Polygraph
Security Technologies
- Remedy Ticket Request Systems
- Service Manager Ticketing System
- Splunk
- VirusTotal
- Wireshark
- ArcSight
- FireEye
- SourceFire
- BlueCoat WebSense
- NetWitness
- Digital Guardian
- ArcSight Logger
- EnCase
- CucKoo
- AirWatch
- GeoBytes
- VMWare
- Crits
- STIX
- Palantir
- URL Query
- ICHMS
- Bit9
- Carbon Black
- QRadar
- RecordedFuture
- Hybrid-Analysis
- Tenable
- TrendMicro
- Solar Winds
Cyber Security Skills
- Analyzing all relevant cyber security events and other data sources for attack indicators and potential security breaches coordinate with essential teams
- Maintain knowledge of emerging threats, vulnerabilities, and intelligence within the cyber security field to ensure subscribers are remediating against known threats.
- Provides leadership and guidance as Senior Consultant to the Customer, Watchfloor team and others.
Coursework
- Principles of Business Management
- Computer Forensics (EnCase, FTK)
- Network Design and Engineering
- Advanced Java Programming (JAVA, Linux, SQL and Python)
- Software Design and Engineering
- Machine Learning/AI
- Computer Science
- Systems Engineering
- Cryptography, Penetration and Exploit Analysis
- Information Security and Trust I/II
- Network Architectural and Protocols I/II
- Leadership in Technology-Based Organizations
- Cryptocurrency
- Applied Business Intelligence & Business Analytics
- Internet Software
- Information Systems Design and Database Concepts
- Web-based Applications and E-commerce
- Advanced Data Management
- Spanish Native speaker
Timeline
Deputy Project Lead/ Cyber SOC Manager
IBM
09.2019 - Current
Lead Cyber Intelligence and Operations Consultant/Trainer
HPE
01.2017 - 09.2019
Senior Cyber Intrusion Detection Analyst
ManTech Corp.
02.2013 - 12.2016
Senior Incident Coordinator/System Administrator
CSC
12.2011 - 02.2013
Emergency Operations-IT Contractor
United States Army Corps of Engineers
06.2008 - 12.2011
Masters of Science - Information Technology, Cyber Security, Networking and Software
Virginia Polytechnic Institute And State University
Bachelors of Science - Information Technology
Marymount University
Similar Profiles
Jonathan AlvarezJonathan Alvarez
System Services Representative at IBMSystem Services Representative at IBM
S. KrishnarajS. Krishnaraj
Lead - IOS Developer at IBMLead - IOS Developer at IBM
Jaseem Abdul LatheefJaseem Abdul Latheef
Lead Software Automation Developer at IBMLead Software Automation Developer at IBM