William Norbut

(678) 906-0905 wjnorbut@gmail.com LinkedIn Website

SUMMARY

During my 10+ years in the Security Field I have accomplished some pretty amazing things, most specifically in the SIEM arena. I’ve set up full customer environments, integrated customers into existing services, set up devices, written customer Log Parsers and custom rules. In the process I’ve met up with tight deadlines and had to create or rethink processes to maximize profitability/ease of setup. This really only begins to scratch the surface, let me come to your company and continue doing awesome things.

PROFESSIONAL EXPERIENCE

IBM - Tampa, FL

Tier 2 Analyst, Feb 2017-Present

In my second stint at IBM I worked with a large food delivery customer to refine their SIEM service and integrate it with tools such as Demisto, Proofpoint and Tanium. I worked with them to create runbooks for common security instances, and worked with internal teams to supply them with relevant metrics for their service. From there I moved to a T2 Analyst position with our CIO department where I pivoted on previous skills and began exploring the usage of additional tools such as MDATP and crowdstrike along with some custom internal scripts for investigating security incidents. I worked with other departments for incident escalation in the event that additional detail was requested. After a reorganization I began working with the MultiTenant QRadar offering. Under an extremely tight deadline I began integrating former IBM departments to the service as external customers of Kyndryl. Once the initial migration project was complete I continued with the various customers that needed to meet compliance requirements. I assisted with setting up Log Collectors in IBM Cloud, resolving transfer/network issues and engineering integration of unique logsources that were not supported by QRadar out of the box. Worked with upper level management to streamline our process to keep things more transparent and easier for the customer to recreate.

Optiv - Tampa, FL

Security Consultant, Jan 2016 – Feb 2017

While at Optiv I worked with national customers to create their SIEM (QRadar) Environment (QFlow, Event Collectors and Processors) and create rules around customer use cases. I integrated logsources and created HA environments leveraging rsync for offsite backups. I installed and worked to troubleshoot external application plug ins. Created reports based on client needs and setup user accounts and roles. Integrated ingestion FROM Splunk for one project, which was quite tricky.

Digital Hands -Tampa, FL

Security Analyst, Oct 2015 – Dec 2015

During my time at Digital Hands I performed incident analysis on events in a number of SEIM solutions such as QRadar, Nitro, Logrhythm and Accellops. I also worked with System Engineers to develop automation between QRadar and Salesforce utilizing SNMP thereby freeing up extra time for 1st line technicians from menial offenses. I escalated issues to customers based on our contractual obligations and worked closely with them to assist in issue resolution. I also updated and created documentation based when applicable and mentored other Tier 1 and Tier 2 Analysts

IBM - Atlanta, Ga

Security Correlation Engineer, Jun 2010 – Oct 2015

In my first employment period at IBM I started out in a Configuration Management offering where I worked to develop new solutions for deployment and integration of the TADDM service under the Agile Methodology, I quickly moved on to a Security Focal working on Compliance and patching of customer systems, with some System Admin work tossed in occasionally. I then transferred to our MSS SOC for one of the first MSS T2 Customer Monitoring offerings for a large Bank. I did event analysis in QRadar, and later in Arcsight, with vendor training provided. As I became more proficient in QRadar I worked with customers on creating new rules based on emerging threats and updating existing rules to tune out false positive offenses. I had an opportunity in which I took the lead on special projects such as CIO QRadar Lab Setup, customer password compliance, Rule repository creation. I mentored other Analysts and later admins and correlation engineers as those job functions were separated, several of which went on to lead and support positions within the service.. I was able to do advanced Analysis of Malware attacks, Network Scans intrusion attempts, P2P Violations and data exfiltration attempts. Performed root cause analysis for customers on notable incidents. I also had the chance to open Service Requests for QRadar Software support, tracked issues to resolution and assisted in remediation and was sent to the headquarters of QRadar in Canada for advanced training by the original creators of the software.

Additional Work experience available on request

CERTIFICATIONS

COMPTIA Security +

COMPTIA Network +

COMPTIA A+