Profiles search
Ramsey S.
Deputy BISO of OT Cyber Security
Dallas, TX, United States
Details
Education:
Bachelor’s Degree
The University of Texas at Dallas
2007 : 2011
The University of Texas at Dallas
2007 : 2011
Experience:
Secure Kimberly Clark's OT environment which spans across 60 countries and includes 120 factories, distribution centers, and warehouses.
- Directed the deployment of the Armis asset inventory management program which led to the discovery of over 150,000+ OT assets and visibility into the risks in that environment.
- Developed a methodology using that factored in current defense in depth and existing standards/best practices which reduced the OT asset remediation list by 90%.
-Created the OT Incident response policy and corresponding playbooks for the incident response team.
2022 : Present
Kimberly-Clark
Deputy BISO OT Cybersecurity
- Lead cyber threat and security incident identification, protection, detection, response and
remediation activities impacting the manufacturing operations environment
- Define and ensure compliance with security policies, processes and standards to build a
comprehensive Operational Technology security program
- Works with cross-organizational teams to address SIEM alert deficiencies
- Configure, test, document and implement new or upgrades to security processes, controls or
products as directed.
- Participates in investigations to determine root cause of security incidents.
- Implements appropriate changes in security tools in order to reduce attack surface, streamline operations, optimize performance, and achieve new business requirements
- Influences and informs security architecture to ensure future roadmap and architectural decisions are made with appropriate context
- Makes recommendations to update the change control process as necessary to provide appropriate documentation while increasing agility and minimizing overhead
- Drives continuous improvement in day-to-day security risk mitigation project management and security operations processes
2019 :
Kimberly-Clark
Sr. Cybersecurity Engineer
• Serve as the SOC technical lead responsible for providing analytical oversight over a team of Tier 2 and 1 SOC analysts to monitor, detect, analyze, remediate, and report on cyber security events and incidents.
• Support security tool/application tuning engagements with the incident handler team to develop/adjust rules in Tanium, FireEye, and Splunk which led to a significant reduction in false positive alerts. Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources and Splunk ES.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Provide cyber security recommendations to leadership based on significant threats and vulnerabilities.
2019 : 2019
Global Technical Talent
Principal Security Analyst
-Build 6 independent Splunk instances in a SCADA environment for 6 Nuclear Power plants that could feed alerts into a SOC. Had to comply with NEI 08-09 regulatory compliance.
- Deploy and tune all cyber security tools which then feed their data into Splunk where custom alerts would then be sent to a central Splunk instance to the CSOC and incident response team.
-Developed a standard implementation procedure to integrate a variety of cyber security tools and technologies within an air-gapped (SCADA) environment. Tools and technologies include but not limited to : Splunk Enterprise, Checkpoint Firewalls, Hadoop, syslog-ng, VMware, Cisco switches, Owl Data Diodes, Tripwire, Whatsup Gold, McAfee ePO, DLP, NIDS, VSE, and Solidcore applications.
- Train clients and team members in the field on how to effectively operate, troubleshoot, and administer the cyber security technologies of the system.
- Develop technical solutions and new security tools to continuously improve the nuclear fleet’s security posture from internal and external threats.
2017 : 2019
Collins Aerospace
Cyber Security Engineer
Client : Digital Realty (Jan 2016 – 2017)
Scope : Vulnerability Management & Incident Response
● Perform vulnerability and risk assessment testing against web applications, customer portals, endpoint users, network devices as well as oversee the patching and remediation of the critical issues
● Developed the company’s security awareness training program and conducted quarterly phishing campaigns.
● Work with IT management to develop, implement, and enforce IT security policies and procedures regarding new company acquisitions and integration into the corporate network.
● Implemented Cylance companywide to replace the outdated signature-based antivirus.
-This led to a 70% drop in compromised user devices.
● Responsible for all internal incident response cases which included the investigation and remediation covering all of DLR’s corporate offices with 4,000+ endpoints.
● Monitor company’s internal logs and traffic via Splunk to proactively investigate suspicious traffic and compromised internal users.
Client : FFIN (Financial Institution)
Scope : Forensic Investigation & Breach Detection (analysis) (September 2015 – October 2015)
• Analyzed network traffic and logs for possible security breach or leak of PCI based information.
o Monitored network traffic and bandwidth for anomalies via Splunk and Netflow.
• Found compromised PCs due to suspicious traffic and callouts to C&C servers
o Remediated the issue and assessed if any critical information had been accessed
• Locked down network security by restricting ports via Cisco Ironport
• Tuned out false positives of security tools and Splunk to only report critical information.
o Doing so saved the company tens of thousands on increased license usage.
• Authored their incident response plan and provided training to their response team.
2015 : 2018
Independent Security Consultant
Independent Security Consultant
- Directed the deployment of the Armis asset inventory management program which led to the discovery of over 150,000+ OT assets and visibility into the risks in that environment.
- Developed a methodology using that factored in current defense in depth and existing standards/best practices which reduced the OT asset remediation list by 90%.
-Created the OT Incident response policy and corresponding playbooks for the incident response team.
2022 : Present
Kimberly-Clark
Deputy BISO OT Cybersecurity
- Lead cyber threat and security incident identification, protection, detection, response and
remediation activities impacting the manufacturing operations environment
- Define and ensure compliance with security policies, processes and standards to build a
comprehensive Operational Technology security program
- Works with cross-organizational teams to address SIEM alert deficiencies
- Configure, test, document and implement new or upgrades to security processes, controls or
products as directed.
- Participates in investigations to determine root cause of security incidents.
- Implements appropriate changes in security tools in order to reduce attack surface, streamline operations, optimize performance, and achieve new business requirements
- Influences and informs security architecture to ensure future roadmap and architectural decisions are made with appropriate context
- Makes recommendations to update the change control process as necessary to provide appropriate documentation while increasing agility and minimizing overhead
- Drives continuous improvement in day-to-day security risk mitigation project management and security operations processes
2019 :
Kimberly-Clark
Sr. Cybersecurity Engineer
• Serve as the SOC technical lead responsible for providing analytical oversight over a team of Tier 2 and 1 SOC analysts to monitor, detect, analyze, remediate, and report on cyber security events and incidents.
• Support security tool/application tuning engagements with the incident handler team to develop/adjust rules in Tanium, FireEye, and Splunk which led to a significant reduction in false positive alerts. Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources and Splunk ES.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Provide cyber security recommendations to leadership based on significant threats and vulnerabilities.
2019 : 2019
Global Technical Talent
Principal Security Analyst
-Build 6 independent Splunk instances in a SCADA environment for 6 Nuclear Power plants that could feed alerts into a SOC. Had to comply with NEI 08-09 regulatory compliance.
- Deploy and tune all cyber security tools which then feed their data into Splunk where custom alerts would then be sent to a central Splunk instance to the CSOC and incident response team.
-Developed a standard implementation procedure to integrate a variety of cyber security tools and technologies within an air-gapped (SCADA) environment. Tools and technologies include but not limited to : Splunk Enterprise, Checkpoint Firewalls, Hadoop, syslog-ng, VMware, Cisco switches, Owl Data Diodes, Tripwire, Whatsup Gold, McAfee ePO, DLP, NIDS, VSE, and Solidcore applications.
- Train clients and team members in the field on how to effectively operate, troubleshoot, and administer the cyber security technologies of the system.
- Develop technical solutions and new security tools to continuously improve the nuclear fleet’s security posture from internal and external threats.
2017 : 2019
Collins Aerospace
Cyber Security Engineer
Client : Digital Realty (Jan 2016 – 2017)
Scope : Vulnerability Management & Incident Response
● Perform vulnerability and risk assessment testing against web applications, customer portals, endpoint users, network devices as well as oversee the patching and remediation of the critical issues
● Developed the company’s security awareness training program and conducted quarterly phishing campaigns.
● Work with IT management to develop, implement, and enforce IT security policies and procedures regarding new company acquisitions and integration into the corporate network.
● Implemented Cylance companywide to replace the outdated signature-based antivirus.
-This led to a 70% drop in compromised user devices.
● Responsible for all internal incident response cases which included the investigation and remediation covering all of DLR’s corporate offices with 4,000+ endpoints.
● Monitor company’s internal logs and traffic via Splunk to proactively investigate suspicious traffic and compromised internal users.
Client : FFIN (Financial Institution)
Scope : Forensic Investigation & Breach Detection (analysis) (September 2015 – October 2015)
• Analyzed network traffic and logs for possible security breach or leak of PCI based information.
o Monitored network traffic and bandwidth for anomalies via Splunk and Netflow.
• Found compromised PCs due to suspicious traffic and callouts to C&C servers
o Remediated the issue and assessed if any critical information had been accessed
• Locked down network security by restricting ports via Cisco Ironport
• Tuned out false positives of security tools and Splunk to only report critical information.
o Doing so saved the company tens of thousands on increased license usage.
• Authored their incident response plan and provided training to their response team.
2015 : 2018
Independent Security Consultant
Independent Security Consultant
Company:
Kimberly-Clark
Years of Experience:
11
Spoken Language:
English
Skills
Automated Alerts, blue team, Computer Security, Customer Engagement, Customer Service, Cybersecurity, Cybersecurity Incident Management, Cybersecurity Incident Response, Cyber Threat Hunting (CTH), Cyber Threat Intelligence (CTI), Firewalls, ICS Incident response, ICS Protocols, ICS Risk Management, ICS Security, ICS threat mitigation , ICS vulnerability assessment and mitigation , IEC 62443, incident response, Information Security, Information Security Management, iso 27001, Leadership, Linux, Nessus, networking, Network Security, Nmap, OT/ICS strategy and program development, Penetration Testing, Project Management, Security, Splunk, Splunk Enterprise Security, Threat & Vulnerability Management, vulnerability assessment, Vulnerability Management, Vulnerability Scanning
About
Security Consultant with in-depth experience and knowledge of both Operational Technology and Cyber Security Technology who can apply knowledge of Cyber Security to OT/ICS/SCADA system to implement new cyber defense/resiliency techniques.
Profile Photo
