iirai costner

The Cybersecurity Analyst certificate program provided me with the knowledge and skills needed to assess cybersecurity threats and use the appropriate tools to remediate security vulnerabilities.

I learned practical and analytical skills needed to perform threat assessments, vulnerability management analysis and remediation, security incident response, and application of a layered security architecture. The review, selection, and assembly of tools for performing threat and incident management will also be covered.

Topics included:

• Cybersecurity threats, threat data, and exploit analysis
• Blue team penetration testing and tools
• Vulnerability scanning, analysis, and host remediation
• CSIRT (Computer Security Incident Response Team) fundamentals
• Data analytics to determine appropriate compensating controls
• Conducting forensic analysis of digital systems
• Secure coding as a part of the Software Development Life Cycle
• Common cybersecurity tools & technologies

Through this degree, I have been equipped with soft and technical skills, including team building, problem-solving, systems design solutions and implementation using information technology. The major also prepared me for continued growth in managing information systems.

Through this degree, I have been exposed to the internet, web design, computer networks, and information systems. Soft skills I gained majoring in this area are:

• Problem-Solving and Change Management
• Ability to Contribute to a Team Objective
• Ability to Understand and Respond to User/Customer Requirements
• Project Management Experience
• Planning and Organization

Real-world application:
While completing my credits for this degree, I worked as Southwestern College's Web Design intern from 2000-2001. Soft skills included team collaboration, light clerical work, and ability to work under pressure.

My LinkedIn post

100 recipients were invited to participate in the CyberGEN.IQ Assessment. This measures the participant’s technical aptitude for cybersecurity learning and fundamental skills to gauge potential for moving into the next stage of the program.

At the end of Stage 3: 60+ candidates will advance to Stage 4

Next Stage/Stage 4 Selection Criteria:

• Performance in CyberGen IQ Assessment
• Community engagement in cohort

--> This marked the end of my WiCyS Security Scholarship journey as I was not invited back for Tier 4.

More information about the scholarship can be found here.

My LinkedIn post

Successfully completed Tier 2 of the WiCyS Security Training Scholarship.

250 recipients were invited to participate in the SANS CyberStart Game. This gives participants a chance to demonstrate (and discover) their passion for cybersecurity in an interactive, gamified learning platform. CyberStart Game introduces participants to such topics such as Linux, web attacks, programming, forensics, and more. Full of challenges that will test the persistence and research needed when facing authentic cybersecurity tasks, CyberStart Game builds up participants’ technical skills and creative thinking.

All players can will earn points as well as dozens of badges to collect as they progress through the Game.

At the end of Stage 2: 100 candidates will advance to Stage 3

More information about the scholarship can be found here .

• My LinkedIn post
• My team's report
• My certificate of participation

Notable highlights:

• My team came up ranking 2nd in our school
• 78th out of the 454 teams from the Experienced Students Bracket
• Placed 79th, against 500+ other colleges and universities nationwide
• Ranked 23rd in the Western (College) division

In obtaining the CySA+ certificate, I am now competent in:

• Demonstrating my knowledge in current trends that affect the daily work of security analysts, such as cloud and hybrid environments.
• Proactively monitoring, detecting and analyzing indicators of malicious activity using the most up-to-date methods and tools, such as threat intelligence, security information and event management (SIEM), endpoint detection and response (EDR) and extended detection and response (XDR).
• Responding to threats, attacks and vulnerabilities, and gained knowledge in incident response and vulnerability management processes, and highlight the communication skills critical to security analysis and compliance.

Successfully completed Tier 1 of the WiCyS Security Training Scholarship.

All eligible applicants were invited to participate in the SANS Beginner-level CTF. This multi-disciplined Capture the Flag system has over 28 content packs and a variety of engaging challenges for participants to discover their strengths while challenging their limits.

At the end of Stage 1: 250 candidates will advance to Stage 2

More information about the scholarship can be found here .

The Google Cybersecurity certificate provided me with the skills to obtain an entry-level job in cybersecurity, even without prior experience. I've learned to use industry standard tools like Python, Linux, SQL, Security Information and Event Management (SIEM) tools, and Intrusion Detection Systems (IDS).

Key items I also learned:

• Programming for cybersecurity tasks
• Frameworks and controls that inform security operations
• Using security information and event management (SIEM) tools for cybersecurity
• Detecting and responding to incidents using an intrusion detection system
• Performing packet capture and analysis

Certificate curriculum:

• Foundations of Cybersecurity
• Play It Safe: Manage Security Risks
• Connect and Protect: Networks and Network Security
• Tools of the Trade: Linux and SQL
• Assets, Threats, and Vulnerabilities
• Sound the Alarm: Detection and Response
• Automate Cybersecurity Tasks with Python
• Put It to Work: Prepare for Cybersecurity Jobs

SoCal Cyber Cup Qualifier Round
This was a team-based challenge, where we had  6 hours to complete this round once our timer started. Our team of 6 worked through a number of cybersecurity challenges in order to qualify for the Final Round.

SoCal Cyber Cup Final Round
In the Final Round, our team of 6 defended our virtual machines against live attacks from the red team by completing a variety of system administration challenges to score additional points!

Through this SOC Core Skills course, I learned about core networking skills, live Windows and Linux forensics, memory forensics, active directory analysis, network threat hunting, basics of vulnerability management, and the incident response process.

This was an excellent learning experience that has helped me strengthen my cybersecurity skills and better understand the critical role of cybersecurity in today's world.

With study material comparable to CompTIA's Security+, my ISC2 certificate has given me the foundational knowledge needed in this industry.

According to their web site, ISC2 developed the Certified in Cybersecurity (CC) credential for newcomers to the field, to recognize the growing trend of people entering the cybersecurity workforce without direct IT experience. Getting Certified in Cybersecurity provides employers with the confidence that you have a solid grasp of the right technical concepts, and a demonstrated aptitude to learn on the job. As an ISC2 certification, those who hold the CC are backed by the world’s largest network of certified cybersecurity professionals helping them continue their professional development and earn new achievements and qualifications throughout their career.

The topics studied include:

• Security Principles
• Incident Response, Business Continuity (BC) and Disaster Recovery (DR) Concepts
• Access Controls Concepts
• Network Security
• Security Operations

My favorite part of this industry is the learning never ends! Here are some of the projects, concepts, labs I am currently working on:

• Palo Alto (PCCET certification)
• HTB (HackTheBox) Academy

This in-progress list was last updated:
November 22, 2023

Technical skills I've acquired through this internship include:

System Administration tasks:

• Create, modify and delete administrator and user accounts
• Adjust account permissions
• Patch, update, and optimize Windows 10 and 11 operating systems
• Responsible for mitigation of security risks using Microsoft security baselines

Networking:

• Provide network cable management for different organizations
• Test low-voltage CAT-5 and CAT-6 cables
• Perform multiple cable runs, modified lengths, and punch down on patch panels

Cybersecurity tasks:

System Hardening:

• Install antivirus solutions for all system platforms
• Create security baselines using Microsoft Policy Analyser, and make changes via GPO
• Consult with clients, and schedule internal and external pen testing

SIEM:

• Install and implement SIEM cloud or on-prem product for clients
• Configure host with SIEM agents on both Windows and Linux systems
• Monitor systems and network for threats, critical updates, and technical issues

Vulnerability Management:

• Install/configure Nessus Essentials to perform credentialed vulnerability scans against Windows 10 Hosts
• Implement Vulnerability Management Function on Virtual Machines: Discover, Prioritize, Assess, Report, Remediate, Verify
• Conduct vulnerability assessments with Nessus; prioritized and remediated vulnerabilities
• Manage vulnerability scan findings and schedule patches to apply

Security Analysis/Content Creation:

• Perform malware analysis on any malicious software found on systems
• Responsible for threat hunting and incident handling
• Use custom PowerShell script to extract metadata from Windows Event Viewer to be forwarded to third party API in order to derive geolocation data
• Configure Log Analytics Workspace in Azure to ingest custom logs containing geographic information (latitude, longitude, state/province, and country)
• Configure custom fields in Log Analytics Workspace with the intent of mapping geo data in Azure Sentinel
• Configure Azure Sentinel (Microsoft's cloud SIEM) workbook to display global attack data (RDP brute force) on world map according to physical location and magnitude of attacks.

Firewall Policy Management:

• Allow/deny traffic for specific users using NGFW (Palo Alto)
• Monitor and analyze firewall traffic for troubleshooting rules
• Create, delete, modify firewall objects to maintain organizational standards

Soft skills utilized:
Empathy/friendliness (with clients), communication with clients who are non-technical, adaptability, punctuality, troubleshooting, research, self-motivated, multitasking, dependability

This course was the primary tool I used to prepare for the CySA+ exam. In addition to familiarizing myself with various concepts in security operations, risk management, and incident response, I have gained new skills while utilizing skills I already had in tow.

Technical skills I’ve gained from this program include:

CySA+ Lab series:

• Install virtual machines through VMWare
• Perform Vulnerability scans using Nessus, OpenVAS, netstat, nmap
• Web application scanning using Nikto and ZAP
• Implement host-hardening techniques: group policy configuration, close unused ports, patch installation, and scan hosts through Windows Defender
• Analyze network packets using tcpdump and Wireshark
• Use ACLs and IPTables to create/implement firewall rules
• Work with log data through syslog and Windows Event Viewer
• Perform Memory and Digital Forensics Analysis
• Extract data from a compromised machine
• Bash scripting and Log Analysis
• Password cracking with Hashcat
• Active Directory
• Exposure to SIEM – Splunk
• Frameworks: NIST, CIA triad, MITRE ATT&CK
• Exposure to system audits, ACAS, SCAP, POA&Ms, JSIG, RMF

Ethical Hacking Lab series:

• Reconnaissance with Nmap & Amap
• Social Engineering Attacks with Social Engineering Toolkit (setoolkit)
• Metasploit Framework Fundamentals
• Web Pentesting with Nikto & OWSP Zap
• Password Cracking with John the Ripper
• Create and Install SSL Certificates
• Enumerate SMB with enum4linux
• Backdooring with Netcat
• Packet Crafting with Scapy and Hping
• Network Analysis
• Client Side Exploitations
• Testing Firewall Rules with Firewalking
• SQL Commands & Injections
• Buffer Overflows
• Evading IDS
• Using VNC as a Backdoor
• Auditing Linux Systems
• Anti-Virus Evasion

Soft skills utilized:

time management, self-motivated, collaboration, team building, networking, conflict management, leadership, diversity awareness, analysis, troubleshooting, positive attitude, positive work ethic, stress management, desire to learn, critical observation, friendliness, public speaking/presentation, conflict resolution

Featured Accomplishments/Tasks:

• First student player in club (ever) to complete all Practice Round challenges in NCL CyberSkyline Gym
• Ranked 1st Place in club's Spring 2023 Practice CTF exercises
• Preparation/Teamwork/Collaboration for SoCal's 2023 Cyber Cup Qualifier and Final Rounds
• Showed initiative by compiling data from teammates and writing up a "Post Incident Review" report upon completion of 2023 SoCal Cyber Cup Final Round... for fun.

Technical skills acquired through CTF-style practice, qualifying, and final rounds:

• Familiarity with Windows 10/11, Kali Linux, CLI
• Open-Source Intelligence: Metadata, Threat Intel, HTTP headers, SSL, Barcode
• Password Cracking: Rockyou/custom wordlists, hashcat, ophcrack
• Enumeration/Exploitation: Python, SQL, HTML/CSS, compiled binaries
• Forensics: Git, Binwalk
• Scanning: Nmap, dirbuster
• Cryptography: Hex, ROT13, Atbash, Morse code, Railfence, Vigenere, strings, Digital Invisible Ink Kit
• Network Traffic Analysis: DNS, FTP, HTTP, Telnet
• Log Analysis: SSH, nginx, Firefox SQLite History DB, Squid proxy
• Web Application Exploitation: HTTPS Security Audit
• Wireless Access Exploitation: aircrack-ng

Soft skills utilized:

strategic planning, work well under presssure, punctuality, strong/positive work ethic, team collaboration/coordination, networking, research, analysis, troubleshooting, risk management, quick thinking, adaptability, critical observation, problem solving

• Install network equipment, cabling, and POS systems
• Configure firewall for network segmentation and threat detection/prevention
• Monitor network and systems for security alerts and technical issues
• Ensure all devices and software are up-to-date and patched
• Troubleshoot network and POS issues as they occur
• Provide technical support for system users
• Implemented SIEM for easy monitoring and alerting
• Set up VPN server for remote troubleshooting

Featured Accomplishments:

• Revamp all current Microsoft Excel report workflows by implementing Microsoft Power Query to improve efficiency
• Fun fact: Upon receiving the news 2 days prior I would get RIF’d, I spent a total of 28 hours creating SOP videos and compiling all of my spreadsheets on tasks that only I could do. SOP videos aren’t a thing in this company, but it was the fastest way I can get it all documented in time before the termination cut-off time. Soft skill demonstrated: Team loyalty/integrity.

Routine Tasks:

• Support all coordinating team tasks
• Facilitate training sessions and delegate core tasks to new and existing coordinators
• Create, update and maintain multiple Microsoft Excel worksheets on department data with timely monthly workbook updates for managers and coordinators
• Responsible for producing multiple routine reports:
  • Weekly and monthly managerial reports on overall production and accounting.
  • Client-facing daily report on current pipeline and order statuses
  • Morning and afternoon team priority list reports to management and appraisers through Microsoft Excel pivot tables and Excel formulas.
  • Develop and solely manage our department’s current Payroll Exceptions pay system:
    • Calculate accurate, consistent numbers and a complete list of exception types in a timely manner through several management submissions and appraiser revision requests
    • Categorize all incoming email and handle data entry from 70+ appraisers, management, coordinators and Quality Control on a daily and bi-weekly basis.
    • Process and submit final payroll documents to management requiring little to no checking
    • Demonstrate skill to analyze, investigate and resolve problems
    • Consolidate data to develop reports, records, diagrams and charts
    • Demonstrate discretion when handling payroll data

• Organize and send Microsoft Teams staff meeting invites as requested by the VP
• Train coordinators on Microsoft Office 365’s Forms to collect weekly and one-time survey department responses

Soft skills utilized:

Self-starter, multitasking, integrity, organization, work well under pressure, communication, team collaboration, resourcefulness, initiative, reliability, strong work ethic, out-of-the-box thinking

• Execute daily, weekly, and monthly tasks in a timely manner with little to no supervision
• Discern and complete higher-priority tasks in a fast-paced environment
• Consult with Quality Control, management, VP and Assistant to VP to ensure orders are completed in a timely manner, working in close liaison to the appraisers of the department
• Handle highly sensitive client and appraiser information according to company compliance
• Ability to learn and adapt quickly with several wizards in company software
• Use company’s Assigning wizard to strategically prioritize and delegate thousands of orders to 100+ appraisers nationwide based on client requirements and appraiser state license and appraiser’s weekly/daily/hourly work schedule.
• Use company’s Registry wizard and Microsoft Excel to create and solely manage a workflow for collecting, verifying, and updating state licenses and expiration dates.
• Immediately analyze, report and handle all lapsed state licenses and other crucial prioritization issues per management direction
• Coordinate all incoming Microsoft Outlook email, phone, and in-person priority rush requests between departments and appraisers
• Restructure multiple Microsoft Outlook public folder workflows for CRA team efficiency, using Categories, Quick Steps, email templates, calendar, and subfolders.
• Create and execute a simple SMS-texting/personal e-mail workflow to send team communication updates on unexpected company software outages and fixes.
• Send mini-welcome packets to appraisers on team operations and data collections request.
• Use company’s Employee Manager wizard to set up all new and existing employee accounts
• Create and coordinate several holiday events, online galleries, monthly birthday emails, fun email communications to reinforce a friendly team culture

Soft skills utilized:
multi-tasking, coordination, punctuality, strong work ethic, reinforce a friendly work culture, self-starter, out-of-the-box thinking, analytical skills, task prioritization

Featured accomplishment:

• Top data entry clerk in department - entering up to 200 appraisals in a single shift

Routine tasks:

• Screen, delegate and scan incoming fax and mail-in orders to different departments
• Expedite late-night bulk mail faxing and data entry processing
• Train new data entry employees on HOPS (company’s data entry proprietary software)
• Ensure confidential information from clients were handled according to company compliance
• Ability to type 65 wpm

Soft skills acquired:

Strong work ethic, self-starter, team player, communication skills, collaboration

• Demonstrated proficiency in Adobe Photoshop, Illustrator, Dreamweaver, HTML, CSS, JavaScript (and the retired applications: Fireworks and Flash)
• Ability to work calmly and efficiently to meet rigorous deadlines in a fast-paced team environment
• Assist in developing curriculum for the Miva Merchant E-Commerce platform, and organized various training sessions for faculty/staff
• Manage a 6-month project involving the collection of page content and images by coordinating with 30+ faculty, staff, and Deans from all departments
• Develop and implement various web projects for college curriculum
• Revamp several page design layouts for college web site
• Accommodate several faculty, staff and the Dean of Computer Information Systems with various administrative task requests

Soft skills utilized:

Team collaboration, time management, artistic/creative thinking, self-starter, multi-tasking, critical thinking

• 1700 volunteer work hours total
• Updated and maintained volunteer and community database
• Recruited and trained 50+ volunteers from Ministry Volunteer Fair events.
• Worked closely with CEO to help motivate and provide support to the volunteers each week
• Created and updated welcome/orientation packets for volunteers
• Provided administrative support for CEO, technical teachers, and repair volunteers
• Created/hosted bi-yearly volunteer appreciation events
• Marketed various ministry events through print and online
• Set up weekly Computer Repair events across 4 different locations: bring equipment, greeted volunteers and guests, signed guests in and assigned them to a volunteer, offer encouragement, pack up equipment, provided follow-up when needed.
• Managed the collection, refurbishment, and donations of computers to organization like the Wounded Warriors, Kate Sessions Elementary School, Bridge of Hope, University of San Diego.
• Collaborated with leaders of other organizations to provide computer services at various events, such as the annual Boots Off! Event (military families), Bridge of Hope (refugees), and Share the Dress (underprivileged teens).

Soft skills utilized:

leadership, empathy, team-building, team collaboration, work culture, experimentation, self-motivated, troubleshooting, conflict resolution, patience, adapatability, cultural awareness, presentation, organization, planning/scheduling