Eric Mwangi

Achievements:

• Onboarding and Integration of Log sources sources, streamlining the ingestion process by filtering out unwanted data fields to optimize SIEM Cost.
• Defining Use Cases and Response plans for the onboarded Log sources.
• Conducted thorough security assessments of current security controls, identifying and implementing improvements to enhance organizational resilience and reduce risk exposure.

Achievements:

• Developed and documented incident response plans tailored to various security incidents and threat categories.
• Prepared and delivered weekly and monthly SOC metrics reports covering key performance indicators both for board and regulatory consumption.
• Documented and shared Threat Hunting findings to enhance overall security posture and guide preventive measures to the Security Engineers.
• Led training sessions to help L1 analysts understand advanced threat vectors and response techniques.
• Reviewed and updated use cases to adapt to evolving threat landscapes.

Achievements

• Mobile Hotspot Vulnerability Uncovered: The misconfiguration allowed all bank users to create a portable hotspot which was able to bypass NAC.
• Successfully conducted upgrades to Tripwire Enterprise Console to the latest versions 8.9 as at June 2022 and running with continuous optimization of the solution (Agent Upgrades).
• Successfully conducted upgrades to ArcSight Logger to the latest versions v7.11 as at June 2022 and running with continuous optimization of Security solution.
• Supported upgrades of DarkTrace Enterprise Immune System and supporting Models
• Deployment of CrowdStrike Console and Agents across the Group.
• Enhancements of Detection Models on Antigena Email.
• Led the Development of Security and Compliance KPIs and metrics to track security Monitoring effectiveness : MSSP Service Level Agreements & Incident Reporting Metrics.
• Successfully conducted 26 Hours of Cyber Security Awareness to New Joiners in the Bank both Physical and Virtual sessions.
• Purple Team Activities - Active Directory attack and Defense, Network Vulnerability Assessment & Malware Hunting & Reporting.

Achievements:

• Developed Customized Flex connectors / Parsers to monitor Critical Business Applications on ArcSight Platform – Aruba, CiscoFTD connector
• Part of team that conducted upgrades on ArcSight Manager, ArcSight Logger, ArcMC (to latest versions as at May 2017 i.e., ArcSight Express v6.9.1.c, ArcSight Logger v6.2, ArcMC v2.2). Upgrade project also included upgrading all appliances to RHEL 6.7 Operating system.
• Upgrade of ArcSight Manager from v6.1 to v6.11
• ArcSight Appliance RHEL upgrade from v6.2 to v6.8
• HP Reputation Security Monitor (RepSM) Plus (v1.6) connector implementation on ArcSight Manager