Download PDF

Summary

Roberto-Carlo Pamfil is a Security Operations Centre Manager, Digital Forensics and Incident Response Investigator. Through learning and experience, Roberto has gained industry knowledge across multiple sectors with experience in APT intrusions involving payment gateway data breaches, nation state attacks and industrial espionage. Roberto's current focus is on Security Operations and Incident Response Management with a technical focus on Digital Forensic, Malware Analysis and Threat Intelligence. Roberto currently works as a Security Operations Centre Team Leader for Close Brothers.

Competencies

  • Industry experience managing Computer Security Incident Response Team (CSIRT), Security Operations Centre (SOC), Security Operations and Investigations Team in a data regulated and mission critical environment.
  • Experience in managing, responding to and containing security incidents such as crime ware, data breaches and advanced targeted attacks following a standard incident handling life cycle.
  • Can make real-time key decisions under pressure across heterogeneous and unstructured environments.
  • Capable to report key findings in a clear and concise manner both at a technical and senior management level.
  • Developed response and remediation plans during and after an incident.
  • Real life experience in dealing with APT and TTP attacks from different threat levels.
  • Experienced with Lockheed's Cyber Kill Chain and the MITRE (PRE)ATTACK Matrix.
  • Knowledge of TCP/IP networking with the ability to perform network forensic analysis.
  • Good understanding of underlying service protocols such as HTTP, HTTPS and DNS.
  • Knowledge working with security information and event management tools.
  • Understanding of client-server infrastructures, security architectures and related logging and alerting.
  • Good understanding of file system analysis and ability to find and extract common disk-based indicators of compromise.
  • Knowledge of Windows, Linux, and OS X system internals with emphasis on memory structures and ability to find and extract common memory-based indicators of compromise.
  • Experience conducting malware analysis activities through behavioural techniques for dynamic analysis and reverse engineering.
  • Experience analysing network traffic and alerts from various sources to find the root cause.
  • Involved in security gateways development, onboarding data sources into SIEM platforms, with experience in architecture design and implementation for on premises and cloud infrastructure.
  • Evaluated new and existing cloud security solutions in support of deployments to multiple cloud platforms.
  • Performed high-level technical assessments of existing cloud security architectures, processes, projects, and vendors.
  • Deployed Cloud Native Detective and Responsive controls in AWS and Azure that enforced the security baseline at scale and integrated with open source and vendor tools.
  • Worked closely with cloud operations team to develop cloud monitoring use cases needed for troubleshooting and resolution of security or compliance issues.
  • Developed and executed purple team exercises between blue and red teams.
  • Developed first responder training, playbooks, and incident response procedures.
  • Developed processes and procedures to analyse, report and share threat intelligence, and automating feeds into monitoring systems and reports.
  • Developed user awareness programs (phishing campaigns) and security essentials training.
  • Developed malware and forensic analysis labs.

Technical Skills

Cloud Infrastructure - Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM Cloud, Oracle Cloud, Alibaba Cloud; 
Operating Systems - Windows, Linux, Unix, Android, iOS;
Host Analysis - Falcon, GRR, EnCase, Nuix, FTK, XRY, TSK, Log2Timeline, Volatility Framework, Elastic Stack, SIFT Workstation, REMnux, Cuckoo, Viper;
File Systems: FAT, NTFS, HFS+, EXT2/3/4;
Network Traffic - Moloch, Wireshark, TCPdump, FakeDNS, INeTSim, FakeNet-NG;
Monitoring Tools - SIEM (Falcon, QRadar, AlienVault, LogRhythm, Splunk, Alert Logic, Elastic Stack), AV (Sophos, McAfee, ESET, Symantec, Kaspersky), Malware Detection (McAfee, CISCO, F-Secure, FireEye, Wildfire);
Signature Definitions - YARA, SNORT;
Programming Languages - WMIC, PowerShell, Batch and Python;

Work History

03/2021Present

Security Operations Centre Team Leader

Close Brothers (Full Time Employment)

Managed the SOC Team. Responsible for delivering reliable and knowledgeable expert cyber security analysis, recommendation, threat hunting, reporting and cyber incident response to the business. Was the Subject Matter Expert (SME) in using these tools to proactively respond to the cyber threat landscape based on continuous threat hunting and cyber intelligence. Lead SOC duties for Close Brothers, using cyber security experience to identify potential threats and security gaps present within the environment. Responsible for identification of cyber threats at a forensic, network and operating system level. Reporting of threats, threat levels and remediation plans to the Head of Security Operations. Owner of remediation of tasks escalated by SOC Analysts and the Head of Security Operations. Responsible for developing SOC  analysts, processes and procedures.

05/202002/2021

Analyst, Falcon Complete

CrowdStrike (Full Time Employment)

Worked in the virtual security operations centre where I could expand my skill set through a wide variety of experiences, detecting, and responding to incidents as they occur in real-time for customers. Conducted monitoring and perform in-depth analysis of security alerts. Exercised incident handling processes across Windows, Mac, and Linux platforms. Performed malware analysis of different family strings. Performed remote remediation of malware and malicious activity. Developed and improved processes for incident detection, triage, and the execution of countermeasures. Produced high-quality written and verbal communications, recommendations, and findings to customer management. Served as the technical escalation point and mentor for lower-level analysts. Provided oversight and quality assurance for issues worked by lower-level analysts. Aided in the advancement of security processes and procedures.

10/2019Present

Director

Platon Technologies (Full Time Employment)

Information technology firm supplying professional consultancy services.

10/201904/2020

Information Security Contractor

The Go-Ahead Group Plc (Full Time Contractor)

Responded and contained incidents across the group which is made of multiple operating companies across the United Kingdom, Ireland, Germany and Singapore. Managed incidents from start to end using the incident response life cycle. Wrote incident response reports and reported directly to the Chief Information Security Officer (CISO) and presented high level critical reports to senior stakeholders, Chief Information Officer (CIO). Managed security analysts responsible for technical investigations during incidents as well as mentoring them through knowledge sharing and teaching. Collaborated with different teams within Information Technology Service Delivery to ensure efficient and secure remediation. Developed incident response standards and methodologies and integrated them across the business. Developed first responded training for different operating companies to ensure a fast and secure response to incidents. Managed deadlines during incidents where time is of the essence. Still getting technically involved with more complex sensitive investigations.

01/201909/2019

Senior Information Security Analyst

easyJet (Full Time Contractor)

Maintaining the confidentiality, availability, and integrity of easyJet’s information and information systems. This is achieved through identification and mitigation of risk through security systems management and incident management. Responsible for the operational support of specific security technologies, products, and services within easyJet to ensure that they satisfy the organisations security needs economically, efficiently, and effectively. Monitoring internal and external cyber threats and vulnerabilities and ensure that easyJet technical controls are appropriate. Performing rapid response, detection, isolation, and remediation of information security incidents. Providing a focal point within easyJet for technical information security expertise. Responding to incidents using the SANS incident response framework and following well defined playbooks for different types of incidents such as malware outbreaks, phishing campaigns and insider abuse.

11/201612/2018

Cyber Security Analyst

Thales (Full Time Employment)

Examined system logs and threat intelligence about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies. Conducted detailed analysis and investigation of alerts generated via SIEM, IDS/IPS and other related data sources. Was responsible for developing, researching and maintaining proficiency in tools, including researching techniques, countermeasures and trends in computer and network vulnerabilities, data obfuscation, and malware analysis. Evaluated and implemented threat intelligence process of analysing, reporting and sharing in regards to new threats and vulnerabilities and ensured detective controls are updated to detect new attacks. Carried out analysis to determine the root cause of events, and provided incident response and reporting in support of operational effectiveness. Worked with different IT teams to ensure the recommendations and changes are applied effectively during the lessons learned part of an incident.

05/201509/2016

Incident Response Investigator

MWR InfoSecurity (Full Time Employment)

Primary responsibility was to work with MWR's clients to deliver Investigations and Incident Response services. The role involved performing intrusion forensics by identifying unauthorised access into network estates. Gained experience from working with a large set of clients from different global industries which gave me the exposure to different environments and architectures. Acquainted to work in SOC environments. Some of these involved APT attacks, ransomware, fraud, and phishing. Developed forensic laboratory, incident response procedures and first responder training.

Past04/2015

Information Technology

Self Employed

Various IT roles during my time in education.

Certifications

03/201603/2020

GIAC Certified Forensic Analyst (GCFA)

GIAC

11640

Courses

02/201802/2018

CISSP: Certified Information Systems Security Professional

QA
10/201710/2017

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

SANS
03/201603/2016

FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting

SANS
04/201508/2015

FOR500: Windows Forensic Analysis

SANS

Education

Languages

English - Full Professional Proficiency

Romanian - Native or Bilingual Proficiency