Martin Brough

‘ L E A D I N G  N EW  S E C U R I T Y - R E A D Y  T E C H N O L O G Y  S O L U T I O N S  I N  C R I T I C A L  D E A D L I N E  E N V I R O N M E N T S ’

A highly accomplished ‘forward-thinking’ cyber security subject matter expert, speaker, published author, Bug Bounty and security Researcher with more than twenty years of progressive success advising the C-Suite as a specialist in Malware analysis, information security and compliance in global environments. A respected visionary and detail-oriented Technology Leader known as a champion of managing projects and building talented teams from conception through to launch

C A R E E R  H I G H L I G H T S

•    Expert at delivering complex projects, identity management, designing and implementing complex, fully fault tolerant and disaster ready IT solutions that ensure seamless delivery of complex projects.

•    Effective at mentoring and coaching teams to high engagement and performance**.**

•    Expert at defining enterprise technology strategies and solutions that reduce costs and improve efficiencies

to optimize organizational goals. Optimizes security tools to meet current and future threats.

•    Business and information security savvy that turns vague ideas into solutions.

•    Reputation as an ‘out of the box thinker’ with a series of quantifiable accomplishments in security growth in global markets. Sought after for special projects.  Developed custom decoders and decryption tools.

•     Progressive leadership leveraging networks to cultivate global partners to advance business goals.

•     Noted leadership security SME speaking at security conferences, published author, founded blog presenting complex security topics such as risk tolerance, authentication, home network security, data privacy, social engineering, and identity theft. https://infosec512.com

T E C H N I C A L  E X P E R I E N C E

Advanced Knowledge: SIEM products, Incident Response, Data Breach Protection, IDA Pro, OllyDBG, WidnDBG, Immunity, Cuckoo, Joe Sandbox; Proficient: C/C++. Python, X86, HTML/XHTML, Java, Perl, PHP, Shell scripting, XML/XSL, AIX/Linux/UNIX, Windows, OSX

Certifications: CISSP, OSCP, CEH, CCNA Security, MCSA, CIPT 1+2, A+ (Pursuing OSCE, GIAC)

P R O F E S S I O N A L  O V E R V I E W

Sr. Manager, Cyber Defense Operations (Global), Arm, Austin TX 

In this role I functioned as the technical lead for all cyber security operations systems including Incident response, vulnerability management, vendor management, MSSP integrations as well as many other systems as needed. I developed regular training for all teams within enterprise IT including Custom Table Top exercises as well as training in incident response processes and procedures. The following bullet points represent some of the projects I was involved in or developed for Arm:

  • Custom Table top exercises

  • Development of numerous Runbooks and playbooks

  • Creation of documentation for Processes and procedures for IR

  • 3rd level escalation points for all priority 3-1 tickets

  • Advisory to the C-Suite and board on many cyber security related topics

  • Contractor management and training

  • MSSP integration including training, onboarding and development of new processes and hand-off for malicious email processing and EDR management

  • Vulnerability management including regular meetings with all asses owners to help track findings and associate severity and remediation

SR. SECURITY CONSULTANT, NCC GROUP, AUSTIN TX                  

Worked on the NCC Group CIRT team as a Senior level consultant and Manager of the Cyber Forensics lab for NCC Group North America focused on many areas of red, blue and purple teams and incident response. I served as the subject matter expert in cloud security and malware incident response events. during my time with the NCC CIRT team, I was involved in many levels of proactive incident response from emergency (break glass) response to running Table-top exercises. The following is a list of some of the engagement types I was involved in to include highly in-depth reporting for each engagement:

  • emergency IR engagements

  • proactive IR engagements

  • Table Top exercises

  • Blue and Purple team events

  • SME for consulting with retainer clients

  • IR Gap reviews to identify areas that need to be improved in client’s ability to response to a cyber incident

  • Assisting in CIRT service development by providing technical expertise

  • Creating/maintaining internal tooling, such as scripts and lab equipment, to assist with analysis activities.

  • Participating in CIRT promotion activities such as writing white papers, blogs, or presenting at security conferences

  • Training other investigators and staying up to date on current events in the industry

  • Collaborating with global CIRT teams and/or cross divisionally to improve CIRT and NCC Group capabilities

CYBERSECURITY EXPERT, ACRONIS, ROUND ROCK, TX                   

As the Cybersecurity engineer for Acronis, I developed the new email anomalies detection logic and rules and worked to create a new scanner to add as a new security product for the Acronis Cyber Protect line of security tools. I wrote many blogs and was featured in over a dozen articles as a subject matter expert in security and malware analysis. I was a guest on several security related panels as well as served as panel moderator on occasion. I worked on a global team of analysts and principal researchers to discover new threats and write weekly news reports as well as record videos for the Acronis Youtube channel.

  • Research new cyber security threats (malware, vulnerabilities) and complex attacks (APT campaigns, botnets)

  • Provided expert comments for media and management

  • Presented research results at key cyber security conferences

  • Designed new protection technologies in Acronis products

  • Represent Acronis in different professional groups and organizations

MANAGER SECURITY SOLUTIONS ENGINEERING TEAM, COFENSE (FORMERLY PHISHME). ROUND ROCK,TX    

Managed global team of security engineers and analysts to automate processes and reporting, standing up Splunk instances, building Hive, built web UI tool to enhance customer reporting, built SIEM products via familiarity with LogRhythm, Splunk, QRadar & Archsight. Security defense centers, managed SOC for 70+ global customers, analyzing email, malware, phishing attacks, alerts and Incident Responses. Emphasized secure coding.

Global Security Solutions: Network Support, monitoring, change control, incident handling

  • Designed and developed customized Security solutions for over 70+ customers.

  • Advised in writing and architecture of WIEM integrations for intelligence feeds.

  • Administer multiple security tools in AWS including Security Monkey, parkMyCloud to ensure security.

  • Expert in writing exploits for common vulnerabilities for stack overflow, cross-site scripting, SQL injection

  • SME in system security, vulnerabilities, remediation, automation, best practices, incident response and standards

  • Administration of Jira, ZenDesk , and set up and deployed VictorOps.

DIRECTOR OF CYBER SECURITY, TBWA WORLDWIDE, ROUND ROCK, TX                                                                    

Ensured all means of protection were in place to meet client needs (Apple), including Pentesting local networks, conducting Red team events, SOC with small global team. Ensured 24/7 delivery across 3 global SOC in USA, APAC and EMEA.

  • Hunted threats using advanced threat intelligence, security telemetry and advanced analytics, cultivating rapid threat detection and mitigation, with all forms of system telemetry and syslog.

  • Expert in security device management in monitoring, planned changes, patch management, & architectural growth, and analytics of exploits and techniques.

  • Conducted full scale firewall audits for all 122 global offices and upgrades to new 2nd generation systems.

  • Collaborated on developing Malware analytics tool Log and advised in presenting tool at Blackhat Arsenal 2016.

  • Analyzed and remediation of malware and APTs on global networks in in 230 countries and 20,000 end points.

  • Decrypted Tox Ransomware strain customizing with more Social Engineering.

  • Professionally spoke at many security conferences on Malware analysis.

IT DIRECTOR, SECURITY AND INFRASTRUCTURE, EAS, INC., 804 VELOCITY.   

IT Strategy and Execution defining IT visions and plans at the global enterprise level and sourcing precise IT solutions to support business objectives for cost effective and scalable solutions that support business growth.

  • Vendor Sourcing/Vendor Relations –selected top vendors to reduce costs, improve service and meet goals.

  • Leadership& Talent Development – engages top IT talent to performance and culture excellence and innovation.

  • Supported internal IT team and systems a coordinated engagements with consultants and vendors.

  • Managed infrastructure operations to prevent outages and deliver high availability services.

  • Served as escalation point for IT Operations and incident response and request fulfillment.

  • Managed internal/external technical services, vendors, hands on development of programming needs, business owner needs, regulatory controls, Operations and Security, Incident Response Planning, Network Monitoring and Management, Firewall Management, Change Management, System Monitoring and Management.

INFORMATION SECURITY MANAGER, IDX CORPORATION ONTARIO, CA., LOS ANGELES REGION     

Provided technical support for managed security services, security engineering, infrastructure, management and sales groups, managed and monitored client security devices worldwide. Performed installs, configure and troubleshooting on firewalls, and inline/passive IPS/IDS sensors, firewall migration projects, led configuration/troubleshooting on VPN.

  • SME on global operations and architect network security solutions and firewall solutions, and pre & post sales.

  • QA tested new network security technologies and appliances

  • Ensured updated content for company knowledge base, technical documentation and best practices procedures.

  • Developed technical training and mentoring for new hires, for web developers, and improved business processes.

  • Spearheaded global Pentest of all systems, and reporting processes.

  • Created Enterprise Red Book for incident response and reporting procedure.

NETWORK SECURITY ENGINEERING TEAM LEAD, TRANSCORE, SAN DIEGO, CA                                                   

Design, administer, upgrade, & migration of Microsoft enterprise and Linux based networks, proficient in multi-platforms.

SENIOR SECURITY ENGINEER, TEKSYSTEMS, SAN DIEGO, CA                                                                                         

Member of Contractor team providing end to end LAN/WAN solutions including voice and data network services.

PROJECT MANAGER, INTERCONNECT SOLUTIONS INC., SAN DIEGO, CA                                                                     

Senior member of network analyst team providing end to end LAN/WAN solutions to thirty K-12 School Districts.

P R E V I O U S  N O T E W O R T H Y  E X P E R I E N C E

CRYPTOGRAPHER, UNITED STATES MARINE CORPS                                                                                                       1999 - 2007

Installed and maintained Cisco and Windows server 2000 networks in multiple overseas locations. Programmed T-1 connections with multiple switches. Supervised personnel in installation of SIP and NIP infrastructure. Main point of contact for crypto generation and fills for secure communication in multiple deployments including Middle East tours. Authored updated Marine Corps Order MCO 2040 8E for handling and transport of cryptographic devices.

E D U C A T I O N  

Bachelor of Science in Information Technology (Concentration in Information Systems Security), UNIVERSITY OF PHOENIX