Client: Port of Long Angeles (POLA)
Project: Cyber Security Operations Center Subject Matter Expert (SME)
Role: Tier 1 and Tier 2 Cybersecurity Support at the Security Operations Center (SOC)
E.K.’s cybersecurity experts worked with the Port of Los Angeles to handle Tier 1 and Tier 2 Operations support, including monitoring and analyzing specified data sources and incidents.
Our technical team was responsible to:
- Interpret security events from: firewalls, endpoint protection, intrusion prevention/detection systems, security information and events management (SIEM), proxies, advanced persistent threats, email systems, servers (physical and virtual), databases and packets
- Interpret common attacks and exploits including but not limited to: Denial of Service, Domain Name Systems, malware infections, exploit kits, drive-by compromises, spear phishing, and/or zero days
- Correlate and modify advanced SIEM use-cases to trigger notifications on all severity levels of incidents
- Analyze and reverse engineer malware packages to assess threats and indicators of compromise
- Create, correlate and modify advanced SIEM use-cases to trigger notifications on all severity levels of incidents
- Develop, analyze and interpret programming of malicious codes
- Monitor and analyze specified data sources and incidents
- Perform network and systems administration
- Follow incident monitoring processes and procedures
- Document and communicate incident status updates, for non-technical personnel
- Monitor escalated event alerts.