# TOPHER TEBOW
## CYBER THREAT HUNTER
See application for contact details.
***
## SUMMARY
- Experienced Cybersecurity Professional with 10+ years of expertise in threat intelligence, threat hunting, and web application security.
-	Multiple certifications, including cybersecurity analysis, penetration testing, and network security.
-	Experienced in cross-platform detection and analysis, including Windows, Linux, and macOS.
-	Well-versed in malware and vulnerability analysis techniques and tools.
-	Strong experience in fast-paced environments that require speedy and accurate analysis and remediation.
-	Ability to communicate highly technical concepts and details to a variety of audiences.
***
## CERTIFICATIONS
### Security
Certification | Issuing Organization | Certification Number
------------ | ------------- | -------------
Systems Security Certified Professional (SSCP) | International Information System Security Certification Consortium (ISC2) | 2002157
CySA+ | CompTIA | 25QPHQLT22EEQ33K
PenTest+ | CompTIA | F5W66WNT1EE4QWW8
Security+ | CompTIA | 3WZQEMXSNEBE195G
Network+ | CompTIA | QMTV1HBQPJR1Q39J
A+ | CompTIA | YSP0KKEYBBE41MK8
Linux Essentials | Linux Professional Institute | 5agtvrf82v

### Project & IT
Certification | Issuing Organization | Certification Number
------------ | ------------- | -------------
Certificate in IT Service Management | ITIL Foundation | GR671340266BT
Six Sigma Green Belt | The Council for Six Sigma Certification (CSSC) | PEqbg5qYw7
Project+ | CompTIA | 2YFXP64YLBFEQ535
***
## TECHNICAL SKILLS OVERVIEW
### Cybersecurity Frameworks & Standards
- NIST CSF, MITRE ATT&CK, PCI DSS, SOC2, ISO 27001, CIS, OWWASP Web Security Testing
### Threat Intelligence & Monitoring
- __Threat Intelligence Technologies:__ Anomali ThreatStream, Recorded Future, ThreatConnect, Stairwell, IntSights, VirusTotal, AT&T AlienVault, IBM X-Force, Microsoft Defender Threat Intelligence, Flashpoint Ignite, Wordfence Intelligence
- __Threat Intelligence Standards:__ STIX, TAXII
- __Monitoring, SIEM, & SOAR Tools:__ CrowdStrike Falcon, Google Chronicle, Siemplify, Cofense Triage, QRadar, Snort, Cortex XSOAR, Grafana, Kibana, Splunk, ThreatConnect, Elastic SIEM, Elastic Stack, Logstash
- __OSINT Tools:__ Maltego, Shodan, Google Trends
### Penetration Testing & Vulnerability Assessment
- __DAST Tools:__ Burp Suite, OWASP ZAP, Nmap, Wireshark, BeEF, SQLmap, Metasploit
- __SAST Tools:__ TrueCode, Veracode
### Malware Analysis & Detection
- __Analysis Tools:__ Cuckoo Sandbox, Procmon, Process Hacker, ANY.run, IDA Pro, X64dbg, Radare2, Ghidra, Hybrid Analysis, Joe Sandbox
- __Detection Engines:__ YARA, HyperScan, ClamAV, Acronis
### Development & Automation
- __Programming & Scripting:__ Bash, PowerShell, Batch, Python, Perl, JavaScript, PHP, Lua, C, C#, Go, Rest API, Regular Expressions (Regex)
- __Web & Design Frameworks:__ jQuery, Laravel, Angular, Bootstrap, Tailwind
### Cloud & Virtualization Technologies
- __Cloud Platforms:__ Amazon Web Services (AWS), Azure
- __Virtualization & Containerization:__ Hyper-V, VMWare, VirtualBox, QEMU, oVirt, KVM, Virt-manager, Kubernetes, Docker, Vagrant
### Operating Systems and Web Servers
- Linux, macOS, Windows, Android, iOS, Apache, IIS, Nginx
### Database Management
- MySQL, SQL Server, MariaDB, SQLite, PostgreSQL
### Collaboration Tools
- Jira, Confluence, Git, GitHub, Bitbucket
***
## EDUCATION & HONORS
### Western Governors University
#### Bachelor of Science in Cybersecurity and Information Assurance
##### Oct 2021 - Jul 2024
- I obtained a B.S. degree in Cybersecurity and Information Assurance.
- I was awarded the Excellence Award for my work in Emerging Technologies in Cybersecurity.
### Scottsdale School of Film & Theater
#### Associate of Arts in Film Production
##### Jan 2012 - Jun 2015
- I studied all aspects of film and television production, from scriptwriting and pre-production, to crew positions on set, and the post-production process.
- I obtained 82 credit units toward an A.A. degree.
### Order of the Sword & Shield
The Order of the Sword & Shield National Honor Society is the largest and most respected organization representing the Homeland Security, Intelligence, Emergency Management, Cyber and Information Security, and all Protective Security disciplines.
### National Society of Leadership and Success
The NSLS is an organization that provides a life-changing leadership program that helps students achieve personal growth, career success, and empowers them to have a positive impact in their community.
***
## Community Involvement
### InfraGard
#### Phoenix, AZ
##### Feb 2020 - Present
InfraGard is a partnership between the private sector and the FBI, fostering public-private collaboration to protect critical infrastructure better.

### Arizona Cyber Threat Response Alliance (ACTRA)
#### Phoenix, AZ
##### Feb 2020 - Present
ACTRA leverages public and private cross-sector resources to more effectively analize critical and real-time intelligence, and respond to cyber threats.

### EXITNODE
#### Phoenix, AZ
##### August 2024 - Present
EXITNODE connects tech enthusiasts with a passion for connecting with others and providing a network of support for new engineers.  The philosophy is rooted in accessibility and diversity, welcoming anyone with a passion for technology.

### Open Cybersecurity Alliance
#### Phoenix, AZ
##### April 2020 - Present
OCA is building an open ecosystem where cybersecurity products interoperate without the need for customized integrations.

### Filigran Community
#### Phoenix, AZ
##### July 2019 - Present
The Filigran community is a public collaborative of cybersecurity professionals working to to provide cybersecurity and crisis management teams with the best possible software fueled by actionable threat intelligence.

### CTI League
#### Phoenix, AZ
##### Mar 2020 - Present
The CTI League, an all-volunteer non-profit group that focuses on aggressively dismantling cyber criminal infrastructure and protecting healthcare organizations against cyber attacks.

### DC602
#### Phoenix, AZ
##### Aug 2018 - Present
DC602 is a gathering point for those interested in alternate applications of modern technology, providing a space to discuss technology and security topics.

### DC480
#### Phoenix, AZ
##### Aug 2018 - Present
DC480 is a group of hackers, infosec professionals, and learners new to cybersecurity, coming together to learn and share experiences in cybersecurity.

### PHX2600
#### Phoenix, AZ
##### Feb 2015 - Present
PHX2600 is a group of hackers and technology enthusiasts who gather monthly to discuss code, tech, and other hacking related topics.
***
### PROFESSIONAL EXPERIENCE
#### Threat Hunter
##### Charles Schwab
###### Hybrid, Tempe, AZ
- Play a critical role in analysis of disparate information and synthesizing into relevant actionable intelligence.
- Ability to deliver accurate, timely and professional intelligence products.
- Support investigative efforts within the CSOC and the Security Organization.
- Capable communicator that can engage others both internally and externally to protect the company’s critical assets.
- Interface with peer departments across the firm.
- Build positive and productive relationships with the business and technology.
- Ability to securely share actionable intelligence internally and externally while maintaining TLP.

#### Cybersecurity Analyst & Technical Writer
##### Microsoft
###### Remote, U.S.
-	Collaboratively identified emerging cyber threats with a team of analysts and researchers.
-	Authored 223 threat descriptions for the Microsoft Threat Encyclopedia, ensuring accuracy and completeness.
-	Reviewed and refined 45 threat analytics reports for the Microsoft Defender Threat Intelligence platform, maintaining Microsoft's standard for accuracy and clarity.
-	Conducted additional research to supplement researcher data, ensuring a holistic understanding of threats.
-	Elevated team knowledge on cybersecurity threats through meticulous research and documentation.
-	Drove team collaboration to pinpoint and document evolving cyber threats.

#### Threat Researcher
##### Defiant
###### Remote, U.S.
-	Identified and documented potential threats through log review, penetration testing, and research resources.
-	Utilized tools like Burp Suite and ZAP to identify vulnerabilities in web applications.
-	Used the MITRE ATT&CK framework and OWASP Top 10 to help analyze and categorize web threats.
-	Drove threat awareness by producing key educational resources for identified threats.
-	Boosted Defiant's threat intelligence by uncovering new trends in cybersecurity and publishing them to the Wordfence Intelligence platform.
-	Contributed to multimedia production for educational videos, promoting cybersecurity awareness.

#### Senior Cyber Security Researcher
##### Acronis
###### Tempe, AZ
-	Worked as a Cyber Protection Operations Center (CPOC) member to monitor and respond to alerts from AI, behavioral, and static detections across all endpoints using Acronis Cyber Protect products.
-	Utilized regex and behavioral analysis to write malware detection rules for Acronis’ custom detection engine, significantly reducing risks to Windows, macOS, and Linux systems.
-	Made use of custom scripts to perform penetration testing on desktop applications to identify vulnerabilities in Windows, macOS, and Linux applications.
-	Analyzed emerging threats, utilizing tools such as Procmon, Process Hacker, IDA Pro, X64dbg, Radare2, Cuckoo Sandbox, ANY run, and VirusTotal to craft detection strategies that preemptively neutralize risks.
-	Led a cross-functional team to educate stakeholders through videos on emerging threats and best practices.
-	Authored technical blog posts, enhancing the company's reputation in the cybersecurity field.
-	Strengthened community relationships, facilitating the exchange of crucial threat intelligence.

#### Manager, Web Security Research
##### SiteLock
###### Scottsdale, AZ
-	Spearheaded the training and development of new analysts, fostering a collaborative work environment.
-	Monitored the alert queues to ensure web threats on client websites were addressed quickly and accurately.
-	Pioneered the optimization of processes and tools, improving efficiency.
-	Contributed to security patch backporting and malware detection rule writing.
-	Managed a machine learning project, showcasing innovative thinking to improve malware identification by 12%.
-	Authored technical and thought leadership articles, exhibiting an analytical understanding of industry trends.
-	Analyzed emerging malware trends, improving the company’s threat intelligence stance.

#### Web Vulnerability Research Analyst II
##### SiteLock
###### Scottsdale, AZ
-	Spearheaded security patch reviews in content management systems (CMSs), ensuring optimal system integrity.
-	Pioneered the backporting of patches to older versions, maintaining system functionality.
-	Constructed comprehensive test cases using Vagrant and Docker, validating patch compatibility with former application versions.
-	Analyzed web threats through code review and penetration testing, using tools like Burp Suite, ZAP, and Metasploit, to ensure robust system security.
-	Evaluated CMS security, leading to the identification and mitigation of new vulnerabilities.

#### Web Security Research Analyst II
##### SiteLock
###### Scottsdale, AZ
-	Managed alert queues to quickly mitigate emerging web threats on customer websites.
-	Led malware analysis and signature creation for enhanced web security.
-	Performed penetration testing on web applications to identify vulnerabilities, making use of tools like Burp Suite, ZAP, BeEF, Nmap, and Metasploit.
-	Initiated a malware trend-tracking program, improving threat prediction accuracy.
-	Developed and managed a suite of tools, optimizing company-wide processes.
-	Launched a company podcast, significantly boosting brand visibility through creative media.
-	Maintained team server and applications, ensuring optimal performance.

#### Lead Web Security Analyst
##### SiteLock
###### Scottsdale, AZ
-	Spearheaded team development and mentoring initiatives, including updating and developing processes and procedures.
-	Innovated a new team division to enhance customer service and internal career progression.
-	Monitored and managed alert queues to ensure customer websites were cleaned of malware quickly and accurately.
-	Collaborated with IT and compliance teams to ensure cybersecurity policies aligned with regulatory requirements like SOC2 and PCI DSS.
-	Managed and updated the knowledge base, ensuring accurate and updated information.
-	Redesigned new hire training materials, elevating departmental knowledge and skills.
-	Delivered technical training to new hires, fostering a proficient and competent workforce.
-	Mentored 10+ analysts, elevating team performance and career growth.

#### Web Security Analyst II
##### SiteLock
###### Scottsdale, AZ
-	Managed alert queues to quickly eradicate malware from customer websites.
-	Identified and eliminated web threats using code review and penetration testing.
-	Advised and educated customers on best practices and processes for updating web content filtering.
-	Streamlined operations via innovative applications in PHP and JavaScript.
-	Mastered multiple programming languages and database formats for comprehensive threat analysis.
-	Implemented effective problem-solving strategies to ensure website security.

#### Hosting Support
##### Go Daddy
###### Gilbert, AZ
- Assisted customers with troubleshooting issues in their shared hosting accounts.
- Provided support via chat, phone, support tickets, and server support as needed.
- Developed several web-based applications to streamline workflow and improve efficiency.

#### Chat Support
##### Go Daddy
###### Tempe, AZ
- Assisted customers with domain, hosting, email, and billing issues through chat support.
- Utilized multiple chat applications to handle a range of inquiries, from basic maintenance to complex problem-solving.
- Played a key role in training and coaching the support team in India.

#### Online Support
##### Go Daddy
###### Gilbert, AZ
- Provided customer support for account, domain, shared hosting, and server issues via support ticket system.
- Initiated the creation of scripts to automate repetitive tasks, enhancing team efficiency and effectiveness.

#### Server Administrator
##### Terra Del Sol
###### Portland, OR
- Built website using HTML, CSS, and PHP. Maintained website, updating and troubleshooting as needed.
- Maintained the Windows server that housed the customer management software.
***
### THOUGHT LEADERSHIP
#### Cybersecurity Podcasts
##### Acronis Cyber Protection Operations Center News
January 2020 - June 2022 *Acronis*  
-	Produced 200 webisodes focused on emerging cybersecurity threats.
-	Scripted and presented newscasts on camera, bringing complex cybersecurity topics to a broader audience.
-	Created graphics and edited video and audio content.
-	Published these newscasts on platforms such as YouTube.

##### Decoding Security
June 2017 - October 2018 *SiteLock*
-	Produced 29 episodes that delved into the latest cybersecurity news and trends.
-	Scripted and presented in-depth stories on critical cybersecurity issues.
-	Generated graphics and managed video and audio editing.
-	Published content across multiple platforms, including YouTube and Spotify

#### Speaking Engagements
##### Acronis Virtual Conference: See Inside a Live Ransomware Attack Then Learn How to Prevent All of Them (EMEA)
2021-06-16 *Acronis*  
Live ransomware demonstration and panel on best practices for preventing attacks

##### Acronis Virtual Conference: See Inside a Live Ransomware Attack Then Learn How to Prevent All of Them (Americas)
2021-06-09 *Acronis*  
Live ransomware demonstration and panel on best practices for preventing attacks

##### 2021 Partner Kickoff
2021-02-02 *Acronis*  
Moderated discussion with a panel of cybersecurity experts

##### AZTC Cybersecurity Summit
2020-12-02 *Arizona Tech Council and Arizona Cyber Threat Response Alliance*  
Panel discussion on the subject of risk management

#### Published Articles
##### Cross-Site Scripting Vulnerability In Download Manager Plugin
2021-06-07 *Wordfence Blog* [Article](https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/)

##### The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner
2021-06-01 *Wordfence Blog* [Article](https://www.wordfence.com/blog/2022/06/the-cybersecurity-cia-triad-what-you-need-to-know-as-a-wordpress-site-owner/)

##### Your CEO Isn't Real: How to Deal With Deep Fakes
2021-12-06 *Security Boulevard* [Article](https://securityboulevard.com/2021/12/your-ceo-isnt-real-how-to-deal-with-deep-fakes/)

##### Ransomware happens, be prepared: Preventing a LockBit attack
2021-09-30 *Adam Fowler IT* [Article](https://www.adamfowlerit.com/2021/09/ransomware-happens-be-prepared-preventing-a-lockbit-attack/)

##### Recovering from a LockBit Ransomware Attack
2021-09-23 *Adam Fowler IT* [Article](https://www.adamfowlerit.com/2021/09/recovering-from-a-lockbit-ransomware-attack/)

##### No user too small to target: A look at the new LockBit ransomware
2021-09-16 *Adam Fowler IT* [Article](https://www.adamfowlerit.com/2021/09/no-user-too-small-to-target-a-look-at-the-new-lockbit-ransomware/)

##### #BHUSA or bust: Hopes and expectations for Black Hat 2021
2021-07-28 *Acronis Blog* [Article](https://www.acronis.com/en-us/blog/posts/bhusa-or-bust-hopes-and-expectations-black-hat-2021) | [Wayback Archive](https://web.archive.org/web/20210728172556/https://www.acronis.com/en-us/blog/posts/bhusa-or-bust-hopes-and-expectations-black-hat-2021)

##### Detonating Ransomware on My Own Computer (Don’t Try This at Home)**  
2021-07-14 *Bleeping Computer* [Article](https://www.bleepingcomputer.com/news/security/detonating-ransomware-on-my-own-computer-don-t-try-this-at-home/) | [Wayback Archive](https://web.archive.org/web/20210714144322/https://www.bleepingcomputer.com/news/security/detonating-ransomware-on-my-own-computer-don-t-try-this-at-home/)

##### I Triggered a Ransomware Attack – Here’s What I Learned
2021-06-23 *Security Boulevard* [Article](https://securityboulevard.com/2021/06/i-triggered-a-ransomware-attack-heres-what-i-learned/) | [Wayback Archive](https://web.archive.org/web/20210623070938/https://securityboulevard.com/2021/06/i-triggered-a-ransomware-attack-heres-what-i-learned/)

##### Is There Hope for ICS and Supply Chain Security?
2021-05-24 *Security Boulevard* [Article](https://securityboulevard.com/2021/05/is-there-hope-for-ics-and-supply-chain-security/) | [Wayback Archive](https://web.archive.org/web/20210524190519/https://securityboulevard.com/2021/05/is-there-hope-for-ics-and-supply-chain-security/)

##### Cybersecurity Predictions For 2021
2021-03-17 *Cyber Defense Magazine* [Article](https://www.cyberdefensemagazine.com/cybersecurity-predictions-for-2021/) |[Wayback Archive](https://web.archive.org/web/20210318020255/https://www.cyberdefensemagazine.com/cybersecurity-predictions-for-2021/)

##### OSAMiner: The Apple cryptojacker that hid for five years
2021-01-28 *Acronis Blog* [Article](https://www.acronis.com/en-us/blog/posts/osaminer-apple-cryptojacker-hid-five-years) | [Wayback Archive](https://web.archive.org/web/20210128194804/https://www.acronis.com/en-us/blog/posts/osaminer-apple-cryptojacker-hid-five-years)

##### 5 Ways to Protect Online Learning Environments
2020-10-23 *Security Boulevard* [Article](https://securityboulevard.com/2020/10/5-ways-to-protect-online-learning-environments/) | [Wayback Archive](https://web.archive.org/web/20201023191257/https://securityboulevard.com/2020/10/5-ways-to-protect-online-learning-environments/)

##### Securing Healthcare Data in a COVID World
2020-09-01 *Security Boulevard* [Article](https://securityboulevard.com/2020/09/securing-healthcare-data-in-a-covid-world/) | [Wayback Archive](https://web.archive.org/web/20200903183508/https://securityboulevard.com/2020/09/securing-healthcare-data-in-a-covid-world/)

##### The 2019 Database Gold Rush
2019-08-08 *SiteLock Blog* [Article](https://www.sitelock.com/blog/the-2019-database-gold-rush/) | [Wayback Archive](https://web.archive.org/web/20190926004030/https://www.sitelock.com/blog/the-2019-database-gold-rush/)

##### The WordPress of the Future
2018-12-28 *SiteLock Blog* [Article](https://www.sitelock.com/blog/2018/12/wordpress-gutenberg/) | [Wayback Archive](https://web.archive.org/web/20190406053041/https://www.sitelock.com/blog/2018/12/wordpress-gutenberg/)

##### When a Good Thing Goes Bad – How Vulnerabilities Were Intentionally Built Into pipdig
2018-04-06 *SiteLock Blog* [Article](https://www.sitelock.com/blog/2019/04/pipdig-vulnerability/) | [Wayback Archive](https://web.archive.org/web/20190406053808/https://www.sitelock.com/blog/2019/04/pipdig-vulnerability/)

##### Malware: The Gift That Keeps on Giving
2017-06-02 *Infosec Island* [Article](http://www.infosecisland.com/blogview/24935-Malware-The-Gift-That-Keeps-on-Giving.html) | [Wayback Archive](https://web.archive.org/web/20170606172629/http://www.infosecisland.com/blogview/24935-Malware-The-Gift-That-Keeps-on-Giving.html)

#### Contributed Content
Articles containing my quotes or research

##### What Does It Take To Be a Cybersecurity Researcher?
2021-04-12 *The Hacker News* [Article](https://thehackernews.com/2021/04/what-does-it-take-to-be-cybersecurity.html) | [Wayback Archive](https://web.archive.org/web/20210412165613/https://thehackernews.com/2021/04/what-does-it-take-to-be-cybersecurity.html)

##### ASIC Cyber Attack Linked to RBNZ Breach
2021-01-26 *The Australian* [Article](https://www.theaustralian.com.au/business/technology/asic-cyber-attack-linked-to-rbnz-breach/news-story/fa4e38dac3db4710bc5c8a46f607aa8d) (requires subscription)

##### ASIC Cyber Attack Linked to RBNZ Breach
2021-01-26 *Daily Telegraph* [Article](https://www.dailytelegraph.com.au/business/asic-cyber-attack-linked-to-rbnz-breach/news-story/fa4e38dac3db4710bc5c8a46f607aa8d) (requires subscription)

##### ASIC sic’d by sickening cyber security incident
2021-01-26 *ITWire* [Article](https://www.itwire.com/security/asic-sic-d-by-sickening-cyber-security-incident.html) | [Wayback Archive](https://www.itwire.com/security/asic-sic-d-by-sickening-cyber-security-incident.html)

##### Acronis Cyber Readiness Report: Pandemic reveals cybersecurity gaps, need for new solutions
2020-09-09 *Acronis Blog* [Article](https://www.acronis.com/en-us/blog/posts/acronis-cyber-readiness-report-pandemic-reveals-cybersecurity-gaps-need-new-solutions) | [Report](https://dl.acronis.com/u/rc/WP_Acronis_Cyber_Readiness_Report_EN-US_200908.pdf) | [Wayback Archive (Article)](https://web.archive.org/web/20200910215942/https://www.acronis.com/en-us/blog/posts/acronis-cyber-readiness-report-pandemic-reveals-cybersecurity-gaps-need-new-solutions) | [Wayback Archive (Report)](https://dl.acronis.com/u/rc/WP_Acronis_Cyber_Readiness_Report_EN-US_200908.pdf)

##### VMBlog Expert Interview: Topher Tebow of Acronis Reveals Findings from their 2020 MSP Cybersecurity Readiness Survey
2020-06-09 *VMBlog* [Article](https://vmblog.com/archive/2020/06/09/vmblog-expert-interview-topher-tebow-of-acronis-reveals-findings-from-their-2020-msp-cybersecurity-readiness-survey.aspx) | [Wayback Archive](https://web.archive.org/web/20200619171146/https://vmblog.com/archive/2020/06/09/vmblog-expert-interview-topher-tebow-of-acronis-reveals-findings-from-their-2020-msp-cybersecurity-readiness-survey.aspx)

##### Coronavirus crisis: Online church services attacked by hackers using child pornography
2020-05-16 *Fox News* [Article](https://www.foxnews.com/tech/coronavirus-online-church-services-attacked-child-pornography-hackers) | [Wayback Archive](https://web.archive.org/web/20200515225920/foxnews.com/tech/coronavirus-online-church-services-attacked-child-pornography-hackers)

##### Expert Advice During World Password Day 2020
2020-05-07 *VMBlog* [Article](https://vmblog.com/archive/2020/05/07/expert-advice-during-world-password-day-2020.aspx#.Xsa7HxLQhhH) | [Wayback Archive](https://web.archive.org/web/20200521173300/https://vmblog.com/archive/2020/05/07/expert-advice-during-world-password-day-2020.aspx#.Xsa7WBLANhE)

##### 7 Steps to Web App Security
2019-09-03 *Dark Reading* [Article](https://www.darkreading.com/analytics/7-steps-to-web-app-security/d/d-id/1335695) | [Wayback Archive](https://web.archive.org/web/20190904202018/https://www.darkreading.com/analytics/7-steps-to-web-app-security/d/d-id/1335695)