24 KiB
TOPHER TEBOW
CYBER THREAT HUNTER
See application for contact details.
SUMMARY
- Experienced Cybersecurity Professional with 10+ years of expertise in threat intelligence, threat hunting, and web application security.
- Multiple certifications, including cybersecurity analysis, penetration testing, and network security.
- Experienced in cross-platform detection and analysis, including Windows, Linux, and macOS.
- Well-versed in malware and vulnerability analysis techniques and tools.
- Strong experience in fast-paced environments that require speedy and accurate analysis and remediation.
- Ability to communicate highly technical concepts and details to a variety of audiences.
CERTIFICATIONS
Security
| Certification | Issuing Organization | Certification Number |
|---|---|---|
| Systems Security Certified Professional (SSCP) | International Information System Security Certification Consortium (ISC2) | 2002157 |
| CySA+ | CompTIA | 25QPHQLT22EEQ33K |
| PenTest+ | CompTIA | F5W66WNT1EE4QWW8 |
| Security+ | CompTIA | 3WZQEMXSNEBE195G |
| Network+ | CompTIA | QMTV1HBQPJR1Q39J |
| A+ | CompTIA | YSP0KKEYBBE41MK8 |
| Linux Essentials | Linux Professional Institute | 5agtvrf82v |
Project & IT
| Certification | Issuing Organization | Certification Number |
|---|---|---|
| Certificate in IT Service Management | ITIL Foundation | GR671340266BT |
| Six Sigma Green Belt | The Council for Six Sigma Certification (CSSC) | PEqbg5qYw7 |
| Project+ | CompTIA | 2YFXP64YLBFEQ535 |
TECHNICAL SKILLS OVERVIEW
Cybersecurity Frameworks & Standards
- NIST CSF, MITRE ATT&CK, PCI DSS, SOC2, ISO 27001, CIS, OWWASP Web Security Testing
Threat Intelligence & Monitoring
- Threat Intelligence Technologies: Anomali ThreatStream, Recorded Future, ThreatConnect, Stairwell, IntSights, VirusTotal, AT&T AlienVault, IBM X-Force, Microsoft Defender Threat Intelligence, Flashpoint Ignite, Wordfence Intelligence
- Threat Intelligence Standards: STIX, TAXII
- Monitoring, SIEM, & SOAR Tools: CrowdStrike Falcon, Google Chronicle, Siemplify, Cofense Triage, QRadar, Snort, Cortex XSOAR, Grafana, Kibana, Splunk, ThreatConnect, Elastic SIEM, Elastic Stack, Logstash
- OSINT Tools: Maltego, Shodan, Google Trends
Penetration Testing & Vulnerability Assessment
- DAST Tools: Burp Suite, OWASP ZAP, Nmap, Wireshark, BeEF, SQLmap, Metasploit
- SAST Tools: TrueCode, Veracode
Malware Analysis & Detection
- Analysis Tools: Cuckoo Sandbox, Procmon, Process Hacker, ANY.run, IDA Pro, X64dbg, Radare2, Ghidra, Hybrid Analysis, Joe Sandbox
- Detection Engines: YARA, HyperScan, ClamAV, Acronis
Development & Automation
- Programming & Scripting: Bash, PowerShell, Batch, Python, Perl, JavaScript, PHP, Lua, C, C#, Go, Rest API, Regular Expressions (Regex)
- Web & Design Frameworks: jQuery, Laravel, Angular, Bootstrap, Tailwind
Cloud & Virtualization Technologies
- Cloud Platforms: Amazon Web Services (AWS), Azure
- Virtualization & Containerization: Hyper-V, VMWare, VirtualBox, QEMU, oVirt, KVM, Virt-manager, Kubernetes, Docker, Vagrant
Operating Systems and Web Servers
- Linux, macOS, Windows, Android, iOS, Apache, IIS, Nginx
Database Management
- MySQL, SQL Server, MariaDB, SQLite, PostgreSQL
Collaboration Tools
- Jira, Confluence, Git, GitHub, Bitbucket
EDUCATION & HONORS
Western Governors University
Bachelor of Science in Cybersecurity and Information Assurance
Oct 2021 - Jul 2024
- I obtained a B.S. degree in Cybersecurity and Information Assurance.
- I was awarded the Excellence Award for my work in Emerging Technologies in Cybersecurity.
Scottsdale School of Film & Theater
Associate of Arts in Film Production
Jan 2012 - Jun 2015
- I studied all aspects of film and television production, from scriptwriting and pre-production, to crew positions on set, and the post-production process.
- I obtained 82 credit units toward an A.A. degree.
Order of the Sword & Shield
The Order of the Sword & Shield National Honor Society is the largest and most respected organization representing the Homeland Security, Intelligence, Emergency Management, Cyber and Information Security, and all Protective Security disciplines.
National Society of Leadership and Success
The NSLS is an organization that provides a life-changing leadership program that helps students achieve personal growth, career success, and empowers them to have a positive impact in their community.
Community Involvement
InfraGard
Phoenix, AZ
Feb 2020 - Present
InfraGard is a partnership between the private sector and the FBI, fostering public-private collaboration to protect critical infrastructure better.
Arizona Cyber Threat Response Alliance (ACTRA)
Phoenix, AZ
Feb 2020 - Present
ACTRA leverages public and private cross-sector resources to more effectively analize critical and real-time intelligence, and respond to cyber threats.
EXITNODE
Phoenix, AZ
August 2024 - Present
EXITNODE connects tech enthusiasts with a passion for connecting with others and providing a network of support for new engineers. The philosophy is rooted in accessibility and diversity, welcoming anyone with a passion for technology.
Open Cybersecurity Alliance
Phoenix, AZ
April 2020 - Present
OCA is building an open ecosystem where cybersecurity products interoperate without the need for customized integrations.
Filigran Community
Phoenix, AZ
July 2019 - Present
The Filigran community is a public collaborative of cybersecurity professionals working to to provide cybersecurity and crisis management teams with the best possible software fueled by actionable threat intelligence.
CTI League
Phoenix, AZ
Mar 2020 - Present
The CTI League, an all-volunteer non-profit group that focuses on aggressively dismantling cyber criminal infrastructure and protecting healthcare organizations against cyber attacks.
DC602
Phoenix, AZ
Aug 2018 - Present
DC602 is a gathering point for those interested in alternate applications of modern technology, providing a space to discuss technology and security topics.
DC480
Phoenix, AZ
Aug 2018 - Present
DC480 is a group of hackers, infosec professionals, and learners new to cybersecurity, coming together to learn and share experiences in cybersecurity.
PHX2600
Phoenix, AZ
Feb 2015 - Present
PHX2600 is a group of hackers and technology enthusiasts who gather monthly to discuss code, tech, and other hacking related topics.
PROFESSIONAL EXPERIENCE
Threat Hunter
Charles Schwab
Hybrid, Tempe, AZ
- Play a critical role in analysis of disparate information and synthesizing into relevant actionable intelligence.
- Ability to deliver accurate, timely and professional intelligence products.
- Support investigative efforts within the CSOC and the Security Organization.
- Capable communicator that can engage others both internally and externally to protect the company’s critical assets.
- Interface with peer departments across the firm.
- Build positive and productive relationships with the business and technology.
- Ability to securely share actionable intelligence internally and externally while maintaining TLP.
Cybersecurity Analyst & Technical Writer
Microsoft
Remote, U.S.
- Collaboratively identified emerging cyber threats with a team of analysts and researchers.
- Authored 223 threat descriptions for the Microsoft Threat Encyclopedia, ensuring accuracy and completeness.
- Reviewed and refined 45 threat analytics reports for the Microsoft Defender Threat Intelligence platform, maintaining Microsoft's standard for accuracy and clarity.
- Conducted additional research to supplement researcher data, ensuring a holistic understanding of threats.
- Elevated team knowledge on cybersecurity threats through meticulous research and documentation.
- Drove team collaboration to pinpoint and document evolving cyber threats.
Threat Researcher
Defiant
Remote, U.S.
- Identified and documented potential threats through log review, penetration testing, and research resources.
- Utilized tools like Burp Suite and ZAP to identify vulnerabilities in web applications.
- Used the MITRE ATT&CK framework and OWASP Top 10 to help analyze and categorize web threats.
- Drove threat awareness by producing key educational resources for identified threats.
- Boosted Defiant's threat intelligence by uncovering new trends in cybersecurity and publishing them to the Wordfence Intelligence platform.
- Contributed to multimedia production for educational videos, promoting cybersecurity awareness.
Senior Cyber Security Researcher
Acronis
Tempe, AZ
- Worked as a Cyber Protection Operations Center (CPOC) member to monitor and respond to alerts from AI, behavioral, and static detections across all endpoints using Acronis Cyber Protect products.
- Utilized regex and behavioral analysis to write malware detection rules for Acronis’ custom detection engine, significantly reducing risks to Windows, macOS, and Linux systems.
- Made use of custom scripts to perform penetration testing on desktop applications to identify vulnerabilities in Windows, macOS, and Linux applications.
- Analyzed emerging threats, utilizing tools such as Procmon, Process Hacker, IDA Pro, X64dbg, Radare2, Cuckoo Sandbox, ANY run, and VirusTotal to craft detection strategies that preemptively neutralize risks.
- Led a cross-functional team to educate stakeholders through videos on emerging threats and best practices.
- Authored technical blog posts, enhancing the company's reputation in the cybersecurity field.
- Strengthened community relationships, facilitating the exchange of crucial threat intelligence.
Manager, Web Security Research
SiteLock
Scottsdale, AZ
- Spearheaded the training and development of new analysts, fostering a collaborative work environment.
- Monitored the alert queues to ensure web threats on client websites were addressed quickly and accurately.
- Pioneered the optimization of processes and tools, improving efficiency.
- Contributed to security patch backporting and malware detection rule writing.
- Managed a machine learning project, showcasing innovative thinking to improve malware identification by 12%.
- Authored technical and thought leadership articles, exhibiting an analytical understanding of industry trends.
- Analyzed emerging malware trends, improving the company’s threat intelligence stance.
Web Vulnerability Research Analyst II
SiteLock
Scottsdale, AZ
- Spearheaded security patch reviews in content management systems (CMSs), ensuring optimal system integrity.
- Pioneered the backporting of patches to older versions, maintaining system functionality.
- Constructed comprehensive test cases using Vagrant and Docker, validating patch compatibility with former application versions.
- Analyzed web threats through code review and penetration testing, using tools like Burp Suite, ZAP, and Metasploit, to ensure robust system security.
- Evaluated CMS security, leading to the identification and mitigation of new vulnerabilities.
Web Security Research Analyst II
SiteLock
Scottsdale, AZ
- Managed alert queues to quickly mitigate emerging web threats on customer websites.
- Led malware analysis and signature creation for enhanced web security.
- Performed penetration testing on web applications to identify vulnerabilities, making use of tools like Burp Suite, ZAP, BeEF, Nmap, and Metasploit.
- Initiated a malware trend-tracking program, improving threat prediction accuracy.
- Developed and managed a suite of tools, optimizing company-wide processes.
- Launched a company podcast, significantly boosting brand visibility through creative media.
- Maintained team server and applications, ensuring optimal performance.
Lead Web Security Analyst
SiteLock
Scottsdale, AZ
- Spearheaded team development and mentoring initiatives, including updating and developing processes and procedures.
- Innovated a new team division to enhance customer service and internal career progression.
- Monitored and managed alert queues to ensure customer websites were cleaned of malware quickly and accurately.
- Collaborated with IT and compliance teams to ensure cybersecurity policies aligned with regulatory requirements like SOC2 and PCI DSS.
- Managed and updated the knowledge base, ensuring accurate and updated information.
- Redesigned new hire training materials, elevating departmental knowledge and skills.
- Delivered technical training to new hires, fostering a proficient and competent workforce.
- Mentored 10+ analysts, elevating team performance and career growth.
Web Security Analyst II
SiteLock
Scottsdale, AZ
- Managed alert queues to quickly eradicate malware from customer websites.
- Identified and eliminated web threats using code review and penetration testing.
- Advised and educated customers on best practices and processes for updating web content filtering.
- Streamlined operations via innovative applications in PHP and JavaScript.
- Mastered multiple programming languages and database formats for comprehensive threat analysis.
- Implemented effective problem-solving strategies to ensure website security.
Hosting Support
Go Daddy
Gilbert, AZ
- Assisted customers with troubleshooting issues in their shared hosting accounts.
- Provided support via chat, phone, support tickets, and server support as needed.
- Developed several web-based applications to streamline workflow and improve efficiency.
Chat Support
Go Daddy
Tempe, AZ
- Assisted customers with domain, hosting, email, and billing issues through chat support.
- Utilized multiple chat applications to handle a range of inquiries, from basic maintenance to complex problem-solving.
- Played a key role in training and coaching the support team in India.
Online Support
Go Daddy
Gilbert, AZ
- Provided customer support for account, domain, shared hosting, and server issues via support ticket system.
- Initiated the creation of scripts to automate repetitive tasks, enhancing team efficiency and effectiveness.
Server Administrator
Terra Del Sol
Portland, OR
- Built website using HTML, CSS, and PHP. Maintained website, updating and troubleshooting as needed.
- Maintained the Windows server that housed the customer management software.
THOUGHT LEADERSHIP
Cybersecurity Podcasts
Acronis Cyber Protection Operations Center News
January 2020 - June 2022 Acronis
- Produced 200 webisodes focused on emerging cybersecurity threats.
- Scripted and presented newscasts on camera, bringing complex cybersecurity topics to a broader audience.
- Created graphics and edited video and audio content.
- Published these newscasts on platforms such as YouTube.
Decoding Security
June 2017 - October 2018 SiteLock
- Produced 29 episodes that delved into the latest cybersecurity news and trends.
- Scripted and presented in-depth stories on critical cybersecurity issues.
- Generated graphics and managed video and audio editing.
- Published content across multiple platforms, including YouTube and Spotify
Speaking Engagements
Acronis Virtual Conference: See Inside a Live Ransomware Attack Then Learn How to Prevent All of Them (EMEA)
2021-06-16 Acronis
Live ransomware demonstration and panel on best practices for preventing attacks
Acronis Virtual Conference: See Inside a Live Ransomware Attack Then Learn How to Prevent All of Them (Americas)
2021-06-09 Acronis
Live ransomware demonstration and panel on best practices for preventing attacks
2021 Partner Kickoff
2021-02-02 Acronis
Moderated discussion with a panel of cybersecurity experts
AZTC Cybersecurity Summit
2020-12-02 Arizona Tech Council and Arizona Cyber Threat Response Alliance
Panel discussion on the subject of risk management
Published Articles
Cross-Site Scripting Vulnerability In Download Manager Plugin
2021-06-07 Wordfence Blog Article
The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner
2021-06-01 Wordfence Blog Article
Your CEO Isn't Real: How to Deal With Deep Fakes
2021-12-06 Security Boulevard Article
Ransomware happens, be prepared: Preventing a LockBit attack
2021-09-30 Adam Fowler IT Article
Recovering from a LockBit Ransomware Attack
2021-09-23 Adam Fowler IT Article
No user too small to target: A look at the new LockBit ransomware
2021-09-16 Adam Fowler IT Article
#BHUSA or bust: Hopes and expectations for Black Hat 2021
2021-07-28 Acronis Blog Article | Wayback Archive
Detonating Ransomware on My Own Computer (Don’t Try This at Home)**
2021-07-14 Bleeping Computer Article | Wayback Archive
I Triggered a Ransomware Attack – Here’s What I Learned
2021-06-23 Security Boulevard Article | Wayback Archive
Is There Hope for ICS and Supply Chain Security?
2021-05-24 Security Boulevard Article | Wayback Archive
Cybersecurity Predictions For 2021
2021-03-17 Cyber Defense Magazine Article |Wayback Archive
OSAMiner: The Apple cryptojacker that hid for five years
2021-01-28 Acronis Blog Article | Wayback Archive
5 Ways to Protect Online Learning Environments
2020-10-23 Security Boulevard Article | Wayback Archive
Securing Healthcare Data in a COVID World
2020-09-01 Security Boulevard Article | Wayback Archive
The 2019 Database Gold Rush
2019-08-08 SiteLock Blog Article | Wayback Archive
The WordPress of the Future
2018-12-28 SiteLock Blog Article | Wayback Archive
When a Good Thing Goes Bad – How Vulnerabilities Were Intentionally Built Into pipdig
2018-04-06 SiteLock Blog Article | Wayback Archive
Malware: The Gift That Keeps on Giving
2017-06-02 Infosec Island Article | Wayback Archive
Contributed Content
Articles containing my quotes or research
What Does It Take To Be a Cybersecurity Researcher?
2021-04-12 The Hacker News Article | Wayback Archive
ASIC Cyber Attack Linked to RBNZ Breach
2021-01-26 The Australian Article (requires subscription)
ASIC Cyber Attack Linked to RBNZ Breach
2021-01-26 Daily Telegraph Article (requires subscription)
ASIC sic’d by sickening cyber security incident
2021-01-26 ITWire Article | Wayback Archive
Acronis Cyber Readiness Report: Pandemic reveals cybersecurity gaps, need for new solutions
2020-09-09 Acronis Blog Article | Report | Wayback Archive (Article) | Wayback Archive (Report)
VMBlog Expert Interview: Topher Tebow of Acronis Reveals Findings from their 2020 MSP Cybersecurity Readiness Survey
2020-06-09 VMBlog Article | Wayback Archive
Coronavirus crisis: Online church services attacked by hackers using child pornography
2020-05-16 Fox News Article | Wayback Archive
Expert Advice During World Password Day 2020
2020-05-07 VMBlog Article | Wayback Archive
7 Steps to Web App Security
2019-09-03 Dark Reading Article | Wayback Archive