fordsen tshuma

Seasoned IT Professional with years of experience in Information Systems Security, Cyber Security, Networking, SOC and Service Desk Operations. Holds a BSc in Computer Forensics and Security and MSc in Advanced Computer Networks. Based in Leeds, West Yorkshire, UK looking for new challenges. 
I have several years of experience in management of IT infrastructure Security and networking. 
I am a self motivated and keen leaner who is always looking for challenging opportunities.

Specialities : Information Systems/ Cyber Security, Computer Networking (Cisco Systems) and IT Project Management

SUMMARY
Over 10 years’ experience as IT Security Analyst and Authorization professional with emphasis on:
Web Application security testing, Vulnerability Assessment, Penetration testing and generating reports.
Network security testing
Resolving complex networking, hardware, and software issues in support of business objectives 
Monitor the performance of network, system, and application security solutions to identify and bring to attention breaches and potential intrusion incidents.

Responsible and hardworking, I can handle working under pressure as well as communicate and collaborate seamlessly with a teamwork environment.

TECHNICAL SKILLS
Real-time traffic analysis, network IDS and packet dissection 
Network vulnerability scanning and penetration testing.
Wireless penetration testing – WPA, WPA2, WEP
Routers and switches configuration and installation
Experience with tools like Microsoft Defender (ATP), Splunk, Cisco Stealth watch, Wireshark, Aircrack-ng, Burpsuite, Metasploit, Nmap, Nessus, Crowdstrike EDR, Splunk, Arcsite,            
Understanding of different acts like ACPO good practice guide in relation to digital forensics and data recovery
Data recovery using tools like Encase, FTK imager, Cellebrite
Production of witness statements and court presentation

PROFESSIONAL EXPERIENCE

TalkTalk Plc
Cyber Security Analyst - Shift Lead      Jan 2022 to Date
Leading a 24/7 Shift team of 3 Analysts responsible for security Incident response and SOC queue management. Responsible for people management and quality management of SOC tasks

Main duties include:
Responsible for handing security incidents received/escalated from the SOC Analysts (Tier 1 or Tier 2) and you will need to perform a business impact analysis on the security incident
Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up activity status. 
Remain current on cyber security trends and intelligence (open-source and commercial) in order to guide the security analysis & identification capabilities of the SOC team. 
Provide oversight and guidance to Security Analysts and fulfil SOC Manager responsibilities in the absence of the SOC Manager. 
Perform advanced event and incident analysis, including baseline establishment and trend analysis. 
Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. 
Responsible for identifying training needs and building a training development plan for the Analysts to the management team.
Ensure that all identified events are promptly validated and thoroughly investigated. 
Devise and document new procedures to the playbooks and add to the SOC Wiki. 
Identify opportunities for SOC and client system tuning. 
Stakeholder and Client Reporting.
Oversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Operational Level Agreements (OLAs). 
Improve and develop new content based on observed and measured SOC activity. 
Manage incidents up to the preliminary forensics processes. 
Perform additional analysis and based on the business impact will recommend the response actions and escalation path
Coordinate mitigation, response and investigation efforts when security incidents arise
Identify and investigate potential suspicious activity as well as helping organisations identify, isolate and contain security issues
Identify and investigate potential suspicious activity as well as helping organisations identify, isolate and contain security issues

NHS Digital
Cyber Security Advisor                      Feb 2021 - Jan 2022
Working as a Cyber Security Advisor, my role is focused on supporting the activities of Analysts in different sections within NHS Digital. I work with different security technologies and tools to investigate security alerts and provide incident management and support to different NHS Organisations and to enhance the security posture of the entire NHS estate.
Main duties include:

Monitor security applications and triage alerts, escalating where appropriate
Investigate and resolve incidents to contain and remove security threats as safely and quickly as possible
Create and continue to develop use cases using threat intelligence information and lessons learned as a result of any incidents and alerts
Collect, correlate and analyse security data from multiple sources to detect external and internal threats and vulnerabilities to our services
Contribute to the development of new documentation and processes to continually improve and optimise SOC services
Create reports for management updates and escalations
Provide guidance and technical expertise to the wider NHS organisations 
Work closely with NCSC and Accenture to remediate security alerts from NHS Trusts throughout the country
Manage the CSOC mailbox
Monitor NHS domain and mitigate phishing, spoofing and Ransomware alerts
Monitor and remediate compromised credentials within NHSmail
Provide incident management and support to different NHS Organisations

LEEDS CITY COUNCIL, UK
Information Security Analyst      June 2019 – Jan 2021
I have been involved in multiple projects like upgrading of proxy servers, security software and the testing and implementation of other network security tools within the corporate environment. I am currently involved in the software defined networking project within Leeds City Council and testing of security within the implementation of Gigabit Ethernet across the city. 
Main duties include:
End point security management and support
Proxy server configurations, troubleshooting and management
Network Intrusion Prevention System monitoring
Network Access Control
VPN configuration/troubleshooting – Site to Site, Remote Access, SSL
Investigations into End Point Security threats i.e. Virus/Malware/System Vulnerabilities
The daily monitoring of SIEM reports and dashboards using LogRhythm
Carrying out vulnerability assessments
Behavioural analysis to mitigate the risk of the insider threat
Monitor endpoints through utilisation of the Forescout system
Investigate and assist in the resolution of endpoint issues
Issue access privileges to new users and modify privileges for existing users to facilitate timely and appropriate access to business-related systems

DKAF Limited 
Vulnerability Analyst            February 2013 – May 2019
Involved in the analysis of Web servers/applications and Network security to detect weaknesses using WebScarab, Burpsuite, NetScanner, Nessus, Nmap and other scanning tools 
Main duties include:
Developing risk-based mitigation strategies for web applications, networks, and operating systems
Tracking and compilation of vulnerabilities and mitigation results to quantify the effectiveness of programs
Creation and maintenance of vulnerability management policies, procedures, and training
Review and define requirements for information security solutions
Organise Network based scans to identify possible network attacks and host-based scans to identify vulnerabilities in servers, workstations, and other end point devices 
End to End automated testing of functionalities.
Detection, assessment, communication, remediation coordination of security vulnerabilities
Provide technical vulnerability analysis and determine remediation options
Provide metrics and reporting on changes to the state of system security, threat, vulnerability, and patch management
 

BSc Computer Forensics And Security:  2:1

Modules: Computer Architecture, Software Development, Network Forensics, Databases, Information Security

MSc Advanced Computer Networks: 2:1

Modules: My core modules were tailored to equip students to sit for and achieve CCNP at the end of the course. I did the following modules; Advanced Switching and routing, Advanced Networking Security and Cloud computing. I studied Cisco systems routing, Switching, VLans, VTP's ACL's, Securing systems and Enterprise routing, switching and network designing