Marko Stosic

• Manage and coordinate SIEM/SOC/IR services with multiple MSSP/MDR provides.
• Lead and mentor team of 8 resources in daily SOC/IR tasks and responsibilities.
• Define and oversee multiple SIEM solution design and implementation
• SIEM use case review, gap analysis, migration, validation and new use case development.
• SIEM operations and troubleshooting (e.g log source issues, on-boarding, tuning)
• Define, review and update SOC procedures/processes
• Implemented tracking system with metric KPIs SOC/IR team
• Threat intelligence activities (e.g applying IOCs to detective and preventative controls)
• Review and approve SOC requests such as ACLs, deviations, and exemptions.
• Preform SIEM alert tuning and logic updates reducing alert volumes and response time..
• Preform security event review, investigation, response, escalations, and solution tuning.
• Preform or support Threat and Risk Assessments and/or Threat Modeling sessions
• Participated in table top exercises and post improvements.
• Defined solution requirements and use case (e.g FIM, EDR)
• Review EDR dashboard, conduct scans, custom threat intel, remote wipe, lock down end point encryption
• Troubleshoot EDR/DLP related user complains, modify policies/exemptions as required.
• Review, update and develop new SOP, process flows, and playbooks
• Represent SOC team in various project/initiatives reviews and implementations
• Lead escalated security investigations and incident response activities
• Capture detailed investigations steps/chronology, produce incident reports and post IR activities tracking.
• Collect, prepare and submit SOC/IR compliance metrics, reports and attestations

Achievements:

• Enhanced monitoring coverage by 40% via continuous log source onboarding, logging policy review, parsing corrections and capacity review.
• Enhanced detection coverage by MITRE review, revision and development of new use cases rules/log sources reducing gap exposure.
• Implemented SOC processes including metric, case management, peer review process and playbooks providing team with structured and repeatable approach.
• Successfully migrated 1000+ log sources from on-perm to cloud platforms SIEM solution with MSSP and partner coordination.
• Enhanced protection by defining and implementing threat intelligence information ingestion, processing and response process.

• Conducted SOC MSSP service review with reporting and presentation
• Preformed use case analysis for various event and flow log sources
• Preformed threat hunting activities, analysis and escalations identifying number of gaps and weaknesses.
• Review and respond to alerts, incidents and escalations from various sources (SIEM, Azure, SOC)
• Tuned use cases and revised SOC Standard Operating Procedures(SOP)
• Review threat intel reports and work on IOC updates and validation
• Manage use case and onboarding deliverables between client SOC and MSSP ensuring smooth and continues workflow with 5 - 10 use cases / month.
• Worked on SIEM use case logic definition library for various clients.
• Developed client specific use cases for various log sources (e.g MFA, Gigamon, MS APT, O365, FTP, MAM)
• Developed or updated parsers for various log source (e.g.MFA, MAM, FIM, SSB and more)
• Identified major log flow challenges and provide solution options/support
• Engaged in security tool review and enhancement tasks (e.g FIM, VA, Gigamon, Azure Password Protection)
• Reviewed or generated risk assessment documents as part of RaaS responsibilities
• Participate in project and initiatives requiring SOC input, review or/and advisory(e.g Password policy, lockout policies, O365 sign-in controls, VPN split tunneling, ftp server controls and more)
• Vulnerability scan review, findings analysis, delta reporting, asset owner escalation/tracking
• Achievements: Increased use case review and development volume by developing logic and managing MSSP workload
• Increased client’s threat awareness by detecting new threat previously unknown
• Identified and supported resolutions of SIEM challenges and bottlenecks
• Reduced false detections and streamlined SOC standard operating procedure.

• Preformed SIEM current state assessment, future state analysis and improvement proposal
• Preformed SIEM log source coverage review, analysis and gap remediation
• Coordinated/preformed SIEM health/policy review, EPS source review and rule effectiveness
• Manage workflow and deliverables between security operations and MSSP
• Manage SOC team, providing direction, task prioritization and strategic alignment using NIST
• Provide support to and maintain relationship between SOC and other organization teams
• Coordination of Pentest/PCI ASV activities, remediation, triage, re-testing and tracking
• SecOps process, procedure and standards development and implementation
• Conduct SIEM coverage gap, noise event assessment, SIEM capacity and configuration analysis
• Vulnerability management engagement process development and implementation
• Critical asset assessment, definition and application to SecOps tool set
• Alignment of cyber security annual objects with SecOps epics and stories
• Coordinated and directed FIM configuration/testing and validation with PCI audit
• Defined SecOps SDLC requirements and timelines for upcoming projects
• Managed SecOps engineering team, IR team and contracting resources
• Achievements: Reduced SIEM coverage gap by introducing onboarding and gap remediation process
• Increased operations repeatability by defining and implementing processes and guidelines
• Defined SecOps objectives and tactical goals for each managed resource with clear expectations and timelines
• Engage and maintained relationship-based work environment between SecOps and other teams.

• Preformed SIEM log source assessment, field mapping, use case rule development, testing, tuning, production deployment and documentation
• Responsible for developing SOC Quality Assurance (QA) checks including checklists, process flow, metrics and automation
• Conducted threat hunting activities using SIEM tools
• Conducted security assessments on various security tools including AV/EDR, Email and Web gateways
• Preformed client technical requirements gathering and implementation planning
• Responsible for SOC assessment, review and target state planning
• Draft SOW and project plans for client engagements
• Lead client requirements assessment and development proposition
• Manage consulting resources tasks and provide direction
• Develop automated case management playbooks with SOAR automation
• Achievements: Developed, tested and delivered use cases required to regulatory compliance as defined in project timeline
• Contributed to overall SOC quality improvement by tracking progress, measuring QA results and identifying key problem areas requiring improvement.

• Responsible for SIEM on-boarding tasks and troubleshooting
• Responsible for Policy Auditor asset configuration, scanning and reporting
• Responsible for Vulnerability Scan asset configuration, scanning and reporting
• Performed Use Case development assessment, testing, tuning, documenting and promoting
• Preformed Security checklist process review and renewal
• Reviewed pentest results and provided guidance and feedback to project team
• Achievements: Developed and implemented use cases for high priority/impact project with in defined project time lines
• Enhanced security though conducting manual security tests on critical applications and helping with remedial efforts.

• Conduct security architecture, conceptual designs, service cards and process mapping
• Drafted comprehensive Cyber Security Program and worked towards review/revision and approval process
• Develop managed security service catalog including business case, service offering and use case definitions
• Conduct new product research, testing and development (ex
• Anomali Threat Intel, Juniper SRX/SKY ATP)
• Develop and present service offering, service overview, service SLAs and product demonstration
• Draft new or updated existing security processes and standards
• Conduct Statement of Work (SOW) estimation, drafting, submission and presentation
• Conduct client RFP review, proposal submission and presentation
• Develop and implement new security services as part of proof of concept
• Develop and implement cyber security KPI/KRI as part of client’s requirements
• Lead SOC 2 pre-audit assessment conducting control review, owner assignment, interviewing
• Act as primary compliance contact for audits facilitating audit request and requirements
• Responsible for SIEM rule, report and filter development and/or enhancement
• Responsible for SIEM day to day operations and response
• Conduct regular SIEM component upgrades such as content/context updates, ESM upgrade and more
• Conduct log source sizing, onboarding and content development
• Work with L1 SOC analysts to maintain and enhance SOC processes
• Responsible for determining and ensuring client requirements are meet in timely manner
• Responsible for Case management and weekly client touch points
• Responsible for metrics management and monthly/quarterly analysis and reporting
• Responsible for compiling and presenting SIEM solution enhancements
• Achievements: Contributed to expansion of managed security service offering allowing for additional revenue opportunities
• Enhanced threat detection though modification and addition of new SIEM rules/filters allowing for more accurate and valuable detections
• Enhanced and modified reporting system to include data analysis presenting client with more value
• Enhanced SIEM log sauce monitoring providing for accurate log flow monitoring and analysis.

• Conduct security architecture, conceptual designs, service cards and process mapping
• Drafted comprehensive Cyber Security Program and worked towards review/revision and approval process
• Develop managed security service catalog including business case, service offering and use case definitions
• Conduct new product research, testing and development (ex
• Anomali Threat Intel, Juniper SRX/SKY ATP)
• Develop and present service offering, service overview, service SLAs and product demonstration
• Draft new or updated existing security processes and standards
• Conduct Statement of Work (SOW) estimation, drafting, submission and presentation
• Conduct client RFP review, proposal submission and presentation
• Develop and implement new security services as part of proof of concept
• Develop and implement cyber security KPI/KRI as part of client’s requirements
• Lead SOC 2 pre-audit assessment conducting control review, owner assignment, interviewing
• Act as primary compliance contact for audits facilitating audit request and requirements
• Responsible for SIEM rule, report and filter development and/or enhancement
• Responsible for SIEM day to day operations and response
• Conduct regular SIEM component upgrades such as content/context updates, ESM upgrade and more
• Conduct log source sizing, onboarding and content development
• Work with L1 SOC analysts to maintain and enhance SOC processes
• Responsible for determining and ensuring client requirements are meet in timely manner
• Responsible for Case management and weekly client touch points
• Responsible for metrics management and monthly/quarterly analysis and reporting
• Responsible for compiling and presenting SIEM solution enhancements
• Achievements: Contributed to expansion of managed security service offering allowing for additional revenue opportunities
• Enhanced threat detection though modification and addition of new SIEM rules/filters allowing for more accurate and valuable detections
• Enhanced and modified reporting system to include data analysis presenting client with more value
• Enhanced SIEM log sauce monitoring providing for accurate log flow monitoring and analysis.

• Responsible for SIEM on-boarding tasks and troubleshooting
• Responsible for SIEM rule review and testing
• Conduct SIEM variable review and modification
• Performed SIEM auto-discovery future review and testing
• Responsible for on-boarding process redesign, testing and documentation
• Conduct EPO and security product assessment for use, currency and performance
• Perform ePO, Virus Scan and DLP upgrades
• Conduct DLP requirements assessment for DLP program
• Enhance device control DLP and deploy content based DLP rules and policies
• Implemented DLP review and response process
• Testing and deployed File and Removable Media Encryption system for removable and optical devices
• Achievements: Streamlined SIEM data source on-boarding process allowing the team to achieve sprint objectives on time
• Enhanced security and awareness though assessment and deployment of Data Loss Prevention (DLP) solution across all organizational end-point
• Upgraded and enhanced DLP coverage by expanding solution capabilities to cover multiple data movement vectors via both device protection and content-based protection
• Enhanced portable/optical media security by deploying and configuring file and media encryption solution.

• Responsible for SIEM on-boarding tasks and troubleshooting
• Responsible for SIEM rule review and testing
• Conduct SIEM variable review and modification
• Performed SIEM auto-discovery future review and testing
• Responsible for on-boarding process redesign, testing and documentation
• Conduct EPO and security product assessment for use, currency and performance
• Perform ePO, Virus Scan and DLP upgrades
• Conduct DLP requirements assessment for DLP program
• Enhance device control DLP and deploy content based DLP rules and policies
• Implemented DLP review and response process
• Testing and deployed File and Removable Media Encryption system for removable and optical devices
• Achievements: Streamlined SIEM data source on-boarding process allowing team to achieve sprint objectives on time
• Enhanced security and awareness though assessment and deployment of Data Loss Prevention (DLP) solution across all organizational end-point
• Upgraded and enhanced DLP coverage by expanding solution capabilities to cover multiple data movement vectors via both device protection and content-based protection
• Enhanced portable/optical media security by deploying and configuring file and media encryption solution.

• Responsible for IDS, NDLP, Host/Network malware event review, response and escalation
• Responsible for Canada wide Anti-virus, and Endpoint Encryption operations and sustainment
• Responsible for testing, deploying, operating and troubleshooting of Host-DLP
• Responsible for ePO upgrade, Agent upgrade, VirusScan and HIPS patching
• Achievements: Strengthened overall security posture and compliance requirements by pushing end point host encryption to mobile endpoints across Canada
• Tested network perimeter security tools for detection accuracy and effectiveness.

• Responsible for IDS, NDLP, Host/Network malware event review, response and escalation
• Responsible for Canada wide Anti-virus, and Endpoint Encryption operations and sustainment
• Responsible for testing, deploying, operating and troubleshooting of Host-DLP
• Responsible for ePO upgrade, Agent upgrade, VirusScan and HIPS patching
• Achievements: Strengthened overall security posture and compliance requirements by pushing end point host encryption to mobile endpoints across Canada
• Tested network perimeter security tools for detection accuracy and effectiveness.

• Responsible for Vulnerability Management, detection, reporting, and validation
• Responsible for deployment and operations of Vulnerability Scanning/Testing tools
• Responsible for global Anti-virus, and DLP operations, sustainment and troubleshooting
• Responsible for testing, deploying, operating and troubleshooting of Host-Based Firewall
• Responsible for incident review, response and containment
• Managing week-to-week meetings and initiative progress with managed services provider
• Responsible for deployment of Enterprise-Level Credential Management solution
• Co-writing/development of global Information Security policy
• Responsible for identity and access management process review and solution proposal
• Respond to and investigate detected malware and phishing attacks
• Responsible for certificate management, EV validation, issuing, revoking and renewing
• Conduct logging and SIEM rule assessment and provided enhancement recommendations
• Drafted a logging best-practice/configuration guideline
• Achievements: Assessed and cleaned up global Mcafee central management tool
• Upgrade of global Mcafee (ePO) central management tool from v4.6 to v5.3
• Global patching of Mcafee VirusScan on 2500+ end points
• Successfully deployed Vulnerability scanning/testing tools
• Assumed the ownership and responsibility certificate management
• Delivered Enterprise-Level redundant and secure Credential Management solution.

• Responsible for Vulnerability Management, detection, reporting, and validation
• Responsible for deployment and operations of Vulnerability Scanning/Testing tools
• Responsible for global Anti-virus, and DLP operations, sustainment and troubleshooting
• Responsible for testing, deploying, operating and troubleshooting of Host-Based Firewall
• Responsible for incident review, response and containment
• Managing week-to-week meetings and initiative progress with managed services provider
• Responsible for deployment of Enterprise-Level Credential Management solution
• Co-writing/development of global Information Security policy
• Responsible for identity and access management process review and solution proposal
• Respond to and investigate detected malware and phishing attacks
• Responsible for certificate management, EV validation, issuing, revoking and renewing
• Conduct logging and SIEM rule assessment and provided enhancement recommendations
• Drafted a logging best-practice/configuration guideline
• Achievements: Assessed and cleaned up global Mcafee central management tool
• Upgrade of global Mcafee (ePO) central management tool from v4.6 to v5.3
• Global patching of Mcafee VirusScan on 2500+ end points
• Successfully deployed Vulnerability scanning/testing tools
• Assumed the ownership and responsibility certificate management
• Delivered Enterprise-Level redundant and secure Credential Management solution.

• Responsible for SIEM, assessment, architecture redesign, enhancement, testing/tuning and upgrading
• Responsible for Configuration Management operations, sustainment and enhancement
• Responsible for Anti-virus operations, sustainment and upgrade
• Responsible for Web Proxy operations, sustainment and enhancements
• Responsible for deployment of Vulnerability Management tool
• Responsible for Vulnerability/Exploit risk assessment and response
• Responsible for process and procedure development and deployment
• Developed Standard Operating Procedure for advance malware response
• Respond to and resolve security and network events/incidents
• Review, analyses, recommend and implement best security practices
• Assist with preparation for NERC audit through information and evidence gathering
• Threat detection enhancements thought threat analysis and detection trigger development across multiple security tools
• Achievements: Enhanced SIEM redundancy through event flow assessment and reduction of single point of failure
• Enhanced SIEM detection though additions of log sources and rule modifications required for more accurate detection as well event quality review along with flex connector development facilitation
• Enhanced incident response by developing and deploying process and procedure required for standardized response
• Standardized assessment and response to critical and high vulnerabilities by developing and deploying assessment/response process and procedure
• Further developed configuration management tool and standardize detection review process
• Elevated detection scope and quality for Anti-virus system by detecting and resolving operational issues
• Elevated perimeter security by assessing, upgrading and tightening up Web Proxy policies therefore reducing risk exposure.

• Developed event based investigation and response guideline for SOC team
• Developed Standard Operating Procedure for advance malware response
• Developed Standard Operating Procedure for Vulnerability Management
• Developed malware incident tracking, classification and trending
• Prioritized SIEM alerts and assigned corresponding response
• Worked on re-architecture corporate wide SIEM log flow design
• Deployed, configured and troubleshooted SIEM ArcSight appliances
• Provide direction, guidance and assistance to Security Operations Center (SOC) team
• Responsible for development, enhancement, testing/tuning of SIEM correlation rules
• Developed and applied Cyber intelligence capability for SOC
• Preform rotational 24/7 On Call pager duties
• Performed security consultant duties for various corporate projects and initiatives
• Conduct security assessments for projects and compliance requirements
• Perform eCAB/CAB review and approvals for network security related matters
• Vulnerability scan review, findings analysis, delta reporting, asset owner escalation/tracking
• Review vulnerability/app/code scans and present threat and risk assessments based on OWASP methodology
• Conduct annual Payment Card Industry (PCI) pre-audit
• Configuration/File Integrity tool administration
• Achievements: Enhanced advance malware awareness and impact by presenting the whole cycle of advance malware attack
• Enhanced SIEM detection mechanisms to further detect security violations by on-boarding new rules, active channels and new alerting definition
• Standardized advance malware incident response by developing a well-tested response process flow and operating procedure
• Enhanced Cyber intelligence capability by organizing intelligence sharing group.

• Provide direction, guidance and assistance to Security Operations Center (SOC) team
• Responsible for development, enhancement, testing/tuning of SIEM correlation rules
• Specialize in advance malware detection, response and investigations
• Deployed next generation advance malware detection system
• Responsible for incident response preparedness
• Coordinated and conducted security wireless assessment scans
• Developed and maintain lab environment for forensics investigations and malware reverse engineering
• Assessed threats and risks based on cyber incident attacks
• Perform malware threat research and testing
• Perform security technology research and testing
• Perform or support forensic investigations
• Develop or review security procedures, processes and guidelines
• Manage corporate vulnerability scanning tool
• Perform operational management of corporate antivirus system
• Monitor and tune intrusion prevention system
• Enhanced web proxy threat detection system
• Worked on development of configuration management solution and testing
• Preparing next generation SIEM RFI, evaluation and user case scenarios
• Achievements: Enhanced Canadian Tire’s security by raising threat awareness
• Enhanced Canadian Tire’s security by enhancing incident response and investigation capabilities
• Enhanced Canadian Tire’s security by expanding security tools capacity for greater and more accurate security event detection.

• Act as lead for new project implementation/integration
• Provide direction, guidance and assistance to SOC team members
• Responsible for development, testing, tuning and documentation of new correlation rules
• Responsible for overseeing day to day SIEM operations
• Responsible for development and baselining of new security reports
• Responsible for testing, pre-production setup and operalization of enterprise DLP tool
• Propose, communicate and present new security initiatives
• Assess, develop, test and deploy new security monitoring procedure
• Conduct or oversee incident investigations and escalation
• Conduct or support forensic investigations
• Conduct application testing and troubleshooting
• Develop and maintain issue tracking system for effective communication and issue resolution between different departments
• Build relationships with corporate teams to promote and achieve SOC initiatives
• Achievements: Enhanced CIBC’s security monitoring capabilities by deployment of data loss protection system and integration of the system into security operations center
• Enhanced CIBC’s security by expanding SIEM capacity for greater and more accurate detection of malicious activity
• Enhanced CIBC’s security/compliance reporting and investigation capacity by major contribution to enterprise wide log management project initiative.

• Implemented a Threat and Risk Assessments (TRA) model
• Implemented and managed intrusion detection and event analysis/correlation system
• Implemented and managed corporate wide vulnerability scanning tool
• Deliver threat status and risk awareness though reports and presentation
• Act as security/compliance technical and process subject matter expert
• Responsible for security assessments of newly proposed IT architecture
• Research, propose, test, recommend and implement next generation security solutions
• Develop and implement security strategic, tactical and functional plans
• Develop and review security polices, standards, procedures, processes and guidelines
• Conduct security consolations/reviews during project life cycle
• Responsible for security monitoring, incident response and investigations
• Responsible for enforcement of identity management process controls
• Propose, communicate and present security plans and strategies to senior management
• Provide security and compliance best practice guidance, work closely with and facilitate auditor’s requests during annual compliance audit
• Achievements: Contributed to the development, implementation and maintenance of SOX/PCI compliance technical and process controls
• Contributed to establishment of Sun Media’s corporate governance by development of security policies, procedures, guidelines, and standards
• Introduced, engineered and designed central security event management system for Sun Media’s revenue generating service networks and internal network
• Reduced vulnerability/risk level for Sun Media networks through the introduction, implementation and maintenance of Vulnerability Management framework cycle
• Enhanced Sun Media’s system availability through the introduction of central performance and health monitoring system
• Enhanced Sun Media’s system and data integrity through introduction and implementation of system file integrity checking and file/object monitoring
• Contributed to development of corporate information/data classification scheme
• Introduced and promoted Information Security Sun Media’s culture though development and communication of security awareness program
• Contributed to formation of Corporate Information Security and Compliance Committee enhancing corporate wide Information Security and Compliance presence.

• Conducted security risk assessments
• Performed vulnerability and penetration tests on systems
• Conducted business impact assessment
• Contributed to privacy impact assessment
• Applied system hardening configurations
• Customer private information security assessment
• Access and authorization rights assessment
• Security log analysis.

• Performed vulnerability tests on 50+ systems.
• Reported assessed security risks to management with mitigation recommendations
• Preformed access and authorization rights assessment with recommendations report.
• Mitigated security risks through proactive application of system hardening security configurations.