Greg Carson

Threat Intelligence and Incident Response Lead at TMX Group
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
CA
Skills

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

Mark Das

Greg is a self motivated individual who really dedicates himself to his craft. He is organized and task oriented, and doesn't mind putting in extra time to get the task at hand done thoroughly.

Daniel Pajtak

Greg goes above and beyond. I first met Greg while he worked as a TAM, at that time he was already well known within the company and highly respected for his technical capabilities. His passion led him to joining the consulting team where he quickly excelled in performing offensive security assessments. Greg is constantly evolving and combined with his professionalism, he is a tremendous asset to any team.

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • RSA Security Analytics Sales Engineer
    RSA
    Nov, 2013
    - Nov, 2024
  • CompTIA Security+
    PearsonVUE
  • Data Protection - DLP
    McAfee
  • McAfee Network Security Platform
    McAfee Partner eLearning
  • RSA enVision Certified Systems Engineer
    Pearson VUE

Experience

  • TMX Group
    • Canada
    • Financial Services
    • 700 & Above Employee
    • Threat Intelligence and Incident Response Lead
      • Mar 2018 - Present

      • Evaluate, POC, Implement and Manage Breach Attack Simulation (BAS) and integrate with use case development, threat intelligence and security operations programs• Advise senior leadership on SOC and Security Engineering roadmap (technology and process)• Evaluate, Implement and Manage Threat Intelligence Platform (TIP)• Curate and integrate third party Open-Source and commercial IOC streams with TIP• Integrate Threat Intelligence with appropriate tools in the security stack and develop use cases• Fine tune indicator streams and develop methodology reducing risk of intelligence based proactive blocking and streamlining intelligence based investigations• Evaluate, POC, Implement and Manage Endpoint Detection and Response (EDR) tool• Lead incident response and forensics activities acting as point of escalation for our L1/L2 analysts• Coordinate internal Threat Intelligence reporting• Lead Threat Hunting activities• Lead Continual Use Case Development workshops and contribute to hands-on SIEM and EDR use case development• Leverage IT services for introducing automation to SOC operations• Conduct annual tabletop exercises• Execute quarterly social engineering exercises• Assist in development of internal red team and purple team activities Show less

    • Senior Information Security Analyst & Engineering Services
      • Dec 2016 - Mar 2018

      • Advocate and oversee the implementation of new logging policies including the deployment of Sysmon and WEC to thousands of systems and GPO changes to enhance visibility• Design, architect and implement new security solutions and services for the Exchange and it's various business units• Designed from a scratch a multi-day Cyber Security Incident Response Table Top exercise and led the assessment for one of our subsidiaries• Oversee enterprise wide annual Tabletop exercises• Implementation and Management of 802.1x Wired and Wireless NAC solution• Day to Day operational monitoring and incident response utilizing the McAfee suite and QRadar• Lead quarterly social engineering phishing exercises and training• Improve operational monitoring by researching and suggesting novel improvements to existing monitoring scenarios• Constructed new logical monitoring scenarios and implemented them on related security technologies (SIEM, IPS, Active Directory GPO configuration changes, Security Architecture modification at network and policy level)• Review service contracts and existing license agreements to reduce costs during renewal process• Built scoring system/process and vulnerability evaluation metrics for our vulnerability assessment practice Show less

  • Cyderes
    • Canada
    • Computer and Network Security
    • 500 - 600 Employee
    • Incident Response Specialist
      • Mar 2016 - Nov 2016

      - Forensic Imaging (FTK Imager, EnCase Forensic v6)- Memory Forensics (Volatility, Rekall)- Malware Analysis (DOCX, PDF)- Develop from scratch a pure C++ application that interacts with Windows API (Supporting XP to Server 2016) to aggregate interesting data points in a central database (malware persistence mechanisms and novel malware detection methods) and then ingest the database into Splunk and perform frequency analysis- Enterprise scale response and remediation services using a variety of industry standard tools- Innovative tool development to meet the needs of the team, develop Powershell and Python scripts to work with multiple vendors APIs- Mentor new staff and assist senior leadership in selecting tools + budget, conducting pre-sales, and shaping direction of the team Show less

    • Penetration Testing and Security Risk Assessments
      • Jun 2014 - Mar 2016

      Provide offensive security and ISO 27001 security risk assessment services for clients across a variety of industries.- Execute assessments in accordance with PTES- Define scope of engagements- Gather intelligence from public sources and build target profiles- Conduct vulnerability scans using common tool sets (Nessus, MVM, NMAP)- Review and validate scan findings reducing false positives- Exploit systems using common tool sets (Kali, Metasploit Framework, Python Developed Exploits), explore privilege escalation and lateral movement options within the organization, identify crucial data stores, domain takeover- Execute social engineering attacks including online harvesting, vishing, spear phishing, physical perimeter checks and USB based attack vectors (teensy/arduino)- Perform Web Application Assessments (Acunetix, Burp) and test manually for OWASP Top 10 vulnerabilities- Documentation and reporting- Remediation and recommendations- Conduct security maturity assessments in accordance with ISO 27001/2 advising organizations on how to reform security programs and adopt modern tactics, tools, and procedures- Mentor junior team members and foster growth of technical capability and new service offerings within the teamConducted on-site assessment for a customer that generates Billions in Net Income across systems distributed geographically. Performed penetration testing, vulnerability assessment, and reporting across 10,000+ systems to help secure from future attacks. Show less

    • Technical Account Manager
      • Apr 2012 - May 2014

      Work onsite and remotely providing leadership and technical expertise for a major Canadian Bank. Responsible for managing, designing, deploying, and maintaining one of the largest North American SIEM deployments. Responsible for training, leading, and delegating tasks to a team of three individuals reporting to me.Research emergent threats (deploy and operate honey-pot, perform behavioural malware analysis on interesting ELF/Binaries, create IP/File/URL blacklist) and implement correlation rules for detecting and mitigating security threats. Interface with various Lines of Business in the incident response and handling process. Establish SLAs, Escalation Procedures, and make recommendations on architecture and monitoring solutions. Manage various ongoing projects and recurring tasks, ensuring timely resolution and progress towards end goal. Key member of Managed Security Services (MSSP) team, helping to maintain customer and vendor relationships as well as adapt service models to ensure scalability and meet constantly evolving challenges.Report weekly, monthly, quarterly, and annually to the customer on a variety of metrics and data including but not limited to SLA, performance, capacity planning, incident information, response time, and incident time to closure.Deploy Proof of Concept and demonstrate value to prospective stakeholders.Maintained and nurtured a positive and growing relationship with major client for 2 years by making the solution work for their needs. Show less

    • MSSP SOC Tier-II Security Engineer
      • Apr 2011 - Apr 2012

      Customer facing role responsible managing IPS, Firewall and SIEM security solutions for medium to enterprise level multi-national clients. Demonstrated capacity to consistently meet and exceed customer expectations representing and reinforcing the THG brand through positive interaction with clients.Roles and Responsibilities:- Create from scratch and deliver onsite 3-Day tailored McAfee NSM training for customers- Point of escalation for Tier-1 team- Installation and deployment of clustered SIEM environment- Application and OS upgrades- System performance and metric analysis- Organize and oversee ongoing projects related to managed platforms- Create and maintain system architecture and design documentation- Troubleshoot complex system errors and issues- Develop custom rules for IPS and SIEM environments- Architect managed platform security configuration and design- Work as an onsite technical security resource for major Canadian Bank- Identify significant security threats and provide recommendations to mitigate exposure - Work with client to meet audit requirements unique to their IT environment- Evaluate Internet-wide security threats/exploits in relation to events reported on managed security platforms Show less

    • MSSP SOC Tier-I Team Lead
      • Oct 2010 - Apr 2011

      Technical team lead for a group of 10 Tier-1 Security Analysts working in our Security Operations Center. Improved incident response escalation quality and times and created numerous process documents detailing vendor specific and vendor agnostic security concepts. Roles and Responsibilities- Incident response and monitoring- Extensive log and packet analysis- Escalate security threats to managed customers- System health monitoring of managed customer platforms- Develop rules for IPS and SIEM platforms- Lead team of Tier-1 security analysts- Report on individual and team performance metrics- Identify and revise operational inefficiences- Create process documentation for platform specific and security related concepts for use by Tier-1 analystsI also acted as a point of escalation for more complex security issues which required senior staff input, sat in on client facing and internal meetings to represent the Tier-1 team, and created site-to-site VPN tunnels with various customers using Cisco ASA, PIX, and VPN Concentrators. Show less

  • Verold
    • Canada
    • Software Development
    • Junior Software Developer (CO-OP)
      • Apr 2010 - Aug 2010

      At Verold I worked with Senior Developers and Designers on a mobile and web based application. Contributed to design, programming, and project managements phases of augmented reality application for mobile devices and a geographical based mobile phone application for a cultural institution in Durham Region Project successfully finished at end of summer co-op, involved from concept design to completion phases. Worked primarily with Unity 3D + JavaScript, wrote copy for public facing pages. Show less

Education

  • University of Ontario Institute of Technology
    BIT, Specializations in Networking & IT Security
    2007 - 2011

Community

You need to have a working account to view this content. Click here to join now