Ezra Chona, NERC CIP
Hello! I am a Cyber Security Operating Center (CSOC) Analyst at Unlimited Technology Inc, working in the Clean Energy Generation Industry. My interests include open-source intelligence gathering, trying new restaurants, Cyber CTF's, travelling, and starting new projects. I am currently building a HomeLab to practice threat hunting using open-source tools. I plan on attending online webinars and potentially inperson workshops regarding threat hunting.
Education
B.S. Cyber Operations & Digital Forensics Minor
Dakota State University | Madison, South Dakota
Graduated Fall 2020
GPA 3.51 - Honors List - Fall 2019 & Spring 2020
Certifications
LogRhythm Platform Administrator (LRPA) - Obtained August 2023
LogRhythm Security Analyst (LRSA) - Obtained August 2023
Experience
CSOC Analyst
Unlimited Technology | Rochester NY | Industry: Clean Energy
July 2023 - Current | Workstyle: Hybrid
Developed dashboards and views for team and Management
Worked as analyst/administrator for Primary Network SIEM and served as a security engineer on the Secondary Network SIEM.
Contributed to the development and refinement of operational procedures through the creation of playbooks and runbooks. Collaborated with the teams, implemented efficient event monitoring, drove process improvements, and incorporated new automation initiatives aimed at reducing failures and enhancing the overall performance of SIEM and networking tools, while ensuring compliance with NERC CIP Regulations.
Evaluated NDR tools to enhance visibility into the network.
Participated in industry calls through EISAC.
Managed Cisco network security solutions software,an additional SIEM and performed patching for both.
Trained and Onboarded new CSOC analyst(s)
Participated in presentations to show groups my tools
Cyber Security Analyst
Constellation Energy | Western New York | Industry: Nuclear
August 2022 - July 2023| Workstyle: Hybrid
Created disaster recovery plans, managed related software and system backups in a fleet repository.
Maintained Digital Test Equipment between 2 Nuclear sites to remain compliant with 10 CFR 73.54
Participated in Cyber Security Assessment Team (CSAT)
Tasked with classifying data/documents with internal significance.
Prepared documentation and equipment for regular audits
Participated in fleetwide cybersecurity meetings/evaluations for new technologies entering the plant.
voted on new technologies' safety and potential vulnerabilities.
Performed weekly, monthly, and quarterly tasks to verify the integrity of the Intrusion Detection System (Defensive Architecture) in accordance with NEI 08-09
Managed multiple endpoint antivirus software across various platforms to meet fleet standards.
Conducted regular audits on SIEM to ensure compliance with Nuclear regulatory commitments.
Enforced digital layer separation and maintained cyber integrity across the plant.
Worked on OT (Operation Technology) security devices/processes.
Conducted wireless scans of a protected area using a wireless analyzer to check for rogue networks.
Performed cybersecurity walk-downs in critical plant areas along with threat investigations.
Built and maintained security kiosks for secure file transfer and virus scanning with data being transmitted for investigation.
Maintained and audited password management tool to reduce cyber risk.
Created a standardized cybersecurity tool backpack for fleet Cyber Security Analysts to minimize response time for incidents.
IT Solutions Specialist
PharmaSmart International LLC | Rochester, New York | Industry: Medical Technology
October 2021 - August 2022 | Workstyle: Hybrid
Proofreading, documentation writing, and technical writing support for internal processes and published articles in our knowledgebase
Researched and evaluated endpoint security solutions to be implemented
Designed IT Service Management layout for internal records/end-user requests
Administered Active Directory, Azure AD and Microsoft SharePoint
created app registrations in Azure AD
Performed monthly and quarterly reports in Webroot Endpoint Security Administration & OpenVAS
Provided level II technical support to 50+ users with 150+ endpoints
Traveled to Canada to train others in hardware/software and performed remote troubleshooting
Decommissioning hardware/software with M2M Software
Assisted in SOC II compliance audit
Managed software/hardware verification & validation testing
approved timesheets, wrote bug reports from compiled tester information & trained testers
Implemented MFA company wide, and trained 30+ end-users on how to use MFA
Used SQL Server Management to create queries on deployed live devices
Setup vulnerability management tools OpenVAS and Nessus Essentials to gather insight on internal vulnerabilities
Worked with Dell Support to order technicians to come on site and service equipment
Created and executed approved email phishing campaigns to coworkers through Social Engineers Toolkit
Scheduled Veeam backups for data protection
Lead Tester
Maven Technologies LLC | Rochester, New York | Industry: Recycling
May 2019 - July 2021 | Workstyle: Onsite
Cross trained between network switches, to PC's and Laptops.
Created guidelines/documentation for testing and erasing data effectively
Trained new testers to follow policy and practices
Daily use of data destruction tools used in accordance to DoD 5220.22-M
Projects & Hobbies
Bust-A-Binary: Active Attribution and Analysis of Malware Campaigns
Presented at the South Dakota 2019 Student Research Poster Session at the State Capitol
Presented at the 2019 Dakota State University Research Symposium
Trace Labs - Search Party
Assist law enforcement in crowdsourcing new leads on missing persons cases using open-source intelligence (OSINT) in a Trace Labs Global OSINT Search Party CTF.
Effectiveness Review - NITSL
Led team of cyber security professionals in research centered around Nuclear Generating facilities nationwide and how their effectiveness review process could be improved, or altered
Linode Cloud Computing - Various Projects
Created a Pi-hole instance to filter traffic on my home network to block ads. Practiced white/blacklisting. VPN(WireGuard) to Pi-hole to encrypt traffic
Black Hills Information Security - Antisyphon Training
Took trainings by Antisyphon, which focus on SOC, cyber defense and social engineering
Skills
Office 365/Google Suite
Endpoint Security Administration
SQL Server Management
OSINT
AD/Azure Active Directory
Windows OS, MacOS & Linux
Cyber Risk Management
Audit & Compliance
SIEM Log Review (Splunk)
OWL Cyber Defense Tools
VMware/Virtualbox
Project Management
Vulnerability Management
Data Classification/Protection
MetaDefender Kiosk from OPSWAT
Frameworks
VeeaM
Git/Source Control
Disaster Recovery Planning
Wireless Analyzation
Whitelisting
Cisco Wireless Controller
CyberArk Password Management
White/Black Listing
Awards
Award for Outstanding Undergraduate Research - South Dakota Student Research Poster Session, 2019
Academic Honor Roll Spring 2020 - Dakota State University
Academic Honor Roll Fall 2019 - Dakota State University
Contestant Badge - TraceLabs
Publications
Flack, M; Kramer, N; Snyder, Z; Chona, E; Steckelberg, M; and Brizendine, B: Bust-A-Binary: Active Attribution and Analysis of Malware Campaigns
Events
bsidesroc2022 - attended
bsidesroc2023 - attended
Non-Recognized Certifications
Getting Started in Security with BHIS and MITRE ATT&CK | November 2021
Cyber Threat Hunting Level 1 | May 2021
Active Defense & Cyber Deception | January 2022
SOC Core Skills | March 2022
Intro to Social Engineering | March 2022
Introduction to Pentesting | April 2022
SSH Without Passwords! | March 2022
Affiliations
Volunteer Experience
Last Kings Gaming Community
Moderated an online community of 5.2k+ members
Created rules, created reporting procedures and auto muting bots for rule violations