Diana Flores Blanco

The Blue Squad Leader manager serves as a highly specialized extension of my team to optimize the full spectrum of XFTM capabilities like threat insight, prevention, detection, response, and recovery. Also, work as a mentor and a point of escalation when my team require my assistance.

• Enhances XFTM operational support to high severity security incidents by leading internal operational communications and post-recovery reviews to provide visibility and incorporate findings, outcomes, and lessons learned.
• Analyze XFTM operational metrics and KPIs for risks, issues, and opportunities to recommend actions to advance the overall service and the client's security posture.
• Participate in the evaluation and implementation of custom reporting requirements to tailor XFTM operational reviews and the client's visibility to their security program objectives.
• Internally aligns XFTM operations with the security program maturity road-map established in collaboration with the Consulting Team.
• Provide technical leadership and oversight of service optimization activities, including use case implementation process guidance, prioritization, synchronization, status tracking, and coverage mapping in accordance with the security program maturity road-map

established by IBM.

The Blue Squad Leader provides cross disciplinary and cross platform leadership of XFTM operations to achieve the client's security objectives and optimal technical outcomes.

The Blue Squad construct provides a focused mission tailored, cross discipline team assigned to meet a target client’s security program requirements. The mission is to act as a highly specialized extension of the client’s security apparatus to provide advanced rapid detection and mitigation of security threats and provide IBM technical security service governance.

With the squad model, a combination of shared and dedicated resources, we introduce a skilled technical threat management leader to drive the client’s threat management services mission

.

Blue Squad Leaders have operational leadership responsibility for the client across functional components.

Escalation Engineer Responsibilities regarding Escalations
· Expertise in time of customer crisis.
· Customer threat investigation: Customer incident investigations.
OD Responsibilities regarding Escalations
· Monitor SOC TAC Inbox for incoming escalations and make sure to assign them to the appropriate resource.
M1 Seat Responsibilities regarding Escalations
· Monitor queues – (Inbound, PCRs/OCRs and Verify) for any trouble or critical tickets, making sure they are handled by the proper individuals.

Tier 1 SOC Analyst which roles and responsibilities are; find suspicious or malicious activity by analyzing alerts; reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details, finally we creates new trouble tickets Incident Response reviews.

-Analyze events, flows, alerts and advance analysis of Potential Security incidents.
-Correlate events and find tuning opportunities to have a healthy environment on customer’s console.
-Make recommendations to clients about increasing security.
-Analyze traffic trends across customer base for large trends.
-Report Security Events and make customer escalations based on traffic analysis.
-Identify trends in traffic and make recommendations to clients based on trends.
-Make recommendation to clients to improve security posture.
-Stay abreast of current and upcoming threats.
-Work with customers during crisis times to help mitigate the crisis and better client security posture to
ensure crisis does not occur again.
-Identify trends in traffic and make recommendations to clients based on trends.

Tier1 Security Analyst on the Computer Security Incident Team (CSIRT). CSIRT is responsible of Analyzing, preventing, mitigating planning risk loss and security incidents. Monitoring IDS and IPS sensors. Handling Data Lost Prevention (DLP) cases, detecting anomalies on the internal network, and preventing data breach, providing the confidentiality in the entire Cisco network.