Gabriel Haab
Senior Security Analyst
I have been studying cybersecurity (formally and informally) for the past eight years, participating in CTF competitions, creating assessment scripts, and testing the security of enterprise environments. I have both Bachelor's and Master's degrees in cybersecurity and several certifications in the field. I have experience with multiple programming languages and the development/usage of exploits and C2 frameworks. I developed a homelab to simulate target environments and practice bypassing different security controls.
Contact: gabrielhaab@gmail.com ● Gabriel's LinkedIn Profile
Professional Experience
Microchip Technology (3+ Years)
Microchip Technology Inc. is a leading provider of microcontroller, mixed-signal, analog, and Flash-IP solutions;
Senior Security Analyst
June 2023 – Present
Identify and evaluate potential threats and vulnerabilities in the environment.
Execute daily threat-hunting activities against different threat actors.
Collaborate with different teams for the deployment of security controls.
Develop payloads and scripts to simulate threats identified by OSINT reports.
Emulate Advanced Persistent Threats to evaluate the security controls and environment visibility.
Develop scripts in Python to automate incident response and data collection through API calls.
Prepare high-level reports to summarize security data and environmental trends
Security Analyst II
May 2022 – June 2023 (1 year)
Security Analyst I
June 2021 – May 2022 (1 year)
MegaplanIT Holdings LLC. (10 months)
MegaplanIT is an MSP that provides services such as "SoC as a service" to several industries in Arizona and the US.
Security Analyst II: Incident Response Specialist
Jan 2021 – May 2021 (5 months)
Triage of hundreds of alerts generated by several security solutions for different clients.
Threat hunting of potential threats for each client, depending on the business.
Handle vulnerability reports and notify users of critical/high vulnerabilities.
Be the subject matter expert for all EDR solutions.
Develop scripts in Python to automate ticket/alert review and raw log analysis.
Security Analyst I
Aug 2020 – Dec 2020 (5 months)
Triage of daily hundreds of alerts generated by several security solutions for different clients.
Develop scripts in Python to automate ticket/alert review and raw log analysis.
Professional Certifications
NSA Cyber Operations (CAE-CO)
Offensive Security Certified Professional (OSCP)
Offensive Security Wireless Professional (OSWP)
Certified Ethical Hacker (CEH) Practical
Computer Hacking Forensics Investigator (CHFI)
CompTIA Pentest+
CompTIA CySA+
CompTIA Security+
Crowdstrike Administrator (CCFA)
Crowdstrike Responder (CCFR)
Crowdstrike Hunter (CCFH)
Cylance Security Professional (CSP)
Education
Masters of Science in Cybersecurity and Information Assurance
Western Governors University ● Fall 2021 - Spring 2022
The Master of Science in Cybersecurity and Information Assurance degree program is closely aligned with the National Initiative for Cybersecurity Education (NICE) and was designed with input from cybersecurity experts and leading IT employers to meet the most recent US Department of Homeland Security (DHS) and National Security Agency (NSA) guidelines. This program is also aligned with all CISSP security domains.
Bachelor of Applied Science in Cyber Operations - Cyber Engineering Emphasis
University of Arizona ● Fall 2019 - Spring 2021
The Engineering Track is a deeply technical, interdisciplinary, security-focused Computer Science program. The Engineering Track meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements.
Skills
Reconnaissance and Identification of Vulnerabilities.
Automated vulnerability scanning, and manual exploitation of services.
Bypassing of Security Controls.
Capture The Flag Environments such as PG, HTB, THM, and VulnHub.
Manage Security Controls (SIEM, EDR, SOAR, AV): Splunk, Logrythm, AlienVault, CarbonBlack, CrowdStrike, Siemplify, Symantec Endpoint Security, Sophos, and Cylance.
Raw log analysis and manipulation: RegEx.
Development of Scripts: API integration and automation.
Incident Response.
Malware Analysis: Static and Dynamic analysis.
Cyber Forensic: Data Acquisition, Preservation, and Analysis.
Programming Languages: Python, Bash, Powershell, C, and Assembly.