Home / Consulting assignments

Consulting assignments

Cyber Security consultant: 2023 - ongoing (state agency)

I am mainly responsible for design, installation, configuration, maintenance/operation of several instances of SIEM and log management tools. Addition of new log sources including building new parsers, enrichment of log sources, integrations etc. Development and implementation of new SIEM use cases. Training SOC operators/administrators in SIEM/log management and cyber security. Vulnerability management.

Palo Alto Networks XSOAR (Subject Matter Expert): 2021 – 2023 (multinational corporation)

I was mainly responsible for the design and installation of a multi-tenant installation of XSOAR. Several tenants and central tenant for managing the TIM module. Integration with AWS Security Hub, MS Sentinel, ArcSight and many more. Built a lot of content with several playbooks with hundreds of tasks, automations, layouts, etc.

After production, I did several upgrades and managed the operation of the installation.

ArcSight (Subject Matter Expert): 2018 – 2023 (multinational corporation)

I was an ArcSight senior engineer. Handled most of the design, installation, upgrade, troubleshooting of the ArcSight environment. It was one of Europe's largest installations averaging 150K EPS and peaking well over 200 EPS, through the Transformation Hub. The ArcSight Platform consisted of a total of twelve hosts. ArcSight ESM was a Distributed Correlation with a total of four hosts with an average EPS of over 50K EPS. We had over 200 Connectors, many of which were proprietary Flex Connectors of various types. Made many integrations with Cloud services that downloaded log data from both Azure and AWS. I developed a lot of my own monitoring and statistics collection of all application components, because ArcSight Management Center has many shortcomings.

Microsoft Sentinel (Subject Matter Expert): 2019 – 2023 (multinational corporation)

I enabled and configured MS Sentinel but a variety of Data Connectors. Developed many own analytic rules. Integrated with on-prem systems and various cloud portals.

Cyber Security Consultant: 2010 – 2020 (multinational corporation)

Worked as a consultant for several of Sweden's county councils/regions, utilities and large companies. I worked with design, training, installation, upgrading, troubleshooting in the Cyber Security area. The main focus was ArcSight and Elastic Stack.