Thom Robinson

Cyber Defence Analyst with extensive experience in security operations, incident response, and threat detection within military environments. Demonstrated proficiency in 24/7 SOC operations, utilizing SIEM platforms and forensic analysis to enhance security measures. Skilled in collaborating with cross-functional teams and briefing senior leadership to improve overall security posture. Committed to leveraging cybersecurity expertise to drive organizational success.

• Security Blue Team Level 2 - Currently Studying
• Certified Detection Analyst (GCDA) - September 2024
• Elastic Certified Analyst - October 2023
• Security Blue Team Level 1 - January 2023
• Continuous Monitoring Certification (GMON) - May 2022
• Certified Enterprise Defender (GCED) - June 2021
• Splunk Foundation Courses 1-3 - November 2020 - May 2022
• Tanium Training - February 2022
• ElasticSearch Analyst Training - June - September 2022
• Immersive Labs - Concurrent Training

Military Exercises, Participated in multiple international cyber exercises alongside teams from the USA, NATO countries, and Japan, while serving as a Cyber Defence Analyst at MOD Corsham. Assessed system vulnerabilities and actively performed incident response roles within simulated environments. Gained fundamental skills in network hardening, advanced analysis, and proactive threat hunting, concurrently rounding out individual capabilities. Honed expertise in SIEM tools, teamwork, and critical communication during high-stakes scenarios. Military Operations, Contributed to two significant military cyber operations at MOD Corsham, applying diverse cybersecurity skills to advance operational objectives. Part of a team that developed a portable Security Onion toolkit capable of recording PCAP data and facilitating live searching of imported data in various operational areas. Contributed to the analysis of collected network data, meticulously searching for indicators of compromise (IOCs). Led the implementation of a PacketRAID system for enhanced log collection and storage capabilities during a multi-visit deployment to a network location. Played a key role in the subsequent analysis of collected system data to identify potential indicators of compromise.

Within my job roles mentioned above, I have used a large set of tools to conduct differing job roles These include:

• ELK - Primary use of this tool has been for the analysis of logs, however when part of the DFIR teams, the ability and understanding of building and configuring these tools was required and used in multiple instances
• Tanium - Primarily used as a tooling to monitor live devices within the network monitored, with the ability to pull files for further analysis on 3rd party tooling.
• Microsoft Defender - Tool which has been my primary tool over my experience within the MOD Core SOC. This allows for analysis of logs, network information, file information and other required tools for ticket completion within the SOC.
• FTK Imager - Used primarily as an image capturing tool for both RAM and ROM devices.
• Wireshark - Used to conduct analysis of network traffic within PCAP format.
• Other tooling has been used sporadically throughout my career, giving me further understanding of differing tools standards and layouts.

• Video and Board Games
• Walking/Hiking
• Astronomy