Martin G.

Nystrom
E-mail : martin.nystrom@gmail.com Website: xianshield.org,
blogs.cisco.com/author/martinnystrom,
linkedin.com/in/mnystrom

Objective
Build and operate cyber security programs to protect customers and enterprises

Profile
Proven cyber security executive with experience delivering $50M+ portfolios, building and leading customer-facing security
services, and corporate InfoSec

Commands advanced experiential knowledge on security threats and response

Advises executive customers of security threat and operational trends in quarterly briefings
Compelling presenter with credibility to engage customers and win business
Published author, representing rich cyber security experience in books, papers, and executive briefings

Specialties

incident response, detection, and investigations

security operations
cyber threat intelligence
application, network, and system security
designing, deploying and securing web applications

Work experience
Cisco Security Services December 2015 Present
Director
Responsible for global delivery of rapidly growing $55M managed security portfolio, including advanced cyber threat detection
and security device management.

24x7 delivery across 4 global Security Operations Centers (SOC) in USA, APAC, and EMEAR
Directs global team of team of senior security investigators to hunt threats using advanced threat intelligence, security
telemetry, and advanced analytics
Delivers and cultivates rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP, ThreatGrid
sandboxing, advanced threat intelligence using CIF, Soltra, and OpenSOC, including Hadoop for consuming, parsing
and analyzing 6 Gbps at each PoP, with all forms of system telemetry and syslog
Delivers expert security device management including monitoring, planned changes, patch management, and
architectural growth
Specialist in cyber security for healthcare and public sector

Cisco Security Services July 2014 December 2015

Senior Manager
Leads Managed Threat Defense (MTD) advanced cyber threat detection for Cisco Security Services

Martin G. Nystrom 1
 24x7 advanced cyber threat detection across 4 global Security Operations Centers (SOC) in USA, APAC, and EMEAR
Responsible for rapidly growing $5.5M service portfolio
Manages team of senior security investigators to hunt threats using advanced threat intelligence, security telemetry,
and advanced analytics
Delivers and cultivates rapid threat detection using Cisco Sourcefire IPS with AMP, ThreatGrid sandboxing, advanced
threat intelligence using the CIF, and OpenSOC, including Hadoop for consuming, parsing and analyzing 6 Gbps per
PoP, with all forms of system telemetry
Curates hot threats to rapidly respond and monitor for IOCs gleaned from emerging attacks, conceptual attacks, and
urgent vulnerabilities such as Heartbleed and Shellshock

Cisco CSIRT 2011 2014

Senior Manager
Built and led global engineering staff of 17 security architects and engineers; delivering innovative solutions against growing
threats, including APT.

Developed and coordinated broad InfoSec strategy to detect and contain advanced threats
Coordinated all CSIRT operations to ensure investigations, analysis, and engineering functions execute consistently
Architected, budgeted and delivered new $1M portfolio for CSIRT, enabling global cyber security solutions and growing
investigations staff of 60.
Managed successful delivery of massive security response portfolio including Splunk, Cisco WSA, Cisco IPS,
Sourcefire FirePower and AMP, Cisco ESA, FireEye, Passive DNS collection, DNS-RPZ, Cisco ISE, Lancope
StealthWatch, and Mandiant, collecting over 20 billion events per day into 1TB of growing events per day.

Cisco CSIRT 2009 2011

Manager
Managed security operations team, 19-person global staff conducting 24x7 security monitoring, operations, and routine
investigations for Cisco's network.

Developed scheduling and workload distribution to provide 24x7 monitoring

Negotiated, developed, and managed $500,000 portfolio of monitoring engagements for internal clients
Coached staff to new areas of responsibility and aptitude, enabling senior engineers to take on larger projects
Motivated team with creative rewards and growth, maintaining 0% attrition over 2 years
Drove improvements using Capability Maturity Model (CMM) by improving quality assurance, engagement clarity
Assured security in Cisco cloud services initiatives (TelePresence as a service) by providing risk-based monitoring and
response (team recognized with "Collaboration Across Cisco" award )
Continuously operationalized detection and response infrastructure for new acquisitions, data centers, and PoPs

Cisco CSIRT 2005 2009

Information Security Investigations Manager
Investigated, mitigated, and provided subject-matter expertise for dozens of security incidents

Lead and drove improvements to information security monitoring and incident response
Developed strategy for broader team, ensuring project portfolio alignment with strategic objectives Conducted global
threat summit with diverse IT staff, drove projects to mitigate identified threats Tested and drove improvements to Cisco
products (CS-MARS, CS-IPS, others) by regularly engaging engineering/marketing based on deployment experience
Developed standardized incident response handbook for global investigative staff, coordinated input and approval
across HR, Legal, and internal auditors
Selected to attend Cisco Global Technical Leader Program, 2008

Cisco InfoSec 2002 2005

Security Architect
Provide security direction for Cisco projects. Specializing in web security, consult with IT project teams to provide secure
architecture for large projects. Write policy and standards documents to address secure programming and deployment.

Developed web auditing/remediation team to address web security vulnerabilities.

Served as architect for web services security Developed database security strategy
Delivered a series of "Nerd Lunch" presentations to security staff on database, web services, and web security
Authored for O'Reilly Media - SQL Injection Defenses

Martin G. Nystrom 2
 Developed and delivered Secure Web Programming in Java course for global development staff Provided on-call
incident response support: troubleshot high impact incidents, deployed firewall changes, investigated security incidents

Cisco IT 2000 2002

IT Engineer
Provided technical direction to team of engineers. Acted as consultant to business clients in exploring concepts for new
applications. Provided architectural guidance to Sales IT Architecture Team. Sized and delivered tool enhancements and
integration efforts. Develop ed and articulated technical vision. Mentored engineers through coaching, training, and guiding
through technical challenges. Delivered series of presentations to e-commerce staff on internationalization, queuing, and b2b
data exchange via XML.

Developed Partner Business Central - a portal into e-channels applications that allow Cisco partners to select, compare, and
configure Cisco products, then interact with Cisco distributors for pricing, availability, and ordering. Product built in Java, using
XML/XSL, CORBA, and Oracle, allows data exchange with business partners using XML over HTTP. Enabled RosettaNet
integration for standardized message exchange with Cisco business partners.

Publications and Presentations

Seven Most Damaging Attacks: 2015s Lessons Learned in Intrusion Detection

Cisco Live Management Sessions, 2015

Real World Threat Hunting

Keynote, CONFidence Conference, Krakow, Poland, 2015

Deconstructing Incident Response

RSA Conference, 2015

Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks

(co-author), O'Reilly Media, 2009
Required reading for Network Forensic Analysis course at Boston University (2010)

SQL Injection Defenses

O'Reilly Media, 2007

Education
Master of Engineering
North Carolina State University
Master of Engineering in Computer Science

Bachelor of Arts
Iowa State University
BA, Business Administration in Management Information Systems (MIS)

Certifications
Certified Information Systems Security Professional (CISSP)
specialization: Information Systems Security Architecture Professional (ISSAP)

Martin G. Nystrom 3
Cisco Certified Network Associate (CCNA)

Awards and Honors

Manager of the Year (Cisco IT), 2012

Collaboration Across Cisco Award, 2010

for teamwork in securing infrastructure for Cisco's TelePresence during COP15

Martin G. Nystrom 4