Joe Avanzato

DFIR Leader, Blue Team Developer, C-Suite Communicator, Detection Engineer, Threat Hunter, Blue Team Specialist

joeavanzato @ gmail.com

GitHub, LinkedIn, MalCommands, BeeSting

Profile Picture

$whoami

  • A blue team professional with over a decade of experience spanning Incident Response, Detection Engineering, Threat Hunting, Threat Intelligence, Security Operations and Adversary Simulation
  • Have led the design, procurement, implementation and development of projects including SIEM, SOAR, Deception, MDR, Intelligence and other related topics
  • Development experience spanning Python, PowerShell, C#, Go and related frameworks for command-line, GUI and web-based applications
  • Working experience across all major cloud service providers - Azure, AWS and GCP
  • Experience working within security platforms such as Varonis, Splunk, LogScale/Humio, ArcSight, Microsoft Sentinel, etc
  • Proficiency with endpoint security products such as CrowdStrike, Defender, CarbonBlack, SentinelOne, Trellix, Cylance, etc

    • Experience

    • Varonis, Security Operations & DFIR Group Leader (Senior Manager)
      • December 2023 - Present
      • Leading group of ~22 globally dispersed specialists across 5 distinct teams - DFIR, Adversary Simulation and Blue Team Engineering
      • Grew reporting structure from 2 -> 22 employees over ~3 years, proving business value through sustainable metrics
    • Varonis, DFIR Team Leader (Manager)
      • August 2022 - December 2023
      • Leading a team of DFIR specialists handling major incidents for customers including ransomware, data theft, domain compromise, cloud compromise, etc
      • Developed tools in PowerShell, Python, C# and Go to improve team capabilities
      • Develop product proof-of-concept features to improve business platform capabilities
    • Varonis, Security Specialist
      • October 2021 - August 2022
      • Led DFIR engagements for customers
      • Developed tools, platforms and frameworks in Python, PowerShell and C# to boost capabilities
      • Performed attack and defense research for product and team maturity
    • Paychex, Cyber Detection Lead
      • December 2019 - October 2021
      • Led cyber detection strategy development, research and direction
      • Use-Case research, development and life-cycle management
      • Built partnerships across the enterprise to improve visibility, telemetry and general log maturity
    • Paychex, Senior Incident Response Specialist
      • June 2019 - December 2019
      • Led triage and investigation for alerts across the enterprise
      • Extensive Python/PowerShell for investigation/SOAR automations
      • Extensive utilization of Splunk and CrowdStrike - Hunts, Dashboards, etc

    Degrees and Certifications

  • GIAC Cloud Forensics Responder (GCFR)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Advisory Board
  • Rochester Institute of Technology, M.S., Computing Security (4.0)
  • University of Rochester, Bachelors, Double-Major in Physics and Political Science

    • Tool Sampling

    Grid Table

    Blogs & Writeups

    Grid Table