Download PDF

Skills

Cyber Threat Intelligence
10

Threat actor TTP profiling, STAR, TIBER-EU, CBEST, iCAST threat intelligence leadership

Technical Communication
10

Written, visual and oral presentation of security and intelligence analysis concepts 

Intelligence Analytics
9

Development and application of analytic  tools and techniques to the CTI problem space

SOC Operations
8

Enterprise monitoring, threat hunting, Blue Team and remediation of cyber threats

Management & Leadership
7

Line management & mentoring

SIEM & IDS Engineering
5

Engineering of NSM, SIEM and IDS/IPS SOC technologies

About Paul

Paul Hood is a dedicated cyber security professional, committed to the principles of personal excellence and never backs down from a new technical challenge. 

He diversifies his skills into Cyber Threat Intelligence, SOC Operations and SIEM technology design and deployment.

The rest of the time, he's happiest freeride snowboarding, mountaineering and aspiring to deep-sky astrophotography.

Portfolio

I have authored Cyber Threat Intelligence research pieces, delivered technical briefings to industry & regulators, and contributed to multiple Threat Intelligence and cybersecurity knowledge bases.

Technical Proficiencies

  • CTI: Recorded Future, Digital Shadows, Flashpoint, SiloBreaker, HackerTarget, DomainTools, VirusTotal, BreachSense, CyMon, SocialGrep etc.
  • SOC: FalconHost, ArcSight, Carbon Black, TheHive
  • NSM: FireEye, Suricata, Bro, UTM.
  • Data: Elastic Stack, LogRhythm
  • Testing: EnCase, Volatility, Nessus, Kali, OpenVAS, Burp Suite, Metasploit
  • Coding: Python

Professional History

Sep 2021Present

Senior Threat Intelligence Consultant

SecAlliance
  • Broad delivery of CBEST, TIBER, iCAST and CTRA CTI services
  • Threat actor TTP research & red team scenario integration
  • Geopolitical threat analysis & threat landscape projection
Mar 2018Aug 2021

Senior Threat Intelligence Analyst

Nettitude, Advisory Services Team
  • Lead development of new, successful CTI service products
  • Developed active & enhanced CTI recon analysis packages
  • Integrated 'Red Team' techniques into CTI workflow
  • Evaluated & integrated commercial CTI sources
  • xBEST/TIBER Threat Intelligence scoping & delivery
  • Automated CTI data analytics & enrichment
  • Senior stakeholder CTI SME, scoping & debriefing
  • Industry publication & CTI research
July 2016June 2017

Head of Security Operations (Acting)

University of Oxford, OxCERT
  • Primary Critical Incident Handler for Oxford University
  • Line management of University of Oxford CERT
  • Oversight of security operations business function
  • Senior Supplier for six-figure deliverables
  • SME to law enforcement and senior stakeholders
  • Threat actor profiling & briefing to C-level
  • Tender elicitation, specification and delivery
Feb 2014July 2016

Security Operations Lead

University of Oxford, OxCERT
    • Frontline SOC & IR technical leadership
    • Network vulnerability assessment & digital forensics
    • Bespoke SIEM & NSM engineering in Elastic Stack

    CIO Recognition Award for SIEM development

    Certifications

    July 2021July 2024

    Crest Certified Threat Intelligence Manager (CCTIM)

    CREST

    Threat intelligence team leadership, engagement management, knowledge in all areas of threat intelligence and proven experience in operational security, data collection / analysis and intelligence production.

    Mar 2015

    Digital Forensics, Security Management

    JISC

    EnCase  ▪  FTK Imager  ▪  SANS DFF  ▪ Volatility 
    SOC Leadership   ▪   Incident Management 

    Nov 2014

    TRANSITS I

    TERENA / GÉANT Association

    Incident Response   ▪   SOC Operations   ▪   ISO-27K

    20022006

    Physics BSc (Hons)

    University of Kent

    Faculty Excellence Award 3rd year