Skills - Michał Sołtysik

Cybersecurity:

Knowledge and experience with Gigamon, Arkime (formerly Moloch), Cisco Secure Endpoint (formerly AMP for Endpoints), Fidelis Endpoint, Fidelis Network, Cybereason, Microsoft Defender for Endpoint, IncMan SOAR, IBM Security QRadar SOAR (Resilient), IBM QRadar, Splunk, Elastic SIEM, Velociraptor, Sourcefire FireAMP, Cisco Firepower, Cisco Stealthwatch, Microsoft’s ATA (Advanced Threat Analytics), BlueCoat Reporter, Cisco FMC, Zscaler, Wireshark, NetworkMiner, Zenmap, Nmap, Microsoft Message Analyzer, CMS, IBM Virtual SOC Portal, Nessus, Sysinternals Suite, NirSoft utilities, tools from Eric Zimmerman and other applications and tools being used in Security Operations Centres;
The exhaustive log analysis based on a variety of OSes;
The analysis of command line arguments and malicious command executions;
Successful in detecting genuine attacks (e.g. CoinHive – a JavaScript miner) and various penetration tests (e.g. Brute Force attacks, Reconnaissance using e.g. SMB session enumeration, etc.);
Extensive experience with various types and variants of Botnets and Ransomwares;
Successful in detecting hundreds of false positives / true positives / benign true positives along with detailed explanations;
Experience with Kali Linux;
Experience with virtualization (e.g. VMware, Proxmox, or VirtualBox);
Network Traffic Monitoring and Analysis – responsible for the continuous monitoring and improving the organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents with the aid of both technology and well-defined processes and procedures;
Experience with the firewalls and their rules and ACLs;
Expert at Microsoft’s Advanced Threat Analytics:

Introducing the security processes and the manual for Microsoft’s Advanced Threat Analytics within the Global Security Operations Centre;
Investigating and describing various scenarios behind the attacks ATA can detect;
Resolving issues related to Microsoft’s Advanced Threat Analytics along with a Solution Architect;
Providing GSOC with remediation methods in terms of some ATA alerts;
Microsoft Premier Support Cooperation and Coordination.

Extensive experience with systems such as SOAR, SIEM, IDS, IPS, WAF, EDR, NAC, APT, NTA, NIDS, and UTM as well as solutions based on behavioral science:

Creating operational scenarios for the SOAR system IncMan (e.g., automatic mechanisms against SSH and SMTP Brute-Force Attacks as well as IPS, SIEM, malware, and phishing alerts/notifications/incidents);
Creating and tuning rules and indicators based on deep session inspection results in Fidelis Network;
Detecting IPS and WAF signatures that turn out to be false positives;
Supervising team work for operations for SIEM and Network Detection System solutions.

Expert at IBM QRadar (SIEM):

Creating and tuning correlation rules based on events and flows;
Creating many QRadar rules based on Deep Packet Inspection results;
Managing Network Hierarchy and Reference Sets used in many rule correlations;
Detecting issues and suggesting changes in parsing;
Testing workarounds to enhance QRadar functionalities (custom functions);
Dealing with IBM Support regarding QRadar issues.

Experienced expert at Deep Packet Inspection:

Providing SOC with remediation methods in terms of many DPI results;
Knowledge of over 1750 various threats based on DPI results;
Knowledge of threats based on 254 various protocols (IT, IoT, and OT);
Successful in detecting and understanding hundreds of 0-Day threats/exploits/attacks;
Ability to analyze encrypted network traffic (e.g., SMTP, SSH, HTTPS/TLS/SSL/DTLS, etc.);
Ability to detect and analyze a wide variety of threats based on tunneling and encapsulation;
Knowledge of threats for OT/industrial automation based on many DPI results and some content received from Nozomi Networks;
Ability to differentiate between reliable and incorrect Open Source Intelligence (OSINT);
Great understanding of RFC documents and documentation from other vendors.

Expert at Application Security Assessment:

Introducing the security processes and the manual for Application Security Assessment within the Security Operations Centre;
Writing and introducing own application (Bash + PowerShell) to automate the processes to perform Application Security Assessment.

Expert at Forensics:

Introducing the security processes and the manual for Forensics within the Security Operations Centre;
Writing and introducing own application (Bash + PowerShell + Python) to automate the processes to perform Digital Forensics;
Successfully conducting Digital Forensics on various workstations for customers.

Expert at Testing various Solutions used in SOC:

Testing EDR solutions (e.g., Cybereason) based on performing penetration tests to assess their effectiveness and detection engine;
Testing an SMS gateway to assess its privacy level and possible attack vectors;
Testing applications (e.g., PDFsam) based on behavioral and reverse engineering analysis to assess their safety and to authorize their use in the domain;
Testing an internal anti-DDoS solution based on performing various DoS attacks using various tools in Kali Linux against HTTP and TLS to assess its effectiveness and detection engine and to successfully find a major configuration issue in Flow Manager and conntrack.

Decoding and analysis of Linux scripts of different architectures;
Ability to analyze threats written in or based on WMI, JavaScripting, PowerShell Scripting, SOAP API, XML Scripting, JSON Scripting, Nmap Scripting Engine, SQL, Bash, CMD, Python, Visual Basic, C++, etc.;
Advanced Sandbox / Malware / Phishing Analyst;
Reverse Engineering Malware (both for Windows and Linux) Analyst;
Assisting Tier 1, Tier 2, and Tier 3 in Security Operations Centre with expertise and guidance;
Practicing and organizing Blue vs. Red Team / CyberWarfare;
Organizing Advanced Malware Courses and Windows 10 Penetration Tests;
Writing own malware for CyberWarfare activities;
Taking part in SOC employee recruitment;
Taking part in Poland’s biggest conference on cybersecurity as a speaker (The Hack Summit);
Taking part in EC-Council University’s CyberTalk;
Performing the role of SOC team trainer;
Performing the role of cybersecurity trainer (malware, phishing, forensics and chain of custody) for the customers;
Creation and management of the SOC Lab;
Supervising and coordinating a SOC team during Cyber Europe 2024 which is a large-scale cybersecurity exercise organized by the European Union Agency for Cybersecurity (ENISA) – this biennial event aimed to enhance the resilience of Europe’s critical information infrastructures by simulating various cyber-attack scenarios;
Performing the roles of DEFR (Digital Evidence First Responder) and DES (Digital Evidence Specialist) in Security Operations Center;
Recommending various changes in the domain and various infrastructure elements to enhance their safety;
Excellent ability to assess risk for an enormous number of threats and scenarios.

Knowledge of over 1750 threats (including hundreds of 0-day ones) based on 254 various protocols (IT, OT and IoT):

5co-legacy (FiveCo’s Legacy Register Access Protocol)	EAP (Extensible Authentication Protocol)	LLC (Logical Link Control)	RTPproxy
802.11	EAPOL (Extensible Authentication Protocol over LAN)	LLMNR (Link-Local Multicast Name Resolution)	RTPS (Real-Time Publish Subscribe Wire Protocol)
A21	ECHO	LMP (Link Management Protocol)	RX
ACAP (Application Configuration Access Protocol)	ECMP (Equal-Cost Multi-Path)	LON (LonWorks or Local Operating Network)	SABP (Service Area Broadcast Protocol)
ADP (Aruba Discovery Protocol)	EIGRP (Enhanced Interior Gateway Routing Protocol)	LTP (Licklider Transmission Protocol)	SAIA S-Bus / Ether-S-Bus
ADwin communication protocol	Elasticsearch	LWAPP (Lightweight Access Point Protocol)	SAP (Session Announcement Protocol)
ALC (Asynchronous Layered Coding)	ELCOM Communication Protocol	MANOLITO	SCTP (Stream Control Transmission Protocol)
ALLJOYN-ARDP (AllJoyn Reliable Datagram Protocol)	ENRP (Endpoint Handlespace Redundancy Protocol)	MDNS (Multicast Domain Name System)	SDO Protocol (Service Data Object Protocol)
ALLJOYN-NS (AllJoyn Name Service Protocol)	ENTTEC	MEMCACHE	SDP (Session Description Protocol)
AMS (Automation Message Specification)	ESP (Encapsulating Security Payload)	MGCP (Media Gateway Control Protocol)	SEBEK
AMT (Automatic Multicast Tunneling)	EtherCAT	MIH (Media Independent Handover)	SigComp (Signaling Compression)
ANSI C12.22	Ethernet II	MiNT (Media independent Network Transport)	SIP (Session Initiation Protocol)
Any host internal protocol	ENIP / EtherNet/IP (Ethernet Industrial Protocol)	MIPv6 (Mobile IPv6)	SliMP3 Communication Protocol
ASAP (Aggregate Server Access Protocol)	FF protocol (FOUNDATION Fieldbus)	Mobile IP (Mobile Internet Protocol)	SMB (Server Message Block)
ASF (Alert Standard Forum / Alert Standard Format)	FIND (Find Identification of Network Devices)	Modbus	SMTP (Simple Mail Transfer Protocol)
Assa Abloy R3 Protocol	FTP (File Transfer Protocol)	MPLS (Multiprotocol Label Switching)	SNMP (Simple Network Management Protocol)
ASTERIX (All Purpose Structured Eurocontrol Surveillance Information Exchange)	Geneve (Generic Network Virtualization Encapsulation)	MQTT (MQ Telemetry Transport Protocol)	SOAP (Simple Object Access Protocol)
ATH (Apache Tribes Heartbeat Protocol)	GPRS-NS (General Packet Radio Service – Network Service)	MSMMS (Microsoft Media Server)	Socks Protocol (Socket Secure Protocol)
Auto-RP (Cisco Auto-Rendezvous Point)	GQUIC (Google Quick UDP Internet Connections)	MSRPC (Microsoft Remote Procedure Call)	SRVLOC (Service Location Protocol)
AVTP (Audio Video Transport Protocol) / IEEE 1722 AVTP	GRE (Generic Routing Encapsulation)	MySQL	SSDP (Simple Service Discovery Protocol)
AX/4000	GSMTAP	Nano (Nano Cryptocurrency Protocol)	SSHv2 (Secure Shell)
AYIYA (Anything In Anything)	GTP (GPRS Tunneling Protocol) / GPRS (General Packet Radio Service)	NAT-PMP (NAT Port Mapping Protocol)	SSL (Secure Sockets Layer)
B.A.T.M.A.N. GW (Better Approach To Mobile Adhoc Networking)	GTP Prime (GPRS Tunneling Protocol Prime)	NBDS (NetBIOS Datagram Service)	SSLv2
BACnet (Building Automation and Control Network)	GTPv2 (GPRS Tunneling Protocol V2) / GPRS V2 (General Packet Radio Service V2)	NBNS (NetBIOS Name Service)	SSLv3
BAT_BATMAN	H.225.0	NDPS (Novell Distribution Print System)	STREAMDISCOVER
BAT_GW	H.248 Megaco (Gateway Control Protocol)	NFS (Network File System)	STUN (Session Traversal Utilities for Network Address Translation)
BAT_VIS	HART_IP (Highway Addressable Remote Transducer over IP)	NTP (Network Time Protocol)	Syslog
BFD Control (Bidirectional Forwarding Detection)	HCrt (Hotline Command-Response Transaction protocol)	NXP 802.15.4 SNIFFER	TACACS (Terminal Access Controller Access-Control System)
BFD Echo (Bidirectional Forwarding Detection)	HICP (Host IP Configuration Protocol)	OMRON	TAPA (Trapeze Access Point Access Protocol)
BitTorrent	HIP (Host Identity Protocol)	openSAFETY over UDP	TC-NV (TwinCAT Network Vars) / EtherCAT of NV Type
BitTorrent Tracker	HiQnet	OpenVPN	TCP (Transmission Control Protocol)
BJNP (Canon BubbleJet Network Protocol)	HTTP (Hypertext Transfer Protocol)	Pathport Protocol	Telnet
BSSGP (BSS GPRS protocol)	HTTPS (Hypertext Transfer Protocol Secure)	PCP (Port Control Protocol)	TETRA (Terrestrial Trunked Radio)
BT-DHT (BitTorrent Distributed Hash Table Protocol)	IAPP (Inter-Access Point Protocol)	PFCP (Packet Forwarding Control Protocol)	TFTP (Trivial File Transfer Protocol)
CAN (Controller Area Network)	IAX2 (Inter-Asterisk eXchange)	PKTC (PacketCable)	TIME
CAN-ETH (Controller Area Network over Ethernet)	ICAP (Internet Content Adaptation Protocol)	PNIO (PROFINET/IO)	TIPC (Transparent Inter Process Communication)
CAPWAP (Control And Provisioning of Wireless Access Points)	ICMP (Internet Control Message Protocol)	PN-PTCP (PROFINET Precision Time Control Protocol)	TLSv1.2 (Transport Layer Security)
CBSP (Cell Broadcast Service Protocol)	ICMPv6 (Internet Control Message Protocol Version 6)	PN-RT (PROFINET Real-Time)	TPCP (Transparent Proxy Cache Protocol)
Chargen (Character Generator Protocol)	ICP (Internet Cache Protocol)	POP (Post Office Protocol)	TPKT (ISO Transport Service on top of the TCP)
CIGI (Common Image Generator Interface)	IDN (ILDA Digital Network Protocol)	Portmap	TP-Link Smart Home Protocol
CIP I/O (Common Industrial Protocol)	IDPR (Inter-Domain Policy Routing Protocol)	POWERLINK/UDP	TPM (Trusted Platform Module)
CLASSIC-STUN	IEC 60870-5-104 (International Electrotechnical Commission 60870 standards – Transmission Protocols – Network access for IEC 60870-5-101 using standard transport profiles)	PPP (Point-to-Point)	TS2 (Teamspeak2 Protocol)
CLDAP (Connection-less Lightweight Directory Access Protocol)	IEC 60870-5-101/104 (International Electrotechnical Commission 60870 standards – Transmission Protocols – companion standards especially for basic telecontrol tasks / Network access for IEC 60870-5-101 using standard transport profiles)	PTP/IP (Picture Transfer Protocol over Transmission Control Protocol/Internet Protocol)	TZSP (TaZmen Sniffer Protocol)
CN/IP (Component Network over IP)	IEEE 802.15.4 (Institute of Electrical and Electronics Engineers Standard for Low-Rate Wireless Networks)	PTPv2 (Precision Time Protocol)	UAUDP (Universal Alcatel/UDP Encapsulation Protocol)
CoAP (Constrained Application Protocol)	IMAP (Internet Message Access Protocol)	QNX network via the FLEET protocol / FLEET protocol for QNX native networking	UDP (User Datagram Protocol)
collectd network data / plug-in / protocol	InfiniBand	QUAKE	ULP (User Plane Location)
CPHB (Computer Protocol Heart Beat)	IPA protocol (the ip.access “GSM over IP” protocol)	QUAKE2	VICP (LeCroy’s Versatile Instrument Control Protocol)
CUPS (Common UNIX Printing System)	IPMI (Intelligent Platform Management Interface)	QUAKE3	VITA 49 radio transport
CVSPSERVER / CVS pserver (Concurrent Versions System Password Server Protocol)	IPv4	QUAKEWORLD	Vuze-DHT (Distributed Hash Table)
DAYTIME	IPv6 (Teredo IPv6 over UDP Tunneling)	QUIC (Quick UDP Internet Connections)	VxLAN (Virtual eXtensible Local Area Network)
DB-LSP-DISC (Dropbox LAN Sync Discovery)	IPVS (IP Virtual Server)	RADIUS	Who
DCC (Distributed Checksum Clearinghouse)	IPX (Internetwork Packet Exchange)	RakNet	WireGuard
DHCP (Dynamic Host Configuration Protocol) / BOOTP (Bootstrap Protocol)	ISAKMP (Internet Security Association and Key Management Protocol)	RDT (Real Data Transport)	WLCCP (Cisco Wireless LAN Context Control Protocol)
DIS (Distributed Interactive Simulation)	ISO Internet Protocol (The International Organization for Standardization)	RDP-UDP (UDP Remote Desktop Protocol)	WOW (World of Warcraft)
DMP (Direct Message Protocol)	KDSP (Kismet Drone/Server Protocol)	RIPv1 (Routing Information Protocol)	WOWW (World of Warcraft World)
DNPv0 (DOF Network Protocol)	KDP (Kontiki Delivery Protocol)	RIPng (Routing Information Protocol Next Generation)	WSP (Wireless Session Protocol)
DNPv3	Kerberos / KRB5	RMCP (Remote Management and Control Protocol)	WTLS (Wireless Transport Layer Security)
DNPv14	KINK (Kerberized Internet Negotiation of Keys)	RMCP+ (Remote Management and Control Protocol with stronger authentication)	WTP (Wireless Transaction Protocol)
DNPv79	kNet	RMCP Security-extension protocol (Remote Management and Control Security-extension protocol)	X11 (X Window System)
DNPv88	KNXnet/IP	RPC (Remote Procedure Call Protocol)	XDMCP (X Display Manager Control Protocol)
DNS (Domain Name System)	KPASSWD	RRoCE (Routable RDMA over Converged Ethernet)	XTACACS (Extended Terminal Access Controller Access-Control System)
DoIP	L2TP (Layer 2 Tunneling Protocol)	RSIP (Realm Specific IP)	ZigBee SCoP (Secured Connection Protocol)
DPNET (DirectPlay 8 Protocol)	L2TPv3	RSL (Radio Signalling Link)
DTLS (Datagram Transport Layer Security)	LISP (Locator/ID Separation Protocol)	RSVP (Resource ReserVation Protocol)

Operating Systems and Network:

Extensive experience with the Microsoft Office and various Microsoft Windows based applications, installation of various operating systems, troubleshooting and configuration of PCs and software, basic knowledge of MS-DOS and Norton Commander;
Basic knowledge of Unix/Linux shell (Bash), Command Prompt (cmd) scripting, PowerShell, HTML, PHP, SQL, Java, Python, Visual Basic, C++, etc.;
Knowledge and experience with Active Directory, Microsoft Exchange, PowerShell, ServiceNow, Cireson, salesforce, synapse, CRM, Sharepoint, Virtual Machine Manager Console, Service Manager Console, Translation Workspace, SDL Trados Studio, SAP, Citrix Environment, Cisco and Shrew VPN, RDP, screenconnect, LogMeIn, Lync/Skype for Business, Jira, Confluence, MS Teams, Webex, Slack, TeamViewer, AnyDesk, Adobe Photoshop and other applications and tools being used in the Helpdesk, Service Desk and Network Operations Centre projects;
Excellent contact with external providers, such as Verizon (Network Coordination Centre), TELUS (Canadian national telecommunications company), AT&T, AT&T Marriott, Shaw, Comcast, Cox, XO Communications, Windstream and Velocity;
Excellent contact and cooperation with 3rd party vendors, such as Microsoft, Cisco, HPE/DXC, Verizon, IBM, Tanium and Hadoop;
Experience and abilities in terms of network: the CLI and CMD command execution; the Cisco and HP switches (the support and configuration); Wireshark; Zenmap; the PMS devices and vendors (e.g. Fosse); various network cables; the HEPs; the DSL modems; load balancers (e.g. Elfiq); direct contact with ISPs and the ISP changeover; various routers; the ISP and local Dell servers (e.g. OVI 5, OVI 6 and RDZ); WAPs, APs and controllers (e.g. Ruckus, Cisco and HP); bandwidth shaping; the CISCO phones, the firewalls (e.g. FortiGate) and their rules, the ACLs, the MAC identifier and its limiting and filtering, the IP reservation, the DHCP pool, the DNS configuration, the port configuration, the VLAN configuration; the routing table; the ARP table; the mac-address table, the iptables; the serial loopback tests; the concept of a three-way handshake, the concept of private and public IP address, IP ranges, subnet masks, gateways; the link aggregation concept; the port isolation concept; the concept of clearing the IP and/or MAC addresses; the power over Ethernet concept; IEEE 802; the concept of traceroute/tracert and the concept of uplinks and downlinks;
Knowledge and experience with all the basic network protocols: TCP, UDP, ICMP, SNTP, Radius, Kerberos, VPN/IPSec/L2TP/SSL VPN/ISAKMP/IKE/ESP/AH, FTP, NTP, ARP, HTTP, HTTPS/SSL/TLS/DTLS, QUIC/GQUIC, SMTP, SSH, Telnet, DHCP, DNS/MDNS/LLMNR, LDAP/CLDAP, SMB, RDP, MySQL, SIP, IP/IPv4/IPv6, MAC and many other protocols;
Understanding of the OSI model (7 layers with respective protocols and threats);
Experience with the Linux environments (CentOS, Red Hat, Debian and Ubuntu);
Experience with the Microsoft Windows environments (XP, Vista, 7, 8, 8.1, 10, 11 and Server 2012).

General:

Excellent ability to deal with foreign customers;
Excellent soft skill (evaluations at 95% level);
Excellent ability to handle marketing and distribution of EDM products;
Strong competence in internal and external targeting, artist management, social media marketing, release preparation, promo experience, ghost-producing, collaborating, producing, PR cooperation, distribution cooperation, organizing and directing official music videos, and online store cooperation;
Excellent contact with international suppliers;
Strong analytical and research capabilities;
Extensive experience in team leading, supervising, and organizing;
Extensive experience in international business dealings;
Pedagogical, psychological, didactic, and methodical preparation and qualifications;
Creativity and ability to work under pressure;
Translation proficiency from Polish into English and vice versa;
Experience with OpenAI (ChatGPT and Gemini).