Theme
Eric Woelfel
Senior Intelligence Analyst
woelfeleric@gmail.com (760) 809-1197 LinkedIn Remote
Professional Summary

Senior Cybersecurity professional with 19 years of experience and a deep background in cyber threat intelligence production, vulnerability research, and security operations. Currently embedded at Resilience as the SME for loss-control intelligence communications and BAS/CTEM, supporting the EDGE consulting team — producing industry-specific, threat-actor-specific briefings that directly shape client loss control outcomes. Expert in the full intelligence lifecycle: collection (OSINT, SIEM, vulnerability scanners), analysis (MITRE ATT&CK, BAS/CTEM, TTP mapping, nation-state actor geopolitical motivation), and dissemination (executive briefings, tabletop exercises, client-facing intelligence reports). Tracks Chinese, Russian, and Iranian APT groups and contextualizes their activity against geopolitical drivers and sector-specific targeting logic. Uniquely positioned as an internal Resilience resource with deep cross-functional context across underwriting, claims, and risk management — enabling immediate, mission-aligned contribution from day one.

Core Competencies
Threat Intelligence: OSINT (Shodan, Flashpoint, DomainTools, CyberChef), Threat Actor TTP Analysis, Intrusion Set Tracking, BAS/CTEM, Attack Chain Analysis, LOLBin/OS Abuse Technique Identification
SIEM & Forensics: Elastic Stack (ELK), Wazuh, PCAP Analysis (Wireshark, CyberChef), Docker (Forensic Tooling), Python
Vulnerability Intelligence: InsightVM / Rapid7, Greenbone, Vulnerability Lifecycle Management, Patch Management (Linux / macOS / Windows), Critical Findings Analysis, Remediation Guidance
Frameworks: MITRE ATT&CK, NIST CSF 2.0, NIST 800-53, CIS 8.1, CMMC, HIPAA, and more
Communication: Intelligence-to-business translation, Executive Briefings, Cross-functional Collaboration (Underwriting, Claims, Risk Management), Tabletop Exercise Facilitation
Sectors: Government, Aerospace, Critical Infrastructure, OT/ICS, Financial Services, Healthcare, Higher Education, K-12, Manufacturing, Transportation, and more
Professional Experience
Resilience Remote
Senior Security Lead September 2021 – Present
  • Intelligence Production & Dissemination: As the senior-most member of the EDGE consulting team, translate and operationalize threat intelligence from the ROC and Threat Intelligence teams, as well as independent research and findings, — adapting industry-specific, threat-actor-specific briefings into accessible formats that enable Security Engineers to expertly deliver threat communications to clients. Surfaces client-side feedback to refine what intelligence resonates in practice, and frames active threat campaigns, TTPs, and emerging attack chains around loss control awareness and claim reduction.
  • Threat Actor Tracking & Geopolitical Intelligence: Track and communicate nation-state threat actor activity — including Chinese (Mustang Panda / TA416), Russian, and Iranian APT groups — with analysis connecting geopolitical events to sector-specific targeting rationale. Examples include contextualizing Iranian threat actor campaigns against US healthcare (including DOD supply chain relationships such as Stryker), and advising clients on elevated risk posture driven by shifts in US foreign policy. Regularly deliver these intelligence narratives to clients and consulting teams as actionable briefings.
  • BAS / CTEM Threat Actor Analysis: Lead technical integration and content development for Breach and Attack Simulation (BAS) and Continuous Threat Exposure Management (CTEM) capabilities. Continuously monitor the most active threat actors, targeted industries, and evolving attack chains (initial payload → privilege escalation → persistence → exfiltration), all mapped to the MITRE ATT&CK framework. Produce recommendations for which BAS packages best validate client environments against live threat actor activity.
  • MITRE ATT&CK & Framework Alignment: Aligned Resilience's proprietary risk signals to the MITRE ATT&CK framework, CIS 8.1, and NIST CSF 2.0. Apply this mapping to underwriting intelligence, security roadmap guidance, and client risk prioritization.
  • OSINT Infrastructure & Intelligence Operations: Built and operated self-hosted OSINT analysis infrastructure — CyberChef, Shodan, Flashpoint, DomainTools, forensic Docker containers, Wazuh/ELK SIEM — to drive early-stage client vulnerability research and intelligence production. Generated actionable findings that directly supported client onboarding and underwriting decisions.
  • Vulnerability Intelligence & Remediation Guidance: Apply ground-level expertise in vulnerability management (InsightVM/Rapid7, Greenbone) and patch remediation across Linux, macOS, and Windows to translate critical findings into clear, prioritized remediation procedures. Contribute to the critical findings process with operationally grounded, technically precise guidance.
  • OS-Level Abuse & LOLBin Analysis: Leverage deep systems administration background to identify and contextualize living-off-the-land (LOLBin) techniques and OS-level abuse patterns — enabling precise threat prioritization and targeted defensive recommendations.
  • Enterprise Risk Architecture: Tune proprietary Bayesian risk models for a portfolio of 50+ enterprise clients across Government, Aerospace, OT/ICS, and Critical Infrastructure. Translate vulnerability data and threat intelligence into quantified financial risk narratives for C-Suite and non-technical stakeholders.
  • Tabletop Exercise Intelligence: Design and facilitate 150+ intelligence-driven tabletop exercises tailored to specific industry verticals, threat actor profiles, and regulatory environments (including OT/ICS). Brief executive stakeholders on strategic risk outcomes and remediation priorities.
  • Cross-functional Partnership: Operate as a key intelligence resource across underwriting, claims, and risk management teams — ensuring threat intelligence and security findings directly inform business decisions, policy design, and client risk strategy.
  • Team Leadership: Manage a team of Security Engineers, conducting performance reviews and driving technical and intelligence development.
University of California Santa Cruz – ITS Santa Cruz, CA
Senior Vulnerability Management Engineer August 2019 – September 2021
  • Threat Hunting & IOC Analysis: Analyzed network traffic (PCAP), host-level events, and SIEM data to identify indicators of compromise (IOCs) and APT activity using CyberChef, Wireshark, and FlareVM. Correlated findings against MITRE ATT&CK TTPs.
  • Vulnerability Management Program: Designed and operated the campus-wide vulnerability management service using InsightVM and ServiceNow — automated scanning, ticket creation, and remediation tracking across thousands of endpoints.
  • SIEM Architecture (ELK + Kubernetes): Managed ELK cluster and Kubernetes environments for large-scale log ingestion, analyst dashboards, and threat hunting workflows.
  • FireEye / Mandiant Deployment: Administered FireEye platform (NX, PX, CMS, HX) across the university network. Performed incident identification, response, and root cause analysis.
  • Government & Peer Collaboration: CENIC SECTAC Vice Chair — led cybersecurity and threat discussions with UC system leaders and peer institutions. Member of REN-ISAC (Research and Education Networking ISAC).
Programmer / Analyst 2012 – August 2019
  • Managed endpoint encryption design and deployment (FileVault/BitLocker) for 2,500+ endpoints.
  • Designed BigFix deployments for automated HIPAA compliance and security patching across macOS and Windows.
  • Led secure package development, JAMF/MECM self-service management, and multi-platform imaging infrastructure.
Speaking & Thought Leadership
Western Michigan University Guest Lecturer
  • "De-Risking Agentic AI" — Presented on AI security implications, best practices for implementing agentic AI workflows, and adapting security architectures for LLM-based environments.
Private Industry Events
  • "Enterprise Risk Management Strategies" — Delivered talks on cyber risk quantification and defense-in-depth strategy across diverse industry verticals.
Education & Certifications
University of California Santa Cruz — B.A. Business Management Economics (GPA 3.5)
San Francisco State University — Information Systems (Coursework, GPA 3.4)
Certifications: ScrumMaster  |  AWS Certified Solutions Architect – Associate