# PHILLIP TARRANT **Head of Security Operations | SOC Director** Morrison, TN | (706) 294-6733 | ptarrant@gmail.com | [LinkedIn](https://www.linkedin.com/in/phillip-tarrant-cyber) --- ## PROFESSIONAL SUMMARY Results-driven Security Operations leader with 20+ years in cybersecurity and proven expertise scaling SOC operations in high-growth MSSP environments. Successfully grew SOC client base by 225% while managing a team of 17 direct reports and improving operational margins from 18% to 52%. Hands-on leader combining strategic vision with deep technical expertise in SIEM, SOAR, DFIR, and threat detection. Track record of building operational structure through SOPs, playbooks, and automation that drove 47% automated ticket resolution at scale. --- ## CORE COMPETENCIES | SOC Leadership & Operations | Technical Expertise | |:---------------------------|:-------------------| | Team Building & Development (17+ direct reports) | SIEM: Splunk, Sentinel, ELK, Stellar Cyber | | SOC Scaling & Growth Strategy | SOAR: Swimlane, D3, Torq | | Playbook & Workflow Development | EDR: SentinelOne, Defender, Darktrace | | SOP Creation & Process Design | DFIR & Malware Analysis | | KPI Development & Metrics Reporting | Threat Hunting & Detection Engineering | | P&L Management & Profitability | Python, PowerShell, Automation | | Vendor Management & Negotiations | Cloud Security: AWS, Azure | | Executive Communication | NIST, PCI-DSS, HIPAA Compliance | --- ## PROFESSIONAL EXPERIENCE ### Senior Information Security Consultant **Confidential** | Remote | January 2025 - Present Contract consulting providing SOC leadership and cybersecurity expertise to multiple organizations. - Served as interim SOC Director at ATS Cyber Security Services, restructuring SOC workflows and elevating team capabilities through targeted training programs - Currently leading SOC operations for US Defense Space market supplier across multiple Microsoft tenants and international locations - Managing full SOC lifecycle including alert triage, DFIR engagements, and vulnerability management - Designed and implemented automation operations including SDLC processes and deployment pipelines - Managed enterprise Vulnerability Management Program for major fintech client using Qualys, building custom reports and automation scripts --- ### Director of Automation **Compuquip Cybersecurity** | Doral, FL | June 2024 - December 2024 Led Automation Team to transform SOC operational efficiency through intelligent automation. - **Built automation infrastructure handling 3,500 tickets weekly with 47% closed without human intervention** - Designed, programmed, and deployed AI-powered tools using custom prompts and logic engines for security automation - Spearheaded new automation architecture using Python, AWS Lambda, and SOAR platforms - Drove team development in automation workflows and modern SOAR technologies - Created custom heuristics, filtering rulesets, and rule engines for automated alert triage --- ### SOC Director **Compuquip Cybersecurity** | Doral, FL | March 2023 - June 2024 Directed Security Operations Center serving MSSP clients, overseeing all SOC, Red Team, and managed services operations. - **Scaled SOC client base from 16 to 52 customers (225% growth) through service expansion** - **Improved SOC profitability from 18% to 52% margin (80% in peak quarter), contributing to 15% annual net income growth** - **Managed team of 17 direct reports** including SOC analysts, engineers, and specialists - Part of executive leadership team with COO/CEO/CFO, participating in quarterly strategic planning - Oversaw Red Team/Offensive Security operations and Managed Remediation Service projects - Managed DFIR engagements, MDR services, proactive vulnerability scanning, patching, and penetration testing - Developed and maintained situational awareness reports for APT and foreign adversary incidents - Created threat trend analysis reports and operational metrics for executive visibility --- ### SOC Technical Manager **Compuquip Cybersecurity** | Tampa, FL | January 2021 - March 2023 Managed SOC operations with focus on process development, team mentorship, and incident research. - Authored comprehensive SOPs and training documentation establishing operational standards - Led incident research activities and mentored SOC engineers on advanced investigation techniques - Developed SOC playbooks and workflows standardizing response procedures - Generated end-of-month operational reports for management and customer stakeholders - Maintained threat intelligence and situational awareness reports for advanced persistent threats - Created threat trend analysis reports and performance metrics --- ### Sr. Cyber Security Architect **Travel Syndication Technology (TST)** | Alpharetta, GA | April 2020 - January 2021 Responsible for security architecture, compliance programs, and security operations strategy. - Developed and maintained cloud security posture and protection controls - Created custom automation tools for infrastructure attack simulation and detection design - Led organization through PCI and NIST 800-series compliance audits - Formulated and managed phishing awareness and developer security training programs - Designed automated security verification and testing programs --- ### Senior Cyber Security Engineer **Intercontinental Exchange** | Marietta, GA | March 2020 - April 2020 Architecture and Automation Team member focused on SOC tooling and data pipeline optimization. - Designed security data flow architecture from endpoints through aggregation, parsing, and storage - Developed custom tools automating SOC triage and response activities - Built vulnerability and threat hunting dashboards for tracking and mitigation - Incorporated security into CI/CD pipelines including cloud-based deployments --- ### Cyber Security Engineer **Intercontinental Exchange** | Marietta, GA | August 2018 - March 2020 Incident Response and Digital Forensics Team lead investigator. - Served as lead investigator on critical security incidents with thorough forensic investigations - Created extensive documentation establishing IR team processes and procedures - Led malware analysis operations in isolated sandbox environments - Developed training programs including custom malware writing exercises for junior analysts - Managed multi-server compromise investigations coordinating across three teams and time zones --- ### Technical Services Manager **The National Wild Turkey Federation** | Edgefield, SC | October 2015 - August 2018 Managed IT team of 8 direct reports supporting 300+ staff members. - Directed team of technicians and developers with full performance management responsibilities - Managed security for entire web presence including network and application security - Negotiated vendor contracts saving $50,000+ annually through in-house migrations - Oversaw infrastructure expansion doubling server capacity --- ## CERTIFICATIONS | Certification | Issuer | |:-------------|:-------| | **GWAPT** - Web Application Penetration Tester | GIAC | | **GCFA** - Forensic Analyst | GIAC | | **GCIH** - Incident Handler | GIAC | | **Lethal Forensicator Coin** | SANS (Award for Digital Forensics Excellence) | --- ## EDUCATION **Associate Degree in Network Administration** | Virginia College | 2014-2016 | GPA: 4.0 --- ## KEY ACHIEVEMENTS - **SOC Scaling**: Grew MSSP SOC from 16 to 52 clients while maintaining service excellence - **Operational Excellence**: Improved SOC margins from 18% to 52% through process optimization - **Automation Leadership**: Built systems processing 3,500 weekly tickets with 47% automated resolution - **Team Development**: Successfully led and mentored teams up to 17 direct reports - **Executive Partnership**: Collaborated with C-suite on strategic direction as part of leadership team - **Enterprise Scale**: Managed operations for 50+ clients, 150,000+ assets, 1M+ users