Daniel Heywood

Manager of Analysis Services at Team Cymru

Cheltenham, England, United Kingdom

About

Manager of Analysis Services within Team Cymru’s Threat Intelligence team (S2). Team Cymru's mission is to save and improve lives through our data and analysis, which is used by security teams across the globe to track and disrupt malicious activities and infrastructure.

Experience

  • Team Cymru (Remote)
    • Manager of Analysis Services
      Aug 2025 - Present · 1 yr

    • Principal Threat Intelligence Analyst (Team Lead)
      Dec 2021 - Aug 2025 · 3 yrs 9 mos

    • Senior Threat Intelligence Analyst
      Dec 2020 - Dec 2021 · 1 yr 1 mo

  • Security Event Analyst at NATO Communications and Information Agency (NCI Agency)
    Nov 2016 - Jul 2017 · 9 mos

    • Monitoring ArcSight SIEM for active threats, conducting analysis on the information available • Utilising and creating custom queries, trends, reports, lists, etc. within ArcSight for extensive analysis on historical and current data • Analysing data from a variety of log sources such as Juniper / Sourcefire IDS, including running reports • Apply networking knowledge to analyse full-packet captures using RSA Netwitness Suite and Wireshark • Using the NATO Malware Information Sharing Platform (MISP) to identify threats, as well as liaise and coordinate with other community members to maintain an efficient and current database • Working closely with other analysts to maintain a consistent and verbose incident management system • Adhere to NATO-guidelines on data and information management, communicating extensively with other members of the NCIRC programme • Worked within the bounds of highly secure, airgapped systems and environment • Creating Python scripts for Bristol SOC utility to assist with daily tasks

  • Cyber Security Analyst (Incident Response) at CORVID – Intelligent Business Defence (Ultra Electronics)
    Aug 2015 - Nov 2016 · 1 yr 4 mos

    • Performing in-depth analysis of network, application, and system event data in order to identify malicious behaviour • Monitoring IPS and IDS systems for active threats, and responding to them appropriately • Creating and deploying custom signatures (including SNORT rules) and IOCs for a variety of systems • Performing remote audits on hosts for investigation and remediation purposes • Conducting static and dynamic malware analysis • Utilising a large variety of analysis tools and techniques across different operating system environments • Managing personal projects, including creating Python scripts to assist with day-to-day analysis • Writing extensive reports on security incidents to be sent to external customers • Actively communicating with customers, including monthly conference calls to provide advice and guidance on threat mitigation and service statuses

  • Security Assistant at Synectics Solutions Ltd
    Jun 2013 - Jun 2014 · 1 yr 1 mo

    • Assisting with the maintenance of the ISO27001:2005 Information Security Management System • Conducting internal and external penetration tests on infrastructure using software such as Nessus • Performing audits on servers, workstations and user profiles to confirm secure deployment into the network and ensure security policies and business requirements are adhered to • Providing advice and guidance to the company on threat mitigation based on the latest security information