Apr 2023 – Present · 2 yrs 11 mos · Greater Houston · Remote

• ● Author and create training courses on Generative AI and Large Language Models (LLM) for Cybersecurity
• https://cybersuperhuman.ai

Apr 2023 – Mar 2024 · 11 mos · Greater Houston · Remote

• ● Author of ChatGPT for Cybersecurity CookBook: Learn practical generative AI recipes to supercharge your cyber skills
• ● Presenter at Packt conferences
• ● Course Creator and instructor

Oct 2020 – Present · 5 yrs 5 mos · Greater Houston

Oct 2017 – Feb 2019 · 1 yr 4 mos · Houston, Texas Area

• ● Responsible for providing pre-sales support, act as key ICS cybersecurity subject matter expert (SME), and provide public thought leadership
• ● Responsible for building a world-class ICS Cyber Security business practice, directing the vision and philosophy of the practice, establishing great strategic partnerships and relationships, identifying technological and strategic opportunities, and hiring the most skilled and experienced staff in the industry
• https://leocybersecurity.com

Jul 2017 – Present · 8 yrs 8 mos · United States

• ● ThreatGEN is a funded startup with the mission to solve the cybersecurity skills gap with cybersecurity gamification and AI-driven training solutions, using the latest in computer gaming engines, simulation technology, and Generative AI/LLMs
• ● Co-creator of the ThreatGEN Red vs. Blue game-based cybersecurity simulation platform (including ThreatGEN's red team/blue team AI), the world's first online, multiplayer cybersecurity training game
• ● Creator of the ThreatGEN AutoTableTop™ AI-powered IR tabletop exercise platform
• ● Creator of ThreatGEN's Red vs. Blue ICS Cybersecurity training courses, as well as other courses
• ● As CEO, I'm also responsible for creating and driving the company vision and strategy as well as acting as the company spokesman and building strategic partnerships
• ● Pioneering the use of Generative AI in cybersecurity training, exercises, and real-world application
• https://threatgen.com

Aug 2016 – Jan 2017 · 5 mos · Houston, Texas Area

• ● Taught Computer Science 3325 - Computer Network Security
• ● Faculty Leader of the Computer Science Club

May 2016 – Sep 2017 · 1 yr 4 mos · Houston, Texas Area

• ● Principle technical industrial control systems (ICS) Subject Matter Expert (SME) for Kaspersky globally
• ● Expand Kaspersky brand awareness and credibility within the North American ICS market
• ● Research and analyze current and emerging ICS threats and vulnerabilities
• ● Coordinate vulnerability disclosure with vendors and DHS ICS-CERT
• ● Provide content for and approve ICS related media releases
• ● Interface with the media for ICS related interviews
• ● Research and develop industry leading, cutting edge applications, tools, and technology for industrial control systems
• ● Present at several industry conferences as an ICS subject matter expert and evangelist

Jan 2015 – Sep 2016 · 1 yr 8 mos

• ● Principle author - Hacking Exposed: Industrial Control Systems

Jan 2015 – Jan 2016 · 1 yr · Houston, Texas Area

• ● Lead and performed ICS security risk assessments and penetration testing projects
• ● Lead architect of the Probabilistic Risk Assessment Model (PRAM)
• ● Subject Matter Expert (SME) and technical developer for Booz Allen Hamilton’s ICS security predictive analytics
• ● ICS security SME for risk assessment and penetration testing related marketing efforts, business development, proposals and projects
• ● Developed multiple whitepapers and presented at several industry conferences.

Aug 2013 – Jan 2015 · 1 yr 5 mos · Houston, TX

• ● Performed ICS/SCADA "0-day" vulnerability research/discovery, malware analysis, intrusion detection system (IDS) signature development, proof of concept (POC) code and exploit development, penetration testing, and vulnerability assessments.
• ● Performed the research & development of cutting edge and innovative ICS security technologies/solutions and penetration testing/vulnerability research tools using the Agile Product Development Life-Cycle.
• ● Principal Architect and developer of Cimation’s threat intelligence and vulnerability feed online interface.
• ● Program architect, principal course developer, and lead instructor for Cimation’s online ICS/SCADA cyber security training program and Cimation University (online ICS/SCADA security training).
• ● Principal contributor to Cimation’s vulnerability research and threat intelligence program business model and strategic roadmap.
• ● Key contributor to the creation and documentation of Cimation’s security services program and services catalog.
• ● Principal contributor to Cimation’s vulnerability assessment and penetration testing standard operating procedures, processes, and methodologies.
• ● Provided support for business development, sales, and marketing as a subject matter expert.
• ● Developed multiple whitepapers and presented at several industry conferences.

Sep 2011 – Jul 2013 · 1 yr 10 mos · Houston, TX

• ● Performed cyber, physical, and operational Security Vulnerability Assessments (SVA), penetration testing, “red team” testing, risk assessments, and regulatory compliance assessments (gap analysis) for ICS/SCADA environments as team lead/project manager.
• ● Assisted clients with building and maintaining ICS/SCADA Security and Risk Management programs.
• ● Recommended and deployed risk mitigation strategies and technologies (including SIEM technology).
• ● Responsible for business development and sales support for vendor technologies.
• ● Published multiple whitepapers on ICS/SCADA Security.
• ● Maintained the security lab for threat analysis, vulnerability/exploit research, technology/product evaluation, and training.

Feb 2008 – Feb 2019 · 11 yrs · Houston, Texas Area

• ● Authored and taught SCADA cybersecurity courses.

Jan 2008 – Sep 2011 · 3 yrs 8 mos · Houston, Texas Area

• ● Co-founder of CiSACS (Comprehensive Industrial Security and Compliance Solution).
• ● Performed cyber, physical, and operational Security Vulnerability Assessments (SVA), penetration testing, “red team” testing, risk assessments, and regulatory compliance assessments (gap analysis) for ICS/SCADA environments as team lead/project manager.
• ● Assisted clients with building and maintaining ICS/SCADA Security and Risk Management programs.
• ● Recommended and deployed risk mitigation strategies and technologies (including SIEM technology).
• ● Responsible for business development and sales support for vendor technologies.
• ● Published multiple whitepapers on ICS/SCADA Security.
• ● Maintained the security lab for threat analysis, vulnerability/exploit research, technology/product evaluation, and training.

Nov 2004 – Jan 2008 · 3 yrs 2 mos · Houston, Texas Area

• ● Developed security auditing tools and testing standardization across the company’s security consulting services.
• ● Performed penetration testing, risk/vulnerability assessments, recommended and implemented mitigation strategies, designed and implemented security policies for the some of the world’s leading and largest energy, utility, oil & gas, and communication companies.
• ● Tested the Emerson DeltaV Controllers for security vulnerabilities on-site at Emerson.

Nov 2004 – Jan 2008 · 3 yrs 2 mos · Houston, Texas Area

• ● Creator of the PCIP (Professional in Critical Infrastructure Protection) concept and certification program.
• ● Maintained the PCIP Technical Course material.
• ● Taught the PCIP certification course in the U.S. and Canada.
• ● Developed business and media relationships expanding CII to an international organization with training centers in the US, Canada, Italy, Romania, Singapore, and the UK.

Jan 2003 – Jan 2004 · 1 yr · Houston, Texas Area

• ● Performed penetration testing, risk/vulnerability assessments, recommended and implemented mitigation strategies, designed and implemented security policies for the some of the world’s leading and largest energy, utility, oil & gas, and communication companies.
• ● Implemented security mitigation and remediation for Chevron-Texaco’s RTAP SCADA systems.
• ● Developed a secure, remote, wireless alarm solution for controllers on the SCADA network for Chevron-Texaco Pipeline.

Aug 2002 – Aug 2003 · 1 yr · Killeen/Temple, Texas Area

• ● Built and managed the IT Security team responsible for IT Security maintenance, administration, and testing enterprise-wide for over 200 bank branches.
• ● Developed and managed department budget, cost/benefit analysis, policies, procedures, and guidelines.
• ● Performed enterprise-wide risk analysis and vulnerability assessments.
• ● Implemented security controls, vulnerability remediation, and risk mitigation technologies.
• ● Developed an “In-House” application/tool specialized in detecting unique viruses/worms designed to evade IDS and Anti-Virus preventing major virus risks such as the Bugbear.b.
• ● Renegotiated the Disaster Recovery contract, with a new vendor, increasing recovery capabilities and saving the company $1.7 million a year.

Jan 2001 – Jan 2002 · 1 yr · San Antonio, Texas Area

• ● Developed IDS (Intrusion Detection System) software and quality assurance tests.
• ● Developed attack signatures for the Symantec Net Prowler IDS.
• ● Performed Net Prowler IDS sustainment and attack signature update quality assurance testing.
• ● Taught the CISSP (Certified Information Systems Security Professional) preparation course to Symantec employees.
• ● Configured lab systems and networks to accommodate testing environments, which included simulating attacks/intrusions as well as securing and “hardening” each environment for proper IDS testing.

Jan 1999 – Jan 2001 · 2 yrs · Houston, Texas Area

• ● Helped build the Information Security Department from the ground up to include research and development of technologies, hiring and training personnel, and establishing policies and procedures.
• ● Engineered and Implemented network security solutions for corporate and private clients across the United States utilizing multiple vendors and systems.
• ● Performed firewall development and installation, risk analysis, vulnerability assessments, penetration testing, intrusion detection systems development and implementation, policy/procedure design, custom security software development, and client education.

Apr 1995 – Oct 1999 · 4 yrs 6 mos · Barksdale AFB

• CSSO and OPSEC were additional duties apart from my AFSC. as the CSSO and OPSEC manager, I was responsible for squadron level IT security and flight level OPSEC.