Nov 2023 – Jun 2024 · 7 mos · Greater Seattle Area · Remote

• Staff Security Engineer - Tech Lead - Security Operations and Incident Response (North America)
• A soirée without memes is just a gathering.
• If it’s SecOps or Incident Response related, I’m doing it.

May 2021 – Nov 2023 · 2 yrs 6 mos · Greater Seattle Area

• Sr. Security Engineering Manager - Head of Defense Engineering and Threat Hunting.
• My core responsibility is to help build guardrails for the business to succeed while enabling my team to achieve their objectives.
• I lead the core Security Engineering functions of:
• Threat Defense (Cyber Security Operations, Investigations and Automation, Detection Content Engineering, Threat Hunting, and Threat Intelligence);
• Cloud Security Engineering;
• Corporate Security Engineering;
• Vulnerability Management Response and Operations;
• and Data Loss Prevention and Insider Risk.
• Lord of the Memes and Masterclass troll.

Oct 2019 – May 2021 · 1 yr 7 mos · Greater Seattle Area

• Doing Detection and Response things like engineering, operations, responding to the bat signal

Jan 2019 – Oct 2019 · 9 mos · Greater Seattle Area

• Build, recruit, and grow the US Security Blue Team Engineering/Incident Response team.
• Manage and lead day to day operations, and digital forensic investigations and response procedures.
• Develop and measure key results of success, quality and improvements by using metrics to drive response, containment and remediation times.
• Mentor engineers on career development and technical capabilities.
• Prioritize and execute workloads based on critical needs and engineering availability.
• Lead Cyber Security incidents as an investigator and incident handler through the incident response lifecycle.
• Provide hands-on investigations and root-cause analysis for network, host-based, and malware intrusions across AWS, Mac and Windows endpoints.
• Architect and engineer cyber security response and detection tools.
• Engineer a solution for ADC, AWL and EDR to prevent, detect and respond to security incidents.
• Develop dynamic incident response playbooks for security automation to drive response times down by 20%.
• Drive hunting exercises to build detection use cases by incorporating actionable threat intelligence

May 2015 – Jan 2019 · 3 yrs 8 mos · Brooklyn Park

• Managed a team of CSIRT Engineers from May 2017 - January 2019;
• Drove technical containment through scoping, forensic analysis, and communication
• Performed host based analysis and memory forensics using tools such as Volatility and Rekall for Digital Forensics and Incident Response (DFIR) on Windows/Mac endpoints
• Provided network forensic analysis and investigations for incidents by analyzing netflow and full packet captures
• Utilized ATT&CK framework to lead cyber threat hunting exercises cross functionally with members from CSIRT, Threat Intelligence and Detection Engineering and Cyber Threat Intelligence
• Collaborated cross functionally with the businesses units and the Cyber Fusion Center to drive technical containment
• Mentored junior members of the CSIRT on technical analysis techniques and career development
• Subject Matter Expert in Host Analysis and Memory Analysis
• Lead annual training for internal CSIRT members across different investigation domains (host, network, memory)

Nov 2014 – May 2015 · 6 mos · Greater Minneapolis-St. Paul Area

• Cryptographic Services - Encryption and Tools Engineering - Workstation Encryption Engineering
• Senior Information Security Engineer on the Workstation Encryption Engineering Team responsible for providing workstation based encryption technologies and solutions across 350,000+ endpoints across the Enterprise.
• Primary responsibilities include engineering, testing, deploying and supporting:
• Full-Disk Encryption across 350,000+ end-points
• Removable Media Encryption for the Enterprise to ensure secure and encrypted storage
• Infrastructure implementation, management and support of Full-Disk Encryption application suite
• Windows Server 2003 and 2008 R2 Infrastructure management (Application Servers, Web Servers, File Servers)
• Implementation and support of Checkpoint appliances running GAiA OS (Red Hat Linux base)
• Processes and procedure improvements according to Information Security industry best practices

Apr 2012 – Oct 2014 · 2 yrs 6 mos · Greater Minneapolis-St. Paul Area

• Systems Administrator and Infrastructure Engineer responsible for multiple corporate systems.
• Architected, implemented and supported Microsoft solutions:
• Active Directory Directory Services, ADCS, ADFS, ADRMS, Group Policy, DFS, DHCP, DNS, Failover Clustering, File Services, KMS, Print Server, Hyper-V, RemoteApp and RDS, Remote Desktop Gateway, Systems Center products (SCOM, SCCM, SCVMM), VDI
• Created and maintained documentation related to best practices; architectural design; and support processes
• Provided support for Infrastructure issues escalated by the IT Service Desk
• Supported and maintained backups utilizing technologies such as CA ArcServe Backup
• Project management and implementation of IT related projects.
• Assisted and supported the migration of the VMware 4.x environment to VMware 5.x including vCenter implementation and support; vSphere HA, DRS and Resource Pools
• VMware vCenter management including role definitions; security structure implementations utilizing the defined roles
• VMware vCloud Director implementation, support and training
• Supported the corporate SAN and NAS storage environment running on NetApp FAS2240 and FAS3240 controllers in HA pairs, respectively
• Assisted in the design and implementation of Cisco UCS Infrastructure including UCS 5108, UCS 6296UP, and B200 M3 blades. Also responsible for ongoing support of the Infrastructure
• Implementation and support of HP rack mounted servers and blades
• Secondary support for Microsoft Exchange and Lync

Sep 2008 – Apr 2012 · 3 yrs 7 mos · Minneapolis, MN

• Windows Server Engineer
• Supported and consulted on Linux/Windows Infrastructure, Windows Server 2003/2008 R2, and Hyper-V environments.
• Supported Active Directory, Group Policy, DNS and DHCP server infrastructure.
• Provided root cause analysis on systems across multiple business units and technology teams.
• Provided key leadership and guidance to lead server stability efforts for enterprise environment.
• Followed ITIL standards to perform infrastructure changes, maintenance work, problem
• management, and incident management.
• First and second level support providing support for enterprise systems.
• Gained experience in an enterprise environment by collaborating with key partners.
• Lead an offshore team to perform day-to-day operations and incident management.
• Managed documentation to streamline repeatable processes during troubleshooting.
• End to end troubleshooting and support for Microsoft Operating Systems, Dell Laptops/PCs, HP Printers, RF Devices, Dell Servers, mobile devices, other desktop hardware/software related incidents.
• Provided feedback for tools, processes and documentation opportunities as an Engineer on the Server Infrastructure team
• Maintained technical and business knowledge to support and resolve client issues while assuring 100 % client satisfaction.