Jul 2021 – Jun 2025 · 3 yrs 11 mos

• Actionable Threat Intelligence: Produced intelligence that resulted in a 400% increase in research activity and a 50% rise in emerging threat investigations with a focus on enhanced alerting for cloud threats.
• Enhanced Reporting Protocol: Orchestrated the transformation of cybersecurity reporting, improving organizational security awareness and decision-making. Ongoing mentorship of junior staff in threat reporting.
• Proactive Threat Program: Engineered a proactive threat identification and response program leveraging geopolitical and cyber event analysis for preemptive security measures. Evaluated and classified new CVEs and vulnerabilities for impact. Leveraged automation in Palo Alto XSOAR to facilitate rapid response.
• Risk Management: Streamlined risk management processes and guided senior leadership through complex cybersecurity decisions with detailed analytical reporting.
• Advanced Tool Integration: Led the integration of advanced cybersecurity tools and methodologies, automating threat detection systems, importing 300,000 indicators to a SIEM daily, and reducing incident response times. Utilized SOAR technologies for maximum efficiency.
• APT Adversary Tracking: Tracked APT adversaries, characterizing their TTPs, capabilities, infrastructure, and campaigns.

Mar 2020 – Jun 2021 · 1 yr 3 mos · Scottsdale, Arizona, United States

• Directed Incident Response initiatives from initial triage to remediation, elevating organizational resilience against cyber threats.
• Cultivated a robust intelligence framework, facilitating rapid assimilation and analysis of IOCs, enhancing the relevance and timeliness of intelligence products.
• Formalized security operations, transitioning from ad-hoc responses to a structured, programmatic approach, increasing operational efficacy.
• Acted as the organizational ambassador, delivering insights on cyber threat landscapes to diverse audiences, ranging from law enforcement to corporate stakeholders.
• Facilitated a growth in customer base by triple in this timeframe as organizations experienced digital transformation in the midst of COVID.
• Technology: HIVE, MISP, Arkime full packet capture (Moloch), Elastic Search, CrowdStrike Falcon.

Nov 2017 – Mar 2020 · 2 yrs 4 mos · Phoenix, Arizona Area

• Orchestrated incident response and vulnerability management, driving proactive threat hunting and high-impact security investigations.
• Mastered Splunk for security analytics, resulting in sophisticated alert systems and threat detection capabilities.
• Synthesized governmental threat intelligence into strategic organizational defense measures.
• Technologies: Splunk, Cisco Ironport, Microsoft Security Center, Siemplify, FireEye HX, FireEye ETP, FireEye NX, F5.

Jul 2017 – Nov 2017 · 4 mos · Tucson, Arizona Area

• Security consulting and technology support.

Dec 2013 – May 2014 · 5 mos

• Worked part-time as a Technical Support Specialist. Experienced with Active Directory, Microsoft Exchange, Windows Server 2008 R2, and Proxmox, in an enterprise level, live production environment. Gained experience with vulnerability management and scanning. Familiar with Linux administration and Windows administration.
• In January 2014, conducted training for staff regarding new procedures for using Windows Remote Desktop services. Also conducted in-depth information security training covering issues such as social engineering, spoofing, and other web security issues.
• Wrote IT newsletter for staff that covered topics such as password security, explaining trends in cybercrime, and communicated other various IT topics.