May 2022 – Present · 3 yrs 10 mos · New York, New York

• Leads the Unit 42 Engineering, Product, and Threat Intelligence teams. Scaling Unit 42 into the industry leader by automating service delivery with AI and building a world-class threat intelligence business.
• Engineering & AI Innovation
• ▪️Intelligence Integration: Orchestrated a modernization of Palo Alto Networks’ telemetry architecture and threat tracking, enabling Unit 42 visibility across the product portfolio.
• ▪️Agentic Transformation: Architecting GenAI-driven automation for business operations and Incident Response workflows to increase operational scale and speed.
• ▪️Client Command Center: Developed and launched an external-facing digital platform, taking it from concept to global client adoption for centralized consulting engagements and threat intelligence delivery.
• Strategic Advisory & Product
• ▪️AI & Policy Leadership: Industry expert on AI security and adversarial AI; evidenced by congressional testimony and keynote addresses at industry forums.
• ▪️Executive Advisory: Strategic technical partner to the global sales organization, personally conducting 100+ CISO-level briefings annually to align global defensive postures with Unit 42’s intelligence and Palo Alto Networks’ product portfolio.
• ▪️Market Leadership: Drove strategic initiatives such as securing Unit 42’s first ever Forrester Leader category for Incident Response.
• Threat Intelligence Operations & Brand
• ▪️Global Threat Research: Direct Nation-State and Crimeware tracking; oversee the Unit 42 Research Center and digital strategy to secure dominant market share of voice.
• ▪️Rapid Response: Orchestrate global crisis operations, mobilizing cross-functional teams to provide customer protections and industry leadership during major cyber outbreaks.

May 2021 – Apr 2022 · 11 mos · New York, New York

• Led research and development for Mandiant. Provided direction for the Mandiant Advantage Platform including Threat Intelligence, Malware Analysis, and Validation products. Served as technical lead on all external facing Mandiant releases such as open source, blogs, and responsible disclosures. Provided escalation support for Incident Response, Red Team, Engineering, Marketing, and Intelligence teams. Directly interfaced with the legal team regarding intellectual property, ethical code release, and inbound / outbound code matters. Helped guide company and technical teams through the divestiture of the FireEye business.

Oct 2020 – Present · 5 yrs 5 mos · New York, New York

• Trinity Cyber is a Cybersecurity Startup focused on proactive threat interference. Serve as technical advisor to engineering and intelligence teams, and serve as business advisor to CEO, President, and investors. Participate in onsite strategic planning meetings.

Jan 2020 – May 2021 · 1 yr 4 mos · New York, New York

• Expanded the FLARE Team to be Front Line Applied Research and Expertise by adding an elite Threat Intelligence and Detection team with a total management responsibility of over 100 personnel. Collaborated with Mandiant Incident Responders during the FireEye breach leading to the direct discovery of the SolarWinds Backdoor code. Briefed numerous government entities on the findings (including CISA and DoD) and helped with corporate messaging.

Jan 2017 – Dec 2019 · 2 yrs 11 mos · New York, New York

• Expanded FLARE team to include a full software development team (Dev, UX, QA, PM) and built a cloud-based scalable and flexible platform for binary analysis. Transitioned from monolith application to scalable microservices in the cloud and established 100s of users. Spoke at numerous industry conferences around the world including keynotes and corporate tech talks.

Jan 2014 – Dec 2016 · 2 yrs 11 mos · New York, New York

• Founded and built the FLARE (FireEye Labs Advanced Reverse Engineering) brand through creation of the largest reverse engineering CTF in the world, open source release of malware analysis tools, educational resources, blogs, and social media presence.

Sep 2014 – Present · 11 yrs 6 mos · New York, New York

• Create and teach Malware Analysis and Reverse Engineering to undergraduate and graduate students. Provide office hours, meetings, and career advice to students. Develop custom malware for exams and student projects. Advisor to the CUCyber student organization.

Jan 2012 – Dec 2013 · 1 yr 11 mos · New York, New York

• Co-founded M-Labs. Built a robust analysis process used by one of the top malware teams in the world. Contributed analysis to the landmark APT1 report exposing one of China's Cyber Espionage Units. Conducted hundreds of recruiting interviews for consulting, engineering, and labs teams. Taught at Black Hat conference for 10 straight years including introductory and advanced courses in classrooms with 100 students in attendance.

Jul 2007 – Dec 2011 · 4 yrs 5 mos · New York, New York

• Responded to countless high profile intrusions and reverse engineered the malicious software discovered. Found network- and host-based signatures and wrote reports detailing malware capability. Overcame obfuscations and anti-reverse engineering techniques as they were encountered. Developed custom tools and scripts that aid in the reverse engineering of malware, frameworks and command-line tools for various federal consulting customers, and customized Red Team software for consultants.

Jul 2006 – Jun 2007 · 11 mos · Lexington, Massachusetts

• Created a tool for network visualization of security situational awareness through passive analysis. Developed all tool components including parsing, detection, session reconstruction, and plug-in capabilities. Liaised between MIT Lincoln Lab and NSA to provide mission critical tools to the agency.

Aug 2002 – Jul 2006 · 3 yrs 11 mos · Fort Meade, Maryland

• Graduated from System and Network Interdisciplinary Program (SNIP). Managed team of eight computer scientists in the development of the host-based component of an active network defense system. Personally briefed DIRNSA on results.

Sep 1999 – May 2002 · 2 yrs 8 mos · New York, New York

• Conducted research in the Intrusion Detection Systems (IDS) Lab and helped develop a Windows Registry anomaly detection tool. Graded assignments and held office hours for Digital Logic Circuits, Java Programming, and Data Structures classes.