Jan 2025 – Present · 1 yr 3 mos · Remote

Jul 2021 – Mar 2025 · 3 yrs 8 mos · Remote

Jan 2019 – Jul 2021 · 2 yrs 6 mos · New York, New York

• Defined, lead, and guided the strategy for Security Operations. Lead the Detection and Monitoring, Vulnerability Management, Threat Intelligence, Security Engineering and Incident Response efforts within the org. I was also tasked with building, defining and implementing our User Training and Awareness program.
• Detection and Monitoring/Incident Response:
• Our entire goal and mission was not only to find the anomalous activity within the environment, but to make the analysts lives easier in their analysis by automating as much of the process as possible. Working towards automated analysis of false positives.
• Vulnerability Management:
• Identify the vulnerabilities and work with business partners to remediate within defined SLOs and audit patching mechanisms effectiveness. Also, Security teams point person on Zero-Day vulnerabilities, analyzing if/how it could affect the org.
• Threat Intelligence:
• Identify the Threat Landscape and align with Detection and Monitoring strategy for "next-up" building of detections and implementation. Building towards an automated version of "has this been seen before" both internally and externally. Sharing, where appropriate to partners.
• User Training and Awareness:
• Point person for defining, building, and implementing the User Training and Awareness program, as it relates to Security (e.g. phishing simulation, training around attackers, etc.). Building towards a near real-time understanding of risky users.
• Championed secure configuration and baseline drift, to identify when hosts were meeting the standards set forth in our secure configuration policies. Began building the solution to identify and remediate in an automated fashion.

Jul 2018 – Jan 2019 · 6 mos · NYC

Jun 2015 – Jul 2018 · 3 yrs 1 mo · Connecticut

Sep 2010 – Jun 2015 · 4 yrs 9 mos · Suffolk, VA

• Provide Digital Forensics and Incident Response capabilities and expertise for the US Navy. Analyze and write detailed reports based on Digital Forensics performed on dead-disk systems. Identify how adversaries were able to access the system, and provide mitigation recommendations to prevent future breaches. Identify if adversaries were capable of moving throughout the network, and if any information was exfiltrated during attack.
• As needed provide deep knowledge and expertise onsite when an incident occurs on a larger scale. Perform onsite analysis, and fast mitigation recommendations in order to contain and eradicate adversaries from network, and all possible entry vectors.

Jul 2007 – Sep 2010 · 3 yrs 2 mos · Virginia Beach, VA.

• Provide Network Administration capabilities both locally and remotely to customers, as network issues arose. Provide assistance in troubleshooting and correcting issues due to a multiple range of issues, to include network connectivity, software issues, hardware issues, etc.