Oct 2020 – May 2022 · 1 yr 7 mos · United States

Jun 2020 – Oct 2020 · 4 mos

Mar 2020 – Jun 2020 · 3 mos

• Senior advisory role for forensics practice, directing all aspects (analysis, training, analyst competency, reporting, etc.)
• Crafted forensics practice competency matrix, aligned with other business units
• Led development of new reporting template to drive reporting consistency across teams
• Incorporated DFIR data into Fusion Center for dissemination to other business functions (i.e., SOC/MSS, Threat Intel)

Sep 2019 – Jan 2020 · 4 mos

• Threat hunting, enhancing fidelity of current EDR detections, developing new detections
• Assigned/fulfilled SOC analyst functions
• Developing/extending DFIR analysis capabilities
• Developing threat intel capability

Sep 2018 – Aug 2019 · 11 mos

• Strategic tracking and reporting of hands-on keyboard intrusion campaigns by ecrime and nation-state actors
• Campaign tracking included narrative, as well as full details, such as command lines, geo-region, vertical, tools used, etc.
• Campaign tracking decorated and enriched via MITRE ATT&CK tactic and technique mapping
• Analysis included direct observation of commands, timing, etc. This tracking fed into semi-annual and annual reporting, including the CrowdStrike Global Threat Report
• Extensive public speaking component, developing and delivering presentations to customers on the value of proactive threat hunting

Aug 2017 – Sep 2018 · 1 yr 1 mo · Herndon, VA

• - Technical advisory role for sales team for cybersecurity and Nuix Adaptive Security endpoint product

Aug 2013 – Aug 2017 · 4 yrs · Aldie, VA

• Led hands-on target threat response engagements, including intimate engagement with customers to provide direction and assist in containment and remediation
• Engaged in targeted threat hunting engagements across numerous environments
• Worked with IR practice to assist in their understanding of and transition to employing the Red Cloak endpoint technology
• Engaged with IR data across engagements, developing intrusion intelligence to then further the SOC/MSS capabilities of the Red Cloak endpoint product

Nov 2011 – Jun 2013 · 1 yr 7 mos

• Responsible for digital forensic analysis of systems and devices, as well as providing training courses and supporting materials
• Led development effort to determine persona data residue that remained on consumer devices
• Developed and delivered timeline analysis training courses
• Developed and co-delivered course material regarding persona preservation within the cyber domain

Sep 2009 – Nov 2011 · 2 yrs 2 mos

• - Provide guidance for digital forensic analysis and incident response activities within the Terremark cloud environment

Feb 2006 – Sep 2009 · 3 yrs 7 mos

• Responsible for providing emergency incident response services
• Assisted in growth of the team by reviewing resume submissions, planning and implementing hiring strategy, and delivering on-board, new hire training
• Maintained PCI forensic analyst certification, executed numerous PCI forensic analysis engagements
• Identified short-comings in various commercial tools utilized by the team, developed compensating processes, and identified alternative tools and procedures, where appropriate

Jan 2000 – Jan 2002 · 2 yrs

May 1989 – Aug 1997 · 8 yrs 3 mos

• Marine Corps Communications Officer (MOS: 2502)