Aug 2023 – Jan 2026 · 2 yrs 5 mos · Remote · Remote

• Terraformed and architected cloud-based Insider Risk & Threats investigation platform with AWS Lambda, EventBridge, and Terraform.
• Developed enterprise network troubleshooting app (Python/Flask) integrating Palo Alto, Meraki, Netskope, Okta, and Axonius.
• Collaborate with stakeholders across multiple teams and verticals to create custom solutions and integrations for complex technical challenges
• Building extensible solutions in AWS with Podium, Buildkites, EventBridge, and Lambdas
• Vulnerability management with custom in-house solutions alongside tooling like Nucleus and Tenable.
• Vulnerability confirmation with exploit testing to help prioritize remediation efforts
• Led enterprise email security overhaul with Sublime Security, cutting 73K+ hours of phishing risk and auto-removing 430K+ malicious emails.
• Train/educate others on threat hunting within multiple platforms
• Utilize DataDog for log ingestion, metrics, and SIEM capabilities
• Orchestration and event driven automation with tooling like Tines, AWS EventBridge, and Lambdas
• Built in-house LLM chatbot for log analysis using AWS Bedrock, Python, and Streamlit, keeping sensitive data internal.
• Conducted threat assessments across multiple architectural solutions
• Led incident response for major vulnerabilities, driving rapid mitigation across teams.

Sep 2022 – Aug 2023 · 11 mos · Remote · Remote

• Deploy security tooling (ie: Splunk) with Terraform across multiple instances.
• Seek, identify, and resolve configurations and automations with code for ideal repeatability.
• Develop the SIEM tooling (Splunk) to ingest events from a variety of standard and custom sources.
• Incident Commander when events arise while on-call rotation.
• Support, improve, and assist with the deployment of security tooling. (Includes: Wazuh, OSSEC, Falco)
• Tune security tooling and alerts to minimize false alarms and create high fidelity alerts.
• Identify and build monitoring and automation for threat scenarios.
• Create and maintain playbooks and operating procedures for event response.
• Threat-hunting in application, network, and endpoints.
• Organize, manage, and create tabletop events to assist the org with dry run exercises with many diverse roles.
• Work with technical individuals in security, platform, and product teams to help drive increased security into their tools and processes.

Dec 2021 – Sep 2022 · 9 mos · United States

• Script, automate, and enrich day to day processes in a uniform and repeatable way.
• Create integrations and custom solutions to complex problems with code and tooling.
• Incident triage of events generated from tools like: SumoLogic, CrowdStrike, CarbonBlack, O365
• Performing daily tactical operations of Incident Detection and Response.
• Security consulting with major projects and company initiatives.
• Apply a strategic lens for building effective systems and detections.
• Tune detections and alerts to reduce false positives.
• Build and/or implement tools and applications that provide telemetry into nefarious actions from both internal/external actors.
• Key participant in tracking an incident from identification through containment, eradication, recovery, and lessons learned.
• Apply sound technical and security judgment to minimize damage and reduce recovery time and costs.
• Assess and understand the threat landscape by working with other areas.
• Architect solutions to calibrate risk consistent with the org's risk tolerance.
• Build and/or tune security tools, such as EDR, email security, vulnerability scanning, and SIEM solutions to ensure that alerts are effective and actionable.
• Communicate, both written and verbally, complex security and technical concepts to a wide variety of stakeholders and partners.
• Build, leverage, and earn the trust of stakeholders across all levels of the organization.
• Establish and modify runbooks that provide other subject matter experts with a consistent manner of executing the processes.

Jun 2020 – Dec 2021 · 1 yr 6 mos

• Security Focused Experience:
• Write and tune alerts for incident detection with Splunk and Splunk's SIEM.
• Create playbooks in SOAR platform (Phantom) for automatic ticket enrichment in incident response.
• Web penetration testing with Burp Pro & Acunetix.
• Administer and deploy TheHive with Cortex and MISP for Threat Intelligence and response.
• BHIS SOC/Security Training.
• Azure AD scripting for analysis.
• Threat hunting tools like RITA, Zeek, etc.
• Trained in macOS/Windows/Linux endpoint analysis.
• Designed Attributes-Based Access Control(ABAC) architecture and policies for Axiomatics
• Tend to be more purple team focused than Red Team or Blue team.
• Used several different tools for vulnerability management, threat modeling and emulation.
• ie: Tenable, Fidelis Network, etc.
• Networking Experience with:
• Next-Gen Firewall solutions & VPN: Palo Alto, Cisco ASA and Firepower, Meraki MX, GlobalProtect, Anyconnect
• Route/Switch/Wireless Admin: Meraki MS/MR, Cisco Catalyst/Nexus, Aruba/HP, Cisco DNA Center, Cisco Prime
• Programming/Scripting: Python, Powershell, Javascript, Bash, Jenkins, Bitbucket, Bootstrap 3&4, Flask, Az CLI
• Server OS: RHEL/CentOS, Ubuntu/Debian, Windows Server 2003+, macOS
• Lot of focus on automation, IaC, integrations and scripting solutions for various tasks and scenarios.

Jun 2019 – Jun 2020 · 1 yr

• Experience with:
• Next-Gen Firewall solutions & VPN: Palo Alto, Cisco ASA and Firepower, Meraki MX, GlobalProtect, Anyconnect
• Route/Switch/Wireless Admin: Meraki MS/MR, Cisco Catalyst/Nexus, Aruba/HP, Cisco DNA Center, Cisco Prime
• Programming/Scripting: Python, Javascript, Bash, Jenkins, Bitbucket, Bootstrap 3&4, Flask
• Server OS: RHEL/CentOS, Ubuntu/Debian, Windows Server 2003+, macOS
• Lot of focus on automation, IaC, integrations and scripting solutions for various tasks and scenarios.

Nov 2012 – Jun 2019 · 6 yrs 7 mos · Rochester, Minnesota Area

• Server Skills:
• Work with Active Directory, DNS, vSphere (VMWare), ESXi, Casper, OSX Sierra Server, and various Linux based servers (mostly Ubuntu and Debian, some CentOS/RHEL, FreeBSD/TrueNAS, ESXcli).
• Design and maintain various network and server monitoring solutions. Examples: Zabbix, Netdata, LibreNMS, Prometheus, Grafana, Graylog, Elastisearch, PRTG, ntopng, NodeRed, etc.
• Experienced with Windows Server 2003 through 2019, and various Linux distro's mentioned above.
• Network Skills:
• Hands on experience with VPN connectivity/Remote Connectivity technologies. (Primarily Palo Alto)
• Networking experience with PaloAlto, Cisco DNA Center, Cisco 9300s, Meraki, HP/Aruba, Ubiquiti, and various open source solutions.
• Design, implement, survey, and manage the wireless/wired network.
• Provides infrastructure support for mobile learning and BYOD in K-12 setting.
• Evaluate new mobile technologies (hardware and software), troubleshoot connectivity and security issues.
• Experience providing remote support to end users on mobility and wireless issues.
• DevOps/Script Skills:
• Create extensive Python scripting solutions to collect data, maintain a CMDB of the enterprise, and standardize tedious tasks from syncing our network monitors to configuration of devices via API or ssh (paramiko).
• Application/website development. Integration of multiple vendor systems with the applications we build.
• Script solutions to verify server, network devices, and client configurations are within standard expectations.
• Script ways to notify/alert of potential upcoming issues with equipment.
• Misc:
• Make purchase recommendations to management.
• Manage projects as assigned from beginning to end.
• Ensure all required documentation associated with the above duties is current and maintained, provide user training on tools/documentation.
• Identify integration opportunities within a multi-platfrom environment including Microsoft Office and Windows operating systems as well as Mac and iOS operating systems.

Aug 2011 – Nov 2012 · 1 yr 3 mos · North Mankato, MN

• Manage the Helpdesk call queue and delegate the work as appropriate.
• Assisted Infrastructure with Active Directory and Group Policy creation/deployment.
• Managed the 10.7 Mac Server, print servers (Windows Server 2008R2), and Deploy Studio Server.
• Lead software developer for Win7 & OS X. Maintained and developed the master images for Windows & Mac OS based systems for unattended OOBE (Out of Box Experience) installs while maintaining our configuration from first boot.
• Coordinated, planned, developed, and maintained the transition to Bitlocker Encryption and other desktop hardening solutions for data security.
• Developed deployments for 1:1 and checkout units for iPads with a mobile device management server (Configurator & Mac OS Server).
• Detected and recovered deleted/erased/hidden files from devices.

Mar 2009 – Aug 2011 · 2 yrs 5 mos · Rochester, Minnesota Area

• Inventory:
• In charge of receiving, taking inventory, imaging, and preparation of 8,000+ laptops for the University's laptop leasing program.
• Re-imaging hard drives, and wiping them with DoD standard methods.
• Worked with SCCM to track down assets for correction in ITSM (their call\inventory management software).
• Responsible for charging for damages and Quality Assurance, and tracking Loss Prevention.
• Supervised, trained, scheduled, and managed a large team of student workers to perform & assist necessary functions.
• Assisted with QA of Gold Master Windows and OSX images before they were distributed to thousands of laptops to prevent bugs in our scripts and configs.
• Hardware:
• Obtained HP & Toshiba hardware repair certifications, as well as Apple GSX cert to order parts as necessary and manage hardware claims, and handle escalated hardware repair.
• Managed claims, assisted in repairing a menagerie of hardware issues from desktops to laptops from both PC & Apple based products.
• Misc:
• Detect deleted / erased / hidden files and examine the data from computers, cellular telephones, and various forms of digital media.
• Assisted with Data Recovery for many students that accidentally deleted their important homework/etc.
• Retrieve data from custom, modified, or damaged software or hardware for Faculty and Staff.