May 2018 – Sep 2019 · 1 yr 4 mos · Arlington, VA

•  Developed security automation playbooks for information security programs, including Defense, Federal, and various commercial clients
•  Developed MITRE ATT&CK based threat hunting playbooks to allow users to conduct advanced hunting techniques without the need for previous hunting experience
•  Create, tested, and developed Python-based API integrations for various security products
•  Assessed and documented security policies, procedures, and personnel for Government agencies in order to provide recommendations to improve overall security posture and create a gap analysis
•  Provided strategic guidance and feedback on the company’s future product releases to ensure that the SOAR platform was aligned with current security trends

Jan 2018 – Present · 8 yrs 5 mos

Nov 2016 – Jan 2018 · 1 yr 2 mos

Oct 2011 – Nov 2016 · 5 yrs 1 mo

• ▪ Solely responsible for management and wellbeing of company sized element
• ▪ Created yearly battalion history detailing significant actions, unit demographics, accomplishments and evaluations of battalion performance
• ▪ Trained and maintained most proficient and successful company in the battalion resulting in the highest APFT scores, performance evaluations and promotion rates
• ▪ Planed company operations for 25+ soldiers using military decision making process
• ▪ Oversaw all company logistics and supply allocation of unit's inventory
• ▪ Created and processed continuing education packets for 25+ unit members
• ▪ Coordinated with higher echelons to execute higher commanders intent

Jan 2017 – May 2018 · 1 yr 4 mos

•  Analyzed and reverse engineered malicious code
•  Utilized debuggers (OllyDbg) and disassemblers (IDA Pro) to extract malware IOCs
•  Developed custom YARA and Snort rules to detect malware and network attacks
•  Performed hunt operations to discover potential compromises and insider threat activity
•  Developed and briefed situational awareness and malware technical reports to General officers and C-level personnel
•  Built, customized, and maintained a Cuckoo Sandbox for preliminary malware analysis and triage
•  Presented cybersecurity briefings to non-technical users to develop better security habits and foster better incident reporting
•  Conducted forensic analysis using FTK, EnCase, and SIFT tool suites
•  Created forensic evidence reports and after-action reviews to improve security posture
•  Captured and analyzed memory images using EnCase and Volatility
•  Performed in-depth event log and registry analysis of compromised hosts to create event timelines
•  Created custom tools and scripts to better detect malicious activity and collect host information
•  Coordinated findings with fusion and intelligence cells across the DoD to track APTs

Oct 2015 – Jan 2017 · 1 yr 3 mos

• Incident Handler
• ▪ Mentored junior team members
• ▪ Coordinated with IDS team to create custom signatures to detect intrusion events
• ▪ Monitored and interpreted OSINT and private notifications to issue threat and vulnerability notifications to stakeholders
• ▪ Conducted firewall and proxy log analysis to identify suspicious events and potential sources of compromise/ex-filtration
• ▪ Monitored HBSS tool suite to respond to AV/HIPS events
• ▪ Monitored and reported PII breaches using PII detection tool
• ▪ Tuned IDS rules and created custom signatures to detect current threats and various forms of ransomware
• ▪ Analyzed intrusion events and provided PCAP analysis using Wireshark/ TCP Dump and Network Miner to provide critical intelligence to key decision makers
• ▪ Utilized open-source tools such as Virustotal, Annubis, UrlQuery and zScaler
• ▪ Identified exploits via reverse engineering using REMNUX, SWF Tools, ffDEC and OLETools

May 2014 – Oct 2015 · 1 yr 5 mos · Washington D.C. Metro Area

• Tier II Incident Handler/ Shift Lead
• ▪ Led other team members as the Shift Lead and senior SOC analyst
• ▪ Proactively monitored IDS to detect intrusion events, resulting in a 300% increase in US-CERT reportable events
• ▪ Developed new/refined existing SOPs and checklists to increase ED CSS program efficiency and threat detection capabilities
• ▪ Monitored and interpreted OSINT and private notifications to issues threat and vulnerability notifications to ED stakeholders
• ▪ Conducted firewall and proxy log analysis to identify suspicious events and potential sources of compromise/ex-filtration
• ▪ Monitored McAfee ePO tool suite to respond to AV/HIPS and Solidcore (application change control) events
• ▪ Host management using CounterACT ForeScout NAC tool (Advanced Administrator)
• ▪ Monitored and reported PII breaches using McAfee DLP Incident Manager
• ▪ Conducted daily threat briefings to the ED Incident Response Coordinator
• ▪ Created custom Snort rules to detect threats such as ShellShocked prior to vendor signature releases
• ▪ Tuned SourceFire VRT rules and created custom signatures to detect current threats such as Angler and Nucelar EKs, and various forms of ransomware
• ▪ Analyzed intrusion events and provided PCAP analysis using Wireshark/ TCP Dump and Network Miner to provide critical intelligence to key decision makers
• ▪ Utilized open-source tools such as Virustotal, Annubis, UrlQuery and zScaler
• ▪ Conducted vulnerability scanning/ analysis using Kali Linux, WPScan and HP WebInspect
• ▪ Identified exploits via reverse engineering using SWF Tools, ffDEC and OLETools
• ▪ Collaborated with ED personnel to develop initial planning for an ED Threat Intelligence program

Oct 2013 – May 2014 · 7 mos · Arlington, Va

• ▪ Resolved incident (help desk tier I/II) tickets in Remedy producing response times and satisfaction scores significantly exceeding client's SLA
• ▪ Managed and administrated database (Remedy) of 42,000 IT assets resulting in significantly increased accountability and ability to generate accurate reports
• ▪ Generated change management/ software/ hardware reclamation reports for management allowing maximum harvesting of software licenses and ensuring maximum asset lifespan
• ▪ Imaged, posted and encrypted NIPR/SIPR workstations resulting in minimal downtime/ work stoppage and greatly exceeding current Air Force SLA's
• ▪ Inventoried/Audited/ Tracked usage of USAF organizational assets with over 90% accuracy to populate asset management databases
• ▪ Removed, transported and facilitated destruction of classified information according to NIST/ FISMA standards resulting in 0 security incidents for assigned organizations
• ▪ Coordinated delivery, transfer and pickup of assets from warehouse to customers with greatly increased expediency and efficiency leading to increased availability and satisfaction metrics
• ▪ Migrated legacy email addresses to Enterprise Email (Outlook/OWA) to allow for enhanced security and vastly increased feature set with minimal downtime
• ▪ Created and revamped asset management forms to increase productivity and faster turnaround times for customers and FSP/warehouse

Aug 2011 – Oct 2013 · 2 yrs 2 mos

• ▪ Directly supervised sales, accounts receivables, and warehouse departments
• ▪ Generated sales in excess of $1.2M yearly with consistent monthly revenue improvement
• ▪ Created and analyzed weekly, monthly and yearly profit and loss statements using Excel
• ▪ Increased non-merchandise sales over 50%(year over year) resulting in 10-15% gross profit increase
• ▪ Generated progress reports and accounts receivables documents
• ▪ Trained staff and incoming managers on company policy and procedure, and proprietary software
• ▪ Increased monthly net profit over 15% via oversight and a continual focus on training and efficiency

Aug 2011 – Jul 2012 · 11 mos

• Retail sales, A/R management, logistics/deliveries, collections

Feb 2009 – Aug 2011 · 2 yrs 6 mos

• ▪ Provide food/beverage service to customers
• ▪ Promoted repeat business through excellent customer service
• ▪ Top level add-on sales in restaurant

Jun 2005 – Aug 2006 · 1 yr 2 mos