Nov 2025 – Present · 7 mos · United States · Remote

• The KC7 Foundation, a volunteer-driven non-profit, makes the KC7 game a reality. We're on a mission to equip everyone with the skills to succeed in tomorrow's diverse cybersecurity workforce by creating fun, engaging, and accessible learning experiences.

Jul 2025 – Apr 2026 · 9 mos · Remote

• Foundation AI, a Cisco organization dedicated to creating open bleeding-edge AI technology to empower cybersecurity applications. Foundation AI is comprised of leading AI and security researchers and engineers, with a mission to solve problems and unlock a new era in cybersecurity.
• By their nature, the problems in this charter are some of the most difficult ones in AI today. To make the technology accessible, we decided that most of the work we do in Foundation AI should be open. Open innovation allows for compounding effects across the industry, and it plays a particularly important role in the cybersecurity domain.

Sep 2024 – Present · 1 yr 9 mos · Remote

• For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk. We provide experience-based security insights for Chief Information Security Officers and their teams.

May 2021 – Present · 5 yrs 1 mo · Baltimore, Maryland, United States · Remote

• Empowering individuals and communities to navigate and mitigate the risks of modern technology through innovative education and collaboration.
• We are dedicated to reducing technical harm by providing accessible resources, fostering a culture of shared learning, and developing novel approaches to address the evolving challenges of the digital world.
• Through community-driven initiatives, we strive to equip everyone with the knowledge and tools necessary to create safer, more resilient digital environments.

Feb 2020 – Jul 2025 · 5 yrs 5 mos

Jul 2019 – Jan 2020 · 6 mos

• First CISO in the history of US Presidential campaigns.
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program for a democratic POTUS campaign.
• Create information security culture through the establishment of security awareness training programs and exercises for all campaign personnel.
• Partner with all stakeholders to conduct regular technical audits to ensure compliance with established security policies.
• Lead campaign technology planning, purchasing, and hiring in an effort to ensure a scalable security program.

May 2017 – Dec 2020 · 3 yrs 7 mos · Washington DC-Baltimore Area

Jun 2015 – May 2017 · 1 yr 11 mos · Washington DC-Baltimore Area

• TOOOL DC Instructor

Oct 2015 – Nov 2018 · 3 yrs 1 mo · Washington DC-Baltimore Area

• Represent EOP within the Intelligence Community (IC), law enforcement community, Department of Homeland Security, National Security Council, and other agencies to develop and foster relationships; and to collaborate to ensure that the White House remains aware of national security threats, including cyber-attack tactics, techniques, and procedures, terrorist activity, and other strategic information and intelligence impacting national security
• Develop and distribute actionable intelligence derived from open source reporting and Intelligence Community to Presidential Information Technology Community members and partners for improving network security posture and protecting assets and infrastructure
• Develop official memorandum derived from open sources and Intelligence Community reporting to advise Director WHIT, Deputy Director WHIT, Special and Deputy Assistants to the President and Senior Staff on adversarial (nation-state, criminal, terrorist) activity, attack trends, and issues that may potentially impact national security
• Provide technical threat assessments and brief Principal delegation to include National Security Advisor on all OCONUS travel
• Provide guidance, classified and unclassified threat briefings to EOP staff as requested on threat intelligence related issues to include personal electronic device security
• Provide high level of analysis and trends on security data to discover communication pathways, content and scope and to identify significant activity and recommend actions to detect and mitigate threats
• Conduct training and mentor junior staff on cyber-threats, adversaries, and attack methodologies

Apr 2013 – Oct 2015 · 2 yrs 6 mos · Washington DC-Baltimore Area

• Develop technical and executive level reporting on advanced threats targeting Health and Human Services and newly identified security threats
• Produce, coordinate, and direct complex all-source finished intelligence products on current and emerging cyber threats that adhere to analytic tradecraft standards.
• Derive indicators from closed source reporting to enhance security posture of department
• Oversees the review and interpretation of vulnerability data and cyber information obtained by the Department in the routine conduct of its missions and facilitates distribution of that information to all stakeholders
• Lead coordinated Departmental effort to track advanced threat actors and malware families
• Coordinate with internal and external components to maximize information sharing
• Handle classified documents, works with classified computer systems, and ensures proper security requirements are met

Apr 2012 – Mar 2013 · 11 mos

• Cyber Analyst focused on Incident Handling and Threat Response, serving as Lead Operations Analyst and Senior Incident Handler for Defense Agency Incident Response Team.
• Discover, attribute, and identify state sponsored Cyber threats (Track, trend and use predictive analysis based off Targeting and past TTPs)
• Identify Tactics, Techniques, and Procedures of Advanced Persistent Threat (APT) to include infrastructure, tools, phishing emails and malware
• Submit incident reports to multiple government agencies and collaborate and share information with CDC partners
• Participate in Technical forums and exchanges regarding state sponsored actors
• Conduct basic malware analysis (dynamic) using tools such as CaptureBat, WireShark, Sysinternals and other dynamic analysis tools.

Jun 2011 – Mar 2012 · 9 mos · Food and Drug Administration

• Developed Standard Operating Procedures for SOC processes and policy implementations.
• Supervisory lead for the FDA Security Operations Center
• Responsible for the detection, analysis, and mitigation of all security incidents and events across the FDA infrastructure
• Assist the FDA Incident Response Team on personnel and computer security investigations
• Senior Engineer involved with the Continuous Monitoring implementation for the FDA.

Apr 2010 – Jun 2011 · 1 yr 2 mos

• Centers for Disease Control and Prevention; Implemented pilot program that has reduced incident response and mitigation time by over 75% for participating CDC Centers.
• Developed a common security policy and incident response procedure for the CDC Computer Security Incident Response Team and underlying CDC centers.
• Composed and distributed information security advisories, monthly incident summaries and Situational Awareness Reports for senior level CDC management.
• Installed and customized incident response and management software platform to improve departmental response and reporting capacity.
• Assist in the analysis and forensic investigation of malware and malicious code utilizing HBGary, CWSandbox, and EnCase

Sep 2009 – Apr 2010 · 7 mos

• Security Architect to the Department of Health and Human Services for the development of the Computer Security and Incident Response Center

Dec 2008 – Sep 2009 · 9 mos

• Participated in the architecture and technical planning of a federal CSIRC (Computer Security Incident Response Center) for the Department of Health and Human Services.
• Assisted law-enforcement agencies including OIG, FBI, US-Cert, and DHS with information security incident investigations involving the Department of Health and Human Services.
• Developed common security policies and procedures for multiple Operational Divisions within HHS including FDA, NIH, and IHS.
• Created security advisories and weekly incident and Situational Awareness Reports for department CISO, CIO, and incident response teams.
• Configured firewalls, IDS and forensic tools for HHS CSIRC.
• Reported incidents to US-CERT and conducted GAP analysis for NIST 800 series and FISMA compliance.
• Installed and customized the first HHS department-wide incident tracking and management system.

Jun 2007 – Oct 2008 · 1 yr 4 mos

• Coordinated the daily analysis, determination, and action of over 2 million security alerts and events from IDS/IPS appliances, Cisco PIX and Checkpoint firewalls and Cisco HIPS devices.
• Ensured the functionality of client security devices by monitoring SSH connectivity and availability.
• Updated Iptables firewall access control lists as necessary.
• Resolved client service and technical issues, escalated tickets, and addressed customer calls on a daily basis.
• Applied patches and updates to client security appliances on a regular basis to ensure protection from latest security exploits.
• Acted as technical security liaison for clients and vendors.

Jun 2003 – Jun 2007 · 4 yrs

• Provided hardware support including network and printer configuration, network interface card and hard drive installation, and PC imaging and staging for remote users.
• Resolved database issues including available and performance problems.
• Performed remote system administration for Medquist owned servers at client facilities.
• Ensured compliance with all HIPAA security and confidentiality policies as related to IT and systems.

Jun 2001 – Mar 2003 · 1 yr 9 mos

• Provided technical consultation and implementation planning for several Fortune 500 companies on short and long term projects.
• Assisted Price-Waterhouse-Coopers system engineers in datacenter migration effort during relocation of Philadelphia Data Center; Administered Microsoft Exchange, file & print servers and maintained IIS web servers for Inphomatch, LLC.
• Provided first-level support to Amazon.com's Seattle Network Operating Center facility to improve network uptime and performed tape librarian and backup duties.

Jan 2000 – Jun 2001 · 1 yr 5 mos

• Installed, configured and supported network monitoring tools including HP OpenView NNM/ITO, Concorde, NetIQ, SiteScope, CiscoWorks, and proprietary monitoring software developed by Novell.
• Provided second-level and top-level support for network performance issues.
• Administered network monitoring, MicroSoft Exchange and IDS servers
• Provided customer desktop support.
• Monitored and supported data center hardware to ensure web server uptime and availability.

Feb 1999 – Jan 2000 · 11 mos

• Performed server configuration using SUN Solaris 2.5.1 and 2.6.2, Unix server patch install and upgrades, NIS and NIS+, RAID disk configuration and administration using Veritas Volume Manager.
• Performed hardware troubleshooting and diagnosis on SUN Ultra Enterprise Series 3k/6k Servers, LAN/WAN interconnectivity using TCP/IP, DNS, and sendmail configuration and administration.; Monitored and supported the corporate worldwide network using HP OpenView and Concorde NetHealth
• Provided first-level and second-level helpdesk support to internal clients including mail and network account administration, customer desktop support, and the troubleshooting of network connectivity, operating system and hardware issues.

Nov 1994 – Nov 1998 · 4 yrs

• Resolved LAN connectivity and performance issues.
• Performed design and configuration duties including NT domain structure design, DHCP, DNS, RAS and WINS configuration, and network security layout planning.
• Acted as network administrator of JMCIS (Joint Maritime Command Information System), a secret class NT network providing radio messaging to over 500 global users.
• Performed administration duties and system upgrades for a Novell network of 400 Novell LAN accounts.
• Performed administration and maintenance duties for an HPUX Network including configuring workstations, establishing user accounts, installing/troubleshooting various software/hardware packages, performing operating system upgrades, and network security and database management for over 600 users.