Feb 2024 – Jul 2024 · 5 mos · Atlanta, Georgia, United States

Apr 2022 – Nov 2023 · 1 yr 7 mos

• Reported to the Director of Cybersecurity Advising with responsibilities including technical account management, incident management, and customer onboarding.
• + Provided hands-on support for onboarding of multiple customers
• Performed technical setups for Azure, Sentinel, and Defender
• Advised customers on service options and best practices.
• Configured users, roles, groups and access packages in Azure for customers.
• Liaised to internal teams responsible for deploying rules and detections to Sentinel.
• Collaborated with project managers to ensure all deadlines were met.
• + Researched customer environments to recommend Microsoft Security Score improvements and Exposure Score reductions including audit reviews of Attack Surface Reduction rules.
• + Investigated cybersecurity incidents in Microsoft Defender 365 that were escalated from the SOC.
• + Debriefed customers on Threat Intelligence advisories and Patch Tuesday.
• + Wrote monthly action reports of SOC performance and presented them to customers on a monthly basis.
• Impacted by a ~25% reduction in force.

Sep 2019 – Present · 6 yrs 9 mos · Cumming, Georgia, United States · Remote

• Projects have included writing first and second edition of Jump-start Your SOC Analyst Career (Apress), first and second edition of the associated online course SOC Analyst NOW! with over 25k students, the production of Cloud Security NOW! online course, Flipper Zero online course, ATT&CK NOW! online course, REST NOW! online course, monthly SOC Analyst Job Search report and online shop.

May 2019 – Jul 2021 · 2 yrs 2 mos

• Reported to the Director of Information Security Engineering with responsibilities for security automation and SIEM administration within a Scrum environment.
• + Defined use case requirements for automation with the SOC.
• + Developed SOC playbooks to reduce labor costs, audited SOC processes, and contributed to documentation to cover gaps.
• + Wrote Python applications to enhance the automation capabilities of Splunk Phantom.
• + Evaluated SIEM products and conducted full-scope POC testing.
• + Performed configurations for EDR, CASB, firewall, and various cloud monitoring and alerts tooling.

Feb 2017 – May 2019 · 2 yrs 3 mos

• Led a 25+ member mixed onshore/offshore security team that included contractors as direct reports and FTEs as indirects. Conducted event detection, incident triage/handling, and remediation. Oversaw high impact incidents and effectively communicated recommendations and status to internal and external stakeholders.
• + Developed and delivered weekly briefings to management and the CISO that included reports, dashboards, and performance metrics. Owned the metrics program for the organization.
• + Drove operationalization of an immature LogRhythm SIEM implementation in a proof-of-concept state with a team of 20 and $6M CapEx deployment budget.
• + Added new Security Automation and Orchestration (SAO) features to improve SOC’s MTTR, including a Python script to scrape threat indicators from websites and compile the data into an Excel sheet.
• + Trained and managed an MSSP contractor team, designed MSSP processes for integration with internal stakeholders, and transitioned team to a 24/5 in-house SOC.
• + Wrote all process documents for the SOC and MSSP including a rules dictionary, a severity matrix for security alerts, general incident handling playbooks, and LogRhythm rules dictionary and runbooks.
• + Upgraded, patched, ingested log sources, and maintained the SIEM infrastructure.

Aug 2016 – Feb 2017 · 6 mos

• Lead on a Global SOC team headquartered in Alpharetta responsible for securing the internal IT environment and assets of over 250K EY employees.
• + Managed security event escalations for security analysts, facilitated shift handover meetings, and provided leadership to two SOC locations in the US and India.
• + Wrote and published playbooks via wiki to provide guidelines for SIEM security alert and response.
• + Gathered and analyzed performance metrics for inclusion in reports to leadership.
• + Mentored the 12+ member US team and fostered an environment to ensure all team members felt valued.

Aug 2015 – Aug 2016 · 1 yr

• Contributed to SIEM monitoring and response as a member of the Security Operations organization.
• + Built a forensics capability for Earthlink using open-source tools designed for use as a Level 1 forensics response that enabled closure of incidents without the need for full investigations.
• + Conducted vulnerability scans to identify IT asset vulnerabilities.

Dec 2013 – Mar 2015 · 1 yr 3 mos

• Member of the Security Operations Center firewall team responsible for managing the various firewall platforms (Cisco, Juniper, CheckPoint) of Dell clients.
• + Created access lists, configured routes, set up NATs, managed VPNs, and troubleshot issues.
• + Assisted IDS team in configuration and management of devices (FireEye, Sourcefire, Carbon Black).