Cyber Threat Hunter

• Sep 2022 - Present

SOC Analyst

• Apr 2022 - May 2022

Researches current relevant threats based on all-source intelligence and identify potential weaknesses to systems. Performs analysis on data received from DataDog to identify potential and existing threat vectors. Create Dashboards and Hunts based on known IOCs and behavioral indicators. Conducted Threat research into threats against Financial sector. Utilize Siemplify for automation writing connectors in Python. Researches current relevant threats based on all-source intelligence and identify potential weaknesses to systems. Performs analysis on data received from DataDog to identify potential and existing threat vectors. Create Dashboards and Hunts based on known IOCs and behavioral indicators. Conducted Threat research into threats against Financial sector. Utilize Siemplify for automation writing connectors in Python.

Threat Hunter

• Jan 2021 - Apr 2022

Researches current relevant threats based on all-source intelligence and identify potential weaknesses to mission systems. Performs analysis on data received from numerous sensors and SIEMs to identify potential and existing threat vectors. Conduct Threat Intelligence research, author reports for SOC team to create more effective Hunts. Leads Security Operations Communications Team, coordinates monthly meetings for over a 100 client and a Monthly Webinar. Authored policy, process and training materials to create a relevant documentation framework for team use. Conducted malware analysis in anyrun. Create Dashboards and Custom Hunts based on known IOCs and behavioral indicators. Utilizes Splunk, Humio, SentinelOne, CrowdStrike Falcon, Endgame, and WireShark to monitor network traffic for indicators of compromise. Show less

Senior Cyber Analyst

• Feb 2019 - Jan 2021

Provides Threat Intelligence Analysis and Defensive Cyber Operations for 3 government key cyber terrains. Researches current relevant threats based on all-source intelligence and identify potential weaknesses to mission systems. Works with government and industry intelligence groups to identify State-Sponsored threats/ APTs. Provides written reports and oral briefings to senior leadership detailing threat identification, mitigation and assessments on current mission cyber posture. Performs analysis on data received from numerous sensors and SIEMs to identify potential and existing threat vectors. Authored policy, process and training materials to create a relevant documentation framework for team use. Utilizes Splunk and Endgame to monitor network traffic for indicators of compromise. Show less

Active Adversarial Pursuit Operations Lead

• Jan 2015 - Nov 2018

Lead member of Cyber Operations Team conducting remote security assessments and active adversarial pursuit (HUNT) operations for commercial and government clients. • Lead operations for a Fortune 500 company, leading to the streamlining of Active Directory structure and improved security • Conduct HUNTing operations in support of multiple clients • Conduct remote incident response in support of clients • Provided clients with procedures to secure networks against potential internal and external threats • Conduct software evaluation for development department to ensure product integrity Show less

CND Analyst

• Jun 2008 - Jan 2015

Cyber Protection Team, Discovery and Counter Infiltration Lead - Led and trained a six man team in all aspects of Computer Network Defense(CND) techniques used by the Defense Information Systems Agency. Implemented and recommended IA Security best practices. • Managed the entire Cyber Protection Team(CPT) consisting of 34 members through the qualification and certifications process. Ensured that all acquisition of equipment, training requirements, and capstone events where completed. • Primary trainer for six mission related Job Qualification Requirement(JQR) across five CPT elements. Trained 34 members of roles and responsibilities of newly defined work-roles • Recognized Cyber Expert, sought out by leadership and peers for technical expertise, provided critical information in the identifying tools and techniques that stand as the foundation for six future CPT’s. • Work closely with staffs from four organizations to ensure that the team would be able to conduct missions and have the necessary tools to be an effective CND unit. Lead Computer Network Defense Analyst Led and trained a 14 man team in the planning and execution of over 1000 CND operations, securing seven different Department of Defense Information Networks by identifying Advanced Persistent Threats and the presence of unauthorized software through the performance of vulnerability scanning. • Led employees across two mission areas in the planning and execution of over 100 operations, enabling the mitigation of vulnerabilities, a greater security posture, and a decrease in adversarial presence. • Conducted network monitoring/intrusion detection across eight geographically separate subnets during times of heightened security posture. • Led two remote vulnerability assessments utilizing the most current scanning tools, identified and reported on multiple vulnerabilities and practices dangerous to security. • Operated in both Windows and Unix environments. Show less

Security Manager

• Jul 1995 - Mar 2008