Experience

Todyl

• United States
• Computer and Network Security
• 1 - 100 Employee

• Head of Detection Engineering

  • Jul 2021 - Present



Elastic

• United States
• Software Development
• 700 & Above Employee

• Senior Security Research Engineer

  • May 2020 - Jul 2021

  The Elastic Security Intelligence and Analytics team is responsible for delivering detection logic for the Elastic SIEM and Endpoint Security products, tracking emerging threats, and engaging the security community to share knowledge and capabilities. - Work as part of the Security Protections team at Elastic with other data engineers, data scientists, and security researchers - Develop precise detection logic in one or more expression languages, delivered asynchronously to Elastic… Show more The Elastic Security Intelligence and Analytics team is responsible for delivering detection logic for the Elastic SIEM and Endpoint Security products, tracking emerging threats, and engaging the security community to share knowledge and capabilities. - Work as part of the Security Protections team at Elastic with other data engineers, data scientists, and security researchers - Develop precise detection logic in one or more expression languages, delivered asynchronously to Elastic customers; examples include EQL, KQL, and YARA - Design and operate data systems that assist with threat discovery and emerging threat detection functions - Research and simulate adversaries to develop training data sets, detection logic, and materials used for learning and development - Analyze and maintain comprehension about the Elastic detection logic library - Actively engaging the security community through blogs, social media accounts, webinars, workshops, meetups, or speaking at conferences - Collaborate with security research engineers and data scientists to measure and improve security protections and ML models

• Security Research Engineer II

  • Oct 2019 - May 2020



Endgame

• United States
• Computer and Network Security
• 1 - 100 Employee

• Threat Researcher

  • Oct 2018 - Oct 2019

  As a Threat Researcher, collaborated with a powerhouse team of data scientists, reverse engineers, adversary experts, incident response analysts, and hunt operators to develop industry-leading signatureless detection capabilities. Core activities included: - Locating, packaging, and delivering collections of malware samples, scripts, and supporting materials - Developing behavior-based analytics based on emerging threats and adversary activities - Delivering global artifacts to… Show more As a Threat Researcher, collaborated with a powerhouse team of data scientists, reverse engineers, adversary experts, incident response analysts, and hunt operators to develop industry-leading signatureless detection capabilities. Core activities included: - Locating, packaging, and delivering collections of malware samples, scripts, and supporting materials - Developing behavior-based analytics based on emerging threats and adversary activities - Delivering global artifacts to customers - Monitoring customer environments for FP and TP activity - Alert triage and host analysis of vulnerabilities and attacks - Identifying and resolving non-critical alerts following proper remediation protocols - Conducting root cause analysis of false positive alerts while working with customers to make production changes that reduce FP occurrences - Generating reports on threats and associated actionable activities needed to protect environments Notable Achievements: - Created an auto remediation bot that won first place in Endgame’s 2019 Hack Week Show less



M&T Bank

• United States
• Financial Services
• 700 & Above Employee

• Advanced Threat Analyst II

  • Oct 2017 - Oct 2018

  Monitoring and proactively searching for cyber security events working as a member of the Advanced Threat Hunting team. Also, provide advanced-level support services and upkeep of core security products and platforms while working closely with infrastructure support teams and engineering staff. - Characterize and analyze advanced threat data to identify anomalous activity and potential threats to network resources. - Responsible for supporting functions, systems, and processes… Show more Monitoring and proactively searching for cyber security events working as a member of the Advanced Threat Hunting team. Also, provide advanced-level support services and upkeep of core security products and platforms while working closely with infrastructure support teams and engineering staff. - Characterize and analyze advanced threat data to identify anomalous activity and potential threats to network resources. - Responsible for supporting functions, systems, and processes critical to the corporation's ability to identify, investigate, minimize, and defend against advanced threats. - Provide technical assistance on digital evidence matters to appropriate personnel. - Provide technical documents, incident reports, and findings from computer examinations, summaries, and other situational awareness information to higher headquarters. - Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. - Validate intrusion prevention system (IPS) alerts against network traffic using packet analysis tools. - Correlate incident data and perform cyber defense reporting. - Analyze and report organizational security posture trends.

• Cybersecurity Operations Center Analyst

  • Jun 2016 - Oct 2017

  24/7 monitoring of cyber security events and incident control working as a member of a Security Operation Center (SOC) team. Also, provide advanced-level support services and upkeep of core security products and platforms while working closely with infrastructure support teams and engineering staff. • Security Information Management. • Network Security Monitoring and Platform Management. • Network and Host-based Security Control Management. • Perimeter Protection… Show more 24/7 monitoring of cyber security events and incident control working as a member of a Security Operation Center (SOC) team. Also, provide advanced-level support services and upkeep of core security products and platforms while working closely with infrastructure support teams and engineering staff. • Security Information Management. • Network Security Monitoring and Platform Management. • Network and Host-based Security Control Management. • Perimeter Protection Management. • Advanced Security Threat Monitoring and Analysis. • Advanced Experience in Troubleshooting Network Security Events.



South Moon Under

• United States
• Retail
• 100 - 200 Employee

• Network Security Administrator

  • Jan 2011 - Jun 2016

  Berlin Maryland Configure, install, administer and protect network infrastructure and telecommunication systems that support 25 retail store locations as well as the corporate office with a staff of 150 personnel. SECURITY: • Assisted in the implementation of network security policies and procedures. • Administered and maintained firewalls. • Managed, monitored, and updated malware prevention systems. • Ensure necessary network security updates, patches, and preventive measures were in… Show more Configure, install, administer and protect network infrastructure and telecommunication systems that support 25 retail store locations as well as the corporate office with a staff of 150 personnel. SECURITY: • Assisted in the implementation of network security policies and procedures. • Administered and maintained firewalls. • Managed, monitored, and updated malware prevention systems. • Ensure necessary network security updates, patches, and preventive measures were in place. • Prevented and detected intrusions. • Performed intrusion detection analysis. • Managed web proxy appliances. NETWORK ADMINISTRATION: • Configured, troubleshot, upgraded, and set-up retail store locations. • Identified network connectivity issues, implementing solutions for minimal downtime. • Designed, installed, tested, and troubleshot LANs, WANs, Internet and Intranet systems. • Programmed firewalls and phone systems for both corporate and retail store locations. • Provided technical support for all retail store locations and the corporate office. • Managed the set-up and on-going support of point-of-sale systems for all retail stores. • Coordinated, planned and executed the implementation of VoIP phone system leading to significant savings. • Handled the upgrade and migration of all computer applications and operating systems. • Oversaw the implementation of SharePoint 2007 for the company’s intranet. Show less



Perdue Farms

• United States
• Food and Beverage Manufacturing
• 700 & Above Employee

• Computer Operator - Surveillance Specialist

  • 2009 - 2011

  Salisbury Maryland Provided PC and help desk assistance by executing technical troubleshooting and support tasks. - Monitored and operated the mainframe and server computers; conducted troubleshooting to identify any bugs or issues and implemented appropriate resolutions to ensure optimized operation. - Responded to all technical issues, including error conditions, backup tape rotation and network problems.