Technical Director of Hunt & Content Development

• Feb 2021 - Present

Sr. Threat Hunter/Content Engineer

• Oct 2020 - Feb 2021

Cyber Incident Response

• Apr 2020 - Oct 2020

Global Incident Management

• Apr 2019 - Apr 2020

Information Security Consultant

• Jan 2015 - Apr 2019

• Led EDR product selection including evaluations, comparisons, proposals, justifications, and coordinated product deployment. • Managed the EDR platform covering rule creation and deduplication, creation of a custom rule company feed, integrations with threat intelligence platforms, and ingress filtering. • Established the foundation for the Intrusion Hunting program. Developed missions to identify previously undetected intrusions, while also identifying and filling gaps in visibility, detection, alerting, and prevention with creation of new rules and/or recommendations for configuration changes. • Implemented Python-based automation to simplify analyst triage through enrichment of alerts with indicator and attribute lookups via API calls. • Implemented Python-based chat bot modules to support analyst investigations, information collection, and data manipulation. • Supported SOC analysts by responding to alerts, including analysis, containment, remediation, and recovery, and acted as the final SOC escalation point, including rotational 24/7/365 on-call. • Developed alert response procedures for automation and escalation to ensure SOC triage, analysis, containment, and remediation actions were simplified and standardized. • Developed and deployed User Entity Behavior Analytic logic using a tiered risk-based approach where policy violations support threat categories which support threat models. • Evaluated and implemented new EDR and SIEM alerting logic. Supported log correlation, normalization, and parsing to ensure alerts were actionable, concise, and not duplicated across multiple platforms. • Sandboxed malware to evaluate tool visibility, detection, prevention, and alerting coverage. • Developed the Endpoint Security Strategy for the company covering products, gaps, and solution recommendations over the next few years. Show less

Cyber Security Specialist

• Dec 2011 - Jan 2015

• Plank holder of the Incident Response team.• Performed live and dead box forensics including memory, file, registry and event log analysis of devices exhibiting malicious behavior.• Developed host-based monitoring rules to detect malicious software and evidence of lateral movement.• Managed, engineered and implemented rules (Yara, Regex, etc.) for network-based deep packet inspection sensors as well as email sensors.• Well versed in APT Tactics, Techniques, and Procedures (TTPs).• Utilized the SIEM to research malicious activity as well as perform analysis to identify suspicious activity.• Digested and evaluated third party intelligence for applicability and risk to the corporation.• Executed malware in a dynamic virtual environment to determine malicious characteristics to fine-tune monitoring and scanning tools.• Explored new methods of malware detection and protection to increase the security posture of the company, predominantly utilizing the company’s existing tool set.• Provided rotational 24/7 on-call support. Show less

Lead Computer Forensic Investigator

• Sep 2009 - Dec 2011

• Performed E-Discovery data collections, filters and provisions from individual and enterprise-wide data sources including personal computers, email and network shares.• Lead a collection effort for a $3.2 billion litigation matter involving over 330 custodians.• Conducted ~80 investigations per year on a global scale. Investigative topics included Improper Use of Company Assets, Intellectual Property Theft and Externally Driven Matters.

Consultant

• Feb 2009 - Sep 2009

• Assisted forensic investigations and E-Discovery tasks including collections and analysis • Designed, validated and maintained the conversion of paper-based trials into dynamic forms with InfoPath 2007 and supported integration with InfoPath Forms Services and SharePoint Server 2007 • Lead the implementation of a HP Blade PC and Thin Client Pilot and assisted on other implementations, including configuration of Active Directory, DHCP, DNS, Folder Redirection and Roaming Profiles, as well as the utilization of Altiris Deployment Solution and a variety of other proprietary technologies • Performed detailed financial analysis of domestic MPLS usage/rates and international telecom spend invoices for consolidation and rate reduction opportunities Show less

Associate Consultant

• Jul 2007 - Feb 2009

Computer Lab Assistant

• Sep 2003 - May 2007

Maintained computer labs across campus Maintained computer labs across campus