Director of Information Security

• Jan 2022 - Present

Senior Information Security Analyst

• Oct 2019 - Jan 2022

• Global 24x7 SOC team lead and lead incident responder to ensure compliance to SLA's, adherence to processes, and continuous improvement of operational objectives.• Lead design and implementation of security response automation, threat hunting activities based on emerging, behaviors, IOCs or vulnerabilities, and in-depth analysis and triage of threat activity covering over 5,000 assets.• Engage with a global team of developers, engineers, and architects in the security requirements definition and risk assessment (including analysis of threats and risks and Architecture standards) for internal and public Cloud usage.• Guide and advise internal and external customers on a broad range of specific security controls and Information Security programs, policies, standards, and incidents.• Assist Security Architects with the development of repeatable architectural patterns working with internal and external customers in operational readiness reviews to ensure that systems are placed within the relevant security zones based on the data they house and their purpose.• Provide mentorship, leadership, and subject matter expertise to other team members to address advanced threats and/or security issues, including developing and executing on remediation, detection, and prevention. Show less

Information Security Analyst

• Mar 2017 - Oct 2019

• Provide analysis and trending of security log data from production systems around the globe.• Provide Incident Response support when analysis confirms actionable incident.• Provide threat and vulnerability analysis as well as security advisory services to the IT Operations team• Analyze and respond to newly identified security vulnerabilities within Windows/Linux environments• Investigate, document, and report on information security issues and emerging trends.• Analyze and review escalated cases until closure; including investigating and recommending appropriate corrective actions for data security incidents; and communicating with the appropriate staff responsible or taking corrective actions.• Assist in the assessment of technical security control implementation and validation of correct operation of monitoring tool set.• Verify systems and processes continue to comply with internal policies and standards to ensure compliance with SOX, ISO 27001, and PCI DSS.• Coordinate with the Internal/External Auditors, penetration testers and IT Operations teams to successfully complete periodic audits.• Review existing processes and identify opportunities for improvement. Show less

IT Security Administrator

• Dec 2015 - Mar 2017

• Assisted with the implementation and continuous monitoring of FISMA and NIST 800-53 controls across the entire Engineering Services contract at Kennedy Space Center totaling over 600 assets. • Supported all ESC Continuous Monitoring activities including Risk Assessment and Contingency Plan testing. • Scanned, assessed, and remediated vulnerabilities with McAfee Foundstone Vulnerability Scanner. • Reviewed Audit and Authentication logs for anomalies and potential risks. • Planned and coordinated the Patch Vulnerability Group (PVG) meeting activities (announcements, agenda, actions items, etc.). • Analyzed monthly vulnerability scan data, removed exceptions/false-positives, and produced weekly reports and charts for PVG meetings. • Performed monthly Plan of Action & Milestones (POA&M) updates and KATS actions with compliance status reports to senior leadership. Show less

Network Operations Center (NOC) Engineer

• Sep 2014 - Dec 2015

Responsible for providing a central source of support and administration for all servers, systems and of information technology resources on a 24x7 NOC team. Responsible for providing a central source of support and administration for all servers, systems and of information technology resources on a 24x7 NOC team.