• Enhanced ISOps team processes through automation and tool development, resulting in a 100% increase in efficiency• Led a diverse team of threat intelligence analysts to deliver analytics-driven products and services• Developed bi-weekly report for members, featuring threat trends and insights gathered from members, government sources, and affiliates• At multiple summits and workshops, presented various cyber threat intelligence topics to members, foreign government agencies, and potential members• Implemented key performance indicators to assess the quality of intelligence products and services provided by analysts• Designed tailored use cases for FS-ISAC members based on their cybersecurity maturity and operational needs, shaping the roadmap for future services and products• Represented FS-ISAC in discussions with government agencies, CTI vendors, and private groups on cyber threat and intelligence matters

• Founded and managed the CTI Technical Team, creating SOPs and support services for security operations• Supported AIG's gCDC security teams with cyber threat intelligence, including Incident Response Team, threat assessments, and security architecture• Managed performance reviews, interviews, and the team's training and tool budget• Led technical aspects of RFP/POC projects for advanced Endpoint Detection and Response tools and security software• Presented intelligence briefings to C-level executives and gCDC team leaders

• Shared cyber threat intelligence with Internal SOC for employee and infrastructure protection• Prioritized remediation by supplying intelligence to the vulnerability management team• Investigated potential vulnerability disclosures for FireEye products beyond the corporate responsible disclosure program• Trained analysts in incident response, including digital forensics, memory analysis, and malware analysis• Developed incident response playbook and methodology for team-wide use

• Investigated disc images to find specific data related to an incident, including IOCs, malicious binaries and files. • Performed memory analysis on the RAM dump involved in an incident to provide incident timeline and any related malicious files • Performed static and dynamic malware analysis to provide indicators of compromise and additional context to the digital forensics report• Provided timeline analysis based on collected logs from the digital evidences • Collected evidence using forensically sound methods and transferring into a format that can be used for legal purposes

• Provide services such as memory, disc and malware analysis as part of the Incident Response Team • Investigate from disk images and memory to provide incident report/remediation recommendation• Conduct static and dynamic malware analysis to provide threat indicators• Use forensically sound method to collect data such as e-mails, documents, photos and other digital evidence from laptop/desktop and external media sources• Created unique processes for performing incident response utilizing jump boxes, remote memory analysis, and triage toolkits to hunt and gather for artifacts for different professional services environments• Conduct network-based forensics and incident response for V-SOC and professional services clients• Provide external network and web application penetration testing/vulnerability assessment for Professional Services clients• Develop content in SIEM platforms, including McAfee Enterprise Security Manager and ArcSight for V-SOC and Professional Services clients• Security architecture review and re-engineering to foster more accurate detection at all stages of the cyber kill chain• Policy review and troubleshooting for end point security platforms including (but not limited to) McAfee Network Security Monitor, Cisco Adaptive Security Appliance, ArcSight Connectors/Loggers/ESM, McAfee ESM, Sourcefire, FireEye, and RSA NetWitness/Security Analytics

• Design, develop and implement SIEM Content (With a focus on ArcSight) for the TSA other sub components• Analyze and tune data feed of ISS, Symantec AV, Sourcefire, Palo Alto and Cisco ASA to optimize performance• Evaluate new signatures for security applications such as ISS and Sourcefire• Test and evaluate SIEM platforms for implementation in the SOC environment• Malware analysis and out-of-band analysis on security incidents• Perform threat analysis/investigation based on information received via secure channels, which includes dynamic and static malware analysis to implement IOC on the SOC SIEM• Develop a VM-based malware lab and training process for senior and junior analysts 
 • Investigate security events and coordinate with other components for the remediation process• Create daily cyber threat reports for TSA CSIRT and government officials at DHS, Coast Guard, ICE, FAMS, Secure Flight and Border Patrol• Create training materials and support junior analysts, which includes investigation and remediation

• Perform detailed security monitoring, provide situational awareness, indications and warning for actionable information in a 24/7 SOC environment for the TSA• Perform event and packet analysis on WireShark and Sourcefire• Successfully respond and neutralize IT security incidents in an environment with over 
55,000 users• Research new malware/virus/threats, determine exposure and took preemptive remediation actions• Design, develop and implement SIEM content with a focus on ArcSight• Mitigate and clean up classified data spills and breaches under the TSA/DHS policy• Mentor and support new monitoring analysts on performing their daily duties