● LogRhythm SIEM Administration and Analytics– Provided regular consultation to customers from a widevariety of industries to support LogRhythm SIEM operational management. Areas of consultation included UseCase/Module management, False Positive AIE Rule Tuning, Log Source Gap Analysis, Onboarding of log sources,Reporting and Dashboard creation, Event Tuning, Smart Response implementation, Custom AIE Rule creation,Threat Hunting, Case Management and Administrative Tasks● Documentation and Knowledge Transfer – Created and maintained individual documentation of SIEMactions, changes, AIE rule management, and helped define security requirements to satisfy log source needs asapplied to AIE. Documentation included knowledge transfer and custom documents for administrative tasks.● Environmental Work – Provided health checks, Global Log Processing Rules, Risk Based Priority enablement,and tuning of AI Engine performance.● Product Coaching – Developed a Case Management with Smart Response and Playbooks lesson for coachingcustomers with best practices.● Event Tuning – Managed event flow and creation, reviewed log sources for required use cases, includingWindows Event logs, Windows Auditing, Powershell/Command line audits, and MS Sysmon implementation.

SIEM administration and management – Managed an existing instance of the SIEM and began an assessment of current deployment for improvement. This included Active Directory synchronization, AIE/alarm evaluation and tuning, GLPR tuning, completing upgrade to version 7.8, log source review and maintenance, and log event analysis which was used successfully reduced the log intake traffic at peak collection times.SIEM Alarm Response – Reduced backlog of case reviews to a manageable amount. Created tags and playbook documentation for case reiew and remediation. Worked with MSSP relationship.Vulnerability Solution Administration – Took control of the vulnerability solution when assistance was needed. Re-organized the asset groups to a coherent order for reporting. Created new and updated dashboards, reporting, and remediation projects. Determined scan engines had expired credentials and remediated. Reviewed exclusions and assisted in removing unnecessary exception scopes.DLP Solution Administration - Took lead on DLP management when assistance was needed. Security Operations – Lead or assisted in incident response, endpoint security maintenance, Hi-Trust reviews, security analysis for change controls or exclusion requests.Provided Technical support for Security Solutions: LogRhythm, Forcepoint DLP, Rapid7 Nexpose and InsightVM, Cisco AMP

SIEM administration and management – Developed SIEM solution and log collection of security controls, network infrastructure, and compliance. Designed the alerting and reporting for incident response as well as maintained agents, collectors and updates. Managed the relationship with MSSP and was responsible for the SIEM management hand-off. This included re-designing log collector architecture and log delivery method.DLP policy – Implemented DLP policy for SSN and CCN for maintaining compliance. This included building the reporting and collaboration with Governance and Risk team.Endpoint/AV protection program – Implemented endpoint solution while also building the whitelist/blacklist rules and policies. Built the environment architecture for reporting, updating, and incident response for endpoint group.Vulnerability administration – Designed and managed the site and asset groups for scanning and reporting. Collaborated with all stakeholders involved in the patch cycle program. Maintained current threat knowledgebase and ensured zero-day or current ‘in the wild’ vulnerability risks were remediated. Password and PAM management solution – Took control of our existing password vault and implemented password rotation, password check in/out, and privileged access account management.Email Security – Managed the implementation and structure of email security solution for threats such as malicious URLs, malware and impersonation attacks. Security Operations – Conducted response incidents caused by malicious activity, providing senior level metrics, audit reporting with Governance and Risk team. Supported firewall rule maintenance, two-factor authentication management and on-call supportTechnical lead for Security solutions: LogRhythm, Forcepoint, Rapid7 Nexpose and InsightVM, Thycotic Secret Server, SentinelOne, DarkTrace, Mimecast

Security Tools Engineering & Incident Response - Evaluated, deployed and maintain Security tools as solutions owner for the Security Operations team. Including vulnerability management and scanning, WAP. Conducted security response incidents caused by malicious activity and incident response planning exercisesAccess Controls & Account Management - Reviewed and maintained access and provisioning IT General Controls. Managed lifecycle for a variety of systems including Active Directory, Payment Systems, SAP, and other security-maintained accounts.Security Awareness - Developed Information Security and phishing awareness campaigns. Security Solutions: Anti-malware (Etrust, Sophos), Arcsight, AirDefense, Enterprise Reporting, PowerKeeper, QRadar, Active Directory