•Assess potential threat impact, work with control teams to adjust as needed, and assess, and evaluate vulnerabilities through automated scanning. •Evaluate the design and efficiency of common controls based upon industry best practice models (e.g. COBIT, ITIL, ISO, NIST) per compliance requirements.•Perform testing activities to help measure and supervise compliance with company policies and procedures. •Provide in-depth analysis of vulnerabilities and impacts to key stakeholders. •Review evidence to determine compliance with NERC CIP Cyber Security Standards, supporting Reliability Audit Standard Worksheet (RSAW) development, and identifying internal controls that support ongoing compliance.•Support work streams that enable the assessment, development, and enhancement of business strategies, operating plans, business processes, organizational structures, and supporting infrastructure.•Apply technical competencies “on the ground” with SCE stakeholders. Communicating solutions and new strategies through reports and presentations.•Perform data collection, intelligence analysis, and statistical & risk analyses in support of project objectives.

•Apply Internal Compliance Program and Risk Management framework knowledge to support the design of deliverables, applying technical competencies “on the ground” and interfacing with compliance program staff, subject matter experts, and senior leaders•Facilitate meetings and working sessions with stakeholders, project leadership, and project teams to understand the IT needs, business requirements, and systems.•Assess NERC Compliance with a focus on CIP Standards, but also broadly including O&P knowledge and auditing capabilities.•Analyzed Regional Electric Compliance Standards Under Development ­ primarily for standards relating to System Protection of the Bulk Electric System.•Performed functional and technical gap analyses between the current and to ­be states for internal processes and systems.•Prepared NERC/WECC documents and evidence for internal audits and the 2021 NERC/WECC Compliance Audit.•Collaboratively works with the entities to develop and review processes, workflows, and evidence required to meet CIP Security Controls developed and implemented by the SDG&E departments.•Assist in audit preparation by facilitating and coordinating audit activities, conducting mock audits, coaching employees on audit and interview techniques, •Actively participated in all phases of WECC audit (including planning, fieldwork, and reporting) across multiple business lines.

•Communicate solutions and new strategies to SDG&E stakeholders through reports and presentations.•Perform audit preparation, strategic program design, tactical program improvements, data collection, and risk analyses in support of project objectives.•Provide detailed fact-finding, research, and analysis to further support delivery.•Facilitate compliance processes to assure regulatory compliance with applicable CIP standards and function as team members for internal and external audit preparation.•Assists in developing and organizing procedures, policies, standards, and other documents required to meet NERC CIP Critical Infrastructure Protection requirements.•Establish and maintain security for critical substation assets, collaborating with compliance and engineering staff to identify, document, remediate, and/or enhance system security, potential risks, vulnerabilities, system accounts, authentication systems, and other cyber security components.•Design, implement, and advise on IT NERC-­CIP compliance solutions related to security patch management, cyber asset baseline management, vulnerability assessment, and security control validation.

•Conduct, support, or assist in client reviews, internal corporate evaluations, or assessments of the overall effectiveness of the Information Security programs. •Supervise subordinate security professionals, performing activities such as hiring, training, assigning work, evaluating performance, or disciplining.•Prepare reports or make presentations on internal investigations, losses, or violations of regulations, policies, and procedures.•Procured equipment, hired personnel, and wrote standard operating procedures and work instructions.•Managed daily security lab operations, testing and verifying use cases, addressing customer concerns, and monitoring lab testing inventory, production, and quality control.•Developed, designed, and conducted one or more small or moderately complex research projects or experiments in line with the lab's research plan, reviewing progress and evaluating results.•Establish capabilities that make the organization as a whole more responsive and efficient so that it has a competitive advantage.•Managed projects of small or moderate size and scope; contributing to determining the feasibility of goals and objectives; assuring quality, cost-effectiveness, and timeliness of assigned projects.•Learn information necessary to support quick changes in strategic and tactical direction while avoiding obstacles and pitfalls.

•Led and oversaw Security Analysts across SOC operations (San Diego, Barcelona & Singapore), maturing and growing Security Operation Center (SOC) operations, creating and defining appropriate processes/procedures used for Security Analysts Training Program.•Managed projects of small or moderate size and scope; contributing to determining the feasibility of goals and objectives; assuring quality, cost-effectiveness, and timeliness of assigned projects.•Approved and validated various security-related incidents (Misconfiguration and/or HIPPA violations) or policy compliance violations, employing SOC teams for engagement and proper resolution. (NIST SP 800-92)•Coordinated efforts with Internal Recruiting teams, assessing Employment Candidates’ technical Aptitude and Attitude, providing feedback to determine appropriate culture fit and capabilities align with company core values.

•Analyze and engage incoming security events and alerts, leveraging SIEM security platforms (HPE ArcSight, Splunk) to analyze security logs for Enterprise applications and Firewalls, utilizing Open Source Intelligence (OSINT) tools to validate security incidents and/or false positive events.•On a 24x7 basis, conduct real-time analysis of Information Assurance-Computer Network Defense (IA-CND) data from appropriate situational awareness and management tools.•Maintain IA-CND sensor grid situational awareness from Tier 0 to Tier 2; report and respond to sensor grid outages and/or anomalies; direct network surveillance resources.•Perform information gathering from appropriate OSINT tools and databases.•Track and report performance and capability metrics.•Provide event categorization by analyzing the incoming data flow from security devices and searching data for indications of anomalous events.•Lead/conduct theater collaboration for IA-CND planning and operations including, but not limited to email, chat, ticketing, and collaboration session communications.

•Performed and/or led IT technology assessments and planning documentation to promote industry best practices for our client's network and business needs.•Develop and implement the technical architecture and physical design of the network: analyze existing servers, switches, networks and recommend solutions.•Provide proposal, (SOW) Statement of Work and (RFPs) Request for Proposal technical writing•Participate in various IT projects intended to continually improve/upgrade converged network solutions•Provided computer consulting, network trouble-shooting and other outsourced IT consulting services and support for businesses.•Leverage existing data networks to deliver a consistent end-user experience by implementing Quality of Service (QoS) mechanisms to provide redundancy and resiliency with no interruptions in service.•Designed Cisco Enterprise Networking solutions for SMB enterprises across Campus Area Network (CAN) for over 10+ projects.•Implement and design Internal/External routing protocols (Internal: RIP, EIGRP, and OSPF. External: BGP) for Access, Distributed, and Core layers.•Evaluated clients' business goals, IT environment, and immediate needs to recommend the most efficient and cost-effective support models.

•Planned, organized, and supervised preparation and execution of unit movement and operations with multinational, military, and commercial agencies.•Operated various Geographic Information Systems (GIS) to gather, assess input, and coordinate information.•Coordinated and collaborated with other departments to implement wide-scale training efforts•Interconnected DoD systems, including the implementation and/or maintenance (USMC C4 IA Enterprise Directive on Certification and Accreditation) of Linux systems•Allocate human and financial resources in a way that maximizes the economic return.•Interconnected DoD systems, including the implementation and/or maintenance (USMC C4 IA Enterprise Directive on Certification and Accreditation) of Linux systems, providing system-level patches and/or kernel updates in support of day-to-day military operations.

•Execute incident management for multiple products and services to operators, developers, and service providers.•Interface with cross-functional teams within Qualcomm Business units including Engineering, Operations, Account, and Project Management.•Perform analysis of complex issues and provide detailed summaries and resolutions.•Create and update technical information (FAQs, Technical Notes, etc.) to support common support questions and problems.•Provide responsive and accurate information to all customers, logging customer issues, adhering to •Service Level Agreements, and creating and maintaining solutions within Knowledge Base.