Senior Analyst, Cyber Threat Intelligence (2021-2023) → Lead Analyst, Cyber Threat Intelligence (2023-Present)Hired as a member of the Security Operations Center responsible for maintaining the Cyber Threat Intelligence program.Responsible for executing cyber threat intelligence research to identify threat actor motivations, capabilities, and intentions. Train and counsels junior member of the SOC to guide SOC analysts to properly address security incidents. Gather and Interpret cyber threat intelligence data to establish and refine defensive controls and disseminate to other teams as appropriate. Execute forensic review of phishing incidents to determine source, impact to the company and initiate remediation actions such as possible site take downs. Create technical and executive reports that clearly communicate relevant threat intelligence. Research, analyze and understand multiple log sources, particularly security and networking devices (such as firewalls, routers, anti-virus products, and operating systems). Utilize SIEM technology for centralized logging and log correlation to identify security incidents.

Security Event Center Specialist (2014-2016) → Senior Security Event Center Specialist (2016-2019) → Senior Analyst, Cyber Threat Intelligence (2019-2021)Hired as a member of the Security Operations Center responsible for corporate incident response and security investigations. Currently responsible for building and maintaining threat hunting program.Responsible for supervising representatives of a managed service provider. Develop advanced queries and alerts to detect adversary actions. Hunt for and identify threat actor groups and new tactics based on their known techniques, tactics, procedures (TTPs), tools, and infrastructure. Conduct cyber threat intelligence research to identify threat actor motivations, capabilities, and intentions. Gather and Interpret cyber threat intelligence data to establish and refine defensive controls. Execute forensic review of phishing incidents to determine source, impact to the company and initiate remediation actions such as possible site take downs. Create technical and executive reports that clearly communicate the scope, impact, and recovery of security investigations. Research, analyze and understand multiple log sources, particularly security and networking devices (such as firewalls, routers, anti-virus products, and operating systems). Utilize SIEM technology for centralized logging and log correlation to identify security incidents. ✔ Developed and implemented Threat Hunting program, including documentation of metrics, defining hunts, and creation of executive reports.✔ Served as primary creator of the Security Event Center incident response process for Database Access Monitoring to meet SOX control and external audit finding in conjunction with Security Engineering. ✔ Authored Security Event Center Quarterly Metrics, which includes Key Risk Indicators (KRIs), Return on Investment (ROI) statements, and quarter to quarter incident comparison analysis.

Supported contract clients with full autonomy for strategic planning and tactical development of client IT solutions; directing IT staffing, budgeting, policies and procedures for company and client sites.Leadership Achievements✔ Acquired, implemented, and customized systems, software, networks and applications to meet broad client organizational requirements. ✔ Collaborated on financial and operational audits of technology assets to strengthen quality and security of clients it assets.Technical Achievements✔ Managed purchasing and installation of IT infrastructure during client construction projects.✔ Developed and implemented a multi-site help desk to improve client satisfaction and team efficiency.✔ Facilitated the installation of client VOIP system including multiple VLANs, and Servers to allow client to migrate from legacy system.✔ Designed and implemented network backbone at client site including wireless communications, switches, and routers to allow client to seamlessly transfer users into a new clinic.