Distinguished Engineer
CurrentNetwork Security Observability - Pioneered the integration of 15TB/day network connectivity and security logs into a unified warehouse(Observe) for analytics, enhancing network, cyber, user and service-level monitoring capabilities. Developed correlations, dashboards and alerts using OPAL, surpassing prior frameworks such as Splunk, ELK, and Snowflake.Secure Access Service Edge (SASE) - Revealed a $20M user productivity impact during POC, outweighing savings for Broadcom SaaS SWG, CASB and DLP. Identified a DLP issue, and developed a testing capability to quantify risk. Recommendations for IPSec deployment and Azure IAM to reduce user impact and remove DLP risk as well as Crowdstrike mitigations.Engineering Lead for Agent Interoperability Task Force - Using security data and working with a cross organizational team across cyber and network, developed and implemented a holistic dashboard which resulted in meaningful useability improvements including a 90% reduction in AD account lockouts, a 60% reduction of NAC blocks, and a 30% reduction in VPN failures.DNS DDoS Defense - Detailed analysis of attacks over 3 years with Arkime, Zeek, Palo Alto and PCAPs of DDoS attacks, revealing deficiencies in vendor protection and providing assessment reports of attack vectors shared with other financial sector organizations. Drove the selection of a new DDoS provider along with new DNS architecture and led post-cutover analysis to resolve ongoing issues.VPN WFH Expansion - Capacity analysis and recommendations drove rapid scaling of F5 VPN services, tripling capacity to reliably support 100% remote work within two weeks of the beginning of the COVID-19 shutdown. Network and Cybersecurity Incident Response - Tier 4 network and cyber troubleshooting for the NOC/CSOC and architected and built network observability tools and runbooks, leveraging technologies such as Arkime, Wireshark, Splunk, ELK, Zeek, Observe, Snowflake, and Riverbed AppResponse.