Residency Consultant at Marathon Petroleum Company. Accepted Full Time role with Marathon Petroleum Company

· Evaluated, deployed, and maintained the EDR Solution, Sentinel One, via Chef, Terraform, and Jamf to Company's workstations and servers to ensure 100% coverage of the Company's assets.· Created and collaborated with the Information Security Team on multiple policies which include: Information Security Policy, Acceptable Use Policy, Recovery Policy, Incident Response Policy, Data Protection Policy, Password Management Policy, and Access Control Policy.· Worked frequently with developers and their teams to address over 100 Security Advisories found in Company's private GitHub repository.· Responded and triaged security events and potential breaches using Sentinel One, Google Security Center, and self-reports from Users.· Utilized and audited Google Admin Console's User and Groups to ensure proper tailored IAM standards were being administered throughout the Company.· Owner of the Mimecast Phishing module and created unique phishing templates to maximize the effectiveness of Company's Security Awareness Program.· Received Penetration Test reports and implemented the remediations discovered by Third Parties using a Risk-based approach.· Evaluated Subsidiaries' Network Architecture and recommended architectural upgrades for hardware and software that was EOS.· On-site walkthrough evaluation of Company’s current physical security status and recommended preventive and deterrent security controls to ensure only authorized personnel could access Company Assets.· Attended Industry Conferences such as Blackhat 2022 and Defcon 2022 to keep up to date on the latest industry trends and topics.

· Gathered and ensured all-encompassing inventory of Converge Enterprise Cloud network, server and other assets according to CIS18 framework for an internal security project.· Reviewed and signed multiple reports from our third-party Security Operations Center detailing benign events for internal systems.· Configured policy for the Converge Enterprise Cloud and Converge Corporate workstations and servers in our EDR platform and other security platforms to ensure maximum efficiency is achieved when triaging alerts.· Responded to multi-level threats, incidents and security events, which includes post-mortem analysis and playbook creation.· Performed vulnerability scans using proprietary applications on subsidiary companies to ensure compliance standards are met.· Reviewed Change Control request as they pertained to the Security Team and consulted with Internal IT to ensure that visibility and collaboration was happening.· Kept up to date with the latest news and TTPs that malicious actors use by using multiple news outlets.

• Successful multi-month iterative migration of legacy Symphony Office 365 data into SYKES tenant with minimum disruptions to our user’s day-to-day work without risking data loss in the process.• Monitored and investigated Azure IAM and AC system for any potential threats or false positives for traveling users in multiple geographies.• Efficient administration of the Azure DevOps platform by maintaining company security policies and performing RBAC techniques to ensure proper use of the platform and to keep financials within defined budgets.• Performed change management procedures and root cause analysis on user laptops as the sole analyst and first point-of-contact in the AMER region to resolve any hardware, software, or network issues within defined SLA times in the Jira IT Service Desk.• Organized, regularly maintained, and properly logged all IT controlled assets in America within our inventory management system: Snipe-IT and our in our internal Confluence page for maximum visibility between the geographies. • Winner of the “Most Innovative” for “RPA as a Service” in company-wide hackathon as an on-going research project for future client-side use.

• Assisted in identifying viable processes using ADONIS in client organization and establishing then within our Process and Solution Design Documents• Created with another associate a project training practice and utilizing the NICE RDA Tool• Supported commercial design of a NICE Starter Pack for out-of-the-box templated solutions for clients• Assisted with the creation of Best Practices for the two RPA tools: NICE and Pega• Presented to company an IT Security Awareness presentation to cultivate a sense of urgency around the topic of Information Security and its importance• Presented to leadership within Symphony a presentation on Infrastructure as Code and proposal to create an official DevOps practice• Followed procedural setup of laptops for onboarding new employees

Our group consisted of PhD, Masters, and undergraduate students during this research project. The goal of the project was to create an IoT ecosystem with multiple different types of devices that hail from different parts of either the public or private sector, then we were to assess the security flaws of the MQTT Protocol and demonstrate multiple different types of attack vectors on the network. Next, we were going to secure the network by using block chain technology in order to make sure that the network was secure. My specific portion of the project was the ethical penetration testing of the network. MQTT is a weak-security protocol that essentially allows any person to access the publisher and subscribe to it, once the packets are found. The Open-Source tool, Wireshark, is perfect for this task. I used Wireshark to pick up the messages between the device and the broker going over the network and analyse them in order to discover where the messages were coming from and where they were going. Once achieved, I was then able to make a client-side script in Python and send faulty messages to the broker in order to mess up the data analytics side of the network. Next, I conducted a DDoS attack on the devices using the Open-Source tool called LOIC (Low Orbit Ion Cannon) to take the devices off the network. Since, I was using Wireshark to detect and capture packets; I knew which device to perform the attack on. IoT devices are especially easy to DDoS due to their ability to be isolated and attacked. In the third attack, I performed the "Man in the Middle " attack using Ettercap. Using Ettercap, I was able to ARP Spoof. Once, conducted I was able to intercept and manipulate the messages to the client and the server. The entire project was good and I learned alot. The field of IoT and it's security is going to be a big problem in the future if we as students and future professionals do not step up and fix the current issues.

As a Lab Assistant working with Student Connect for the Office of Information Technology, the job entails these general areas:While reporting and filing completed tickets from previous experiences from fellow students, I patiently wait for another student to come ask for any kind of help they may need or want.The task of interacting students while being a student yourself as a sense of ease that people could not get anywhere else. Although, this creates a friendly atmosphere, I also make sure to keep the relationship formal and professional to make sure that the task at hand is prioritized and finished.A particular question a student may have for me would be to trouble shoot a software or hardware problem with a computer or laptop, whether that be the Student Connect Lab's or the student's personal device.Once the task are completed and recorded into our internal system's software ticking system, the next phase of the job would be to maintain the lab's technical atomsphere by periodically making rounds to ensure that the lab is clean and welcoming to future students.

Our team of five undergraduate students each took an Open-Source tool in order to create a Cloud Architecture. Most of the research was researching the tools themselves in order to understand them at a level to where, each one of us, could ascertain whether or not they would be a good fit for our project. My tool(s) included: Apache Spark and Apache Zeppelin. For my portion of the I was to use Apache Spark in conjunction with Apache Storm in order to do some processing of the edge level devices in our design. Using Apache Spark, I was able to process some edge level device information that did not need to be done as fast a a real-time engine like Storm would.My other responsibility was to test Apache Zeppelin and determine whether or not it was a good tool as oppose to Jupyter Notebook for our Big Data Visualization portion of the project. Through extensive research into the relatively new Open Source project; I determined that Apache Zeppelin's ease of use and flexibility would be a good fit for our project.At the end of the research we were able to combine all the tools that are used to build the Cloud Architecture and our professor was able to present this at a university some time later.

My job included hands-on experience in accepting payments from customers and gave change including receipts, while assisting customers in the sign up process for store rewards programs and applying for store gift cards. All the while;proving my ability to follow business procedures and policies in an exact and customer-friendly manner.