• Lead and manage a global team of security engineering experts across Cloud, Email, Endpoint, and Network technical domains while coaching, developing, and mentoring team members via regular 1:1’s providing constructive feedback and skill development with continuous feedback. • Evaluated new security products and controls via request for information and proposals (RFx) to decide if new features/capabilities will enhance the organizations information security strategy by closing security architecture gaps and provide recommendations to senior leadership and steering committees. • Established a long-term, three-year security engineering strategic roadmap envisioning new projects to mature security controls, enhance efficiencies by developing methodical frameworks, and execute projects from start-to-end. • Cultivated a strong collaborative working relationship with business groups instilling trust with external and internal key stakeholders with effective communication and culture. • Develop standard operating procedures for security engineering and operational teams, identified critical data for the risk and compliance reports, created runbooks for DevSecOps to automate repeatable processes and increase productivity. • Monitor enterprise security tools and systems for reliability, availability, and efficacy by enhancing the tools, improving security coverage, and refine procedures, processes, and runbooks for effectiveness. • Deep familiarity with enterprise security technologies such as EDR, SIEM, IPS, and SOAR tools including hands-on experience with Microsoft Defender for Endpoint (MDE EDR), CrowdStrike, SentinelOne, Splunk, LogScale, Proofpoint, Palo Alto, and AWS. • Partner with security operations center incident response team during active threats as an escalation point to assist in mitigation strategies and attending lessons learned post incidents to discuss remediation solutions for critical threats.

• Developed a technical writing program for the team that was used to publish internal technical documents for McAfee and Palo Alto products. • Created and presented Quarterly Executive Summary presentation to highlight major accomplishments throughout the year. • Established an endpoint security assessments program across all global business groups once implemented trained and transitioned the assessment to junior personnel to lead the assessment across the enterprise. • Led the team in implementing a data and device inventory project across security vendors in the Sony’s security stack identifying gaps and recommending remediation steps. • Developed a short-, medium-, and long-term project plan for Palo Alto Next Generation FWs (NGFWs) deployed at the global data center along with a management support model. • Developed and Implemented Palo Alto Next Generation FW (NGFW) capabilities and runbooks while providing 24/7 support across all regional Data Centers (DCs) providing reports and updated Directors during incidents.

• Assessed and evaluated Sony’s McAfee global deployment, identified gaps and, outlined steps to remediated issues. • Evaluated deployed policies and developed a McAfee assessment program and presenting the findings to GSIRT for the McAfee MSSP Program. • Collaborated with the team to discover gaps within the McAfee security tool allowing malware/threats to run when the parent application digital signatures are trusted. • Developed and presented newly detected McAfee gaps to a team of Directors during the 2019 Cyber Defense Workshop.• Presented findings and issues to the CISO leading to an endpoint product evaluation and replacement (RFP) project. • Lead the Endpoint RFP for GSIRT evaluating vendor responses to down select several vendors for testing. • Developed use case tests vendors within a 3 – 4-day period and coordinated with eight vendors; once the vendors were selected for testing spent 4 days per vendor evaluating their products to identify which use cases were pass/fail and provided GSIRT a summary along with a recommendation.

• Manage a team of 4 Subject Matter Experts on McAfee endpoint products such as ePO, VSE, HIPS, DLPe, PA, RSD, and Application Control. • Team lead of 4 SMEs that assisted with upgrading 400,000 endpoints with HIPS, DLPe, and PA from end of life ePO servers. • Created procedures for customers discussing how to implement McAfee Native Encryption, CounterACT, and Application Control. • Created and delievered whitepapers to customers explaining how to implement new capabilities with ePO, VSE, HIPS, RSD, DLP, and PA. • Created and provided customers with daily, weekly, and monthly reports discussing progress of objectives identified in the Statement of Work. • Upgraded and migrated 2,000 endpoints for a client while implementing countermeasures and implementing new strategy to respond to threats during the upgrade and migration.• Designed, created, and implemented an endpoint security architecture for a customer that consists of 4 geo-locations and over 400,000 endpoints. • Provided guidance and recommendations for endpoint product capabilities the customer could utilize to counter multiple threats.

• Co-Author of the new HBSS 501 analyst training course. • Created HIPS custom signatures for countermeasures against known attack vectors such as TOR, Bit Torrent, Bit Coin, and other suspicious programs.• Created multiple HBSS training sessions for Sr. Leadership, Intelligence, Law Enforcement, Cyber Protection Teams, and Blue/Red Teams. • Provide Open Source Intelligence (OSINT) reporting to detect additional indicators of compromise (IOC) and create countermeasures with McAfee toolset. • Review malware and forensic reports in order to create Yara Rules and implement into Open IOC format for detection and prevention of adversarial threats. • Engineered capabilities within HBSS adding new countermeasures to prevent future threats. • Attend daily meetings and brief HBSS countermeasures to Sr. leadership.

• Author, co-author, and editor of several McAfee Inc. White Papers which includes topics such as Advanced Persistent Threats (APTs), Crimeware Campaigns, Spear Phishing Campaigns, and other topics.• Brief and meet with commercial and federal clients to discuss Cyber threats, Analysis with McAfee products and discuss potential defense in depth best practices during Pre-Sales engagements. • Immediate development and rollout of protection mechanisms through real-time identification of new vulnerabilities and threats.• Provide threat assessment of customer network and evaluate how malware could exploit the environment. • Develop insight into malware trends through regular threat briefings.• Real-time identification of new attacks and/or attack vectors.• Provide incident response and create reports of analysis methodology and results.• Provides Dynamic malware analysis on customer site.• Lead personnel in developing the McAfee Professional Services Intern program.

• Provide Digital Media Forensic Analysis for Coast Guard CIRT as well as Network Analysis for United States Coast Guard Security Operations Center (SOC).• Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.• Use open source tools and operating systems (OS) like Network Miner, Hex editor, Snort, Virtual Box, Ubuntu, registry monitor, process monitor, wireshark, nmap, and regshot to analyze network traffic and malware. • Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. • Prepares incident reports of analysis methodology and results.• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.• Evaluate/deconstruct malware (e.g. obfuscated code) through open-source and vendor provided tools.• Perform forensic evaluations of internal systems using EnCase.• Maintain a MD5 hash databases of malware.• Review and analyze current events to identify new attack trends and methods.

• Provide Network Security for Department of Homeland Security Headquarters SOC.• Monitor network traffic, BlueCoat Proxies, ISA Servers, traffic loggers, firewalls, Enterasys Dragon Intrusion Detection Sensors (IDS) and SourceFire.• Document network traffic anomalies and prepare incident reports for action by the Computer Incident Response Team (CIRT).• Research current attacks and vulnerabilities & model new signatures to detect them using ArcSight ESM.• Run and review logger searches using ArcSight Logger.• Provide packet analysis and malicious code analysis within Wireshark. • Analyze SNORT events and determine if it is suspicious activity or not.