Bootstrapping security monitoring infrastructure in a cloud-based network. Building and implementing novel detection mechanisms and leveraging security data to assist platform teams, fraud prevention, and internal investigations.Projects:• Built and maintained the security team's Splunkcloud platform. Logstash-based log pipelines supply data to Splunk via Amazon S3 and Kafka. Custom monitoring notifies the team of any significant logging volume dropoff.• Deployed osquery with a custom configuration to the entire production network and every OSX-based employee workstation. Automatic alerts created for adware/malware detection and anomalous activity. Contributed numerous OSX detection rules upstream to the core osquery project. • Assisted with the push to get Uber using a "p=quarantine" DMARC policy from a "p=none" which had a drastic reduction on the amount of spammy and malicious email received by employees.• Implemented custom Google Mail server-side rules to aid with the detection of "display name phishing" where attackers spoof the "Full name" field on an email account to appear to be an employee at the organization. Detection automatically notifies the Security Response team.• Led multiple account takeover investigations with Uber's fraud team. Engaged with third-party vendors to obtain copies of leaked credential dumps in order to secure affected users on the Uber platform.• Deployed a variety of physical and virtual honeypots including Canaries and HoneyTokens• Build and contribute CarbonBlack detection rules to the team's internal rules repositorySkills:• Incident handling (IR, forensics, malware analysis)• Internal investigations (leaks, theft, data abuse)• Vulnerability management• Stolen Credential Recovery and Analysis• Building monitoring and detection infrastructure• HoneypotsTooling:• Splunk (usage and administration)• Logstash• Kafka• CarbonBlack• Google Apps Administration

Designing, building and maintaining systems to detect and monitor malicious and anomalous behavior. Modeling threat discovery around pragmatic and realistic threats. Responding to incidents with a sense of urgency and efficiency.Tooling:• Splunk• NetWitness• Bit9• FireEye (including custom backend scripting and logging)• Maltego (including custom transform development)• Nexpose• Proofpoint• Duo Language competencies:• Shell scripting / parsing• PHP / HACK• PythonIn the Media:https://www.facebook.com/notes/protect-the-graph/keeping-passwords-secure/1519937431579736http://threatpost.com/facebook-tool-mines-stolen-passwords-notifies-affected-users/108901http://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/http://www.pcworld.com/article/2452080/facebook-kills-lecpetex-botnet-which-hit-250000-computers.htmlhttp://www.theguardian.com/technology/2012/feb/17/facebook-hacker-glenn-mangham-jailed