Manage a team of offensive security experts (Red Teamers and Pentesters) to discover and prove business risk to Coast Guard networks. Set operational direction of the team and find ways to integrate with/augment active duty operations. Oversee various teams leading different offensive security missions. Supervise and evaluate seven team members, but upwards of 20 engineers at a time as a technical manager for a given project. Act as technical SME and coach. Still very much hands-on-keyboard and ready and able to do mission. Maintain an active TS/SCI clearance.

Manage a team responsible for performing web application penetration tests and risk assessments to secure Coast Guard websites. Use industry standard tools and techniques to discover vulnerabilities in government and military web applications. Present findings and cyber security recommendations to stakeholders, network administrators, software engineers, and senior military and government leadership. Supervise and evaluate a four member team comprised of technical experts. Maintain an active TS/SCI clearance with a CI Polygraph.

Maintain situational awareness of cyber activity by reviewing open source and classified reporting for new vulnerabilities, malware, or other threats that have the potential to impact defense networksDevelop or repurpose/fork open source tools for red team security operationsProvide threat intel reports/topic briefings and recommendations to executives and stakeholdersAnalyze new threats, malware and incidents to identify threat data and incorporate it into intel platformsIdentify, collect and produce formatted threat data to be pushed to network security hardware Project manage large-scale, long-term technical analyses conducted by multiple organizationsResearch advanced persistent threat capabilities and activity Manage teams of malware analysts, pen testers, and developers to produce threat intel topic briefingsBuild solid, trust-based relationships between inter-agency and private sector partnersTechnical Strengths: pfSense, Suricata, Splunk, Linux Systems Administration, Kali Linux, Java, Python, C, VBA, Powershell, Bash, DevOps support, JIRA project management, CEH, Security+, Network+

Oversee long-term analysis projects like forecasts and topic briefings, coordinating with customers to make sure their needs are satisfied (project management, business intelligence, B2B marketing, executive communications)Create practical, comprehensive intelligence briefings which allow senior executives to make informed decisions, contributing annually to mission success valued in the millions of dollarsForecast activity using advanced analytic methods and software, enabling executives to focus resources most effectively, saving more than $12 million in operations costs to dateMentor and develop junior employees by actively monitoring their growth ensuring that their/units goals are metManage a career development program sending employees to other divisions to improve their knowledge of company wide operations (improving inter-division cohesion)Coordinate multi-agency efforts, streamlining tasking, saving millions of dollars in funds and manpower Market the unique intelligence capabilities of my unit to operational executives in other divisions (B2B marketing, executive communication)Frequently travel to customer units to guide development of unique intelligence solutions Maintain an active Top Secret/Sensitive Compartmented Intelligence clearance

Leads teams that include Amazonians, partners, and customers to build & deploy security infrastructure and automate security operations for customersTechnical Output: AWS Security Architectures and Systems, Infrastructure as Code (IaC) in CDK, CloudFormation, and Terraform, Python/Javascript/Powershell scripts and software, playbooks for security incidents and scenarios, threat models and mitigation guidance, strategic and operational visions for operating security workloads on AWS. Tools: AWS CLI, CFN-Nag, CI/CD Pipelines, Prowler, Security Auditing Questionnaires, numerous network security and development tools, Python, Powershell, SAM, many text editors, IDEs, shells, and operating systems. Leads internal builder projectsIs a deep technical resource that earns the trust of customer executive stakeholdersDevelops high-quality technical content such as automation tools, reference architectures, and white papers to help our consultants, partners, and customers build on the work we deliverInnovates on behalf of customers; translates thoughts into action yielding measurable resultsMentors & invests in the development team members

Perform and deliver penetration tests, and red-team engagements for clients utilizing industry leading penetration tools, techniques and security softwareEffectively communicate findings and cyber security recommendations to client leaders, engineers, and administrators Projects include network, and web application penetration tests, goal based red team engagements, social engineering engagements, and vulnerability assessmentsManage onboarding and continuous professional development for a team of ten penetration testers Oversee the allocation of the annual training budget to professionally develop pentest team membersCreate, maintain, and manage the prentesting training program and related documentation and materialsSupervise employees-in-training and mentor them through their onboarding process

Work with an awesome team to accomplish the following: Perform and deliver penetration tests, and red-team engagements for clients utilizing industry leading penetration tools, techniques and security softwareEffectively communicate findings and cyber security recommendations to client leaders, engineers, and administrators Projects include network, and web application penetration tests, goal based red team engagements, social engineering engagements, and vulnerability assessmentsAdminister penetration testing infrastructure to include: AWS infrastructure and account (secure deployment of EC2 instances, IAM, keys, and storage), Windows and Linux Pentest boxes, mail servers. Tools: AWS EC2 infrastructure, Kali Linux, Windows (Powershell), Nmap, Burpsuite, Exploitdb POCs, N/socat, Cobalt Strike, Metasploit, Nessus, in-house tools, and open source tools from the internetDevelop and/or modify malicious documents and remote access tool payloads which evade anti-virus