• Directed a team of 3 civilians and 25 contractors to set strategic goals, improve SOC maturity, and ensure CJCSM compliance. Additionally, provided actionable cyber metrics to inform leadership on tooling effectiveness and mission readiness.• Developed and implemented new TTPs, streamlined SIEM workflows, and provided actionable input to improve SOC Case Management System (CMS), boosting operational efficiency and documentation practices.• Directed incident response efforts, clearing malicious activity and collaborating with joint partners to provide actionable intelligence, fostering SOC credibility and enterprise-wide situational awareness.• Standardized threat intelligence dissemination, earning high-level praise for situational awareness contributions. Developed and integrated behavior-based signatures, strengthening threat detection and response capabilities.• Mentored junior analysts, delivering hands-on CTF scenarios and expert guidance on Defensive Cyber Operations. Facilitated exercises and table-top scenarios to validate IRPs and enhance readiness.• Aided in establishing a Forensics and Malware lab, enabling advanced threat analysis and compliance.

• Manage Defensive Cyber Operations, to include 24/7 support activities for space mission system network traffic conditions, performance, anomaly alerts, unauthorized activity, and any on-going cyber event or incident, to protect and defend cyber terrain within our area of responsibility.• Oversee incident handling processes, to include preparation, detection, analysis, containment, eradication, recovery, and post-incident activities in accordance with the Computer Security Incident Handling Guide, NIST SP 800-61 Rev. 2.• Responsible for ensuring the Enterprise Cyber Operations team meets all operational SLAs during team coverage hours, to include but not limited to: Review and validate the quality and accuracy of threat analysis and response performed by those under my charge, proactively identify potential service improvements and issues and drive the adoption of (or modifications to) technologies and methodologies to improve DCO Capabilities, work on special projects as assigned, provide guidance and provide leadership to less-experienced technical staff members.• Supervise and serve as a technical escalation point for the analysis and correlation of anomalous events identified in Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and supporting devices/applications to include but are not limited to the following: LogRhythm, Suricata, Kibana, Bro/Zeek, TCPDUMP, Snort, HBSS, Wireshark, and Solar Winds.• Actively develop Crew Aides, Tactics, Techniques and Procedures (TTPs), and Standard Operating Procedures (SOPs) based on processes not currently in place, creating a baseline of knowledge for Total Forces, and provided intelligence, to include knowledge/intelligence of foreign intelligence services, state-sponsors of terrorism, U.S. and international criminal organizations.

• Analyzed and correlated anomalous events identified in Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and supporting devices/applications to include but are not limited to the following: LogRhythm, Suricata, Kibana, ELK, Bro, Snort, HBSS, Wireshark, and Solar Winds.• Implemented Bro Intel Framework to establish a means of continuous monitoring that was otherwise absent prior to being configured.• Perform monitoring operations; reporting cyber security events and anomalies• Assist in conducting 24/7 Defensive Cyberspace Operations to support activities on DoD Satellite Mission Systems.

• Served as the Regional Cyber Center-Pacific (RCC-P) lead analyst • Led the RCC-P in its participation in Gaining Cyber Dominance, which resulted in being awarded RCC of the year.• Generated cyber threat intelligence assessment reports regarding suspicious network traffic for the Regional Cyber Center-Pacific, Defensive Cyber Operations Division (RCC-P, DCO-D) and its customer base.• Supervised successful execution of incident response and threat hunting team activities.• Provided guidance and coordination for the identification, analysis, response, and monitoring of cyber threats and vulnerabilities for the Pacific region.• Facilitated reporting and situational awareness to ARCYBER, DISA, CCMDs, and respective regional Theater Signal Commands.

• Analyzed and correlated anomalous events identified in Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and supporting devices/applications to include but are not limited to the following: HBSS (Host Based Security Systems), TCPDump, Attack, Sensing, & Warning Sensors (Snort, Full Packet Capture (PCAP), Sys log data, Web Proxy / Reverse Proxy logs, Big Data Platforms and Cyber analytics applications.• Performed network systems monitoring, tier-2 management and troubleshooting, incident tracking, coordination, and reporting of performance, incidents, and security.• Identified the cause, source, and methodology of compromises or incidents.• Configured and fine-tuned detection/prevention capabilities for IDS, IPS, SIEM, and supporting devices/ applications.• Facilitated reporting and situational awareness to ARCYBER, DISA, CCMDs, and respective regional Theater Signal Commands.• Updated Incident Handling procedures, response guidelines, and checklists based on findings and lessons learned.• Directed personnel to submit forensically sound media images to ARCYBER F&MA.

• Conducted security scans to identify and mitigate vulnerabilities via the Assured Compliance Assessment Solution (ACAS) software.• Ensured that systems were continuously updated and that vulnerabilities were immediately patched to prevent security issues.• Provided continued monitoring and mitigation of bug fixes and patch sets for existing applications currently on the Marine Corps Enterprise Network.• Performed risk and vulnerability assessments and provided results and recommendations to senior management.

• Developed, managed, and maintained the Information Assurance Program for Marine Corps Base Hawaii.• Created, modified, and enforced command IA policies and procedures in accordance with DoD, DoN, and USMC policies and guidelines.• Ensured and reported the installation's compliance according to the DoD Information Assurance Vulnerability Alert (IAVA) requirements and directives.• Managed all aspects of the Risk Management Framework (RMF) to mitigate risk to an acceptable level.• Audited and inspected classified network segments and ensured required security measures were within NSA, DoD, DoN, and USMC guidelines.• Conducted security audits and inspections and provided audit/inspection results to the AODR for compliance reporting.• Evaluated and made recommendations concerning overall plans and proposals or internal and external agency support requirements (ATO/ATC/MCA Letters).• Conducted security scans to identify and mitigate vulnerabilities via the Assured Compliance Assessment Solution (ACAS) software.

• Planned and executed the integration of multiple information systems in a tactical network environment while participating in various locations throughout the Asia-Pacific Region.• Installed, configured, integrated and administered traditional PBX and VoIP networks.• Integrated voice circuits with Promina 400/800 and VX900.• Lead a platoon of Marines in multiple field communication exercises as a Voice Telecommunications Operator/Lead.• Designed, built, implemented, and maintained networks using ISDN, PRI, H.323, LSRD, SIP, CAS BSP signaling, CUCM Servers, Meet Me Conferences, and multiple other VOIP services.