Lead and manage the Cyber Security Operations, Threat Hunting & Intelligence, and Vulnerability Management teams, ensuring seamless coordination and effective threat mitigation.Oversee the development and implementation of advanced threat detection and response strategies, enhancing the organization's security posture.Drive the integration of threat intelligence into security operations, providing actionable insights and proactive defense mechanisms against emerging threats.Spearhead vulnerability management initiatives, prioritizing remediation efforts to mitigate risks and ensure compliance with industry standards.Cultivate a culture of continuous improvement and professional development within the team, fostering innovation and enhancing overall team performance.Collaborate with cross-functional stakeholders to align security strategies with business objectives, ensuring robust protection of critical assets and data.

• Oversee a dynamic team of 5 security engineers, 2 SIEM engineers, and a Compliance Analyst providing Tier 1 to Tier 3 support for security events, facilitating effective incident resolution and compliance with our requirements.• Oversaw the budget for security technologies, effectively managing resources to achieve under-budget expenditures by about 10%, enabling the reallocation of savings to support other critical business areas.• Managed 15 compliance-related requirements, guiding the team through audits to meet NERC CIP and SOC 1 regulations• Develop team members through tailored guidance, training initiatives, and strategic recruitment, enhancing overall team capabilities.• Prioritized and nurtured strong relationships with key stakeholders and business partners, aligning security strategies with business objectives.• Fostering a collaborative environment, promoted open communication within the team and with external partners, enhancing threat detection and response.• Led 3 projects to improve security visibility and posture within the company by deploying a new Endpoint Detection and Response (EDR) tool, an Encryption Key Management System (KMS) tool, and a Firewall Analysis and Risk Review tool.• Wrote and owned 4 policies and 18 plans/procedures related to security baseline, acceptable use, disaster recovery, logging standards, and various information security processes.

• Oversee a dynamic team of 5 security engineers, a SIEM engineer, a Compliance Analyst, and 2 contractors providing Tier 1 to Tier 3 support for security events, facilitating effective incident resolution and compliance with our requirements.• Conduct daily reviews of the security technology stack, ensuring optimal performance and identifying opportunities for enhancement.• Managed 15 compliance-related requirements, guiding the team through audits to meet NERC CIP and SOC 1 regulations• Develop team members through tailored guidance, training initiatives, and strategic recruitment, enhancing overall team capabilities.• Prioritized and nurtured strong relationships with key stakeholders and business partners, aligning security strategies with business objectives.• Fostering a collaborative environment, promoted open communication within the team and with external partners, enhancing threat detection and response.• Deployed a new VPN client with Security Access Service Edge (SASE) capabilities which increased visibility by 40% through an always-on VPN and conditional access.• Deployed a new phishing mitigation tool with end-user feedback which freed up 10 hours a week from SOC engineers.• Enhanced capabilities with Security Orchestration with SIEM integration which allowed automated alert enrichment and decreased time to remediate alerts by roughly 15%.• Wrote and owned 4 policies and 18 plans/procedures related to security baseline, acceptable use, disaster recovery, logging standards, and various information security processes.Key Achievements:• Achieved no-findings results in recent NERC CIP audits, demonstrating a steadfast commitment to compliance and regulatory adherence.• Successfully designed, deployed, and managed 10 advanced security technologies that significantly heightened visibility across the organization, resulting in a fortified and more secure operational environment.

As a Senior Information Security Engineer, I have implemented and managed multiple security technologies to guarantee the security and reliability of the electrical grid. My team and I also provide alarm review and support for Tier 1 to Tier 3 cybersecurity incidents. Also, I have played a significant role in ensuring compliance with NERC CIP regulations by assisting the team with various compliance-related obligations. During a recent audit of our requirements, I was part of the team that successfully achieved a no-findings result.Furthermore, as a Senior Information Security Engineer, I have taken on a mentorship role to guide and support individuals new to the field of cybersecurity on my team. Through mentoring, I have been able to share my knowledge and expertise, develop their skills and help them grow in their roles.Security Technologies• System Information and Event Management (SIEM)• Intrusion Prevention Systems (IPS)• Anti-virus (AV) and Extended Detection & Response (EDR)• Phishing Protection & Response• Vulnerability & Port Scanner• Firewall Risk Analysis Tool• DDoS Mitigation• Phishing Awareness & Training• Security Orchestration, Automation, and Response (SOAR)• Certificate Management• SSL Decryption and Inspection

As a Senior Digital Forensic Analyst, I have assisted clients with a wide range of services to help improve their security posture before, during, and/or after a security incident. Specifically, I primarily performed the duties of a Digital Forensic Analyst while also performing the additional services as a consultant:Incident Response• Lead crisis management in order to prioritize which actions need to be taken first and who needs to be involved• Identify process improvement opportunities and develop subsequent plans of action to resolve gaps• Act as the lead for table-top exercises, which assess the effectiveness of cyber incident response capabilities across people, processes, and technologySOC Analyst• Provide detection and response to security events and incidents • Security log management and monitoring• Intrusion detection and prevention systems operations• Vulnerability detection, assessment, and mitigation• Risk assessment• Antivirus management and operations• Create incident reports• Create incident tickets for clients• Track and follow up with client tickets• Email and call clients• Initiate scans for clients• Actively research recent vulnerabilities and exploits

As a Digital Forensic Analyst/Security Engineer, I have assisted clients with a wide range of services to help improve their security posture before, during, and/or after a security incident. I primarily performed the duties of a Digital Forensic Analyst while also performing the additional services as a consultant:Incident Response• 24x7 call support where a client can get professional help in a timely manner• Perform hands-on incident triage to help quickly identify and contain an incident• Created a python script that takes a list of IP addresses and gives a risk rating to each based on several open-source intelligenceDigital Forensics• Assist clients, either remotely or in person, to correctly follow sound forensic methodology when taking a digital image of a host under investigation• Perform a complete digital forensics investigation to determine the root cause and the depth of an incident• Maintain chain of custodyLitigation Support• Help litigation counsel put together an in-depth report and identify evidence needed in a legal proceeding• Testify as an expert witnessSecurity Engineering• Implement security tools (such as Suricata) to correctly identify and/or prevent security issues• Review security tools that are in place and recommend any changes that need to be made to create a more secure environment

Designed, built, and implemented several devices. Projects listed below.Penetration Testing Projects:--Lead a project to build a flying hacking device--Designed and built a long-range RFID badge cloning device--Built a drop box pen testing device that allows simple scans to run remotelyPhysical Security Projects:--Designed Arduinos that send log information to the server when an event occurs--Designed and implemented electronic door access control system--Setup main door IP camera systemElectrical Projects:--Designed and implemented an electrical wiring plan for Rook's Security Operation Center (SOC) located within a bank vault