• Manage a large team of cybersecurity professionals responsible for providing Managed Detection and Response services for hundreds of small to large enterprise customers across dozens of industries. • Manage a program that provides delivery of threat intelligence, incident response, monitoring, and executive reporting.• Contributing to the strategic planning and execution of a diverse service portfolio, including service development, client relationship management, and value optimization.• Responsible for the delivery of a multi-million dollar portfolio of services.• Manage and resolve complex or high-priority client escalations that include alert monitoring, incident response, and contract disputes.• Work extensively with product management to develop new service offerings.• Collaborate with product marketing to drive the adoption of new service offerings by researching market opportunities and developing messaging.• MBA Student at the Citadel, Military College of South Carolina.

•Manage day to day service delivery for large (20,000-120,000 endpoint) enterprise businesses.•Serve as SME for Incident Response and Security Operations.•Manage incident response engagements and provide support and guidance for remediation efforts.•Interface with customer senior leadership and present engagement updates.•Provide pre-sales support for product and services.•Provide technical recommendations for product and operations.

•Manage day to day service delivery for large (20,000-120,000 endpoint) enterprise businesses.•Serve as SME for Incident Response and Security Operations.•Manage incident response engagements and provide support and guidance for remediation efforts.•Interface with customer senior leadership and present engagement updates.•Provide pre-sales support for product and services.•Provide technical recommendations for product and operations.

See Threat Assessment Manager summary.

•Build network detection for backdoor protocols and APT based methodologies for large enterprise environments.•Analyze and report malicious APT based activity (snort signatures, netflow, dns records, http logs, etc...)•Provide forensic support on endpoint systems using MIR/HX.•Lead incident response engagements from detection to remediation.•Build and improve operational process and procedures for global security operations.•Serve as incident response SME for supporting customer engagement.

Acquired by FireEye.

•ArcSight security consultant specializing in requirements mapping, content development, process management and implementation of ArcSight SEIM best practices.•Serve as the onsite subject matter expert for ArcSight and security operations development.•Implement process/procedures for security operations (incident handling, remediation, reporting etc...)•Responsible for integrating business needs with the required technical knowledge for a large enterprise environment.•Managed several running instances of ArcSight ESM (Application, Oracle Database)•Managed several Loggers appliances and dozens of connectors including syslog, windows, proxy, firewall, database, exchange, anti-virus, DNS, Bit9, FireEye etc…•Developed and implemented several Flex Connectors to provide parsed logs from unsupported devices.•Planned, developed and integrated content around numerous use cases leveraging the capabilities of ArcSight.•Traveled around the U.S. to dozens of customer sites for short term engagements (1-3 weeks).•Installed/Upgraded several Oracle Databases, ArcSight Managers/Loggers and dozens of Smart Connectors

• Support incident response process by performing forensic analysis utilizing EnCase Enterprise v6.18 (Windows XP, Windows 7).• Analyze registry hive files, file system metadata, MFT, and AV logs, etc...• Collect, document and report supporting evidence (analysis) to government components and management.• Perform basic out-of-band analysis of malware to look for additional indicators of infection or call backs.
• Work with users, IT groups, system administrators and other security analysts to coordinate incident documentation, handling and remediation.• Identify potential malicious threats in a large government environment. • Monitor and analyze ISS (IDS) and Blue Coat proxy log data using Splunk to identify possible intrusions.

• Assist with global network security incident response process and procedure for a large organization supporting approximately 100,000 users.• Identify potential malicious threats in a large enterprise environment.• Work with both security/forensic analysts as well as engineers to coordinate incident handling and remediation.• Work security incidents from discovery to close; document and communicate application and operating system intrusions and compromises to the appropriate IT groups.• Used ArcSight to monitor and analyze SourceFire, proxy, and firewall logs to identify security concerns.• Perform basic out-of-band analysis of malware to look for additional indicators of infection or call backs.• Recognize potential, successful, and unsuccessful intrusion attempts and compromises by reviewing relevant network traffic logs (Checkpoint firewall, Bluecoat web proxies, VPN, DNS, IronPorts) • Implementation of counter-measures or mitigating controls (IP blocking, DNS poisoning, IPS/IDS rule writing, port blocking, etc.).• Assist in training incoming Tier I/II analysts in roles and responsibilities.• Lead shift through daily operations and projects.

I worked at ePlus while I was a college student, responsibilities included installing hardware and software on servers, laptops and desktops. I was also required to install custom OS images and encrypt drives. Position required good communication skills and troubleshooting capabilities.