• Monitor and triage incidents within ForcePoint• Suggest tuning recommendations to combat excessive false positives within ForcePoint• Create and update ForcePoint policies and procedures for triage and escalation• Work and meet regularly with ForcePoint Engineers to review and revise current ForcePoint rules and policies• Create and present monthly ForcePoint metrics to detect any trends, top offenders, etc.

• Developed and implemented data loss prevention (DLP) policies and procedures to safeguard sensitive data across the organization within ForcePoint in compliance with GDPR• Monitored network traffic and endpoint activities to identify and prevent data breaches and data leaks• Investigate security incidents and analyze security logs to determine the root cause of data loss or exposure• Collaborated with cross-functional teams to create and enforce data protection guidelines and best practices• Conducted risk assessments and vulnerability assessments to identify potential data security threats• Provide data security awareness training to employees and raise awareness about data protection measures• Generated and present reports on DLP incidents, trends, and compliance metrics to senior management• Collaborated with legal and compliance teams to ensure data protection policies align with regulatory requirements• Worked on implementing Exabeam as a new vendor into the environment

• Responsible for developing Data Loss Prevention procedures and playbooks.• Handle all the escalation for Data Loss Prevention on Symantec DLP.• Handles phishing emails that are submitted by end users.• Make sure that these emails are not malicious by researching links and senders.• Perform monthly metrics on multiple security system using Excel.• I also utilize pivot tables, charts and other multiple functions in Excel.• Create monthly reports for leadership team members.• Responsible for updating metrics with useful information to help my team as well as my organization.• Monitor and handle incidents in Azure Sentinel.

• Responsible for Onboarding new customers into Arcsight • Write rules in Arcsight pertaining to a particular customer and their needs. • Build Arcsight connectors for new customers in Arcsight.• Create reports specific to customers to monitor traffic patterns. • Helped with integration of new systems that will better suit our customers.• Developed onboarding and out-processing procedures for new customers and those departing. • Developed health-check checklist for Arcsight.

• Responsible for working with QRadar engineers on the tuning of SIEM• Monitor assets, data, and network to prevent events that could negatively impact the company• Responsible for threat intelligence involving emerging threats, automation, and API• Use NMAP in most of my research of QRadar offenses.• Automate certain functions using Python.• Initiate forensics on workstations using FTK Imager.

• Was responsible for implementing McAfee Policy Auditor.• Was also responsible for implementing upgrades to McAfee ePO• Made sure workstations were in compliance with IT policy.

• Was responsible for the governance of Symantec Endpoint Protection. Must ensure 300 licenses and certificates for Symantec Endpoint Protection are current as well as making sure all patches are installed.• Sent out weekly metrics report from Symantec Endpoint Protection Manager. • SharePoint site manager for my teams SharePoint page. My duties include granting permissions for over 20 co-workers and designing the SharePoint page. • Maintained the teams SharePoint webpage which includes adding documents and folders.• Assisted in network architecture and planning of team’s cryptography lab. Responsibilities include the design of on-site lab as well as the off-site lab. • Coordinated with teams within PNC Bank to help troubleshoot multiple issues dealing with the different platforms provided to PNC BANK.Provided daily updates to management and any escalation issues.

• Recognized potential, successful, and unsuccessful intrusion attempts and compromises via reviews and analyzing of relevant event detail and summary information • Tasked 4 analysts and directed efforts to analyze the IDS and remediate security issues found, such as phishing emails. Communicated alerts to agencies regarding intrusions and compromises to their network infrastructure, applications, and operating systems; assisted with implementation of counter-measures or mitigating controls.• Evaluated firewall change requests and assess organizational risks; Email security monitoring including message identification, notification searches, and analysis requests. Interfaced with other network team members, such as HBSS (ePO) team and the firewall team, to identify security issues or other matters of concern, as well as assist them where possible to resolve issues.• Coordinated with WebSphere.• Ensured the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system, and external web integrity scans to determine compliance via HBSS (ePO).• Provided IA support to customers, such as opening incidents for things such as possible malware, viruses, and worms. Created and maintained Standard Operating Procedures and other similar documentation.

• Performed standard computer network defense and monitoring on Sourcefire DCs.• Advised the SOC supervisor on a wide array of subjects, such as SOPs (Standard Operation Procedures), various improvements, required new features and tools, tactics and procedures, etc.• Delegated tasks and overseen general activities of shift SOC personnel.• Trained 3 SOC personnel on a wide array of tools such as ArcSight, SourceFire, Wireshark and techniques• Interfaced with other network team members to identify security issues or other matters of concern, as well as assist them where possible to resolve issues.• Provided Information Assurance (IA) support for the Cyber Security Defense Strategic Operational Center (CSD-SOC) Team. • Analyzed information on IA incidents and prepared reports for DISA Headquarters, JTF-GNO, and Cyber Security Defense Strategic Operational Center (CSD-SOC) customers, pertaining to these events. • Provided IA support to customers, such as opening incidents for things such as possible malware, viruses, and worms. • Monitored the day-to-day operations of the All Partners Access Network (APAN) sensors and 5EYES, UKUS, and CANUS sensors located at Cyber Security Defense (CSD) sites, for signs of possible intrusion on the NIPRNet and SIPRNet computer systems. • Reviewed, collected data, and analyzed the logs consisting of thousands of files and Internet Protocol addresses (IP), captured daily by the CSD sensors. Provided briefings to the Commander of the CSD-SOC; detailing all probes, attempted intrusions, and incidents of a significant or serious nature.

• Performed standard computer network defense and monitoring on Sourcefire DCs.• Advised the SOC supervisor on a wide array of subjects, such as SOPs (Standard Operation Procedures), various improvements, required new features and tools, tactics and procedures, etc.• Delegated tasks and overseen general activities of shift SOC personnel.• Trained 3 SOC personnel on a wide array of tools such as ArcSight, SourceFire, Wireshark and techniques• Interfaced with other network team members to identify security issues or other matters of concern, as well as assist them where possible to resolve issues.• Provided Information Assurance (IA) support for the Cyber Security Defense Strategic Operational Center (CSD-SOC) Team. • Analyzed information on IA incidents and prepared reports for DISA Headquarters, JTF-GNO, and Cyber Security Defense Strategic Operational Center (CSD-SOC) customers, pertaining to these events. • Provided IA support to customers, such as opening incidents for things such as possible malware, viruses, and worms. • Monitored the day-to-day operations of the All Partners Access Network (APAN) sensors and 5EYES, UKUS, and CANUS sensors located at Cyber Security Defense (CSD) sites, for signs of possible intrusion on the NIPRNet and SIPRNet computer systems. • Reviewed, collected data, and analyzed the logs consisting of thousands of files and Internet Protocol addresses (IP), captured daily by the CSD sensors. Provided briefings to the Commander of the CSD-SOC; detailing all probes, attempted intrusions, and incidents of a significant or serious nature.

•Performed standard computer network defense and monitoring Via ArcSight ESM and Logger.•Trained SOC personnel on a wide array of tools and techniques such as HBSS (ePO), ArcSight ESM and ArcSight Logger.•Interfaced with other network team members to identify security issues or other matters of concern, as well as assist them where possible to resolve issues. Supported a Computer Emergency Response Team (CERT) organization protecting the network. •Analyzed data derived from system traces of malware and system compromise, including viruses, Trojans, worms, rootkits, spyware, unauthorized keyloggers, and Web-based attacks. •Correlated data from multiple sources, including IDS, IPS, HIDS, HIPS, ArcSight Logger, ESM, HBSS, and DoD DMZ logs. Acquired data associated toolkits, packet capture, situational awareness data sources, vulnerability repositories, and cyber threat reports that may impact the organization and prioritize events for incident handling. •Assessed the scope of malware infestation, system compromise, network compromise, violations, and associated damage; mitigated and stopped damage from malware including eradication, and restored all data and software to its original pre-infestation state. •Provided information and recommendations for the development of custom IDS signatures and detection capabilities and tuning of IA tools for the purpose of identifying unauthorized activity based on analysis of network and host level activity, and ensures information is tracked. Provided required reporting in accordance with policies such as, opening an incident and escalating an incident also communicated incident handling requirements, procedures, and directives to all CNDSP subscribers.

•Provided Information Assurance (IA) support for the Cyber Security Defense Strategic Operational Center (CSD-SOC) Team. •Analyzed information on IA incidents and prepared reports for DISA Headquarters, JTF-GNO, and Cyber Security Defense Strategic Operational Center (CSD-SOC) customers, pertaining to these events. •Also provided IA support to customers, such as opening incidents for things such as possible malware, viruses, and worms.•Monitored the day-to-day operations of the All Partners Access Network (APAN) sensors and 5EYES, UKUS, and CANUS sensors located at Cyber Security Defense (CSD) sites, for signs of possible intrusion on the NIPRNet and SIPRNet computer systems.  •Reviewed, collected data, and analyzed the logs consisting of thousands of files and Internet Protocol addresses (IP), captured daily by the CSD sensors.

•Provided support to over 300,000 DoD users for Network Enterprise Collaboration Services on both Unclassified and Classified networks. Also provided support to users with system support for Adobe Connect and Jabber Moment IM. Provided • Provided support to over 300,000 DoD users for Network Enterprise Collaboration Services on both Unclassified and Classified networks. •Provided support to users with system support for Adobe Connect and Jabber Moment IM. •Provided worldwide support to DISA for the Defense Connect Online Collaboration tool. •Maintained server applications and support at the DECC San Antonio. •Validated user identity and reset passwords in accordance with local procedures. •Provided high-quality support to customers, giving training and technical expertise regarding Adobe connect and Cisco Jabber software for mission essential needs. •Maintained the DCO Portal Web Page and gained experience with JBOSS, LDAP, Patching, COOPs, and Upgrades.technical expertise regarding Adobe connect and Cisco Jabber software for mission essential needs. Maintained the DCO Portal Web Page. Also gained experience with JBOSS, LDAP, Patching, COOPs, and Upgrades.

•Responsible for being a sole technical resource and primary point of contact for the operation, maintenance, and repair of SHF, EHF, and UHF communication systems, computer based intelligence equipment, and military networks. Administered the Defense Message System proxy, monitored and maintained databases, and managed system access requests and user agreements. •Ensured servers were compliant with Navy policy during installations and installed and updated antivirus applications. Coordinated system equipment replacements. Researched and implemented changes to procedures that prevented violations. •Created, updated, and closed trouble tickets with ENMS as well a monitored network performance and recommended alternatives to enhance system performance. •Installed and tested approved configuration changes, patches, and firmware. •Managed storage groups and user settings with Active Directory. •Worked with Navy Fleet Messaging system and monitored messages for compliance with policy including classification markings and message format, also gained experience with KG84, taclanes, and KIV 7/7M.•Created system diagrams, and supervised and trained a team of 20 sailors.