As the Head of Detection & Response, I:• Lead and manage a global team of incident response professionals, including hiring, training, and performance evaluation.• Develop and implement an incident response strategy, including the creation of policies, procedures, and guidelines for effectively handling security incidents.• Oversee the entire incident response lifecycle, including detection, containment, eradication, and recovery from security incidents.• Ensure that incidents are properly classified, prioritized, and resolved in a timely and efficient manner.• Collaborate with cross-functional teams to develop and maintain an incident response plan, which includes roles, responsibilities, and communication channels.• Conduct thorough investigations of security incidents to determine scope, impact, and root cause.• Identify gaps in security controls, recommend remediation measures, and implement improvements to prevent future incidents.• Prepare detailed incident reports documenting the findings, actions taken, and recommendations for improvement.• Communicate incident details to stakeholders, management, and regulatory authorities, as required.• Serve as a central point of contact for incident-related communications within the organization.• Coordinate with internal teams, external vendors, law enforcement agencies, and other relevant parties to ensure effective incident response and resolution.• Continuously assess and enhance the organization's incident response readiness by conducting tabletop exercises, simulations, and threat modeling.• Identify areas for improvement and implement proactive measures to strengthen incident response capabilities.• Leverage threat intelligence tools to proactively identify potential risks and take appropriate preventive measures.• Promote a culture of security awareness and encourage incident reporting across the organization.

As the Head of Detection and Response, I am responsible for architecting and managing the Security Operations, Incident Response, Threat Intelligence, Threat Hunting, Web Application & Cloud Security, and Cyber Security Education & Awareness Training missions for Saks OFF 5th, resulting in a significant improvement in overall security posture. Duties:• Lead the inception, strategy, expansion, and maturity of cyber security functions within our landscape.• Served as incident commander in driving the overall response to cyber incidents and coordinating efforts of multiple corporate teams.• Authored incident response plan for our organization.• Developed, implemented, and maintained a global Cyber Security Awareness & Education program covering topics across various Information Security and Risk Management domains.• Built and managed relationships with third party cyber security vendors and stakeholders.• Oversaw our team including hiring, training, talent development, and performance management.• Established close working connections with technology owners and leaders to ensure the Detection & Response mission has the support, access, and permissions to conduct test operations.• Presented clear business recommendations to continue overall improvement.• Created information security policies and implement holistically throughout our organization.• Ensured alignment between Information Security and other IT/ Engineering functions.• Prepared departmental reports for the Senior Executive team and/or the Board of Directors.• Advised the CISO in defining Security Operations policy, standards, procedures, and overall Information Security strategy.

In this senior and leadership position, I had the honor to lead a team of highly decorated cyber security analysts in defending the HBC Universe (Saks Fifth Avenue, Saks OFF 5th, Hudson's Bay & Company). On a daily basis, I:• Managed a 24x7 global team of cyber security incident response analysts in proactively protecting the confidentiality, availability, and integrity of our organizations’ data, assets, and network. • Evolved the security operations posture by creating threat hunting program; actively gather cyber threat intelligence; hunt for indicators of compromise (IOCs); tactics, techniques, and procedures (TTPs) in our environment.• Mentored, coached, and trained incoming analysts by promoting positivity, inclusivity, and empathy. • Conducted professional team and individual development through performance management.• Served as the lead contributor of standard operating procedures to enhance the capability and maturity of our organization.• Created, designed, and oversaw centralized repository to host critical documentation for Security Operations, Threat Intelligence, Incident Response, Vulnerability Management, and Purple Team Engagements.• Vetted and added malicious indicators to web application and cloud firewalls.• Hosted weekly lessons learned meetings to discuss incidents and work towards robustness.• Tuned endpoint detection and response (EDR & XDR) security tools to reduce false positive alerts.• Configured security orchestration automation and response (SOAR) platform to integrate various cyber security tools, incorporate runbook processes, and improve the overall robustness of investigative documentation.• Proactively created detection rules in security endpoint tools from current cyber threat intelligence to alert for malicious indicators.• Demonstrated internal security controls were actively functioning and collaborate with audit team to maintain annual Payment Card Industry - Data Security Standard (PCI-DSS) compliance.

As an integral part of the Global Cyber Security Infrastructure team, I:• Monitored our organizations’ global network (Saks Fifth Avenue, Saks OFF 5th, Hudson's Bay & Company) to find anomalous or malicious activity using various analytical methods and Security Information and Event Management (SIEM) tools.• Assessed host and network threats such as malware on host devices, exploits, and malicious attacks. • Determined true threats, false positives, and providing solutions to issues detected in a timely manner. • Responsible for collecting, analyzing, escalating, responding, and producing documentation to cyber security attacks. • Developed, updated, and maintained standard operating procedures and other technical documentation.• Responded to computer security incidents in compliance with Information Security Policies and Industry Best Practices. • Coordinated the efforts of and provide timely updates to multiple sectors and business units during incident response. • Provided security related recommendations to the team as threat events unfold. • Performed network security analysis in support of intrusion detection operations including the development and enrichment of indicators used to enhance the network security posture. • Contributed to a team of information security professionals analyzing threat data, writing reports, briefing event details to leadership, and coordinating remediation activities across organization.• Ensured technical security improvements are effective and maintained within configuration management structures. • Performed threat intelligence using various platforms to proactively identify threat actors.• Analyzed the potential impact of new threats and exploits and communicate risks to relevant business units.• Collected all forensic and investigative artifacts from compromised endpoints to perform root cause analysis of incidents.

As a Subject Matter Expert (SME), I:• Conducted training for students including cyber security essentials, network fundamentals, penetration testing, and network defense.• Created and developed curriculum including coursework and materials. • Designed and integrated online quizzes in lessons. • Recommended improvements for business processes.

• Trained administrators, faculty, and students on best security practices.• Identified & mitigated malware, researched vulnerabilities, and applied security updates to operating systems such as Windows/Mac OSX.• Assigned and reviewed incidents of infected devices with malware to desktop support team.• Reviewed daily reports of malware from third-party security vendors.• Implemented and managed chain-of-custody process including documentation for evidence collected during security investigations.• Proactively threat hunted by analyzing events from Security Information Event Management (SIEM) and conducted incident response.• Performed vulnerability assessments with cloud scanner on network connected endpoints.• Collaborated with various teams: - Software development for automation of ticketing system for cyber incidents to reduce unnecessary redundancy and improve efficiency. - System administration to remediate vulnerabilities and update unmanaged devices. - Network engineering to schedule and implement vulnerability scans of assets on network and Amazon Web Services (AWS) cloud instances. - Unix developers to troubleshoot and track down errors in Database Activity Monitor (DAM) - Third party security vendor to utilize cloud platform to identify vulnerabilities, remediate, and create reports.• Served as lead point of contact and liaison for third-party security vendors.• Managed and administered access control of client accounts.• Wrote and developed information security policy and procedures.• Oversaw vulnerability and patch management procedure.• Executed security audits and remediated gaps.• Configured 802.1x authentication on mobile devices for wireless connectivity/e-mail securely to enterprise network.

• Utilized/configured Deep Freeze software on lab computers to prevent malicious software, phishing, and zero-day exploits.• Applied Cisco Secure ACS on student laptops to enforce security policy compliance.• Deployed on premise Symantec anti-virus server.• Installed/moved phones and setup wiring for new lines.• Activated data jacks for network connectivity by installing ethernet cables from switch to patch panels.• Set up audio/visual equipment to record class simulations/mock trials.• Implemented solution and designed protocol to replace failing network cards for printers, which drastically reduced costs and preserved business continuity.

• Setup VPN on client laptops and tested using RSA SecurID tokens to establish secure connections.• Installed encryption software on client hard drives.• Maintained all computer assets in inventory.• Coordinated and setup new installations of computer equipment.• Managed daily operations including staff.

• Taught various applications such as Microsoft office to children throughout city.