David Dulac Email and Phone Number

• Researched and documented full NCPS Architecture encompassing 100+ on-prem and cloud based systems; provided reports and documented architectural drawings to the GOV POCs. • Documented NCPS Architecture for security compliance IAW CISA requirements; provided in depth reports to the GOV POC’s to include findings and recommendations for remediation. • Researched and provided feedback on various cyber tools being evaluated for purchase. • Provided technical guidance and security oversight on various programs; guidance pertained to their implementation for both on-premise and cloud as well as required security controls and configurations • Provided various strategic recommendations to facilitate on-prem migrations to cloud and modification to cloud implementation to align with security and customer requirements (e.g. NIST 800-53, DoD STIG, DHS 4300a) • Provided technical and policy expertise on various industry cybersecurity tools and requirements. • Recognized by customer and prime for exceptional delivery and customer service. Received quarterly award recognition from prime. • Managed 7+ personnel; ensured all personnel; met contractual requirements for billable hours, deliverables and established cohesive goals to ensure continued professional growth • Managed and mentored 3+ personnel for separate contract pertaining to offensive cyber operations. • Facilitated organic growth: worked with senior leadership and contract leadership to align new needs to additional personnel

Built and oversaw high-performing team of 4 end-point security engineers. Oversaw the creation and delivery of required Hybrid AWS GovCloud solution to the VA with full failover capabilities. Highlighted Accomplishments: • Created ground up hybrid AWS GovCloud and On-Prem architecture; included all required RMF documentation, architectural diagrams, network topology and communication port mappings • Served as trusted strategic and technical advisor VA Action Officers; advised how to satisfy enterprise-wide requirements related to securing 750,000 assets across disparate networks, recommended implementation strategies and developed technical step-by-step procedures. • Recruited to serve subject matter expert (SME) on various technologies pertaining to endpoint and network level defense capabilities

Built and oversaw high-performing team of 9 cyber defense analysts, end-point security engineers, and cyber security architects. Directed transformation of DOD cybersecurity from management across disparate networks into centralized security-as-a-service structure. Advised military leaders regarding enterprise-wide security strategies and provided subject matter expert consulting on specific security issues and challenges.Highlighted Accomplishments: • Secured $34M annual contract with US Army by collaborating with the customer and McAfee sales representatives to write and submit unsolicited proposal to establish end point security as a service for Army. ◦ Enhanced fundamental security structure across Army enterprise; conceptualized, planned, and implemented initiative that delivered centralized security. • Reduced hardware expenses $50M+ over 5 years and $20M in annual operating costs; led consolidation of hundreds of network operating centers (NOCs) into 5 global centers that required fewer resources and less man-hours. • Developed and led execution of end point security-as-a-service model; created 3-phase approach to design and standardize new security policies, migrated to as-a-service construct, and deployed advanced capabilities, including heuristics, machine learning, and threat reputation tools. ◦ Mitigated risk associated with project; integrated governance, 2-person integrity and checks and balances across project processes. ◦ Wrote order for standardization of end point security representing 1.2M assets. ◦ Completed standardization and migration in year 1; implemented advanced capabilities in year 2. • Served as trusted strategic and technical advisor to Army Generals and Colonels; advised how to satisfy enterprise-wide requirements related to securing 1.2M assets across disparate networks, recommended implementation strategies and developed technical step-by-step procedures.

Led team of 5 security engineers responsible for host based security, information assurance (IA) scanning, and network security, including intrusion prevention system (IPS) and intrusion detection system (IDS) management for all ARNG organizations. Highlighted Accomplishments: • Developed, documented, and disseminated to 54 ARNG organizations standardized policies related to host based security, IA scanning, IPS, and IDS that helped streamline security operations. • Delivered roadmap that enabled all ARNG organizations to convert to new standards within 5 months. • Ensured equivalent high-level security posture for all ARNG organizations; ran 54 organizations through 15 shared and centrally managed IPS and IDS appliances.

• Specialized in internal domain emulation utilizing nation state tactics to exploit and propagate throughout USMC networks during authorized operations • Developed and executed new tactics used in data gathering, credential exploitation and data exfiltration utilizing minimal tools and “living off the land” techniques • Participated in 30+ assessments of USMC targets utilizing nation state tactics • Taught Red Team 201 and 301 classes • Developed area of expertise material for Red Team 302 class • Setup, managed and documented Red Team lab used for exploitation and tactics testing