* Partnering with multiple aspects of the business organization to achieve successful SOC2 Type II attestation.* Establishing multiple programs where none had existed, including Governance and Compliance, Enterprise and Third-Party Risk, Security Operations and Security Engineering. This included creating program charters, writing policy, and working with external auditors and penetration testing firms.* Developing and deploying processes and tooling to facilitate third party risk operations, such as answering inbound questionnaires to accelerate the sales process, and sending outbound questionnaires and performing risk assessments on Bonusly vendors.* Working with Engineering, Sales, Customer Success, and other business teams to build security as a culture into the organization.

*Designing and deploying tooling for Cyber Fusion Center including Security Operations and Cyber Threat Intelligence*Creating Security Operations processes and documentation*Running and maintaining current Vulnerability Management Program

* Creating Third Party Risk, Security Awareness and Training, Threat Intelligence, and Security Governance functions within Ibotta.* Writing Information Security Management System (ISMS) for NIST CCF, CCPA, and PCI-DSS (SAQ A) Governance.* Leveraging ISMS Policies to pass AWS PCI assessment.* Creating and maintaining Security Awareness Training program, including annual and new hire training, quarterly phishing tests, and security awareness newsletters aimed at keeping security front of mind for employees.* Conducting threat intelligence research and performing Security Operations Center Analyst tasks from a variety of security domains to provide both tactical and strategic insight to technical teams within the organization.

* Authored an information security management system (ISMS); including policies and standards framework around an adherence to the NIST Cybersecurity Framework, New York Department of Financial Services regulations, and industry best practices.* Investigated security incidents from a variety of domains, such as endpoint malware, external infrastructure attacks, user data exfiltration, and other threats.* Co-lead the transition between traditional outsourced and structured Security Operations Center (SOC) to automated, orchestrated (SOAR) unstructured SOC.* Designed and developed analyst playbooks for incident investigations and threat remediation. These playbooks are then used to create automations to assist in incident response and data enrichment.* Conducted threat intelligence research and risk assessments on various indications of compromise, based on those assessments, recommended modifications and proactive compensating controls to mitigate enterprise risks.

* Conducted hardware and software repairs/troubleshooting and support on technology, as well as for nonprofit clients, as well as infrastructure assessments for clients.* Authored and deployed an integrated management system (IMS) that met ISO 14001, 9001, OSHAS 18001 and passed Responsible Recycler (R2) 2008 & 2013 certification specifications.* Trained volunteers with little to no technical experience on technology related processes and equipment.* Created documentation for technical repair processes and environmental processes for equipment refurbishment.

* Conducted Security Assessments and penetration tests for clients ranging from owner/operators to Fortune 500 financial firms and government agencies.* Assisted clients in understanding their existing security frameworks and infrastructures gaps, as well as assisted in developing plans to mitigate risks associated with those gaps.* Specialist in policies, procedures and controls, and governance, risk, and compliance.* Researched and deployed various network, application, physical security, and social engineering attack vectors.* Wrote articles on staying secure in a connected, changing world focused on social engineering and phishing attack vectors for client employees and the general public.* Performed Open Source Intelligence (OSINT) gathering operations and presented reports to executives on their attack surface and reputation.

* Designed and deployed Agent training regimen, which increased Agent technical acumen and client relations skills, resulting in a top-10 performance ranking in district.* Performed advanced technical tasks such as manual malware removal, hardware repairs, and data backup and recovery.