November 2023 - Present - Detection Engineer at United Airlines

Built an incident response capability within the EY TDR team to support our clients with preparation, analysis, containment, and remediation of cybersecurity incidents using Endpoint Detection and Response (EDR) and forensic tools. • Managed cybersecurity incidents for clients during cybersecurity incidents utilizing support analysts from EY Cybersecurity Operations Centers (SOC) around the globe, coordinating triaging, evidence collection and analysis, and threat disruption, while ensuring reporting SLAs are met and thorough investigations are conducted. • Led teams defending client networks within E&Y’s world-class 24x7x365 managed SOC and provided top-tier analysis using several EDR and SIEM tools to enhance the identification of cyber threats. • Provided technical guidance to mature attack detection and disruption capabilities through log source identification, signature development, orchestration and automation, and threat hunting improving service quality and client satisfaction. • Collaborated with client cybersecurity stakeholders to develop strategies for threat detection and response, as well as service enhancement.

• Recruited and hired a team of experienced incident responders supporting a Fortune 100 customer, while building the team’s resources, budget, and training plan• Coordinated with customers to ensure timely response services and thorough root-cause analysis was conducted in accordance with contractual obligations• Organized the incident response service-line to enable sales to other customers and developed techniques and procedures for utilization in our customers’ networks hosted on-premises and in public cloud environments.• Analyzed data collected during incidents to determine scope of attack and provide clients with recommendations for implementation of additional security controls and for meeting legal requirements.

• Responsible for continuous monitoring and detection operations by leading a team of cybersecurity analysts using Q-Radar and Splunk Security Information and Event Management (SIEM) solutions to analyze suspicious events and identify security incidents. • Oversee daily incident response activities, including hands-on collection and analysis of endpoint and network artifacts related to security incidents.• Develop Incident Response Plans and Procedures for utilization with the SOC and with our customers and prepare the procedures for integration with a Security Orchestration and Automated Response Tool.• Evaluated products for Endpoint and Network Detection and Response, Automated Malware Analysis, and Advanced Memory Analysis for use in incident detection and analysis; then prepared written analysis and purchase justifications for products purchased for the SOC. • Managing project to migrate our SIEM from Q-Radar to Splunk Enterprise Security.

• Led a team of Cybersecurity Engineers and Analysts in the delivery of managed security services that includes monitoring, detecting, and reporting threats and attacks to our customers environments using cloud-based solutions• Responsible for daily managed security operations, providing hands-on oversight of incident investigations and threat analysis• Analyzed our security operations processes and established an improvement project that enhanced our service standards resulting in a 100% customer renewal rate• Developed project management processes for customer onboarding, recurring reports, and security appliance troubleshooting maintenance that is leading to more efficient operations and increased customer satisfaction • Supported our Sales Staff with customer presentations, service scoping, and timely pricing documents leading to a 50% increase in the number of customers.• Recruited and managed Security Operations Center personnel, including budgeting, staffing projections, hiring, training, and performance management

• Conducted threat hunting and associated investigations of systems belonging to Defense Industrial Base suppliers to identify threat activity within their networks/systems• Managed a project developing a cyber threat intelligence capability that collected data from open-sources (OSINT), commercial feeds, and dark web crawling to identify indicators of compromise that are used by threat hunters in their activities• Configured and implemented security and response tools, such as Splunk, Nessus, EnCase, and Volatility, as well as developed scripts in Powershell and Python to streamline collection and analysis• Analyzed threat intelligence (actors, tools, exploits, malware) and collected network and host-based artifacts (logs, packet captures, memory, registry, file hashes), to identify security incidents

• Managed incident response activities, such as evidence collection, digital forensics, memory analysis, log analysis, and malware identification and analysis while consulting for external clients• Responded to cybersecurity incidents within large organizations involving advanced and persistent threat actors and ensured proper triage, notification, containment, analysis, eradication and recovery were accomplished• Conducted information risk management, computer security incident response plan development, CSIRP gap analysis, and incident response training, providing specific recommendations for our clients and ensuring their satisfaction • Scoped, developed methodology, and managed day-to-day activities for projects involving computer forensics, information security, and rapid response of data breach matters with minimal supervision during project execution• Developed and conducted incident response-related presentations at local and national level professional conferences• Mentored junior members and other new hires of the incident response team concerning procedures and best practices

• Led Dynetics’ computer forensic efforts, developed techniques and procedures for the forensically sound acquisition of target data, insured the quality of forensic analysis, and acquires required forensic tools• Conducted computer forensic examinations and incident response for government and commercial customers, which involved the identification, preservation, and examination of digital information, as well as the forensic collection and analysis of malicious code and network logs to identify cyber-threats and incidents • Managed technical projects in the Cyber Division, preparing and meeting budget, technical performance, and timeline goals were met • Technical Lead for several procurement efforts related to cyber and information assurance• Conducted studies concerning computer forensics, cyber-threat analysis, and supply chain vulnerabilities, which provide possible mitigation strategies and technology development• Tested and evaluated the security posture of enterprise networks by performing Security Test and Evaluations for Certification and Accreditation based on the Dept of Defense Security Technical Information Guides (STIGs) and DIACAP to include port scans, vulnerability scans, and analysis of results, identifying threats and risks to critical network assets and providing site-specific reports to government customers• Collected and analyzed intelligence from both classified and unclassified sources relative to cyber intrusions and incidents to provide strategic information concerning the methods, tactics and malicious behavior of cyber-threat entities to answer customers' intelligence requirements and briefed senior personnel concerning these threats• Supported Program Protection development involving assessments of Critical Program Information (CPI) and Anti-Tamper (AT) planning for Army Programs• Provided expertise to the Army Lead Technical Agent for Anti-Tamper with analysis of the threat to AT

Leading our non-profit group of security professionals dedicated to infrastructure protection in community outreach and education.InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

• Investigated complex incidents of fraud within the Regions Financial Corporation, including phishing, information compromises, and other high-tech crimes committed throughout the lines of business, as well as misconduct or fraudulent activities committed by bank employees using technological means• Identified and preserved digital evidence and conducted forensic examinations of this evidence, providing detailed analysis, evidence, and investigative leads in support of fraud investigations• Expertly used forensic software, such as EnCase, and network investigation tools, such as WireShark and Vericept, to identify and investigate potential losses of information• As member of the bank’s Computer Incident Response Team, responsible for the forensic collection and analysis of network data to confirm incidents and data breaches, conducted incident response and computer forensics, and assisted in the development of an updated Incident Response Plan• Assisted in managing risks of data loss through loss prevention strategies, preparing risk studies and return on investment (ROI) briefings, as well as handling incidents of data loss, meeting all regulatory standards• Conducted liaison activities with Federal, State, and local law enforcement officials, as well as other financial institutions, concerning trends in cybercrime and fraud investigations • Prepared detailed technical reports for investigators, supervisors, attorneys, and court presentations • Collected and analyzed available intelligence on cyber threats and fraud, prepared threat awareness reports, and provided threat awareness briefings to bank personnel

- Over 16 years of supporting major military communities with investigations of felony crimes, that culminated with assignments as Special Agent-in-Charge of two CID detachments, where I managed all aspects of investigative operations, as well as budget, logistics, human resources, and training, and supervised over 25 personnel in the conduct of over 350 felony investigations.- As Chief Policy Officer, I managed the preparation of all new policies involving investigative operations, evidence collection, fraud investigations, search and seizures, and agent misconduct, for all Army criminal investigators; developed procedures for computer crime investigations; oversaw the computer crime training program; and coordinated with other investigative organization and intelligence agencies, concerning ongoing computer crime investigations and policies concerning cybercrime.- Deployed to the Iraq Theater during Operation Iraqi Freedom where I coordinated all criminal investigative efforts with higher Army headquarters and the Coalition Provisional Authority (CPA); synchronized the efforts of Army investigators with those of the CPA for the assessment of over 150 mass graves and ensured the preservation of evidence of the murder of over 10,000 victims; and provided expertise to the Crimes Against Humanity Investigative Unit of the CPA for the investigation of war crimes and established a group to facilitate the transition of investigative effort from USACIDC to the CPA.- Coordinated with Federal, State, and local domestic and foreign law enforcement officials concerning force protection and counter-terrorism efforts in the community.- Evaluated, prepared, and briefed criminal intelligence studies and vulnerability assessments to senior military officials.- Gained extensive training and experience in forensic computer examinations, becoming an expert in the investigation of computer crimes and handling of digital evidence.