SME responsible for identifying critical assets, vulnerabilities, and designs within multiple system types and networks. Oversaw the prioritization and implementation of mitigations ranging from no-cost to million-dollar mitigation plans.• Conducted comprehensive inventory and criticality analysis of client hardware and software, identifiedsecurity vulnerabilities, obsolescence, and risks, through custom-made automation tools• Analyzed network architectures to ensure adherence to good practices such as "zones & conduits," propernetwork segmentation, and use of Industrial DMZ; recommended compliance measures per relevantcybersecurity frameworks.• Evaluated security product configurations of firewalls, IDS, and IPS, ensuring optimal performance;similarly identified open-source and classified vulnerabilities affecting industrial control systems.• Provided expert-level recommendations to improve administrative, technical, and cybersecurity controls,while focusing on reducing cyber risks within multiple domains• Created detailed diagrams and plans supporting both client projects and internal projects; translatedcomplex vulnerabilities and network architectures into actionable mitigation plans.

Highly skilled cybersecurity professional responsible for conducting vulnerability assessments and penetration testing on embedded devices while also designing and leading such projects, managing teams, and presenting findings to different audiences.• Regularly conducted embedded-hardware firmware extraction via methods including chipset interrogation, exploiting boot or operating system command line functionality, and reintroducing deleted devices interface (like serial),•Designed, led, and executed extensive vulnerability assessments on embedded devices across a variety of CPU architectures (MIPS, x86, ARM, PowerPC), Operating Systems (Windows, Linux (monolithic, micro, modular)), and vendors (Siemens, Moxa, Eaton, Honeywell, and Johnson Controls, etc.) to uncover cybersecurity implementation flaws, defects, and new vulnerabilities,• Experienced in developing exploit proofs-of-concept scripts, analyzing and mapping vulnerabilities to operational effects, and recommending verified and actionable practical mitigations against respective vulnerabilities,• Managed a team of five employees and coordinated with a dozen sponsors to develop "Hack the Power," a Capture-the-Flag event presented by Women in Cybersecurity (WiCyS). Managed the development of supervisory controller simulators that integrated common ICS/SCADA protocols, including Modbus, DNP3, and BACnet.

• Experienced Cyber Security assessor for Cybersecurity Risk Assessments against ICS/Supervisory Control And Data Acquisition (SCADA) for Building Automation, Electric, Fire/Life Safety Systems, and Water/Wastewater Treatment systems• Conducted ICS Cybersecurity in-depth of analysis of vulnerabilities affecting critical ICS and SCADA systems based on current governance program documentation, asset inventory management, OT network architecture, and analysis of vendor specific threats for control systems software/firmware, and development of mitigative measures to improve these systems Cybersecurity resilience• Lead analysis of all network packet captures (PCAPs) to identify networked assests, determine networked data flows, profile network characteristics such as protocol usage, DNS extensibility and purpose, and analyize communication from the internal ICS network to external public internet protocal (IP) addresses• Assissted in OT Network Architect for designing security reference architectures based on the Purdue Enterprise Reference Architecture (PERA) and Unified Facilities Criteria (UFC) 4-010-06 Cybersecurity of Facility-Related Control Systems to create network segmentation/segregation and minimize impact to availability of ICS/SCADA systems

• Responsible for conducting classified and unclassified reporting analysis within the Army’s highest Cyber Intelligence cell • Managed Cyber threat association, APT detection, response, and mitigation efforts against Army global targets • Conducted target-specific risk assessments in relation to Cyber threats against US-Army worldwide assets including Army Corps of Engineers’ ICS/SCADA, Army research centers, and installations • Authored over 50 Cyber Threat Reports detailing assessed internal risk based against known exploits, APT trends, and recommended action in accordance within organizational Risk Management Framework • Implemented a program that enabled greater collaboration among three Cyber Intelligence Analyst shifts resulting in an increase in intelligence support to Defensive Cyberspace Operations

• Led Intelligence Directorate in providing Cyber intelligence analysis supporting the Army’s most Senior Commander in South Korea. • Managed production and dissemination of over 100 strategic intelligence products supporting Senior Army Leader’s objectives in the defense of South Korea against North Korean aggression • Developed and implemented an Intelligence Indications and Warnings system training program for incoming intelligence analysts for monitoring operational and strategic threats • Lead, trained, and supervised five junior multi-discipline intelligence analyst resulting in timely, accurate, and relevant intelligence products • Maximized intelligence architecture and knowledge management efforts that resulted in proficient system integration, product dissemination and data basing