Integration of SAST and DAST into CI/CD pipelines Splunk alert creation and configuration for SOC monitoring capabilitiesCreated a Vulnerability Management process for 5k+ systems, containers, and other cloud resourcesMonitored and configured AWS security controls across multiple accounts and VPCsAssisted in PCI and SOC2 audits gathering evidenceResponded to security alerting events and incidents as a member of the Incident Response TeamVulnerability scanner deployments across systems and cloud solution integrationsFully automated audit tasks resulting in a reduction of 16 hours of audit work

Monitored daily activities of unit and guarantee compliance to training requirements by planning and orchestrating training sessions for 56-member team. Executed detailed analysis of target network communication nodes, structures, and operating procedures for additional means of exploitation. Examined data sets to document threats, isolate vulnerabilities, and suggest techniques to exploit vulnerabilities, as part of red team.Key Accomplishments:• Transformed target communication profiles via in-depth analysis of data, target tactics, and procedures to provide mission-ready intelligence products.• Developed 43 intelligence reports containing technical analysis of an Advanced Persistent Threat (APT). Navy Mobilization to FBI Chicago Field Office (Oct 2020 – Sep 2021)Executed in-depth analysis to understand events and shared usable intelligence with top management of FBI and US Navy. Conducted research and developed/forwarded intelligence reports with United States Intelligence Community Agencies.Key Accomplishments:• Played a key role in an offensive disruption of the APT as a coordinated event between FBI and US cyber command• Updated executive FBI agents and military officers on APT engagement directly influencing selection of intelligenceagencies of other countries.

Steer and motivate high-functioning team of 12 members, implementing and documenting security controls. Expertly maintain appropriate cyber security posture for systems to streamline business operations and client delivery. Serve as proactive part of Incident Response Team, covering 200+ events involving network assets and mobile devices. Actively engage in meeting compliance requirements for new lines of business along with ensuring security and compliance. Oversee security control family containing hundreds of controls to remain in compliance. Offer subject matter expertise to confirm systems follow established information security policies and procedures.Key Accomplishments:• Contributed to achieve Fedramp and IL4 accredited by accomplishing 37 security implementation checklists, containing thousands of controls.• Initiated 30+ security control checklists across vast cloud system, impacting compliant results of 2022 third-party audit• Played a lead role in clearing combined 30 audits internally and by third parties, including penetration tests,vulnerability assessments, and policy auditing.• Coordinated closely with clients and executive leadership to certify first web application for government offered by theDeloitte Government Sector.• Ensured compliance with the Approval to Operate by DoD and DISA through the execution of risk managementframework across cloud networks• Provided leadership and guidance to a team of 12 members, as well as to external teams who work in unison to enableLine of Business functionality

Supervised 11 separate classified networks conducting all security-focused requirements, such as auditing, vulnerability assessments, technical implementation, and access management. Prepared auditing script to generate weekly report in readable format, ensuring RMF and NIST compliance of 20+ Linux-based systems. Assessed and troubleshot complex issues, as part of the incident response team.Key Accomplishments:• Established auditing script to combine 46 systems into auditory compliance.• Envisioned and implemented system security plans for 11 networks, submitted to the Defensive Counterintelligenceand Security Agency for Approval to Operate.

Conducted over security assessments on client businesses, providing guidance and remediation efforts to enable a functional business that remained in compliance. Engaged with business owners to provide an information security plan that would fall in line with provided a provided budget.• Conduct network scan on clients networks and provide a professional report on vulnerabilities and compliance standards • Created a workflow of SIEM alert to ticket generation from UTM devices• Managed SIEM alerts to mitigate threats and identify false positives• Implementation and troubleshooting of UTM devices and other network devices• IT Helpdesk/Network troubleshooting experience (i.e. printer installation, computer build outs, hardware upgrades, device imaging, active directory management)• Utilizing a ticket based system to manage multiple projects and report time• Use of tools such as Proofpoint, Network Detective, Metasploit Framework, Social Engineering toolkit, etc.• Use of Network Detective to conduct external, internal, and host based scans to search for vulnerabilities, PII, and misconfigured security architectures• With VMWare Workspace One solely developed a seamless ordering process of mobile devices for clients that automatically implemented HIPAA compliance standards such as encryption and Device Management upon turning on the device• Generated Group Policies via Active Directory to keep all client environments in compliance while also not affecting productivity and work flow• Use of Metasploit Framework and Social Engineering Toolkit to show cleints what can be done from an attackers point of view• Managed Proofpoint portal to quarantine suspicious emails and pull email headers to investigate the original sender

Assisted in setting up and maintaining information systems at Uhaul stores. Implanted payment systems, printers, and other network devices. Installed Ethernet cables for new systems. Assisted in network setup for store remodels.