Here, I was promoted to be lead of the security operations team. I continue to manage team schedules, projects, and work processes internally but now also met externally with other teams and vendors as the face of security operations. I serve as a SME for security operations in the company and continue to lead process and documentation improvements for our team.

In this role, I continued to expand the security operations processes and tasks to a new set of Microsoft-based security tools. I quickly learned the toolset and began developing process automation, custom alerting, and ruleset tuning. I led projects such as identifying and removing unneeded enterprise applications, migrating endpoints to a new antivirus solution, researching and implementing attack surface reduction rules, and helping to develop a remediation for 0-day attacks such as the Microsoft print spooler vulnerability of summer 2021. The SOC began to grow in numbers, and I took a central role in mentoring our new hires. We developed a successful team culture that stressed people and processes before tooling. Documentation and research is the crux of everything we do, and everyone on the team is empowered to initiate action on security events/projects when needed.

At this position, I embraced a leadership role in both designing and executing security processes from the ground up as part of a new cybersecurity team. I worked closely with the security architect and governance team to use existing tools to develop repeatable processes with which to build a security program. I focused primarily on endpoint security, vulnerability management, and email security operations in this role, developing consistent documentation standards for both individual tickets and processes. I initiated process changes through the change management program whenever a new security operations project or task required and coordinated closely with IT operations teams on implementation.

Upon invitation, I returned to full-time employment at Los Alamos National Laboratory (LANL) as a full-fledged member of the network security operations center (NSOC). The team fulfilled a dual mission of performing tier I/II analysis of security events as well as maintaining security posture and availability of the most of the organization's security tools. Here, I continued to grow as an analyst performing root cause analysis, remediation for minor incidents, and tuning recommendations for noisy alerts. I worked and documented anywhere from 35 - 200 work tickets a week, with an over 99% quality check pass rate. I actively contributed to updating SOC runbooks with new process information and designed new runbooks for new processes as needed. In addition, I maintained weekly backups of all of our security appliances and performed updates of software/firmware as needed. I participated in a rotational on-call schedule where I served as ticket master (performing ticket screening and delegation) during the work day. I would also monitor security events after business hours and during weekends as well.

I spent the summer onsite at Los Alamos National Laboratory (LANL) interning on the Network Security Operations Center (NSOC) team. My daily tasks consisted of learning how to properly triage network/endpoint alerts and perform root cause analysis of events pivoting through a non-homogenous toolset. My work would be documented in the ticketing system with my recommended mitigations (if applicable) to the incident response team. I worked as a junior member of the team, receiving work tickets to investigate and complete subject to daily review. In addition, upon request, I researched and tested the viability of SaltStack as an in-house security automation tool for managing Linux devices. I also completed an introductory malware analysis boot camp and attended workshops on modern DLL injection and fileless malware at DefCon 25 with fellow interns.