Threat Intelligence Practice Lead - Create, grow and evolve the cyber threat intelligence program.Incident Response Lead - Grow and evolve IR capabilities by standardizing and maturing the process of detection and response, running tabletop scenarios across the organization and performing the duties of Security Incident Manager.Endpoint Detection Engineer - Grow and evolve our Endpoint Protection program by ensuring the organization is protected on all compute devices, monitor detection alerts and remediate events, document processes, etc.

In charge of developing and maturing the Cyber Threat Intelligence Practice to provide vital threat intelligence and threat data to all of our customers. The CTI practice also works with internal teams to track down threats to our customer's environments and to provide mitigations from on-going cyber attacks. The program is based on an all-source method using OSINT, threat data feeds and expert analysis of daily threat actor activity to determine best practices for protecting customer environments.

Threat Intel Lead:Gather all relevant threat intel from a large list of sources including FS-ISAC and internal company resources.Continuously triage data on vulnerabilities, threat groups and malware/ransomware to determine need for escalated response including patching and verifying the remediation process.Maintain on-going list of systems and software to monitor for changes that impacted overall vulnerability status of the organization.Create and manage all internal phishing tests.Incident Response Lead:Serve as co-Lead of the Security Incident Response Team in triaging, managing and reporting of all potential incidents discovered by our SOC or security toolsets. Create and maintain all relevant documentation around our Security Incident Response Plans and internal tabletop scenarios held with IT and all other relevant areas of the bank.Security Engineering Projects:Endpoint Protection:Gathered requirements, worked with 3rd party company to do a full bake-off of leading solutions and then fully implemented our current solution directly with our Infrastructure, Help Desk and all other areas of the bank to get to full implementation within two months of the start date.Continue to support the toolset with all necessary engineering tasks and best practice solutions across thousands of endpoints.Network Security Monitoring:Gathered requirements and working with specific vendors to provide a full packet capture solution to gather all east/west and north/south traffic from our systems. Also planning to implement a software solution for full network security monitoring for any anomalous behavior across the environment for alerting.03/19 - 03/21 - Senior Info Security Engineer05/18 - 03/19 - Info Security Engineer

Hired to create the Security Operations Center and bring together monitoring ofcorporate network and store environments. • Assumed all daily monitoring tasks over our security tools, as well as incident handling/ incident response for all security events • Implemented several sec. engineering POC’s that lead to production usage • Created threat intelligence/threat monitoring tasks from external T.I. sources and internal vulnerability management • Bi-weekly threat report shared with security team, as well as I.T. Directors sourced from opensource/free threat intel and several sharing groups such as RCISC • Developed threat hunting across network, web & emailTools and Resources: • Vulnerability scanning of over 1,200 corporate computers and approximately 2,000 retail stores • Endpoint detection and response • SIEM/SPLUNK • A/V • Email security; spam/phishing/end user training • Web filtering • App Whitelisting • Active defense/deception tools • Open source network security monitoring

Systems Administrator for the IBM Spectrum Protect(Tivoli Storage Manager) application and infrastructure, including TSM for Enterprise Edition, TSM for Virtual Edition and client side software. Backup storage is provided by IBM ProtecTier and NetApp NAS infrastructure.Systems experience:• AIX system admin and configuration as necessary for app support/maintenance/upgrades• Windows Server 2003/2008/2012 admin in support of entire company server infrastructure related to our app support, troubleshooting, end client functions, configuration of system services and software installations• Support/writing/editing of Perl scripts used for administration, automation and feature enhancements• Support of team intranet page including writing/editing/maintenance of HTML code and Perl scripts• Recent project work:1. Installation/configuration/maintenance of TSM Operations Center software on a standalone Linux server, which is used to provide a GUI web application tied to our backend infrastructure for monitoring and interaction with TSM2. Working directly with several members of the Exchange/Messaging Infrastructure team on moving public folder infrastructure from Exchange 2007 on Windows 2003 servers to Exchange 2010 on Windows 2012 servers.- This required brand new software for backups, Tivoli Data Protection For Exchange version 7.1 which had to be tested, installed and then configured to run on the Windows 2012 servers.- Required all new TSM backend software configuration infrastructure built to support receiving backups and storage of the Exchange databases.- Required new storage configuration, as the requested configuration was to place backups on our NAS storage infrastructure instead of our standard ProtecTier storage appliance. This required planning for storage requirements, meeting with the NAS storage steering group to discuss options, testing for their minimum requirements for approval, and then actual configuration to attach it to our TSM AIX servers.

Interdepartmental project with the Workspace Services Infrastructure team, specifically supporting the Client/Desktop team.Administration of Virtual Desktop Infrastructure, responsible for over 1600 virtual machines spread across 35 ESX Host servers.Work on system automation, reporting and administration through the use of scripting languages such as PowerShell.Provide technical support for incident management and problem solving to ensure customer satisfaction.VMWare vSphere architecture, implementation and support.Test and maintain infrastructure SLA’s and disaster recovery plans for critical virtual machine and application data. VDI specific experience: • Build/configure/deploy virtual machines and templates. Completed migration of Windows XP and Windows 7 physical to virtual machines.• Utilize Citrix Desktop Studio and VMware vSphere Client software to perform administration duties.• VM client builds per customer requests in our workflow change management tools, including deploying new virtual machines from existing templates and cloning existing virtual machines.• Create/manage resource pools and add all virtual machines into those pools.• Installation/configuration of virtual machines in an Enterprise SAN and NAS environment.• Security hardening/monitoring of virtual machines and ESX servers for security compliance.• Root cause system log analysis/reporting.• Manage task, events and alarms from virtual machines.• Manage users/groups/permissions/roles.• Add and extend virtual disk space.• Analyze and troubleshoot virtual machines as well as performance of a SAN-backed VMware ESX infrastructure to determine proper allocation of resources to a multi-departmental user base with widely varying needs.

• Provide 1st and 2nd level resolution to log diagnoses and resolve intermediate to advanced computer related issues, while ensuring timely resolution/response to minimize the impact on customers daily activities. Evaluate and forward issues to Infrastructure teams such as Network Administration or Server teams for 3rd level and specialized support through the Command Center, or with vendors if troubleshooting is necessary from an outside source.• Work in the Command Center support role as liaison between Corporate Help Desk department and all Infrastructure teams. Facilitate communication between all areas involved in high severity issues and insure information is handled back and forth in a timely and efficient manner. Also communicate with end users with information on how issues are being handled, and informing them on fixes to problems once they are determined, providing follow up knowledge and support where necessary.• Assisted end users with installing software and hardware, customizing software and solving technical problems, not limited to but including networking, hubs, routers, wireless setup, application troubleshooting, remote access, virtual desktops, RSA SecureID cards, BlackBerry configurations, laptop and desktop re-imaging, etc.• Develop and assist with training on new and current troubleshooting documentation, while also assisting with development and training of team members and business partners on current and new technologies.

• Administrator of user management for all systems for our Information Systems and Global Services business unit, including setting up and removing system access for employees, maintaining application security and auditing user roles.• Documents all changes to system security for auditing purposes.• Maintains Active Directory and Mainframe accounts, group and folder access for all users and service accounts, as well as access to any secondary accounts necessary for users to perform their job duties.