- Manage Exelon’s Insider Threat Program. Responsible for coordinating with stakeholders across the enterprise to mitigate the risk of data exfiltration, workplace violence, IT sabotage, and misuse of assets by over 42,000 active personnel across 7 business units.- Lead a 5-person team to detect and respond to over 30,000 monthly alerts. Developed procedures to triage and prioritize these alerts based on the risk to personnel and/or critical assets, including electric grid critical infrastructure.- Drive continuous improvement in configuration of tools and applications used to detect insider risks. Introduced the use of a Microsoft Compliance application that resulted in previously undetected data exfiltration events over removable media, and resulted in evaluations of current security control procedures.- Completed a multi-year evaluation of the effectiveness of an existing UEBA application, determining that an in-place SIEM solution could meet insider threat use case requirements. Migration to the SIEM solution will produce $400,000 of savings in license and maintenance costs, while improving the detection capability of the insider threat team.- Coordinate with 5 physical security teams, cybersecurity threat hunters, and digital forensics to investigate and substantiate allegations of policy violation and/or insider threat activity.

- Initiated a self-assessment of Exelon’s Insider Threat Risk program. Coordinated with 33 individuals representing CISS, IT, Legal, HR and Audit to assess the maturity of 112 program elements across 21 best practice areas. The completed assessment will be used to develop business plans focused on improving the insider risk program.- Began development of “Insider Risk Vital Signs” to determine if IT, HR, and other security metrics may indicate changes in insider risk exposure. Evaluated program metrics to improve or find new indicators that could better represent the state of operations and help drive continuous improvement.- Took ownership of Microsoft compliance tools, analyzing features and keyword lists to enhance the effectiveness of Communication Compliance. Started evaluation of Microsoft’s Insider Risk Management solution.- Evaluated current state of Exelon’s system for identifying critical assets. Determined areas for improvements in business process and technology to reviewed post-divestiture.

- Ensured delivery of IT infrastructure services to Exelon Utilities application teams. Coordinated between IT platform, financial, and application teams to ensure EU’s operational and strategic needs were met.- Lead a cross-functional “Pod,” of over 20 members, with the goals of reducing incident MTTR, meeting SLO targets, and increasing collaboration between infrastructure and application teams.

- Managed the Security Applications portfolio. Responsible for the operational support, regulatory compliance (SOX, NERC CIP, and ECI), and long-range planning of Oracle Identity Governance (OIG), CCure, Andover Continuum, Symantec Data Loss Protection, RSA Archer, PassagePoint, and D3 Security Incident System.- Directly led and managed a team of 6 IT analysts and indirectly lead 25 managed support vendor personnel.- Established relationships with and regularly briefed stakeholders on the status of the portfolio and to develop business plans. The increased engagement improved stakeholder confidence and improved long range planning.- Developed a 5-year, long term budget and oversaw a $8.5 million annual budget for support contracts, application licensing, infrastructure, travel, and supplies. In 2019, actual spend was 99% of forecast and as of September 2020, spend was on track to be within 99.5% of forecast.- Reduced production outages of AGS by 75% from 2018 to 2019 through enhanced event and problem management. Ensured incidents and other requests were resolved within service level agreements for the entire portfolio.- Provided input, based on NIST Cybersecurity Framework, SP 800-53 and SP 800-63, to enterprise Identity and Access Management policy as a member of the IAM Working Group. The group ensures alignment of IAM policy across multiple stakeholder groups and influences planning for implementations of IAM.- Drove the strategic direction of Exelon’s Identity Governance and Administration (IGA) platforms. Developed a business case and communication plan outlining benefits and risks of replacement of the current platforms.- Supervised development of team procedures and activities to ensure portfolio compliance with internal security controls and NERC CIP regulations. Resolved all corrective actions to ensure no audit findings.

- As a Security Applications IT analyst, coordinated activities across IT teams, and analyzed logs, configurations, and database activity to identify the root cause of and resolve incidents. - Leveraged SQL queries to provide stakeholders with analytical data from Microsoft SQL Server and Oracle databases in support of both business and IT requirements.- Managed production release and testing for the AGS upgrade project. Planned and coordinated 6 successful, on-time production releases. Managed the creation of test data for 30 application integrations and ensured resolution of defects. Initiated design reviews for two target applications, resulting in improved provisioning workflows.- Led a review of application portfolio infrastructure, resulting in the decommissioning of 5 applications, a 25% reduction in servers, a 52% reduction database instances, and a $250,000 reduction in annual licensing costs.- Initiated the development of the Oracle Identity Governance (OIG) technology roadmap, which drew upon input from business and IT stakeholders and concluded with a 2-day planning workshop.- Served as a Data Loss Prevention (DLP) Incident Manager, analyzing incidents to determine if the activity was a risk to Exelon.

- Delivered SOX and NERC CIP access compliance services for 50 applications. Developed procedures to review administrative access to those applications and servers, remediating SOX audit findings.- Primary front-end administrator for the Symantec Control and Compliance Suite (CCS). Maintained CCS queries used to evaluate Windows, Unix, SQL Server, and Oracle platforms. Performed “Tier 1” maintenance functions.- Developed and maintained SharePoint sites and workflow automations that consolidated and automated the review, approval, and evidence retention processes for SOX and NERC CIP periodic access reviews.- Improved procedures for security policy exceptions, eliminated unnecessary requests, and automated the approval process. This resulted in a 50% reduction in man-hours and improved user experience.- Served as a Data Lost Prevention (DLP) Incident Manager, analyzing incidents to determine if the activity was a risk to Exelon.

- Directly supported US Army counterintelligence (CI) investigations and operations for 308th Military Intelligence Battalion. Provided CI field agents with analytical products including case reviews, link charts, and timelines for active investigations.- Reviewed and analyzed intelligence reports to identify CI threats to Army equities.

Business development and training.

Developed risk assessments for critical infrastructure protection (CIP) in the CIP-Cyber Security program for the Department of Homeland Security (DHS).

Delivered high-quality intelligence reporting, developed courses of action, and provided targeting priorities in support of planning efforts for the US Navy Fleet Cyber Command.

Attending University Full Time

- Supervised a 10-person division. Attained a, better than average, 50% advancement rate among the team.- Prepared the division for signals intelligence operations after a yearlong hiatus. Guided the team through 3 training evaluations and a material readiness inspection with no major discrepancies.- Identified intelligence collection system issues, through 200 hours of troubleshooting, that impacted systems Navy wide. Once fixed, system efficiency increased by 50%.- Coordinated with four external organizations to ensure network certification on three newly installed computer systems was completed on time with zero discrepancies.

- Analyzed tactical level signals intelligence in eastern Afghanistan in support of maneuver commanders which directly resulted in the capture of enemy combatants and small arms caches- Trained four junior personnel on analysis techniques and reporting requirements.

- First-line supervisor of a 24-person division. Ensured 100% retention and 60% advancement rate - Coordinated with government agencies to draft intelligence assessments supporting deliberate and crisis action planning for military commander’s use of computer network operations (CNO)- Represented NSA at Pacific Command’s exercise planning conferences to develop realistic CNO courses of action and provide exercise participants with appropriate support

Operated intelligence collections equipment and drafted tactical intelligence reports