• Provide comprehensive scoping discussions with clients and counsel to determine the Unit 42 level of effort and the resulting proposed statement of work• Worked with Directors, Seniors and Principals to develop and document a consistent scoping process for multiple types of engagements • Executive Advisor for simultaneous client forensic and incident response engagements focused on consistency and quality• Responsible for briefing counsel and clients regarding Unit 42 status updates, forensic findings, and final case readout • Documented a consistent process for providing status updates and engagement closeout regarding investigations• Service leader for all ransomware facilitation processes, trainings, payment partners, and engagement oversight.• Trusted mentor/leader for consultants interested in improving their non-technical thought process and skillset• Provided soft-skills training to consultants regarding pull through for proactive services

• Leadership responsibility for Advisory Services Practice Enterprise Incident Management • Effective developmental leader within the organization to improve cross team collaboration• Provide guidance to consultants on career development path and how to demonstrate leadership values to prepare for their future• Increase line of business revenue recognition with a 20% YoY growth, while maintaining and minimizing noncritical expenses• Monitor weekly SFDC pipeline and forecasting data for opportunities to streamline sales revenue and practice revenue recognition • Reconcile and validate financial data supplied by accounting on a monthly basis• Critical planning and management of practice budget expenses with an effort to minimize impact on monthly P&L statements• Monitor, manage and approv discounts offered to client managers to maintain a stable line of business gross profit • Present EIM practice service offerings during executive briefings speaking to the strategic nature of the Incident Management programs within client environments• Promote practice offerings to regional client management teams to increase effectiveness in selling EIM services• Promote the use of Optiv Competency Model during to help develop individuals on the Korn Ferry Leadership competency framework• Develop business analytics to track YoY growth, rolling 12-month practice performance and develop growth strategies

- Represented EIM during oCISO workshop on building incident response plans at a strategic level for client organizations- Gained a trusted reputation with Optiv Brand Relations regarding incident response, breach, and forensics related news agency requests - Motivated legacy Fishnet and Accuvant EIM consultants during merger and minimized concerns of future team state - Delivered Executive Briefings Conferences on behalf of the EIM practice remotely and in person - Promoted practice offerings to regional client management teams to increase effectiveness in selling EIM services- Developed and maintained a customized EIM client tracking workflow to enable practice leadership with critical pre-sales support information- Provided client managers with pre-sales assistance through speaking engagements related to EIM and client objectives- Contributed to the interview process for potential EIM candidates, including acting as a primary point of contact for the Optiv human resources team- Identification and development of Standard Operating Procedures for practice processes - Influenced EIM practice leadership during yearly strategic planning meetings from practice offerings to how the practice should be run- Management of and primary escalation for all Enterprise Incident Management projects

- Conducted forensic and incident response investigations for clients related to data exfiltration, user policy violations, malware infections, and breach response- Consulted on Incident Response and Forensic solutions for Optiv clients- Performed subject matter expert duties to Enterprise Incident Management team on AccessData and X-ways forensic product suites- Facilitated all Fishnet Security proactive service offerings with clients such as Tabletops, Incident Response -- Plans, Playbook development, and e-discovery programs- Provided primary peer review on Enterprise Incident Management client reports

• Author of Incident Management Program including supporting documentation such as policies, procedures, and customized Incident Management database• Perform forensic investigations on potential policy violations and suspected malware infections• Developing a incident response playbook for responding to Distributed Denial of Service (DDoS) attacks• Provide analysis and recommendation on Enterprise Incident Response and Forensic solutions capable of remote evidence acquisition, triage and remediation • Reducing initial triage and containment phases of incident response through documentation of playbook and education of incident responders

• Conducted internal forensic investigations on suspected policy violations, suspected malware infections, and suspected privilege abuse• Developed enterprise forensic investigation process• Co-authored computer security incident investigation strategy, policies, and procedures• Investigated and analyzed response activity related to alarms generated by Managed Security Services Provider • Provided tier four support on Endpoint Protection solutions including; firewall, IPS, anti-spyware, antivirus, full disk encryption, agent-based web filtering, and host integrity• Performed analysis of Intrusion Detection triggered events including fine tuning of Intrusion Detection and Prevention Systems• Provided technical validation of third party penetration testing results and remediation efforts• Developed strategy for enhancing endpoint protection controls, including anti-malware, intrusion detection, full disk encryption, and agent-based web filtering• Identified endpoint control logs critical to SEIM monitoring solution• Performed risk analysis service on information technology projects• Authored internal standards and policies for endpoint protection, firewalls, and encryption • Drafted selections of corporate Information Security Awareness program materials

• Designed secure network architecture for local businesses• Provided penetration testing services for clients• Assisted area businesses with secure web server deployments and policies• Provided system cleanup and security protection for clients with infected computers

• Designed security infrastructure including malicious software protection, spam/web filtering, server/network hardening, log correlation, intrusion detection, and file integrity monitoring• Performed assessments of corporate network assets using a variety of open source and commercial tools to determine security posture of organization • Established IT governance utilizing COBIT 4.0 Framework into corporate IT Operations including identification of key controls to address Sarbanes Oxley requirements• Managed Sarbanes-Oxley compliance team of 25 individuals in designing corporate security awareness program, corporate security standards and polices, IT standards, baselines, guidelines and procedure documentation• Independently developed security standards to address patch management, vulnerability assessments, and antivirus protection• Conducted forensic analysis of employee computers in cases of suspected policy violations

• Provided network consultation, technical support and problem solving for internal and external clients on upgrades, application configurations and technical issues• Independently researched available network security options, configured and implemented start up of network security policy• Integrated Network Intrusion Detection System into DMZ and monitored network for unauthorized access attempts from external and internal systems• Monitored and analyzed performance of Windows NT servers to ensure hosting provider was maximizing response time for hosted websites

• Configured Windows NT workstations for office and staff employees• Installed and upgraded Windows NT on workstations and laptops • Performed troubleshooting of network and Windows NT based problems• Assisted in implementation of manufacturing support program, which eliminated paper based regulation manuals