-Team lead and SME for Splunk deployment at a large financial institution.- Architect, manage, and optimize a high volume clustered Splunk/Splunk Enterprise Security deployment spanning 2 data centers and 4 sites including clustered indexers/search heads, heavy forwarders, universal forwarders, deployment server and syslog servers.- Manage Splunk ES instance making it the “single pane of glass” the Cybersecurity Operations Center (CSOC) uses to identify and triage security events across the enterprise- Work with a team of security engineers to integrate various security hardware and software components to enrich Splunk to include FireEye, McAfee, NetSkope, and Anomali appliances.- Troubleshoot and resolve issues with Splunk instances coordinating with internal or external parties such as OS and storage teams as needed to achieve resolution; document solution in support wikis.- Create and monitor Splunk health indicators to identify problems and trends related to search and indexing performance, storage consumption, and forwarding.- Provide technical/administrative support on IT related areas of cyber security and enterprise information system security for all CSOC teams- Create Splunk reports, dashboards, and alerts according to customer requirements- Research and install Splunk applications, supporting and technical add-ons including to include DB Connect and HEC configurations for Splunk data ingestion - Test, onboard, and normalize data ingestion applying the Splunk Common Information Model

- Serve as BlueCoat and Splunk Administrator/Engineer for the DHS Mission Operating Environment - Apply a thorough understanding of Splunk to review, revise and refine Security Operations data collection, aggregation, and correlation in support of Continual Service Improvement efforts. - Work with other security operations teams using their requirements and building custom dashboards and applications in Splunk to present timely and pertinent information for action- Engineer Splunk to monitor, contextualize, and provide reporting on a wide variety of network data feeds including but not limited to network, anti-virus, firewall, operating system, and IDS/IPS logs. - Configure threat lists in the Splunk Enterprise Security app to allow for automated correlation of Indicators of Compromise for ongoing malware campaigns to provide analysts with timely alerts targeting production environments.- Monitor and tune Splunk servers to detect faulty operation and remedy anomalies. - Provide complex engineering analysis and support for all security devices in the enterprise to include firewalls, routers, networks, and operating system devices spanning several client sites at locations across the country.- Validate and test complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.- Serve as a member of a security operations team monitoring all aspects of network security on an on call, 24/7/365 basis. Contribute to team effectiveness through internal and external training and Continual Service Improvement actions.- Leverage extensive experience in network exploitation and defense while preserving a current knowledge of attack vectors and methodologies; apply this knowledge to identify vulnerabilities on client assigned networks.

Advanced through progressively responsible enterprise network / systems security architecture and administration career to hold high-profile information security analysis role within NATO Headquarters supporting 4K+ workstations, 3 classified / unclassified networks, and telecommunications systems of international agency with 28 member nations. Engineered, installed, configured, and administered information security solutions, including IPS, IDS, log management, proxy services, firewalls, and security assessment tools; authored system- and domain-specific security scripts. Led threat / risk assessment, information assurance (IA), security audit, incident response, system hardening, forensic investigation, and data restoration. Reviewed third-party agency incident reports and internal logs to detect malicious behaviors. Planned and managed enterprise information security projects, providing comprehensive status reporting to senior staff. Retired honorably as Master Sergeant. Selected contributions include:** Served as primary BlueCoat proxy administrator and point-of-contact for all Internet-related issues.** Held primary responsibility for all IDS / IPS activity, including regular review and categorization of signatures for applicability to the network and review of logs for suspicious activity. ** Performed monthly security vulnerability assessments for installed software products and review of monthly “Patch Tuesday” announcements, producing and distributing announcements, vulnerability assessments, and recommendations to stakeholders. ** Substantially improved access control / permissions framework using lowest privilege methodology, simultaneously enhancing audit capabilities.** Responded to and resolved hundreds of security incidents and user-reported trouble tickets each year.** Evaluated malicious email, phishing, and denial of service attacks to identify trends and develop highly effective remediation strategies

Created data transformation scripts for operational intelligence (OPINTEL) within Joint Intelligence Center Pacific, producing Perl / JavaScript scripts to parse secure data into intelligence databases. Selected contributions include:** Achieved and sustained rate of 99%+ system availability.** Authored 10K+ lines of code for newly created collections management system.** Pioneered web-based intelligence briefing capabilities, cutting briefing development time for Intelligence Analysts by 10 hours per week.** Core Technologies: Windows, Windows Server, Unix Server, Perl, JavaScript

Advanced through series of senior-level network administration and network operations management roles; administered high-availability LAN / SAN infrastructure, supported 24/7/365 network operations, and managed network / information security. Configured and administered Windows Server environment, including servers, network devices, communication / messaging systems, and workstations; tested and deployed systems, conducted maintenance, optimized performance, and managed enterprise backup / recovery processes. Supported full life cycle technical project management. Selected contributions include:** Managed Help Desk operations and team of 4-6 in provision of Level 1 support for base-wide LAN.** Held collateral role as Information Systems Security Officer (ISSO).** Core Technologies: Windows (through 2000), Windows Server, Microsoft Exchange Server, LAN, EMC SAN, Remedy Ticketing System, Microsoft SQL, Blackberry Server

Held progressively responsible software programming, UNIX system administration, and database analysis roles within US and overseas environments, including several deployments to the Middle East and Southeast Asia. ** Core Technologies: Sun Solaris, IBM Mainframe, JCL, Visual Basic, Sybase, JOVIAL, COBOL, Assembler