• Lead and manage the 24x7x365 multi-location Security Operations Center providing technical and management oversight.• Lead staff to proactively identify, prevent and respond to security incidents.• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.• Ensure a high degree of customer interactions, compliance to Service Level Agreements (SLA), processadherence and continual process improvement to achieve operational objectives and mitigate threats.• Revise and develop processes to strengthen the current operational activities.• Continually evaluate automation and platform needs with the SOC team and drive prioritized list ofimprovements with Product Management and Engineering• Review policies and recommend changes to improve governance.• Responsible for team management, personnel scheduling, overall utilization of resources.• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.• Provide oversight in identifying ways to optimize visibility of customer security feeds to the SOC as well as optimizing management of defensive capabilities.• Creation of reports, dashboards, metrics for daily SOC operations as well as for presentation to clients.• Coordinate with stakeholders to build and maintain positive working relationship.• Works with HR to identify learning and career paths for SOC personnel to increase skills, achieve continued career enhancements.

• Manages a team of security incident response coordinators, analysts.• Responsible for not only defining the capabilities to detect and respond to threats within the environment but ensuring that their team is well trained and able to use the tools to perform their job.• Acts as the primary representative when it comes to presenting regional security incident detection and response presentations to the Director of Cybersecurity Technology and Operations and CISO, as appropriate• Responsible for the delivery of an innovative security operations team and communication of metrics and findings to the Director – Cyber Security Operations Center and other leaders as appropriate• Ensures well documented processes around security threat detection, incident response/management playbooks, and proper incident handling procedures• Works with staff and management across all levels of the organization to detect and protect the environment• Mentors team members to develop their knowledge, skills, and capabilities• Ensures documentation and processes are well defined so that the team mission, vision, and strategy are well understood by the team and the business• Provides accurate metrics for the CISO metrics program to ensure continuous improvement across incident trends• Ensures clear ties to Threat Intelligence sources to ensure IoC and IoA are part of the overall program• Grows the organization through effective hiring, coaching, motivating and development of a world class technology team• Ensures excellent consistency, documentation, and process across all programs• Collaborates with other IT team managers to ensure consistency, adaptability, responsiveness, and effectiveness of security solutions• Proactively advises the business on how to maintain security posture

• Monitor and respond to alerts• Proactively analyze log data to identify and investigate potentially malicious behavior/activity• Drive mitigation activities• Coordinate with the Threat Management Center (TMC) and Security Solutions teams to tune security tools and focus SOC efforts based on our known security posture and vulnerabilities.• Revise playbooks based on lessons learned and threat intelligence• Monitoring and analysis of alerts and anomalous network activity• Full incident response and remediation efforts• Threat hunting in pursuit of additional use cases• Leverage threat intelligence to tune tools and alerts• Present incident briefs and new use cases to leadership• Mentor Tier-1 Analysts• Assist in the deployment and testing of new solutions• Recommend process improvements to improve KPIs

Selected by leadership to represent my company on our first 3 months with the client to ensure success and provide a senior analyst viewpoint into the overall operation.On-Site Technical Analyst Responsibilities were defined as:• Established processes and normalized the Cyber Threat Intelligence operations on the client site as a forward deployed leader• Identified operational items that could be improved or streamlined to ensure and overall more effective security operation• Provide the client with a deeper understanding on how to operationalize the Cyber Threat Intelligence feeds that are being utilized• Managed and tuned the Intelligence platforms with the feeds currently being utilized on-site to provide more detailed and real time threat intelligence for the Security Operations Center• Worked with business partners and on-site third party vendors currently deployed within the client environment to integrate into daily operations and become a key part of the client operation and facilitate the overall business unit's success

Team Lead Responsibilities:• Provides supervision and oversight for Security Analysts during a standard working team/shift• Assumes full responsibility and accountability for ensuring that customers receive world-class service from Security Analysts assigned to their shift• Assigns Security Analysts to information security events and oversees investigations as necessary • Assumes responsibility for issues and requests escalated by Security Analysts and executes additional escalations as necessary• Performs shift handover activities as necessarySenior Security Analyst Responsibilities:• Manages operations to identify, monitor, investigate, and analyze security events• Supervises complex event investigation and incident declaration• Serves as the technical escalation point of contact for lower level analysts• Conducts active cyber hunting operations for suspicious activities/indicators and contributes to continuous improvement processes of cyber hunting operations• Assists with the development and improvement of security monitoring tools for client environments• Assists with the development of automation solutions for the Security Operations Center• Provides thought leadership describing procedures for handling high and critical-severity incidents• Participates in daily stand-up meetings and after action meetings as required• Develops and reviews client communications prior to release

• Manages Security Operation Center visibility and event/incident remediation for over 160+ customer’s multi-cloud (AWS, Azure, Rackspace, and GCP) and dedicated, multi-platform environments• Performs Cyber Threat Hunting, Security Analytics, Real-Time Network and Host Forensics Analysis/Mitigation utilizing many different agents, tooling, and platforms • Creates Custom Signature and Query Generation (IOC identification and hunting), and interacts with customers accordingly• Incorporates Threat Intelligence integration into daily operations, processes and procedures• Plays a key role in Security Operations Center (SOC) process and procedural development and improvement

• Executes Defensive Cyber Operations on 535 million dollar Air Force Cyber Defense Weapon System providing support to 9 Combatant Commands• Defends 10 Major Commands for a total of 385 sites and a total of 800 thousand plus systems against cyber threats, vulnerabilities, and advanced adversaries• Guides network analysis, virus eradication, and incident forensics missions• Supports defense of Department of Defense, National, and International organizations• Provides command and control for real-time prevention and response actions to mitigate Air Force Information Network intrusions and attacks

• Evaluates, designs, installs, and maintains computer systems/networks• Maximizes information management and services Aerial Port Squadron• Manages software and hardware configuration of installed networks within the unit consisting of over 300+ workstations• Integrates commercial off-the-shelf Information Technology products to meet Aerial Port mission needs and requirements• Manages Global Air Transportation Execution System operations. Ensures Aerial Port Squadron is in compliance with Air Mobility Command/Department of Defense IT standards.