John Grim Email and Phone Number

● Manages a 24x7 Cyber Threat Management Center consisting of cyber threat intelligence, threat-vulnerability management, threat detection analytics, security operations center, cyber threat response, cybersecurity investigations, digital forensics, and electronic discovery● Leverages next-generation monitoring to include tools for supervised and artificial learning, artificial intelligence, user and entity behavior analytics, and visualization technologies across a complex, global environment● Leads and guides full time employees, vendor relationships, security consultants, and matrixed teams to conduct just-in-time threat management in an ever-changing cyber threat landscape ● Interacts with all levels of business leadership to include executive-level communications and interpersonal skills to include briefing C-level leaders, influencing stakeholders across the organization, and engaging information security and industry leaders● Makes critical and timely decisions while solving unique and complex problems. Executes key operational decisions with potentially high impact threat attacks to include, but not limited to, phishing campaigns, malware campaigns, organized criminal operations, and nation-state operations● Maintains full accountability over operating budget, to include hiring, consulting, outsourcing, and service decision-making, as well as assesses growth needs and implements business case changes

● Managed cyber threat intelligence, cyber threat hunting, and cyber threat thought leadership that serves as the focal point and driving force behind cyber fusion and threat-informed defense; was responsible for strategic planning, operational decision-making, daily operations, metrics / key performance indicators, hiring decisions, tool procurement, and vendor relationships● Provided intelligence-driven strategic support to executives for long term, decision-making, operational support to nearer term, functional level activities, and tactical / technical support to front line cyber fusion operations● Provided direct, threat-informed support to threat detection, incident response, digital forensics, insider threat, offensive security, attack surface management, network security, architecture and engineering, mergers & acquisitions, security awareness and training, among other intelligence consumers● Liaised and interacted with functional level leaders and business unit security leaders to determine and review priority intelligence requirements, socialize services and capabilities catalog, and develop and maintain reporting products that meet the needs of these supported entities● Adhered to the fundamentals of intelligence activities to include the cyber threat intelligence cycle in delivering timely, relevant, accurate, and actionable intelligence, as well as stakeholder feedback loops and constant self-assessment aimed at improving collection, analysis, and production● Oversaw cyber threat hunting activities in direct support of reactive and proactive threat detection, incident response, offensive security activities by focusing on threat actor campaigns, TTPs, vulnerabilities / exploits, LOLBINs, and malware● Embraced industry standards to include SIPOC (Source-Input-Process-Output-Consumer), Attack-Defend Vortex (Attacker-Action-Defender-Counteraction), MITRE ATT&CK Framework, CIS Controls, NIST Cyber Security Framework, and SWOT Framework

● Facilitated technical discussions with and advised C-suite clients on data breach prevention / mitigation / detection / response and cyber threat intelligence / threat modeling solutions; leads executive-level data breach simulation / crisis management exercises● Integrated cyber threat intelligence and technical research into cloud, network, virtual, endpoint, detection / response tool solutions to improve cybersecurity postures, incident detection, and investigative response workflows● Synergized with pre-sales, sales enablement, product management, product marketing, external marketing, thought leadership, analyst relations, and corporate communications stakeholders for sales opportunities, marketing campaigns, thought leadership publications, and new product roll-outs● Identified, developed, and implemented processes and frameworks for new product and service growth opportunities across verticals; led research and analysis projects into new, emerging technologies for incident detection, incident response, and forensic investigations● Led research and analysis projects into new, emerging technologies for incident detection, incident response, and forensic investigations● Managed and contributed to new / enhanced service and product offerings from conception through time-lining, research, development, strategy, coordination, to launch● Researched, primary-authored, and produced the 2020 Verizon Cyber-Espionage Report, the 2019 Verizon Insider Threat Report and the 2019 Verizon Incident Preparedness and Response (VIPR) Report; co-authored the 2019 Verizon Payment Security Report

● Managed, trained, mentored, and evaluated the performance of a highly-skilled, geographically dispersed, remote investigative response team; approved technical findings deliverables / expenditures● Worked closely with pre-sales, product marketing, external marketing, thought leadership, analyst relations, and corporate communications stakeholders● Scoped and managed complex data breach investigations across industries, to include financial, healthcare, manufacturing, retail, and accommodation; coordinated collection and analysis of open source, dark web, cloud, NetFlow, network, endpoint, and malware evidence sources● Provided technical advice and assistance to CIOs / CTOs / CISOs and other executives; conveyed findings and advised internal / external counsel, corporate communications, human resources, service providers, and law enforcement● Synchronized efforts with client cyber threat intelligence, CERT / CSIRT, SOC / SIEM, NOC, cyber risk, cybersecurity, and information technology, to include infrastructure, cloud, network, server, desktop, and application teams; assisted with root cause analysis efforts● Oversaw enterprise threat hunting / digital forensic health check engagements; reviewed and quality checked final management reports, to include findings and recommendations● Oversaw incident response capability / readiness assessments and incident response policy, plan, playbook, process, and procedure development; reviewed and quality checked final management reports and incident response plans / playbooks● Developed and oversaw incident response, digital forensics, cyber threat training to external customers, conference attendees, and team members● Created and conducted executive-level data breach simulation / crisis management exercises; conducted after-action reviews to identify cybersecurity and incident response gaps and gap remediation solutions● Produced / primary-authored the 2018 Data Breach Digest and 2017 Data Breach Digest

● Established new digital forensics / investigative response team; supervised, trained, mentored, and evaluated the performance of a geographically dispersed, remote investigative response team; approved technical findings deliverables / expenditures ● Led complex data breach investigations across industries, to include financial, healthcare, manufacturing, retail, and accommodation; collected and analyzed open source, dark web, cloud, NetFlow, network, endpoint, and malware evidence sources● Provided technical advice and assistance to client CERT / CSIRT, SIEM, SOC, NOC, IT security, infrastructure, cloud, network, server, desktop, and application teams● Synchronized efforts and worked closely with cyber threat intelligence, incident response, cyberdefense, cybersecurity, and cyber risk teams● Conveyed findings and coordinated activities with, internal / external counsel, corporate communications, human resources, service providers, and law enforcement● Performed incident response capability / readiness assessments; developed incident response policies, plans, playbooks, processes, and procedures● Developed and delivered incident response / digital forensics / cyber threat training to external customers, conference attendees, and team members● Created and delivered incident response tabletop exercises for technical and non-technical audiences; conducted after-action reviews to identify cybersecurity and incident response gaps and gap remediation solutions● Produced / primary-authored the 2016 Data Breach Digest

● Investigated network intrusions, malware outbreaks, cyber-espionage incidents, insider threat activity, and payment card industry breaches● Worked closely with management, technical, non-technical, and external stakeholders to resolve data breaches and other cybersecurity incidents and conduct root cause analysis activities● Advised victim organizations on containment, eradication, and remediation measures; advised on breach prevention and mitigation countermeasures● Collected, preserved, and examined digital evidence, to include volatile data, memdumps, system images, packet captures, and network logs● Conducted cybersecurity assessments; reviewed / created client incident response policies, plans, playbooks, and procedures● Provided cybersecurity and investigative response training and cyber threat briefings; developed and led mock incident tabletop exercises; conducted after-action reviews to identify cybersecurity and incident response gaps and gap remediation solutions

● Served as Intelligence Officer (GG-13, Operations) and managed a technical team of U.S. Army cyber counterintelligence digital forensics investigators, to include providing direction to and overseeing all phases of the counterintelligence cycle: planning and direction, collection, processing, analysis, dissemination● Responded to and led cyber counterintelligence investigations with national security implications involving computer and network security incidents● Forensically imaged / examined digital media; processed evidence; analyzed network device logs and related evidence● Provided digital forensics and incident response training to counterintelligence agents and CERT personnel● Liaised with intelligence, law enforcement, CERT, NOSC, and security entities; provided technical advice and assistance to commanders● Liaised with military intelligence, law enforcement, CERT, NOSC, legal, and security entities; provided technical advice and assistance to commanders

● Served as Intelligence Officer (GG-13, Operations) and coordinated / deconflicted / synchronized counterintelligence and human intelligence operations, collection, and reporting● Oversaw the phases of the intelligence cycle: planning and direction, collection, processing, analysis, dissemination● Served as CI / HUMINT reports officer; responsible for quality assurance and quality control● Analyzed threat reporting for actionable intelligence; integrated threat intelligence into daily reporting summaries and briefings● Conducted collection management activities; ensured counterintelligence collection efforts aligned with and answered Priority Intelligence Requirements and Specific Information Requirements

● Served as Intelligence Officer (GG-13, Operations) and stood up cyber counterintelligence / counterespionage capability for the U.S. Army Pacific; identified essential technical training and operational resource requirements; established policies and procedures for evidence collection, examination, and analysis● Conducted all phases of the counterintelligence cycle: planning and direction, collection, processing, analysis, dissemination● Responded to cybersecurity incidents and conducted digital forensic investigations involving computer systems and network environments to determine root cause, assess damage, and advised on containment and remediation measures ● Forensically imaged and examined digital media; processed evidence; analyzed network logs and related evidence● Provided incident response, evidence collection, and digital forensics training to counterintelligence agents and CERT personnel● Ensured cyber counterintelligence collection efforts aligned with and answered Priority Intelligence Requirements and Specific Information Requirements● Liaised with military intelligence, law enforcement, CERT, NOSC, legal, and security entities; provided technical advice and assistance to commanders● Applied the fundamentals of military and civil laws, regulations, and policies; maintained accountability of assigned intelligence property

● Served as field office NCOIC and managed two teams of U.S. Army counterintelligence agents conducting counterintelligence, counterespionage, counterterrorism, and personnel security (background) investigations, as well as providing counterintelligence / force protection support to U.S. Army installations, joint military exercises, and special events● Led or oversaw national security related preliminary inquiries and full scope investigations; oversaw or performed subject / source / witness interviews; oversaw or conducted records checks activities; responsible for counterespionage case control● Oversaw counterintelligence route reconnaissance surveys, site surveys, and facility physical security assessments in support to force protection operations● Reviewed and quality-checked reports of investigation, threat assessments, intelligence summaries, counterintelligence estimates, intelligence information reports, and counterintelligence / force protection reports● Ensured counterintelligence collection efforts aligned with and answered Priority Intelligence Requirements and Specific Information Requirements● Oversaw or presented counterintelligence, threat landscape, and security awareness, and force protection briefings and training sessions to military and civilian audiences● Liaised with intelligence, law enforcement, and security organizations● Applied the fundamentals of military and civil laws, regulations, and policies; maintained accountability of assigned intelligence property