• Lead program manager for the development of Generative AI-related features within Detection and Response, ensuring seamless capabilities within the team• Developed a comprehensive roadmap, training materials, and process documentation specifically tailored for security engineers. These resources provide clear and concise guidance on how to respond to AI-related incidents within the Detection and Response organization, ensuring a consistent and effective approach.• Spearhead the development of the Security Response Continuous Improvement Governance program by leveraging engineering expertise. This program led to data-driven decision-making, resulting in the creation of an enhanced tooling roadmap.• Lead the Purple Program, acting as the liaison between the Offensive Security team and all of Detection and Response, adding in a new Detection Analysis section to Red Team reports creating additional insights and concrete action items, turning opportunities into actions • Created the roadmap and governing body for Digital Forensics tooling, working closely with teams of globally distributed software and security engineers to understand the user journey of an incident, leading to the reduction of toil and measurable improvements within their response times and tooling • Built and executed operation excellence program with security leadership to ensure P0/S0 incident readiness for all incident commanders with Security Response • Ensured readiness to regulatory and contractual obligations within Response by clearly articulating the needs and automating responses within tooling

• Established cyber security maturity model, long-term strategy, governance, and oversight consisting of activities relating to AWS security, secure development, and incident response • Created security leadership committee, reporting directly to the board of directors and the CEO • Coordinated all incident response issues, including incident response training tabletop exercise and readout • Successful integration of security processes and tooling into CI/CD pipeline and build to increase security posture of products• Established metrics and continuing analysis related to cybersecurity-related issues to ensure that businesses could understand where gaps and issues reside and to understand costs associated with security related actions • Built and executed security awareness and training exercises • Managed and negotiated third-party service provider relationships and contracts, including security vendors and security service providers. • Point person for all PCI-related audit relationships and activities• Manage the Product Security Incident Response Team (PSIRT)• Manage the Third-Party Cybersecurity Assessment Program

• Created cyber security strategy, governance, and oversight consisting of activities relating to product security, including firmware, software, hardware, and systems security• Consulted with business owners to ensure that information security training and the dissemination of security policies and practices was understood and fully implemented within the business units in an achievable manner• Lead and coached team that provided security services to business stakeholders. Those activities included threat modelling, security review and audit, penetration testing, legal compliance, and corporate oversight • Worked hand in hand with legal, marketing, and vendors to ensure alliance in strategy and outputs for both internal- and externally-facing teams• Coordinated and communicated all product and IT incident response issues with appropriate teams and business leaders• Built relationships with internal customer user base including business unit VPs of IT and executive staff to ensure buy in of all key objectives and results• Established metrics and continuing analysis related to cybersecurity-related issues to ensure that businesses could understand where gaps and issues reside and to understand costs associated with security related actions

• Built and participated in a software penetration testing service - including web app, network, client/server and major computing platforms with actionable findings and metrics for follow up and scoring • Hired and managed personal• Created service delivery documentation • Built and conducted threat models and risk assessments using STRIDE and FAIR methodologies for business units for their IoT product and major computing platforms• Created a product, IoT, and cloud security assessment service - including extensive security architecture and design review. • Service included testing PLCs, Industrial Control Systems, intelligent controllers, and other sensors and automation controllers used in flow control, pharmaceutical, heating, cooling, transportation, cargo, and food chain industries

• Took over and matured vulnerability management program to have actionable, risk-based, and achievable business results • Replaced Qualys implementation with Tenable.io implementation across a global enterprise on time and under budget• Conducted basic web application security testing using Burp Suite as well as managed DAST tool WhiteHat • Lead architecture design and review for all corporate projects and targeted business products. • Embedded security into the IT project life cycle and product review stage gates to ensure that security was consistently thought of through each • Performed threat research and created response communications and plans to major issues, understanding scope and severity of impact to the business• Managed overseas resources responsibility for many of the above tasks

Teaching a penetration testing course with a focus to help pass the C|EH from EC Council at the Forest Park campus.

• Conducted network and web application testing primarily for Financial and FinTech clients and walked them through results to ensure understanding and proper areas of concern could be addressed• Participated in Incident Response / Digital Forensics investigations with lead investigator• Responsible for report writing and read outs of any testing completed• Assisted in the deployment of FireEye devices to client sites

• TCP/IP – theories, state diagram, capturing traffic, analyzing captured traffic• UNIX – basic commands, scripting, troubleshooting, system administration• Security Posture – Set and inform policies of best practices• Firewall changes using Cisco, IPTables, Shasta, CheckPoint systems• Perform Quarterly Scans in accordance with FedRAMP/FISMA and PCI guidelines• Perform IP Assignments• Troubleshoot network routing and firewall issues related to new system implementation and administration• Setup and troubleshoot VPN IPSec tunnels• Manage daily requests and incidents regarding firewall changes and IDS/IPS alerts

• Point person for forensic data gatherings• Deployed and updated Symantec antivirus• Turn up network ports using Putty while interfacing with Cisco network switches• Handled process improve documents for the department• Helped manage Active Directory accounts and GPOs• Primary technician for large scale projects, including an initiative to move the entire company from CheckPoint encryption software to BitLocker• Created accounts in Exchange Management Console• Primary point of contact when management was out of office• One of the primary deployment technicians to interface with end users to insure the best quality end product is deployed• Installed and setup new computers including refreshing hardware, software and operating system

• Responsible for integrating new server hardware and software upgrading the entire office from a Windows 2003 server environment to a Windows 2008 R2 environment• Performed routine maintenance on locally based server including: tape backup, memory maintenance, data restorations, hard drive swaps and software updates using both VMware and remote desktop connections • Assisted in answering eight telephone lines, helping clients with questions regarding their case or directing them to the appropriate co-worker for assistance • Handled all computer software/hardware issues on a daily basis ranging from simple virus issues to reformatting and reinstalling a new operating system using different software such as Norton Ghost, Symantec Antivirus, Malwarebytes and Combofix• Installed new optical drives, hard drives and RAM to upgrade systems office wide whenever necessary• Setup, created and enabled user accounts using active directory in both a Windows 2003 and 2008 R2 environment• Updated systems from Office 2003 to Office 2010 and from Windows XP to Windows 7• Handled all Microsoft Office and WordPerfect related problems and setup including Outlook web access and additional external e-mail accounts• Handled all print issues within the office including correcting driver issues both locally and network wide, toner/drum issues and service calls• Worked hand-in-hand with an outside IT consulting company as well as our supplier to upgrade office software and hardware• Helped create a more efficient and streamlined workplace by implementing new procedures and software updates