• Mentored small team of Engineers to ensure timely resolution of incidents and served as an escalation point to communicate updates to Sr. Leadership. • Audited SIRT Team Tickets to ensure engineers followed documented runbook procedures. Provided feedback to engineers on how-to improve IR report documentation, ticket hygiene and additional technical steps that can be performed to better investigate incidents. • Enhanced runbook documentation to ensure improved response processes.• Facilitated Incident Response calls with system owners & SIRT Technical engineers. Documented incident summaries & assisted with investigation of host-based & network-based logs.

• Lead Incident Response Processes related to the identification, containment, eradication & recovery of Cyber Threats impacting the Comcast Enterprise Network. Performed log analysis via multiple security tools to potentially identify an incident’s root cause and provided recommendations to the business on how-to better secure the Application / System. Investigations included the analysis of multiple log sources such as Microsoft / Linux Security events, Firewall events, malware protection events, proxy events, and NetFlow/packet capture events.• Developed Technical SOP Documentation for new Incident Response Use Cases / Jr Team members. • Assisted with use case development lifecycle to enable new use cases into production and tuning of existing use cases to ensure a high-fidelity alert. Developed an internal methodology of how-to evaluate log sources, use cases, and guidelines related to developing response runbooks.• Represented the Incident Response Team via participation in multiple tabletop exercises with various business units across the Comcast footprint. • Mentored Jr. Engineers to foster career and technical development.

• Responded to Cyber Incidents detected within the SIEM or escalated via Triage Team.• Performed Incident Response functions to ensure the security of the Comcast Enterprise. Incidents included remediation of malware infected systems, compromised user accounts, and misuse or incorrectly configured company systems. In addition, assisted with remediation of Cyber Threats detected by external security researchers or internal Penetration Test. • Proactively searched the Enterprise Network for IOCs and updated security tools to block malware.• Evaluated multiple SIEM’s (ArcSight, Splunk, QRadar, LogRhythm) and provided leadership with recommendations on a next generation SIEM.

• Forensic examination of endpoint systems, servers, cell phones and other forms of computer media. Responsible for performing technical investigations related to HR / Legal & Cybersecurity matters. Ensured chain-of-custody was maintained throughout the lifecycle of an investigation. Documented professional reports detailing investigative findings for leadership & SIRT Team. • Developed SOP related documentation for Threat Management Team which included Forensics Secure Evidence Storage / Disposal Procedures, HR-Legal Forensics Checklist, Chain of Custody and CVSS Vulnerability Announcement Policy. • On-boarded multiple log sources into ArcSight SIEM and worked with 3rd party vendor to develop actionable use cases. Log Ingestion Projects including Aruba Clearpass, Bluecoat, Cloud Foundry, RDK IDS, and Windows PCI.• Technical Lead / Project Managed SSL VPN Adaptive Authentication Project. Transitioned 50+ Business Partners from a legacy connection to an SSL VPN with risk-based authentication. • Gained valuable hands on experience using ArcSight, Autopsy / TSK, Cellebrite, DTSearch, EnCase, FTK Imager, Internet Evidence Finder, and Raptor.

• Taught swim lessons weekly to preschool children and adults. • Supervised swimmers to ensure safety.• Interfaced well with members, lifeguards, and management.

Responsibilities included but not limited to:• Generating National Security Operations Metrics Report for upper management• Assisting Sr. Engineers by overseeing chain of custody and collecting / processing forensic evidence related to internal investigations.• Generated monthly Advanced Persistent Threat (APT) reports for Sr. Engineers.• Gaining valuable hands on experience using Encase, Blacklight, LogLogic, FireEye, and AirWatch tools