Leads the Threat Analysis Branch of the Microsoft Threat Intelligence Center. Manages cyber threat intelligence analysis of state-aligned and criminal threat actors that span Microsoft's product and service offerings, while partnering with other security research teams to protect Microsoft customers

Led and managed all functions within the Applied Threat Research team to include threat intelligence, detection engineering, and security research and analytics. Directed strategic and operational efforts to leverage knowledge of threat actor tactics, techniques, and procedures to provide cutting-edge detection capabilities and ultimately dismantling a threat's ability to harm our customers. Key Achievements:▪ Founded and launched ATR’s Threat Intelligence Team which included the stand-up of internal collection sources, defining processes for analyzing and disseminating intelligence internally, and communicating to key stake-holders relevant threat information. ▪ Supported high-visibility incident response engagements through intrusion analysis and targeted threat research of various financially motivated threat actors and state sponsored threat groups. ▪ Worked end-to-end operations leveraging intelligence collection from internal/external sources and large-scale data analytics to effectively perform threat detection and deep-dive network forensics.

Served as the technical lead of Detection Engineering and Threat intelligence. Researched and tracked threats in support of internal consumers and to drive detection engineering efforts. Emulated threat behaviors for the purpose of developing, engineering, and prototyping detection capabilities across a range of collection platforms as well as in Gigamon ThreatINSIGHT. Built and maintained indicators and behavioral analytics for threat detection.Key Achievements: ▪ Discovered and tracked a botnet of 100+ malicious Chrome extensions with over 500,000 downloads being used for a large-scale fraud operation. Collaborated with internal Google teams to assist in detection and takedown of the extensions & infrastructure.▪ Assisted in discovery and analysis of two distinct Adobe Flash exploits being used in-the-wild by threat actors to compromise high profile targets of interest. Authored file-based IOCs for campaign tracking. ▪ Collaborated with external partners and law enforcement for intelligence sharing to combat efforts of criminal threat groups through timely sharing of intelligence discoveries.

Served as a Principal Security Engineer working across teams, from services to threat research, to provide threat expertise internally and externally. Supported highly-technical incident response and threat hunting engagements by providing network forensics, threat intelligence, intrusion analysis, and malware analysis services to incident response partners. Led security R&D efforts for the purpose of advancing the state of our product including initial efforts to develop and build behavioral threat detection capabilities.

Led red team operations, threat emulation exercises, and other offensive services for a mix of federal agencies as well as Fortune 100 companies to provide hands-on training on threat research and response. Worked collaboratively with customers to create heuristics and analytics to detect adversary tradecraft within their environment and verified heuristics during live exercises. Managed team of highly technical consultants and researchers performing research into attack techniques.Key Achievements:▪ Mentored and guided security research efforts to discover attack techniques, understand their impact, identify artifacts of the attack, and prototype countermeasure recommendations. ▪ Instrumental in the creation of DHS’s NCATs Red Team service offering, providing sophisticated red team operations lasting over 4 months in length for federal agencies. ▪ Developed Adaptive Red Team Tactics and Adaptive Red Team Operations courses offered internally to several high-end commercial entities. Functioned as lead instructor at Blackhat USA (2015 and 2016).

Led Computer Network Operations (CNO) to support Computer Network Defense (CND) efforts of US Government networks against Advanced Persistent Threats (APT) and to satisfy high-priority foreign intelligence requirements. Performed reverse engineering, malware analysis; network and endpoint forensics; and infrastructure analysis for the purpose of collecting and analyzing intelligence for key stakeholders. Assigned to the 7th Intelligence Squadron at Ft. Meade where he supported the US Intelligence Community and the National Security Agency (NSA) in the following roles: Student, UCT & INWT - 2010-2011Analyst - 2011-2012Technical Lead - 2012 -2013Team Lead - 2013 - 2014