- Migrated static code scanning (SAST) and software composition analysis (SCA) from Veracode to Snyk suite of tools. Built out developer education and discussions around this effort.- Launched usage of the commercial version of Trufflehog to identify secrets in our environment.- Improve and expand usage of DAST (Netsparker); set up relevant integrations and add additional URLs for scanning.- Helped build out reporting and automations around Snyk, Trufflehog and Netsparker tools to assist decision makers in prioritizing security decisions. Assist other members of the Security team with integration setup/automation tasks.

- Identify, validate and push through fixes for issues that came out of security tool scanning (Bandit and Veracode). - Manage the Recharge bug bounty program (HackerOne); triage issues and assign to correct teams (and in some cases develop and push fixes)

- Developed multiple playbook and job apps for the ThreatConnect Security Orchestration, Automation and Response (SOAR) and Threat Intelligence Platform (TIP) components. Job apps allow for automation of ingesting information into the ThreatConnect platform and playbook apps support automating workflows with third-party services in the ThreatConnect platform. Apps are built using Python and are supported by automated testing using the pytest framework.- Built a proof-of-concept workflow to support automated REST API testing of the core ThreatConnect components for the QA team using the Tavern tool (Tavern is a Python tool focused on testing of REST APIs that can run alongside pytest tests).

- Developer on an agent-less incident response/threat hunting framework used by several Air Force cyber protection teams. This was primarily developed using Python and Flask but there were sub components developed in Powershell and other programming languages.- Added new features, including new Flask-based REST API endpoints to support automation for third party platforms and adding encryption for stored sensitive values.- Supported the development and execution of training events; this included testing and writing labs and actually supporting the training events.- Built out docker and docker compose files and did testing for a proof of concept version of Metsponse that ran on Linux (Metasponse normally runs on Windows) and could be deployed via Docker.

- Support and maintain infrastructure for in-house Extract/Transform/Load (ETL) Python-based framework. This includes taking ownership of development, bug fixes, adding unit tests using pytest to reduce regressions and general code enhancements and improvements. This also involved maintaining and expanding the cron entries that were used to run the ETL framework across multiple cloud VM instances.- Worked on a proof of concept to move the Python ETL framework to run on Docker. This was to avoid having to run full VM instances to run the ETL framework.- Supported deployment and testing of the ETL framework in multiple geographic locations (USA, Canada and Europe) to meet customer and regulatory needs for data to be stored locally. This included changes to the ETL framework to specifically not process certain kinds of data when running outside of the USA.- Added six additional data sources via the ETL framework to the Azure Data Warehouse instance. This included several internal data sources via database replica access (Postgres and MariaDB) and REST API based sources across multiple SaaS platforms like Zendesk and JIRA. This work was to facilitate the creation of Splunk content replacing third-party tools used previously for this analysis..

- Assisted customers with usage of Cofense Intelligence integrations from POC through deployment and ongoing support. As part of this work, I figured out how to install Python 2.7 and pip on CentOS 6 to support customers using that version.- Supported several third-party development teams that were building integrations for Cofense Intelligence; this involved supporting meetings with developers and testing/feedback provided for the third-party integrations.- Helped mentor team members on Python best practices and standards for use of source control and testing. Built pytest and pyresttest (a now deprecated Python REST API testing framework) tests for our integration library.- Several enhancements and maintenance changes to the core Cofense Intelligence integration library (phishme_intelligence on PyPI). This library allowed customers to pull Cofense Intelligence in a variety of formats for customer-specific integrations and also was utilized by most of the Cofense Intelligence platform specific integrations. - Developed, enhanced and troubleshot Cofense Intelligence Python-based integrations for a variety of platforms, including ThreatConnect, FireEye Security Orchestrator (FSO), and Recorded Future.- Rebuilt, restructured and expanded documentation using Sphinx and Restructured Text (RST) to make documentation versioning and customization easier.- Promoted to team manager in October 2017, provided technical support and leadership to assigned team and management assistance to the Director of Solutions Engineering. Worked with the team to continue to build out Agile-based development setup to improve efficiency and tracking of tasks and worked with Cofense Support to transfer Level 1 support tasks to free up resources to support core integration tasking.

- Provided ongoing assistance to customers in deploying PhishMe Reporter, an integrated email client solution that allows users to easily report suspicious emails to their security teams and is deployed to over 8 million endpoints. This work included overview and demonstrations of Reporter for interested customers and troubleshooting specific customer issues. - Worked with external developers in relation to Reporter development. This included providing direction and feedback to developers and investigating source code for issues.- Produced and enhanced documentation in support of Reporter on Outlook, Google Apps, and Notes platforms. This includes presentations, FAQs and installation/configuration documentation.- Developed and provided ongoing support for a version of Reporter for Outlook on Mac using Applescript and Unix command line tool integration.

- Provided instructional support to a fifteen student class in the Cybersecurity: Intelligence & Forensics program.- Graded six group and individual labs and provided an APA citation grade for the final exam.- Built and taught an introduction to information security for a undergraduate 8-week online course. Built new labs and quiz/short essay assignments.

- Developed a Microsoft Outlook 2007/2010 plugin in C# and Visual Studio Tools for Office (VSTO) that provided a one click solution for submitting suspicious emails to the company’s Cyber Incident Response Center (CIRC) that was deployed to 20K company workstations.- Developed a backend software plugin in C# and VSTO for Microsoft Outlook 2010 that performed initial filtering of submitted suspicious emails and integrated the submissions into the company CIRC workflow. Integrated existing custom test framework into code infrastructure as part of the ISSE 4.1 development effort, and configured and executed tests using Bash scripting and Java.- Participated in development of 3.6.0.4 & 3.6.1.3 version of ISSE Guard. Also did development work on several automated message processing threads for ISSE Guard. - Implemented PHP parsing code to process USMTF messages into a XML intermediate format in order to execute user-specified filters with XQuery for the Rule Enforcement Message Console (REMC), allowing operators to perform manual changes and automatic filters on ACO and ATO messages. Resolved issues and added functionality to the REMC front-end using the JQuery Javascript library. Added features to the transfer of audits from the non-controlling security domain to the controlling security domain using Java and C for the ISSE 4.1 development, including adding the ability to specify times for automated archive audits and the capacity to transfer audits across security domains as automated or manual audit archive actions.

- Developed the subscriber portion of the Outlook Y-JBI email-based Publish & Subscribe prototype demonstration in the Joint Battlespace Infosphere (JBI) with Visual Basic 6.0 and XML.- Created demonstrations of Joint Battlespace Infosphere (JBI) capabilities for the C4ISR 2003 Summit involving publishing and subscribing to images taken from a webcam using Java, XML, & XML Schema.- Extended the functionality of the Java-based Common Mapping API (CMAPI) by adding the ability to draw an orbit on a map.