• Create and execute Detection and Response Program Roadmapso Designed and ensured the program meets all relevant FFIEC CAT Baseline and Advancing statements• Oversee the development and maintenance of program documentation including:o Investigation, Mitigation and Operation Runbooks o Tool Documentationo Policies and Standards• Lead and advise the development of program functions including:o Threat Hunting Programo Tool SME Rotation Program o Automated Shift Turnover • Provide guidance to all Security Operations team members during security investigations and incidents• Manage program relationships with other departments including Cyber Threat Intelligence, Counter Measures (Threat Detection), Security Engineering, Cloud Security, End User Services, Fraud, and Digital Forensics. • Conduct Security Operations Tabletops to identify knowledge, process, documentation, and technology gaps• Act as an Incident Commander to coordinate resources and ensure proper response during high severity incidents• Manage analysts across multiple geographical regions including US, UK and India o Coordinate Time Off and On-Call policieso Resolve personnel conflicts o Ensure sufficient work is being completed in a Work from Home environment • Provide Audit and Control Testing evidence as required• Report and provide context for Security Operations metrics

• Provide consulting and technical services for IR tasks• Assist in the development of new processes and procedures for gathering, handling, searching, and retrieving, digital and/or physical evidence concerning incidents• Ensure forensically sound procedures are documented• Coordinates with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response to security events• Integrate Cyber Security Incident Responses with technology incident management, business continuity, crisis management and corporate security processes and frameworks• Experience in all phases of Incident Response including preparation, notification, response, recovery, analysis, and post-mortem• Mitigate and contain impact from security events, coordinate remediation efforts, summarize and make recommendations to senior management for improvements• Authors incident response reports and lessons learned to include root cause analysis • Thoroughly investigate instances of malicious code to determine attack vector and payload• Develop and enhance cyber incident response processes and procedures leveraging relationships with front line operations teams and available tools and systems

• Spent three months in Japan at the Tokyo GSOC where I achieved the following goals:o Teach Tier 1 Analysts how to effectively work through Standard Operating Procedures, and how to use the various security tools during an investigationso Teach Tier 2 Analysts investigation techniqueso Provided advanced Splunk trainingo Offered guidance on processes and procedures, and how those can be utilized within the GSOCo Performed a Physical Security Audit • Define, review, and enforce information security policy, standards and guidelines for business operations and technology requirements • Provide communication and escalation support throughout the incident lifecycle per the standard operating procedures• Works directly with data asset owners and business response plan owners during high severity incidents• Provide tuning recommendations to administrators based on findings during investigations or threat information reviews• Design, develop, test, and implement SIEM rules to increase detection of security events for Tier 1 Security Analysts to investigate• Work with other business unit leaders to ensure cooperation between teams during investigation of security events• Develop standard operation procedures to security events for Tier 1 Analysts to follow• Provide guidance to Tier 1 Analysts as they interact with security tools• Handle escalated security events for further review and investigation• Lead multiple security incident investigations at once• Drives containment strategy during data loss or breach events• Provide first responder forensics analysis and investigation• Perform analysis of log files• Tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems• Hunting for suspicious anomalous activity based on data alerts or data outputs from various security tools

• Enforce information security policy, standards and guidelines for business operations and technology requirements• Identify IT security risks from technical and functional perspectives• Conduct technical security assessments, audits, penetration testing, and forensic IT functions• Configure and work with SIEM tools• Monitor suspicious traffic using various tools including SIEM McAfee Nitro, Log Manager SumoLogic, NIDS Metaflows• Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders• Automate security analysis, administration and remediation procedures, workflows and tasks

• Design and document processes and procedures for the Security Operations Center• Responsible for monitoring over 90 client networks, including over 5,000 client systems• Acted as a Shift Lead, designating daily assignments, monitoring scopes, and personal project time • Adhere to and support NIST 800-53 guidelines, FISMA and FedRAMP compliance• Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders • Interact with both vendors and partnering data centers to complete investigations• Automate security analysis, administration and remediation procedures, workflows and tasks • Monitor suspicious internal/external traffic with various tools including SIEM ArcSight, IDPS SourceFire, WAF/DAM Imperva, and DLP/AV/FIM/HIDPS Trend Micro, and Log Manager Splunk• Perform tuning of the SIEM filters and correlations to continuously improve monitoring • Manage the IDS/IPS systems including writing custom rules, and creating policies• Participate in client audits

• Perform initial monitoring and analysis of security related events such as malware infections, policy violations and intrusions• Provided escalation support to other analysts• Performs real-time log analysis from multiple data sources• Monitor suspicious internal/external traffic with SIEM ArcSight, IDPS SourceFire, Log Manager Splunk• Conduct threat intelligence research and response against trending cyber-criminal activity• Configure rules in Check Point Firewall, Blue Coat Proxy• Design and document processes and procedures for the Security Operations Center• Adhere and support the SANS Incident Response Model (PICERL)

While at Honeywell I achieved multiple certifications including the GCIH and Reid: Invterview and Interrogation Training.• Conduct investigations regarding company policy violations and potential computer crime• Perform interviews with employees regarding investigations• Use forensics tools such as EnCase, FTK, Intella, and IEF • Ensure the protection of evidence, both digitally and physically

I was a summer intern performing enterprise level information security. Everything from password audits to daily event monitoring on the network. I also established their first Malware Analysis lab, and created documentation for EnCase.• Daily intrusion detection and event monitoring with SIEM QRadar• Perform tuning of the SIEM filters and correlations to continuously improve monitoring • Design and operate behavioral and static-analysis Malware Analysis Lab• Establish and document EnCase Enterprise Server for forensic investigations