As part of customer’s DoD Cyber Workforce Framework (DCWF) development effort, converted two cyber defense role courses into an online, self-paced format hosted on a cyber range with an integrated lab environment and Learning Management System (LMS). Further adapted these materials for remote instructor-led training (ILT) online delivery. Both transitions required updates to meet new guidance and maintain relevancy. Evaluated delivery options and created lab video demos to support this follow-on training.Led the upgrade and instruction of the three DCWF cyber defense and Linux system administration courses. The upgrades included evolving content to meet customer requests and managing/approving other SME contributions. Taught 25 of these classes as the lead instructor over Microsoft Teams. Adapted each class iteration to improve delivery, e.g., live lab demos & gamified quizzes. Student evaluations averaged 4.5 of 5.0. Further consolidated one cyber defense course from three weeks to one and recorded instructor audio for conversion to a self-paced format.

Led the development of a two-week Computer Network Defense (CND) training curriculum for DoD customer’s regionally based security services. The course covered eight detective, preventative, and analytical products as well as cross-tool correlation to improve analysis efficiency. Development included creating product-specific labs and generalized multi-tool walk-throughs on a cyber range. Subsequently, instructed over 200 students during the curriculum’s rollout and regularly updated its material based on feedback and technology changes.Instructed 300+ students in and maintained two one-week CND analyst courses that introduced and expanded cyber defense analysis. The introduction covered networking and packet capture (PCAP)/intrusion detection system (IDS) analysis methods. The follow-on class covered correlating attacks between network/host IDSs, firewalls, and security information & event management (SIEM) and full PCAP tools to detect and analyze increasingly difficult, instructor-initiated attack labs. VMware hosts these tools and 30 other systems that simulate enterprise attacks.Developed and managed creating two in-person curriculums covering DCWF cyber defense roles for the customer. Creation involved repurposing existing material and producing new content to meet specific knowledge, skill, ability, and task (KSAT) objectives. Efforts resulted in Foundation, Intermediate, and Advanced week-long courses for each role. Piloted one of the courses to cyber defense SMEs and improved the curriculum based on their feedback.

As a Cyber SME performed cross-functional and innovation investigation (I2) activities across the corporation. Cross-functional efforts involved supporting proposals and strategic cyber initiatives. Efforts resulted in a security reference architecture, cyber capability framework, SOC analyst training, information sharing forums, and contract wins. I2s covered cloud security, SOC strategies/best practices, and product bake-offs/assessments. Results included reusable security engineering, trade study, and use-case materials for direct insertion into programs.Successfully transitioned CND contract from incumbent through development, execution, and approval of readiness reviews for a DoD customer’s network assurance security service program. As subsequent training lead managed the analyst education program, resulting in Cyber Kill Chain (CKC) training for 250+ analysts, customer-specific “new analyst” course, and periodic cyber challenges/webinars. As Cyber SME advised on enterprise cyber transformation and led efforts to stand up new missions.

In security engineering, Assessment & Authorization (A&A), and project management roles, led, developed, and evaluated systems for improved cyber monitoring related to an espionage case affecting the customer. Activities included engineering and accrediting a data exfiltration solution and managing a 10-person team to develop a bespoke cross-domain system. Transitioned to a customer creating a system to support a nation-wide government effort, where created A&A material per NIST SP 800-37/800-53. Efforts resulted in its Authority to Operate.Led the penetration testing and patch analysis task of the Advanced Cyber Security Independent Research & Development (IR&D) effort; helped shape a strategic, cross-company cyber security Community of Excellence; supported corporate security audits; and provided proposal and A&A surge support. Additionally, led the creation and maintenance of a security dashboard and monitored alerts for a customer’s SOC. The tool-agnostic dashboard provided executives high-level risk data for making decisions. Analyzed alerts and reported incidents as an analyst.

Progressed from an entry-level employee to a senior position as part of Lockheed Martin’s Engineering Leadership Development Program (ELDP), establishing a technical foundation in system, network, and database administration while supporting several classified customers. Other activities during this time included software and web development and system integration. Obtained first cyber security role supporting FISMA audits and web application and network penetration assessments in the government and financial sectors.