Create and grow new organizational process. Supervise six analysts. Facilitate tasks and managed program. Serve as threat analyst expert.● Enhanced intelligence protocols utilized to merge and cluster activity improving deep research by 300%.

Coached and guided four personnel on threat intelligence and adversary tactics. Acted as primary contact on threat analysis, nation-state threat activity groups, and financial crime. Designed and launched organizational process for Mandiant Archaeology. Directed six research working groups and conveyed results to company stakeholders and customers.● Co-wrote two blogs on exploitation of zero day CVE-2021-22893 and blog describing exploitation of Pulse Secure VPN appliances by suspected Chinese espionage threat actors in 2021.● Designed and oversaw Survey Unit function focused on historical research into most pervasive threat groups.● Devised new enterprise-wide deep dive research procedure lowering project research time from six months annually to three months.

Oversaw all threat intelligence, advanced persistent threats, financial crime, and incident response efforts from a threat intelligence perspective. Noted malicious infrastructures. Assessed existing and formed new threat groups based on activity results. Reviewed malicious files, found code family classifications, and determined any detections. Supervised one person.● Noted and tracked various threat intelligence feeds for new malicious software samples.● Appointed as lead threat intelligence analyst on multiple high visibility intrusions.● Co-authored multiple blogs related to Chinese threat group APT41 to conduct cyber espionage, blog on Chinese espionage group targeting Cambodia served as main contributor to completion and publication of APT41: A Dual Cyber Espionage and Cyber Crime Operation.● Co-presented webinar on Double Dragon: APT41, Dual Espionage and Cyber Crime Operation at Mandiant Cyber Defense Summit "APT41: A Unending Game of Thrones."● Analyzed and documented thousands of files for indicators of compromise.

Guided multiple incident response activities from a threat intelligence perspective. Noted malicious infrastructure and tracked threat intelligence feeds for new malicious software samples. Followed multiple existing and arranged new threat groups. Coached junior threat intelligence analyst.● Supported multiple incident response engagements on known cyber espionage, cybercrime, and uncategorized, operator.● Reviewed and classified thousands of files indicating compromise.

•Perform analysis of malicious code (dynamic/static); packet level traffic analysis; reconstruct network traffic; support forensic analysis; hard drive analysis; Web log analysis; pattern analysis, trend analysis, and behavior analysis; provide remedial recommendations; and produce comprehensive report on findings.•Provide intrusion detection capability; build, test, and deploy customized IDS signatures;monitor specialized packet capturing devices.•Coordinates technical incident response and remediation activities for client environments.•Publishes reports and keeps metrics for client systems.•Coordinate with Federal External Cyber Community•Launches and tracks investigations to resolution•Cyber threat and fusion analysis

Studied all inbound and outbound network traffic, told management about threats, and recommended optimal mitigation options. Prepared reports, queries, and cases on all suspicious and malicious activity. Supported development of forensics/malicious software analysis initiative to better aid analyst intelligence sources. Analyzed and tracked advanced persistent threats.● Prepared Sourcefire signatures based on indicators and various intelligence sources.● Monitored more than 1 million events and reported hundreds of attempted intrusion activity directed at environment.

As a highly motivated intern, and under the supervision of Senior Analysts: analyzed and monitored all inbound and outbound connections to the United States Senate Network in a SOC environment to ensure the integrity and reduce the propagation of internet based malware throughout the Senate network. Drafted IAR’s and IR’s according to USCERT guidelines to report any malicious activity originating or targeting Senate computers, and advised the Sergeant At Arms (SAA) or Systems Administrators of various Senate offices on how to re-mediate the malicious activity. Continuously research any new vulnerabilities, exploits and tools used by attackers, to expand knowledge of various systems and hardware used in the industry to prevent known and unknown attacks. Strived to maintain an up to date familiarity of Security best practices and NIST SP 800-61 Incident Response.