Led Zero Trust migration effort of the federal agency by providing new thought leadership across the federal government. Architected the Zero Trust architecture and Zscaler Zero Trust as a Service program offered for small and micro-agencies. Conducted regular deliberations on Zero Trust as a Service offering to senior leaders across federal Small, and Micro agency communities. Translated complex technical concepts to non-technical audiences at senior levels of federal leadership. Provided Cost Benefit analysis and budget formulation assistance to fund the Zero Trust program. Extensive experience in deploying SASE platforms such as Zscaler and PaloAlto PRISMA.

Provided strategic leadership vision, direction, and coordination in support of IT Security program activities across the OSC. Rebuild the OSC Cybersecurity Program and developed all policies and procedures through analysis of business, people, process security, and technology.

Served as the senior subject matter expert and principal security adviser (Authoring Official Designated Representative) to the CIO, and responsible for providing strategic leadership vision, direction, and coordination in support of IT Security and Privacy Program activities across NTSB. Formulated and implemented a new framework to manage and measure IT Security program performance, promote increased cybersecurity awareness, reduce potential breaches of sensitive data. Led the FedRAMP sponsorship effort of SaaS products through regular review of Readiness Assessment Reports (RARs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M) Reports.Provided thought leadership in selecting and implementing SD-WAN, Zero Trust computing, Zscaler (ZIA/ZPA) software-defined perimeter, and Equinix Cloud Exchange platforms to successfully connect to multiple cloud platforms.Completed the cloud risk management process by awarding agency ATOs for multiple cloud products such as O365, Zscaler Private Access, and Zscaler Internet Access. Also completed the process to participate in OMB/DHS TIC3.0 use cases leveraging Zscaler; awarded the 2019 Government Innovation Award for above mentioned TIC3.0 project.

Cloud strategy, Cloud Automation, Cloud Architecture, Cloud Security.Developed and deployed a repeatable multi-layered methodology to securely migrate OJP on-prem systems to multiple cloud environments. Introduced this methodology across multiple software development projects, centers of excellence, and multiple contracting teams within OJP to deliver a stable footprint within AWS Cloud.

Selection and acquisition of cloud services and implementation of solutions within Amazon, CSC, and IBM cloud environments. Conducted extensive research in cloud multi-tenancy architecture design, Cloud security, hypervisor level visibility, SDN, and NFV. Leveraged the R&D knowledge to provide comprehensive cloud security and network architecture for USCIS mission-critical programs.Interacted across Agile development and DevOps teams to integrate static code analysis (HP Fortify) to CI/CD pipeline. This activity led to the identification and mitigation of vulnerabilities during the development stage. Security Impact Analysis and research on Containerization, Docker, Kubernetes, Microservices, Serverless computing, APIs, DevOps, NoSQL, Immutable infrastructure, and micro-segmentation; as a result, transformed the agency to adopt a SECDEVOPS strategy.

Comprehensive Network Security Architecture Design and Analysis. Security Operations center management.Provided advanced cybersecurity Solutions to the IC community Enterprise Security Operations Center by leading a team of security engineers. Provided security engineering leadership to transform analytical capabilities of both insider threat and advanced persistent threat cyber teams. Played a key technical role in supporting the adoption of the continuous diagnostics and mitigation framework to protect classified networks.

Cyber Forensics and Investigations, Security Engineering and Architecture, Cyber Threat Intelligence. Provided APT Intrusion Analysis, Research, Mitigation to DHS Focused Operations Group. Developed Cyber threat intelligence products for DHS CISO based on collaborative investigations and derivative classifications.Collaborated with JTF/GNO (USCyberCommand), NTOC, ArmyCyber command, US-CERT, DISA, NCIJTF, NCIS, DHS SOC, and other intelligence agencies to share cyber threat intelligence and to perform effective threat attribution and correlation. Built strong relationships with senior analysts of DOD and DHS for cyber threat analysis.collaborate and coordinate investigative activities with counterintelligence and intelligence groups to enhance DHS security posture.

Plan, design and implement Cyber Security Systems for the Department of Justice/OJP Security Operations. Played the Fusion Analyst role between Security Engineering, Penetration test teams, Vulnerability assessment teams, and Network Engineering to ultimately achieve confidentiality, integrity, and availability of information systems and data.Resolution of key network security/performance issues of Federal clients by leveraging NetQos, Arcsight, and Netwitness. Instrumental in resolving the key financial applications security and performance issues involved in the Federal Stimulus Program.Led the OJP/DOJ JUTNET/ Federal TIC initiative migration by co-coordinating activities between JUTNET, AT&T, JMD, and resolution of post-migration issues.Performed the duties of Senior Security Engineer at DOJ/OJP Security Operations. Design and management of OJP security architecture which includes Cisco Firewalls, SourceFire IPS, Cisco NAC, Ironports, SurfControl, NetWitness, Cisco ACE, VPNs, and ArcSight. Oversight of DOJ/OJP network Architecture for Security Posture violations and Accreditation violations. Supported the C&A team in various aspects of the C&A process.Incident Handling with various Cybersecurity incidents leveraging NetWitness, NetQos, and Encase. Correlation of security data between disparate systems such as Cisco IPS, ArcSight, Cisco MARS, and Splunk for effective Cyber threat attribution.