• Lead and manage delivery teams that conduct enterprise-level technical security assessments for various clients.• Build Breach and Attack Simulation programs for clients.• Enhance and scale traditional defensive security programs for clients against ransomware, APT, and insider threat scenarios.• Assess IT network and security architectures as they relate to managing identities and access privileges, delegated administration models, workflow, and access control models.• Develop client security programs by reviewing existing programs, conducting comprehensive reviews of threats, and evaluating and analyzing relevant data points.• Recommend strategies to defend against threats such as ransomware, nation-state attacks, and insider threats.• Work with internal client success teams to bring additional client engagement work to the team.

Claroty is on a mission to secure all cyber-physical systems across industrial (OT), healthcare (IoMT),and enterprise (IoT) environments: the Extended Internet of Things (XIoT). Our platform is deployed byhundreds of organizations at thousands of sites across all seven continents. Claroty is headquarteredin New York City, with employees across the Americas, Europe, Asia-Pacific, and Tel Aviv. Since beinglaunched by the famed Team8 foundry in 2015, Claroty has raised $635 million in funding from theworld’s largest investment firms and industrial automation vendors, making it the most well-fundedindustrial cybersecurity company.

• Developed customized strategic and tactical action plans for large enterprise and government clients by providing in-depth recommendations on improving the effectiveness of governance, compliance, organizational resources, data protection, security risk management (NIST, ISO, FISMA framework alignment as required), identity and access management, incident response, third party management, security architecture, cloud services protection, security awareness, and security metrics based on industry expertise.• Facilitated workshops with executives and key stakeholders, perform interviews, document observations, and perform gap analysis identifying areas that require further development; create resource allocation plans and technology road-maps for clients utilizing a risk-based approach to maximize returns on security investments and personnel.• Worked closely with the incident response business unit to conduct ransomware readiness assessments of retainer clients to determine the current security posture during an incident. • Developed and conduct executive and technical security exercises to stress test existing processes and formulate improvement plans to enable organizations to defend against and respond to advanced threats.• Performed customized tabletop exercises for clients meeting organizational goals for executive, management, and technical stakeholders.• Successfully managed numerous simultaneous client engagements, delivered work products on strict deadlines, and promoted business development by exceeding client expectations for every engagement.• Worked closely with the sales enablement team in order to facilitate new client sales, client onboarding, and client relationship management throughout the period of engagement with Unit 42.

• Work to develop strategic methodologies for clients in a variety of verticals in business areas such as: o Governanceo Complianceo Organizational resourceso Data protection strategieso Management of security risko Identity and access managemento Incident responseo Third-party and vendor managemento Network security architectureo Security awareness and trainingo Cloud security services• Conduct workshop activities with executive and key stakeholders in order to perform gap analysis for areas of remediation within organizations.• Work with incident response consultants and incident response retainer clients in order to determine remediation prioritization of gaps before incidents occur.• Develop and conduct executive and technical security exercises to stress test existing processes and formulate improvement plans to enable organizations to defend against and respond to advanced threats.• Help to develop and manage the Incident Response Preparedness service line that prepares clients for how Mandiant and clients will work together during IR situations.

Building management system on-site assessment and Maturity Survey for a large building services company, as well as a large healthcare services provider• Served as technical subject matter resource for risk assessment and remediation guidance for building management systems deployment utilizing NIST framework.• Worked closely with the client to provide risk assessment utilizing NIST controls through both technical and policy interviews involving communication with multiple operations and management levels.• Assisted the client in performing BMS architecture reviews of various industrial automation control systems. Network architecture review, remediation guidance, and attack and pen-testing, as well as hardening evaluation for a large media services company• Served as technical subject matter resource for risk assessment and remediation guidance for network segments controlling PCI and client facing data• Worked closely with the client to provide risk assessment through both technical and policy interviews involving communication with multiple operations and management levels.• Worked closely with the client to provide attack and pen-testing services along with the internal EY A&P group.• Worked closely with the client to further provide network security architecture review, virtualization hardening review, and provided remediation guidance in accordance with the individual client groups responsible.Work to develop IAM requirements for OT network for a large power and utilities provider• Worked closely IAM and NERC CIP groups to provide role models for structuring IAM integration with NERC CIP assets.

• Perform site and system based security assessments for both internal GE and external clients utilizing IEC 62443 standards based approaches to industrial cyber security.• Develop security policy and procedures for clients utilizing IEC 62443 standards and industry best practices as framework models.• Provide staff augmentation for internal GE power and water verticals to assist with internal cyber security health checks for GE power and water run business units.• Perform risk assessments for both internal GE verticals and external clients, including clients in oil and gas, power and water, and various renewable energy sectors.

• Perform site and system based security assessments for both internal GE and external clients utilizing IEC 62443 standards based approaches to industrial cyber security.• Develop security policy and procedures for clients utilizing IEC 62443 standards and industry best practices as framework models.• Provide staff augmentation for internal GE power and water verticals to assist with internal cyber security health checks for GE power and water run business units.• Perform risk assessments for both internal GE verticals and external clients, including clients in oil and gas, power and water, and various renewable energy sectors.

• Perform cyber asset inventory, classification, and logical grouping for all generation owned bulk electric system assets. This includes field time in the assigned power plants, as well as close work with system operators and owners of equipment.• Determine existing network architecture, and diagram according to NERC CIP and Duke Energy IT 502/503 standards.• Perform scope reductions on generation bulk electric system cyber systems based upon impact to bulk electric system.• Determine cyber and physical security needs for protection of generation based assets utilizing NERC CIP and Duke Energy IT 502/503 standards. • Work with procurement on obtaining hardware and software assets for protection.• Work with outage and maintenance services, physical security design firm, and power plant operations management to determine physical security needs that meet operation, safety, and compliance standards.• Work with IT Telecom, Emerson SME, and plant operations management to perform network redesign and cut-over, utilizing Palo Alto, Cisco ASA, and McAfee SIEM to harden plant networks and provide logging based on NERC CIP and Duke Energy IT 502/503 standards.• Perform team lead duties as needed; finance forecasting, commit and close gate meetings with plant management and other stakeholders, change requests as needed, newer technical resource training. • Coordinate with other business units on maintaining plant functionality as cyber security compliance measures are rolled out such as; SOC/TCC, CEMS, PI, natural gas vendors, and ongoing compliance team members.

• Responsible for determining needs of new and existing clients pertaining to security; such as adherence to compliance standards, network security hardware and software, and recommended security policies and best practices.• Responsible for network and UTM appliance monitoring and management to detect and prevent network breaches. • Responsible for performing network vulnerability assessments for clients utilizing applications in the Metasploit framework and Rapidfire tools.• Provide reporting on vulnerability assessments and network security needs to clients with full technical breakdown for implementation, and executive summary for communicating with non-technical clients.• Responsible for client security objectives including data loss prevention, password auditing, and proactive security functions, such as vulnerability patching and remediation.• Responsible for implementation of Lenovo server and Cisco network infrastructure for rollout of manufacturing ERP solution for use by client with over two thousand users.• Work as point of escalation for all tier one systems engineer issues pertaining to; server, UTM, or network related issues.

• Worked to develop comprehensive security policy standardization for client's needs, this included mobile device management application evaluation.• Worked with the service manager to schedule on-site support and project needs for clients.• Acted as the main point of escalation for all issues from junior support desk engineers, also act as the first point of contact for all "C" level executive clients support needs.• Assisted the service manager with posting of billable support desk time; also assure that all engineer ticket entry is completed daily.• Responsible for evaluation and training of new support engineers, which includes developing and maintaining training curriculum from the ground up.• All previous duties of network engineer position are also included in this job function.

• Performed new client turn up duties which included Sonicwall firewall and Microsoft Server 2008 R2 installs with accompanying documentation for support purposes.• Provided support and maintenance of Sonicwall network security appliances for over sixty clients.• Managed Datto backup devices for all clients, this included bare metal recovery, off-site virtualization, and disaster recovery scenarios.• Performed set up of new VMware ESX servers for virtualization of existing client environments, as well as conversion and support of legacy servers in a virtualized environment.• Worked with clients on their access control requests for file and application servers, as well as content filtering and monitoring through Sonicwall network security appliances. • Worked with end users on desktop support requests such as virus removal, email account modification, and various third party application support over the phone and on-site.• Transitioned over one hundred users from Citrix based QuickBooks environment to Microsoft Remote Desktop Application environment.• Provided on-site support for replacement of Dell based server hardware, which included installation and inventory maintenance of co-location facility.