* Built the SOC from the ground up* Developed an Incident Response Plan, Policy, and Procedures* Trained a team of interns and experienced engineers in SOC duties connected with the Quantum Security XDR + SOC platform* Developed Detection rules and automated management of rules* Set up an incident response portal for customers to interact securely with our SOC team.* Worked closely with product engineering to provide feedback and ideation

closed business as a result of full time employment with Armor.

* Development and maintenance of the Mozilla Defense platform (MozDef) a homegrown SIEM. Crafting alerts, parsing data sources, data analysis, introducing new features.* Incident Response* Configuration Maintenance and CI/CD of security infrastructure using Ansible, AWS CodePipeline, and Cloudformation* Care and feeding of security infrastructure, patching and upgrades* Evaluation of standards and Policy review/management* Work with various levels of management and across teams to integrate security and provide support for shared infrastructure.

I work with an awesome team doing awesome things to enable Mozilla to share it's awesome things with the world and keep the internet free.* Development and maintenance of the Mozilla Defense platform (MozDef) a homegrown SIEM. Crafting alerts, parsing data sources, data analysis, introducing new features.* Incident Response* Change Management* Configuration Maintenance of security infrastructure using Ansible, Cloudformation* Care and feeding of security infrastructure, patching and upgrades* Evaluation of standards and Policy review/management

I work with various security and infrastructure focused departments in gathering, analyzing, and managing data for several projects.These projects include:* PII* Brand Protection* Vulnerability Management* Security Tools and Enhancements* International Implementation of SIEM* Penetration Testing

• Played a key role as lead infrastructure engineer, responsible for overseeing a team of two security engineer level III.• Resolved complex problems considering system capacity and limitations for log management and other security solutions.• Expertly handled infrastructure projects encompassing new product rollout and decommissioning; as well as feasibility studies, implementation, communication, testing, change management, and training strategies; this included large scale implementation of Bitdefender and Trend Micro Deep Security as well as migration from a legacy Splunk instance to a globally clustered Splunk deployment and implementation of these tools for external consumption in the form of Armor.• Carried out key tasks such as providing consultative support to internal staff; updating complex system configurations; and conducting audits of solutions to ensure compliance with specifications and delivery of mission-critical security layers to customers and internal environments.• Served as a subject matter expert on Citrix VPX 3000, Imperva SecureSphere, Bitdefender, Splunk, OSSEC, Nexpose, and as well as processes and procedures associated with this specific security infrastructure and associated applications.• Performed care and feeding within various functional areas such as host-based intrusion detection system (HIDS), network intrusion detection system (NIDS), web application firewall (WAF), anti-malware, password and session management, vulnerability scanning, hardening, and log management. • Increased inspection of all traffic to 100% from 30% and increased scalability by procuring special hardware/software to increase packet capture speed and enable process binding to specific cpus. • Earned promotion from security engineer to senior security engineer level III for handling additional project-based responsibilities to maintain company growth.

• Analyzed current solution implementations and provided steps to enhance and improve or re-architect to improve functionality and supportability.• Provide security engineering for customers in an effort to help them achieve compliance and/or implement security controls to fulfill their needs/requirements.• Developed procedures and documentation surrounding OS hardening, application setups, forensic/malware investigation and cleanup.• Forensic analysis and malware cleanup on customer systems.• Evaluated workflow processes and incorporated steps to evaluate migrated customer data from other hosting organizations for malware prior to placing it into production on our networks in an effort to educate new customers on value that FireHost provides.• Evaluation, management, support, and maintenance of several clustered instances of Splunk. • Re-architecture, Management, Support, and maintenance of Snort based IDS solution and dependent productivity pieces.• Deployment, Configuration, Management, Support, and maintenance of 5 web application firewall deployments. • Management, support, and maintenance of antimalware/antivirus and endpoint protection.

• This position was a promotion from the role of Security Engineer • Incorporated the use of Project tracking for PCI solution implementations and Internal productized backlog• Deliver timely audits of internal services to ensure customer solutions were working as intended. Any required remediation was completed and reported to the Director of Security.• Provide functional and specific technical expertise to formulate advanced project scope and objectives; develop and modify procedures to resolve/address procedural issues/problems.• Perform comprehensive analyses of existing solutions to incorporate enhancements.• Manage Customer and Corporate PCI Assessor and SSAE16 Assessor visits and act as a liaison for the customer where needed. • New responsibilities moved from Support to Security included the configuration and management of customer firewalls (Cisco PIX/ASA) • Provide assistance to local, state and government authorities as legally required.• Delegates projects and deadlines as well as goals for the Security Operations Center to meet and achieve.• Supervises the development or acquisition of tools and software for the SOC to automate internal processes in order to optimize productivity and increase ROI.• Ensured a security lab for testing and training was provisioned for the Security team’s use.• Delegate work and duties as required for both corporate and customer based compliance and customer or corporate support requests.• Manage a team of 2 in the practice of supporting both corporate and customer environments. Provide HR with monthly employee evaluations.

• This position was a direct promotion from the role of Security Analyst• Additional responsibilities include encompassing compliance and the evaluation of new tools to add to the NeoSpire Security portfolio.• Perform monthly/quarterly network scans and validate/remediate where required.• Supervised and assisted the installation and integration of biometric hand readers at restricted access points within our facility• Instrumental in achieving approved vendor status for managed PCI and ASV• Created processes and orchestrated all duties of managed security services• Trained SOC personnel in daily duties• Managed vulnerability scanning and reporting to customers• performed forensic analysis in response to breaches and advised on how to close gaps• Worked closely with large customers such as Shopify, Dallas Cowboys Pro Shops to help them manage their PCI requirements.• performed in the role of security services manager reporting directly to Director of Security

• Support of security infrastructure and maintenance of Snort Sensors both corporate and customer dedicated.• Attended certified training courses on RSA Envision and have fully implemented and placed into production the RSA Envision solution in use today. Have experience writing UDS for unsupported products.• Implemented and developed a number of IDS units and maintained those devices and associated databases.• Maintained and retired legacy security system tools and security infrastructure. • Routinely perform reviews/analyses of requested changes for equipment configuration, technology and/or other factors/trends, which may impact or enhance existing solutions. • Consult with hardware, communications, database experts and /or software vendors to ensure system viability. • Ensure applicable documentation is updated according to client/NeoSpire standards; Have assisted in user training. • Routine provision of guidance and assistance in the training of peers.• Works with little supervision. This position also involves coordination and interfacing with customer base and NeoSpire staff.• Use of Snort in passive mode for suspect traffic detection and analysis of traffic data to determine whether the attempts are false positives or malicious, escalates the issue accordingly, and advises client of determination of traffic, how to mitigate, and possible causes.• Investigation of network anomalies and customer based bandwidth anomalies.• This position became an on-call position 4 months post-hire.• Created purchase orders for acquisition of products or licensing of Security related software, certificates, and systems.

• Provide functional and specific technical expertise to formulate advanced project scope and objectives; develop and modify procedures to address information system issues/problems.• Performs comprehensive analyses of existing solutions to incorporate requested enhancements.• Performs reviews/analyses of requested changes for equipment, technology and/or other factors/trends, which may impact existing solution consistent with solution modifications. • Consult with hardware, communications, database experts and /or vendors to ensure system viability. • Ensure applicable documentation is updated according to client/ACS standards; may assist in user training. • Routine provision of guidance and assistance in the training of peers.• Help with administration of several TACACS servers: adding, modifying, and removal of devices, user accounts, also provide data for SOX and PCI Audits.• Helps with development of tools for the SOC to automate some processes.• Works with little supervision. This position also involves coordination and interface with client and ACS staff.• Use of Snort in passive mode for suspect traffic detection and analysis of traffic data to determine whether the attempts are false positives or malicious, escalates the issue accordingly, and advises client of determination of traffic, how to mitigate, and possible causes.

• This position was a promotion from the role of Customer Care Analyst, a Tier 2 phone support group, which was also a promotion from my original position of NOC engineer.• Responsibilities include direct deployment/configuration/support of various firewall models. • Hardening of applications and operating systems. • Forensic Analysis of compromised systems• Performed analysis of servers delivering abnormal outbound traffic to detect possible system compromise• Assisted other departments in resolving customer issues.• Major events that took place immediately after my transition to the department of Security include the following:• Merger of The Planet and EV1 where I assisted in the integration of the departments of abuse, Global NOC, Security, and Inventory and contributed to their policies and technical training. • Shared the responsibility of training the new Global NOC technicians in the role of network monitoring. The Security department was re-formed and the monitoring of the networks was consolidated into one location to be performed by the Global NOC in Houston. This included travel to the relocated Headquarters in Houston.• Revision of procedures and dissemination of information in order to help communicate needs and requirements across the company as a whole in order to provide uniformity and knowledge. • Motivation of the Security Team through the transition.• Use in depth knowledge of the file systems of both Windows and Unix based operating systems to perform forensic investigations of compromised and/or exploited servers.• Performed OS Hardening of Windows and Linux operating systems and their applications.• Provisioned VPN and custom network solutions for customers of The Planet.• Performed an integral role in communication between upper management and the Security team..• Provided insight regarding development and analysis of new procedures and policies to help standardize business practices

Provided Tier2 technical support to customers via Phone.

• Setup/install/support of various operating systems and their applications, network monitoring, server monitoring, troubleshooting and maintenance of over 20,000 servers across three data centers. Approximately 60% of them are Linux while the rest are Windows and other UNIX based distributions. This support was both Hands on and Remote.

Provided technical support of various webserver architectures, from JBOSS/Tomcat to Apache.Worked part-time in this role and part-time in a non-technical role in a crafts store.Rimu has an outstanding service platform and very knowledgeable staff. I highly recommend them.