Lead large, client-facing incident response engagements, and examine cloud, endpoint, and network-based sources of evidence.Collaborate with internal and customer teams to investigate and contain incidents.Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations.Build scripts, tools, or methodologies to enhance Mandiant’s incident investigation processes. Develop and present comprehensive and accurate reports, trainings, and presentations for both technical and executive audiences

Managed a team of DFIR professionals and provided several critical security services as Manager of Teck Resources’ Digital Forensics & Incident Response Team. Including but not limited to, DFIR, enterprise threat hunting, Cyber Threat Intelligence, tabletop, and purple team exercises. Hired additional staff and expanded the team to support ongoing projects.Oversaw several major projects in 2021 and beyond. Managed budgeting and timelines for all Incident Response projects: Cloud DFIR readiness (migration from GCP to Azure for core business applications), phishing response automation, onboarding of Threat Intelligence Platform, Incident Response platform migration, Cyber Threat Intelligence capability uplift project.Regularly published finish intelligence in both English and Spanish to several key stakeholders such as Teck’s Vulnerability Advisory Board, audit committee, RACE21 digital transformation project, Operational Technology staff, security awareness team, and senior leadership. Providing high value, actionable intelligence to the business to enable safe and equitable production.Led and conducted several high severity intrusion and insider threat investigations, with support of legal and HR, and across several cross functions using the National Incident Management System framework.Led a team that detected and responded to all intrusions early in the kill chain, leading to no material breaches for several years despite a high volume of financially motivated threat actors.Assess, prioritize, and mitigate risks in a complex enterprise environment consisting of on premises, cloud, operational technology, SaaS, and shadow IT infrastructure.Ability to establish high functioning teams and work in a fast-paced environment with competing priorities and stakeholders.

Contributed to the program development of Teck’s Cyber Security Incident Response Team. Documented and automated significant portions of the incident response workflow, including a best-in-class anti-phishing program. Responsible for daily Incident Response activities such as cloud, host, and network based forensic investigations relating to cyber intrusions. Adversary simulation activities such as, tabletop exercises, phishing simulations, and threat emulation work. Strong grasp of the cyber kill chain, diamond model, Mitre ATT&CK framework, Elastic search (multiple SIEM platforms), EDR technologies, host and memory forensics, threat hunting, and cloud security (Azure, GCP, AWS). Proficient at managing inter-enterprise relationships, projects, and writing reports (finished threat intel, business process enhancements, IR documentation, presentations, etc…) Provided end-user training and security awareness presentations. Worked with support teams and various business stakeholders to increase efficiencies during incident response work. Coached newer staff on conducting IR engagements.

Managed Teck’s physical security program. Responsible for the design, configuration, commissioning, and maintenance of critical access control and surveillance systems at all global offices and mine sites. Working with vendors, IT, and business stakeholders to deploy large-scale security projects seamlessly and remotely in multiple locations worldwide. Worked closely with contractors and vendors to ensure security design and installation standards were met and following the guidelines set forth by Teck’s Risk department. Managed over 10,000 access cards and associated role-based access control lists, Active Directory integrations, 1000+ cameras and card readers worldwide, and administered more than 20 enterprise servers relating to physical security. Strong project management skills for multi-million-dollar enterprise projects and retrofits while staying on budget and reducing waste. Defined scopes of work and bills of material with extensive subject matter expertise to negotiate the best cost for large projects and upgrades. Collaborating with Teck’s Risk department to conduct physical risk assessments and aiding in the technical architecture and design of all production physical security systems. Managing quantified risk, leading to improved global protection from physical threats and increased visibility into production mining environments for improvements to life safety.

Responsible for installation, testing, commissioning and customer training for commercial access control, surveillance technology, burglary systems, and structured data cabling. Designed and deployed enterprise security solutions at scale and responsible for training of newer staff. Led several enterprise projects for large enterprise companies. Including, new high-rise buildings in western Canadian cities, retrofits of large surveillance technology or access control systems with hundreds of individual devices and thousands of users. Worked with project General Managers and site foreman to ensure standards were being met, costs reduced, and projects completed on time and on budget. Contributed to sales material, architectural drawings, project deliverables, including bills of material and clear scope of work. Responded to daily service calls supporting premium customers. Generating revenue in a fast-paced, highly competitive market by up selling and marketing products and services to customers to meet their needs. Assisting customers in getting the best possible service, value, and protection for their businesses.

I installed, programmed, commissioned various cardaccess,CCTV and burglary alarm systems in a commercial setting. Some of these system include but are not limited to: CCure800, Cardkey, DSX, Sipass, MarchDVR, BoschDivar, PelcoDX8100.I was in charge of installation for all field devices and all panel terminations. I programmed and installed sites as large as 250 Card Access doors and 100 Cameras.I spent time in the service division dealing with customers on a daily basis and handling all daytime calls including troubleshooting all of the systems Siemens installed.Responsible for installation, testing, commissioning and customer training of commercial access control, CCTV, burglary systems and set up of large network systems. As lead technician, working with project manager and supervisor, ensuring bills of material are adhered to at site, interfacing with other site subcontractors and customers. Lead technician for major projects such as Livingston Tower West, Medicine Hat College, and Total E&P.Using sales information and architectural drawings to create project packages, including bills of materials for contractor approval. Utilizing approved project drawings and commissioning sheets to create as-builts in AutoCad. Procurement of approved bill of materials, tracking material delivery dates and resolving any late deliveries using the SAP system.