Sal Morales Email and Phone Number

Analyzing data on several classification networks with User Access Monitoring tools.

Develop Army/DoD defensive analytics, conduct threat cyber operations and computer network operations, computer network defense (CND), capability gap analysis, friendly network forces prioritization, operational assessment, and risk analysis. Manage the integrated network of intrusion, misuse, and anomaly detection systems, and applying information systems security and information assurance to systems/networks, supporting data fusion and analysis, diagnostics, long-term trend and pattern analysis, and warning communications channels and procedures. Develop countermeasure response for deployment, as required, and distributes directed actions to appropriate Subscribers and subordinate organizations throughout the Army in support of U.S. Cyber Command (USCC) and DoD strategies. Manage cybersecurity monitoring activities and analyzes threats and suspicious/malicious network traffic through cyber threat awareness; analysis of available alert and traffic flow systems (e.g., IDS/IPS, Routers, Netflow, etc.); systematic cyber event correlation and analysis; distributed, long-term, coordinated, low-visibility network-based attacks; and advanced, persistent, and coordinated threats across multiple networks. Manage identification and documentation of unauthorized activity and/or attacks throughout the Army. Manage compilation and distribution of cyber threat assessment information with USCC/ODNI and other activities, to include, threat analysis, warnings, and notifications (e.g., Tippers, Situational Awareness Reports (SARs)). Identify the specific vulnerability and make recommendations that enable expeditious remediation utilizing Tanium, ArcSight, and Big Data Platform (BDP). Develop and distribute countermeasures or interim guidance to prevent or mitigate cyber threats to and/or attacks on the Army portion of the DODIN.

Provide Global IT support to the Defense Information Agency.

• Provide tactical to strategic level intelligence analysis of Cyber threats, vectors, and actors in support of Cyber defense and computer network operations.• Consult on the uses of forensics, network vulnerability, and malware analysis to conduct both technical analysis of Cyber threats and events and all–source analysis of Cyber threats, their vectors, and capabilities. • Apply a broad comprehension of both open source data and classified reporting to analyze and document the political, economic, social, and behavioral aspects of malicious Cyber activity and provide situational awareness of local, regional, and international Cyber threats, including attribution analysis of Cyber organizations, programs, capabilities, motivations, and intent to conduct Cyberspace operations.• Perform computer network defense (CND) incident triage, including determining, urgency, and potential impact, identifying the specific vulnerability, making recommendations that enable expeditious remediation, performing initial forensically sound collection of images, and inspecting to discern possible mitigation or remediation on enterprise systems.• Perform real–time CND incident handling, intrusion correlation or tracking, threat analysis, and direct system remediation tasks to support Incident Management Teams (IMTs) and Cyber Response Teams (CRTs).• Receive and analyze network alerts from various sources within the enterprise, determine possible causes of such alerts, and track and document CND incidents from initial detection through final resolution.• Assist the government with analysis of actions taken by malicious actors to determine initial infection vector and establish a timeline of activity and any data loss associated with incidents.

• Supervised 13 Information System technicians in the installation, cyber security and maintenance of Consolidated Afloat Networks and Enterprise Services (CANES) communications suite and successful testing of all network virtual servers using vSphere.• Developed and implemented IT security policy for USS Oscar Austin in order to meet guidelines and policy requirements established by USCYBERCOM.• Ensured IT cyber compliance by providing cyber training and Information Systems Security Training.• Ensured the security of the network through developing comprehensive cyber policy for end users.• Oversaw ship-wide technical support for secure and non-secure stations on CANES and Cross Domain Solutions, account creations, backups, and restores. • Ensured enhanced security posture of a network of 68 servers by monitoring scans and applying STIGs to harden network. • Served as the command Client Platform Security Officer (CPSO) for the Key Management Infrastructure (KMI), responsible for auditing, archive and backup of security-related data.• Prepared and coordinates radio and satellite communication with other ships and shore stations to fulfill military missions. • Expertly upgraded and reconfigured radios, encryptions, and satellite terminals valued over $3M.• Achieved a 98% operational readiness rate for 68 secure and non-secure data systems.• Worked hand in hand with the ISSM to maintain cyber readiness throughout the network.

• Key player in the standup of the Defense Enterprise Services Operations Center (DESOC). The DESOC was the operational predecessor of the JFHQ-DoDIN.• Worked with DISA tools for cyber security to include ArcSight, CSAAC, and many other acropolis toolsets.• Established cyber policy for OP35 for delivery to operational customers; ensured the compliance of the policies.• Operated global DoD information Network. Provided DISA Enterprise Services oversight, joint C2 communications, information systems and cyber defense at all classification levels. Enabled a globally accessible enterprise information infrastructure in direct support of DoD forces and national level leaders. Managed global spectrum and joint system testing.• Conducted and participated in conferences with personnel from JCS, Combatant Commands, Military Departments, NCS, NCC, NSA, other DISA directorates, and other Defense agencies. Briefed DISA director, DCC Commander, and Agency staff as required.• Prepared or assisted in preparing COMSTATs, COMSPOTs, and other electronically transmitted messages. Maintained station logs and prepared daily briefings and briefs senior official on the status of the GIG.• Analyzed system operations and responses, limitations, ranges of variables, and reliability. • Interacted with multiple agencies processing and coordinating Joint Task Orders with an overall creation of 127,848 user accounts throughout the Department of Defense.• Gathered relevant data and briefed updates related to the Unclassified Information Sharing Service (UISS) All Partners Access Network (APAN) team with Defense Enterprise Portal Service data pertinent to APAN. • Participated in the restructuring and migrating process of new mission partners into the Defense Enterprise Portal Service (DEPS) 2.0 application.

• Performed Security Scans to ensure operational Operated and administered the Integrated Shipboard Network System with 16 servers, 32 Alcatel switches, and 1,700 workstations. • Provided ship-wide technical support for SECRET and UNCLASS LAN devices across the network.• Installed software, modified and repaired hardware and resolved technical issues. • Successfully ran over 10K feet of fiber and finished end points to connect Backbones, Domain Controllers and switches to maintain network availability during a network migration.• Deployed over 820 workstations and 16 servers during the network upgrade to provide network availability to users onboard the ship.• Managed Network Tactical Command Support System (NTCSS) consisting of four UNIX servers allowing over 3000 sailors to orders supplies, repair parts, generate muster reports, and track ship-wide maintenance.