• Identified, isolated, investigated, informed, and implemented measures to detect and protect data across a wide spectrum of sources and locations. • Validated suspicious events or reports and determine if the event constitutes an incident. • Ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident.• Provided network intrusion detection and monitoring, correlation analysis, incident response and support for the Cybersecurity Service Provider (CSSP) and its subscriber sites.• Validated suspicious events or reports to determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems.• Conducted Splunk searches to find detailed information on events seen in the firewall as well as port usage, created dashboards, and generated reports within the Splunk interface.

• Provided thorough analysis using current tools and policies to obtain mission goals.• Directed implementation of tasking orders (TASKORDS) including patches and updates to two sites; maintained TASKORD compliance of all hardware and software in the network. Resulting in the Time to Patch period of 14-20 days exceeding industry standards of 30 days.• Generated weekly reports encompassing the current security posture of the network utilizing graphs from all available tools to assist the executive team in developing a strategy to mitigate risks.• Performed network vulnerability scans utilizing ACAS; analyzed results to mitigate vulnerabilities, generated reports to convey results, and created dashboards to display relevant information.• Managed and monitored the Intrusion Detection System/ Intrusion Prevention System daily; reported suspicious and malicious activity to Information Systems Security Manager.• Utilized HBSS; monitoring malicious activity adware, corrected and maintained agent communication, ensured VirusScan On Demand Scans ran on a weekly basis, investigated and corrected rogue assets on the network, created dashboards, and maintained system tree integrity.• Monitored firewall logs daily and investigated any abnormalities to determine legitimacy.• Conducted Splunk searches to find detailed information on events seen in the firewall as well as port usage, created dashboards, and generated reports within the Splunk interface.• Created, tracked, and updated trouble tickets utilizing Remedy.

• Provided thorough analysis using current tools and policies to obtain mission goals.• Directed implementation of tasking orders (TASKORDS) including patches and updates to two sites; maintained TASKORD compliance of all hardware and software in the network. Resulting in the Time to Patch period of 14-20 days exceeding industry standards of 30 days.• Generated weekly reports encompassing the current security posture of the network utilizing graphs from all available tools to assist the executive team in developing a strategy to mitigate risks.• Performed network vulnerability scans utilizing ACAS; analyzed results to mitigate vulnerabilities, generated reports to convey results, and created dashboards to display relevant information.• Managed and monitored the Intrusion Detection System/ Intrusion Prevention System daily; reported suspicious and malicious activity to Information Systems Security Manager.• Utilized HBSS; monitoring malicious activity adware, corrected and maintained agent communication, ensured VirusScan On Demand Scans ran on a weekly basis, investigated and corrected rogue assets on the network, created dashboards, and maintained system tree integrity.• Monitored firewall logs daily and investigated any abnormalities to determine legitimacy.• Conducted Splunk searches to find detailed information on events seen in the firewall as well as port usage, created dashboards, and generated reports within the Splunk interface.• Created, tracked, and updated trouble tickets utilizing Remedy.

• Conducts crew evaluations to assess operational training and ensure operational readiness of all unit personnel.• Develops test questions and scenario for evaluations • Maintains Letter of Certifications• Creates, modifies, and maintain accounts in PEX (Patriot Excalibur)• Implements policy, procedures, and priorities for unit operations• Performs near real-time network intrusion detection and analysis and remediation actions• Prepare weekly and quarterly reports on training status of individual employees • Create and maintain Individual Qualification Folder for personnel

• Utilize ArcSight, Network Traffic Packet Analyzer, Intrusion Detection System (IDS), and other toolsets to identify and investigate anomalies• Maintain constant monitoring of intrusion detection systems• Create technically detailed reports based on intrusions and events• Respond to computer incident investigations• Coordinate with other teams to remediate detected incidents• Analyze and evaluate anomalous network and system activity• Recommend modifications to security tools and configurations to detect, prevent, and mitigate intrusions• Recommend mitigation activities and provide after action reports to remediate vulnerabilities and reduce the chance of further exploitation• Proved assistance in deploying security toolsets and capabilities

• The Computer Systems Security Trainer facilitates initial and refresher customer mission qualification classroom training. • The trainer supports planning and organizing training design and development projects for all system types and facilities and for non-systems training (i.e., clinical continuing education, policy/procedure and/or best practice) to ensure desired results are achieved. • Leads training initiatives as needed • Coaches, monitors, and advises teams in order to achieve desired training (system or non- system) success across assigned flights or to targeted audience • Negotiates deliverables and project plans/schedules with customer and with stakeholders • Provides timely feedback to the Training and Stan/Eval teams concerning improvements to ongoing and recurring training and development projects • Develops job aids to positively impact compliance standards and objectives • Implements real world experience from VAs onto training curriculum • Possesses a sound understanding of Microsoft® Office™ and various Microsoft® and UNIX®/Linux® operating systems

•Performs analysis on historical and real-time data•Identifies suspicious user activity, poor system and/or user security practices or misconfigured systems which may provide unwanted hacker access to known vulnerabilities •Provides tactical defense of USAF networks using the Air Force provided Intrusion Detection System •Monitors all Air Force enterprise networks and AF security boundaries against intrusion using the Security Information Manager(SIM)/Arc Sight Integrated Management Site (IMS) AF Gateway system •Monitors/controls the AF Intranet security boundary to include mail relays, web proxies, intrusion detection systems (IDS), hosts vulnerability scanning of traffic analysis and firewalls traffic filtering•Initiates reporting procedures when unauthorized activity occurs •Correlates data gathered in an attempt to link current activities with past incidents

•Performs analysis on historical and real-time data•Identifies suspicious user activity, poor system and/or user security practices or misconfigured systems which may provide unwanted hacker access to known vulnerabilities •Provides tactical defense of USAF networks using the Air Force provided Intrusion Detection System •Monitors all Air Force enterprise networks and AF security boundaries against intrusion using the Security Information Manager(SIM)/Arc Sight Integrated Management Site (IMS) AF Gateway system •Monitors/controls the AF Intranet security boundary to include mail relays, web proxies, intrusion detection systems (IDS), hosts vulnerability scanning of traffic analysis and firewalls traffic filtering•Initiates reporting procedures when unauthorized activity occurs •Correlates data gathered in an attempt to link current activities with past incidents