As part of the intelligence team, I regularly interface with customers and sales to ensure our intelligence is being maximized in customer environments, bringing previous utility experience with me. I write reports for Dragos’ WorldView (WV) intelligence offering ranging from alerts to deep technical work.  I was the main author of the “Suspect Domains” report for over a year before successfully transitioning it to another teammate. Other responsibilities include malware research, adversary research, giving webinars, speaking at conferences and interfacing with other teams to coalesce our intelligence across the company.  Team lead for customer success. Gathering feedback, ensuring customers success and collecting customer intelligence.Team lead for intelligence “request for information” (RFIs).  Ranges from rapid responses to lengthy papers.Created ticketing workflow in Zendesk to streamline Intel team processes and improve customer experience.Developed metrics to measure customer success, usage and referential potential.Customer base has increased 6x since I started working with sales.Responsible for researching and understanding Dragos activity groups.Work with portal developers to enhance the WorldView customer experience. “Named analyst” to act as first point of contact for customers and orchestrate intelligence team efforts to meet their needs.Interface with multiple teams to add additional intelligence to Dragos offerings (Pen tests, threat hunts, tabletop exercises).Mentor teammates on hunting activities and the electric industry. Environment:DomainTools, Censys, VirusTotal, HybridAnalysis, Recorded Future, VMWare, REMNUX, Kali Linux, IDA, ELK

My added responsibilities included the build out of an OpSec program and OT vulnerability disclosure program.

I worked on the Threat & Vulnerability Management (TVM) team at Duke Energy. My team changed from firewall consulting & vulnerability scanning to Threat & Vulnerability Management. In this role I built out the Threat Intelligence program for cyber security and a large chunk of physical security.Responsibilities:Lead Threat analystLead external cyber threat investigations at Duke (Credential breaches, exploitable systems, threat actors/APT's)SME for Recorded FutureLead analyst for ShodanLead for daily security awareness to DukeTVM lead for Threat Exposure Management initiativeVulnerability scanning with Security Center and Nessus (Tenable products)Provide daily threat reports to Security Operations (SecOps) and CSO/CIO staffBuilt working relationships with IT Operations, Telecom and physical security.Firewall consulting with customer and firewall implementerNERC CIP firewall reviewsDocumented processes for TVMProcess improvement projects for firewall, security event dissemination and discovery of rogue assetsTools/Processes learned in rotation:Threat/Vuln huntingRecorded FutureSecurity CenterNessusNext Gen FirewallsLockheed Martin Cyber Kill ChainCase management softwarePython

Former Security lead for the Identity & Access Management (IAM) project. The project included some 15+ tools along with SailPoint's Identity IQ (IIQ). Responsible for producing ITDM deliverables. The ITDM documents developed strategies for security across multiple platforms (Project, Legacy, IIQ). I developed and documented the new Continuous Integration (CI) environment (Duke's initial foray into DevOps).Detailed below were my responsibilities per project phase.(Responsibilities with a * were on going during project)Plan Phase:Requirements gatheringFit/GapLearn legacy apps/dbsLearn lines of businessProject financials*Develop & track required project training*Create onboarding guideOrientation of new project team members*Seating for project teamTrack security for: project, Active Directory (AD), applications & SQL*Analyze Phase:Security ApproachesCI process flowCI Design documentsTA345 Source Control Diagram for IAM (9 environments)ID/Group creation in AD, SQL server & HRHub*Application security for IIQ*Database setup, including security*Map IIQ rights to application abilities*Design Phase:AP380 Security Design document*Jenkins documentation*DP510 XL Deploy document*Security role creation in IIQ*Build Phase:AP380 Detailed Security DesignDatabase refreshes (WFHub)Deployment documentation for securityCreate staffing scenarios for help desk on new tool rolloutTrain & transition my replacementTools/systems learned while on project:Sailpoint IIQSubversionJenkinsNexusXL DeploySQL ServerDuke's HR HubActive DirectoryLegacy IAM toolsHP ALM (QC)I developed a method to track the rights in IIQ to the actual ability the right grants. This involved reading XML, mapping the IIQ "right" to the URL (action granted), extensive testing in IIQ & updating user rights/documents. The vendor indicated that I was the first person to develop such documentation through all the companies they have worked with.

I worked in four separate areas inside of my department: SCCM, BladeLogic, ADDM & software packaging. SCCM:Troubleshot issues with packages (deployments, distribution, workstation, package behavior...)Created detailed reports on packaging success ratesResearched & implemented fixes with packagersImplemented packaging standards & clean up of the Duke Application Environment (DAE)Managed the Remedy queues for SCCM, BladeLogic & PackagersBladeLogic:Built servers from project documentationInstalled middleware/software on serversTroubleshot failing builds & identify issues for resolutionInstalled SQL & Oracle database via BDAIncreased efficiency in the server decom processADDM:Pulled reports from aggregations of the environmentPatched & updated ADDM serversTroubleshot/Monitored scans for efficiency & speedPruned IP's to increase scan speedsWrote modules to map new applicationsCreated application footprints by interfacing with customersImplemented certificates for ADDMTools/Systems learned during rotation:SCCMBladeLogicBDA (BladeLogic for database creation)ADDMWindows 7Windows Server 2008/2012RemedyProcess of implementing certificates for LDAPWhen I implemented packaging standards to cleanup (DAE), the merger with Progress Energy saw no standards in place for naming, presentation & documentation of software packages. I went through the process of standardizing data entry, removing redundant packages & normalized legacy packages. This translated to over 1000 packages being modified or deleted. For BladeLogic, the process for decommissioning servers was slow, requiring many hand offs with the Change Request (CRQ). Worked with Windows Server team to increase efficiency by having CRQ spawn Work Order(s) (WO) instead of passing WO around.

Baker & Taylor is a wholesaler of books, music and movies in physical and digital formats. My main responsibilities focused on anything to do with content management for the retail websites, eBooks, and audiobooks. Main responsibilities:Responsible for populating the retail websites with catalogs and images provided by content managers for various namebrand stores (Sears, Michael's, Sam's..)Became expert on how the backend system interacted with front (both proprietary). This included troubleshooting code, content, metadata, lack of availability, pre-orders and potential fixes. Supported metadata the company provided to libraries, schools and businesses. This included dealing directly with customers on troubleshooting their systems to see where breakdowns were occurring with 3rd party front ends. Created an Access database that aggregated over two million lines of data from multiple sources. The reports had the various states that eBooks were in. This was mostly around New York Times Bestsellers.I had my normal responsibilities but essentially became a PM with application testing and development efforts for axisReader, Blio and Acoustik (after layoffs). This included:Managing Team Foundation Server for axisReader and AcoustikMaintaining bug logs for applicationsHolding meetings with vendorsGetting fixes planned and testedDriving accurate content catalogs and high availabilityOther responsibilities included:Overseeing PCI servers and process for the ingestion, conversion and fulfillment of multi-formatted ebooks from publishers to customers.Responsible to forecast SAN disk purchasing by forecasting eBook ingestion. Maintaining the DRM files that were applied to eBooks during packaging. This included: reading contracts, working with legal to form standards, creating XML files and testing eBooks for compliance.Documenting server environments for B&T including Content Cafe 2, Digital Content Cafe, Blio and Acoustik using Visio.