Leading Rapid7 Managed Detection and Response (MDR) and Incident Response Consulting services.• Grew the MDR business by more than 300% in four years.• Built out a global security operations organization, with teams in the US, Ireland and Australia.• Fully integrated our MDR and IR consulting lines of business.• Evolved our XDR platform to better address the needs of our customers and our own SOC and incident response teams.

• Partnered with a leading hospital system to develop a managed security service focused on protecting small medical practices. • Developed an innovative approach to securing these practices while providing real-time compliance data to support third-party risk management programs.• Built, deployed and managed all production infrastructure and services.

• Led a security engineering team responsible for building, deploying and managing detection and response infrastructure.

• Built and led the Salesforce Computer Security Incident Response Team (CSIRT), a 24x7 team responsible for security monitoring and incident response across all Salesforce environments.• Staffed up world-class teams in multiple geographic locations to provide robust follow-the-sun coverage.• Led the response to complex high severity security incidents, coordinating incident response actions across multiple functional teams to rapidly contain and eradicate threats. • Partnered with executive leadership, legal, PR, and customer support during incident response to determine business impact and manage internal and customer-facing communications. • Developed a security monitoring and incident response tracking system on the Salesforce platform.

• Led the US security analysis team for Symantec Managed Security Services.• Responsible for the security monitoring of all Symantec MSS customers in North America.• Managed a team of security analysts, from day-to-day oversight of service delivery to professional development and performance management.• Consolidated two analysis teams with duplicate functions into one team with a single mission and clearly defined roles and responsibilities.• Worked with customers to resolve complex issues or requests.

• Overhauled the MSS log collection, analytics and storage architecture in order to reduce cost, improve performance and resiliency, and enable additional service offerings.• Built a log management service for the archiving, alerting and reporting of operating system and application log data. Replaced the proprietary ticketing system used by Symantec SOCs with a new off-the-shelf workflow system.• Designed and implemented enhancements to the MSS analytics engine responsible for analyzing billions of security logs per day.

• Defined operational policies and processes for Symantec Security Operations Centers (SOCs) worldwide.• Routinely implemented automated filtering and event handling logic to reduce the volume of alerts presented to analysts. Updated technology and processes to detect and respond to new emerging threats.• Developed a comprehensive set of operational metrics to measure the quality and efficiency of analysis services delivered to our customers.

• Managed a team of security analysts responsible for the development of security content for Symantec products. • Played a leadership role in all stages of the software development life cycle, including requirements gathering, design, development, QA, and ongoing product support.

• Integrated numerous security products with Symantec Incident Manager. These integration efforts included installing and configuring security products, generating a representative set of security events, and writing the parsing logic and other security content necessary to normalize and analyze this data.• Developed event filtering and correlation logic to enable the automated identification of security incidents.• Trained and served as a security analyst at the Symantec Security Operations Center.

• Installed, configured, and analyzed the log output from a broad array of security products.• Simulated attacks in a lab environment in order to study how hacker tools and techniques are detected.• Developed log parsing and detection rule sets for the company's enterprise SIEM solution.• Planned and executed the deployment of this software at government and commercial sites.• Developed a comprehensive build, configuration management, QA, and software distribution process.