Provide managed cybersecurity services, compliance and risk assessments, and consulting to regional businesses.- Built multi-client Security Operations Center (SOC) integrating event feeds from firewalls, servers, local and cloud applications with automated and manual cyber threat intelligence and incident response case management.- Evaluated, selected, and integrated third-party MDR and phishing filter services into existing SOC program.- Developed tools to process, normalize… Show more Provide managed cybersecurity services, compliance and risk assessments, and consulting to regional businesses.- Built multi-client Security Operations Center (SOC) integrating event feeds from firewalls, servers, local and cloud applications with automated and manual cyber threat intelligence and incident response case management.- Evaluated, selected, and integrated third-party MDR and phishing filter services into existing SOC program.- Developed tools to process, normalize, and augment Office 365 logs for digital forensics and SIEM integration.- Designed and implemented vulnerability and patch management across 40+ clients with 800+ endpoints.- Created, curated, and presented custom user cybersecurity awareness training annually to 20+ client companies.- Carried out incident investigations in support of breached clients including local and cloud-service audit log review.- Performed web app penetration testing for clients including state govt. agencies and SaaS software companies.- Responsible for organizational structure, budgeting, spending, service pricing, employee hiring, vendor management, etc. Show less

Provided cybersecurity consulting services to regional businesses, non-profits, and state government agencies.- Guided clients in security compliance with numerous frameworks (HIPAA, CMMC, GLBA, FFIEC, PCI DSS, etc.)- Designed security programs that balanced the need for security with operational business needs and costs.- Performed web app penetration tests and vulnerability/compliance assessments for business and state agencies.- Built K-12 instructor curriculum and taught… Show more Provided cybersecurity consulting services to regional businesses, non-profits, and state government agencies.- Guided clients in security compliance with numerous frameworks (HIPAA, CMMC, GLBA, FFIEC, PCI DSS, etc.)- Designed security programs that balanced the need for security with operational business needs and costs.- Performed web app penetration tests and vulnerability/compliance assessments for business and state agencies.- Built K-12 instructor curriculum and taught teachers for state department of education cyber and coding initiative.- Developed training curriculum aligned with NIST’s NICE framework and taught 100s of students statewide.- Spoke at numerous conferences and events sponsored by government, academic, and industry organizations. Show less

Built and managed the vulnerability management program for a $9B, Fortune 500, global financial technology company.- Led a team of 12 cybersecurity specialists of varying experience levels in 6 locations across 3 countries.- Built a distributed vulnerability scanning infrastructure of 90 scan engines in 8 locations around the world.- Managed corporate system of record for vulnerability data that fed dashboards for board and regulatory reporting.- Collaborated with system… Show more Built and managed the vulnerability management program for a $9B, Fortune 500, global financial technology company.- Led a team of 12 cybersecurity specialists of varying experience levels in 6 locations across 3 countries.- Built a distributed vulnerability scanning infrastructure of 90 scan engines in 8 locations around the world.- Managed corporate system of record for vulnerability data that fed dashboards for board and regulatory reporting.- Collaborated with system admins to provide insight and help devise more efficient fixes for systemic vulnerabilities.- Migrated 90 scan appliances from vendor supplied Ubuntu Linux distro to corporate sanctioned Red Hat Linux.- Managed schedule and data flow for scanning 300,000 endpoints every three weeks and 20,000 external IPs weekly.- Merged PCI ASV scanning with internal vulnerability management program to reduce overall manpower and costs.- Restructured team to reduce manpower needs from 12 to 8 FTEs all while increasing productivity by a factor of two.- Automated numerous labor-intensive tasks by implementing meshed systems across the infrastructure, creating and managing middleware to connect systems via API calls, and creating scheduled system health monitoring and alerting.- Regularly engaged vendors to identify and fix scanning software flaws and improve systems to better meet our needs.- Worked with Deputy CISO to project needs and changes to annual $3M dollar budget for several years into the future. Show less

Designed cybersecurity testing function within Air Force Space Command’s Operational Test and Evaluation program.- Created first-ever compliance and risk assessment program for Air Force Space Command ground control systems.- Authored assessment guides, reporting templates, data collection scripts to reduce burden and ensure consistency.- Worked with system owners and admins to recommend risk management strategies and develop remediation plans.- Converted compliance program… Show more Designed cybersecurity testing function within Air Force Space Command’s Operational Test and Evaluation program.- Created first-ever compliance and risk assessment program for Air Force Space Command ground control systems.- Authored assessment guides, reporting templates, data collection scripts to reduce burden and ensure consistency.- Worked with system owners and admins to recommend risk management strategies and develop remediation plans.- Converted compliance program from older Department of Defense standard to new NIST SP 800-53 requirements.- Led first risk assessment of missile warning/space surveillance system during most extensive upgrade in four decades. Show less

Provided cybersecurity consulting services to federal agencies, performed vulnerability assessment and penetration testing.- Led vulnerability and compliance assessments, evaluating and documenting risk for 100s of federal agencies.- Developed scripts for Windows, Solaris, and Red Hat Linux, automating data collection and reducing testing time.- Authored framework of commonly discovered vulnerabilities, reducing administrative reporting burden by 10%- Performed web… Show more Provided cybersecurity consulting services to federal agencies, performed vulnerability assessment and penetration testing.- Led vulnerability and compliance assessments, evaluating and documenting risk for 100s of federal agencies.- Developed scripts for Windows, Solaris, and Red Hat Linux, automating data collection and reducing testing time.- Authored framework of commonly discovered vulnerabilities, reducing administrative reporting burden by 10%- Performed web application penetration tests, revealing flaws and recommending fixes for highly sensitive apps.- Designed metrics program for US Air Force to measure efficiency of incident response and forensics program. Show less

Designed large communication systems (radio, satellite, aircraft navigation), developed custom solutions for information system integration, provided network security expertise integrated in other Information Operations disciplines, and led testing efforts for new, high-speed systems to be integrated into the Air Force enterprise network.