Resume

Welcome to my resume! I have broad experience in a variety of cyber security related domains such as incident response, security architecture and engineering, architecture review, SIEM engineering, vulnerability management, and detection engineering.

I have experience in training new cyber security analysts, writing how-to’s and runbook type documents, and enabling analysts to work smarter not harder. In my various places of work, I’ve also frequently been a point of contact for career mentoring.

Regarding consulting, I have experience presenting to leadership, writing statements of work, and executing and delivering on said work. Areas of expertise are blue team centric: SOC training, automation, process improvement, alert creation, tool validation, product onboarding, etc.

Thanks for stopping by!

Professional Experience

View on LinkedIn!

NBCUniversal, Remote

Lead Detection Engineer, March 2022 - Present

Provides long term vision for Detection Engineering and spearheads execution.
Created a CI/CD pipeline for detection documentation.
Wrote Python automation for detection files to ensure proper data format and content, which is enforced with GitHub actions.
Wrote automation for metrics purposes, MITRE Navigator .json, and tracked threat actors.
Continnued work on a large technique gap analysis for tooling gaps analysis and detection creation.
Wrote documentation on and implemented the use of testing tools, such as Atomic Red Team to emulate attacks and enhance our Detection Engineering process.
Built out a correlation alerting process in the SIEM.
Wrote automation to push alerts to the SIEM via detection as code principles.
Heavily involved in security architecture review processes for detection creation purposes.
Provides training and mentorship to interns and new hires.

Senior Detection Engineer, Feb 2021 - Present

Worked in the MITRE-centric Detection Engineering workflow, creating custom security alerting for business segments and incident response teams.
SME on Detection Engineering for other cyber teams and business entities.
Created logging documentation and detection analysis in the onboarding of new log sources.
Created interconnected Jira workflows across all interwoven cyber teams.
Created various automation scripts within xSOAR.
Involved in Purple Team exercises for gap analysis and detection creation purposes.

Revolutionary Security / Accenture, Remote

Cyber Security Consultant, April 2019 – Jan 2021

Specialized in SOC onboarding services.
Provided clients with SIEM tuning suggestions, alert feedback, log volume/optimization analysis, reporting, and automation.
Provided mentoring for client analysts to enhance their understanding and capability in their roles.
Documented new processes and procedures while standing up new Security Operations Centers.
Written and provided Python API automation scripts for analyst interaction with key security tooling.
Provided log ingestion, alert creation, and product documentation for a newly onboarded email security appliance.
Provided detailed alert analysis and served as an escalation point for other client analysts.

Aires, Robinson, PA

Security Operations Specialist II, Sept 2017 – March 2019

Performed a security architecture redesign by reviewing past and current security products and replacing them with products that best fit the company needs and budget.
Created and developed the vulnerability management system for Aires. Responsibilities include scheduling vulnerability scans, interpreting and testing the results, and inputting the vulnerabilities into the ticketing system. Assists with remediation as necessary.
Created and developed a time tracking ticketing system, which lets our team lead review time spent on various projects and reallocate personnel resources accordingly.
Creates and manages user phishing campaigns, which tests end user’s susceptibility to phishing attacks. This includes creating the email templates, launching the campaigns, user training, and writing an executive summary.
Installed, configured, and tuned the SIEM installation. Manges and monitors the SIEM for alarms and any tuning changes that occur.
Managed the Intrusion Detection System, which included tasks such as alert review, rule review, alarm creation, and other related tasks.
Managed the anti-virus solution, including scan configuration, policy creation, and alert review.
Assisted with creating STIGs for MacOS and RHEL via CIS Benchmark Standards.
Assisted with audit tasks such as client audits, SOC II Type II, and ISO 27001/2.

Westinghouse Electric Company, Cranberry Twp, PA

Incident Response Analyst, Jan 2017 – Sep 2017

Performed detailed analysis of SIEM alerts.
Analysis included correlation of various security appliances and SIEM log aggregation.
Copied forensic images for legal matters, keeping proper chain of custody and documentation.
Configured multiple virtual environments for incident response use and testing purposes, such as a Cuckoo Malware Sandbox, CentOS hyper-visor, and AlienVault OSSIM installation.

NTT Security, Pittsburgh, PA

Cyber Security Specialist, Jan 2016 – Dec 2016

Performed analysis on red flags triggered by IDS’s, firewalls, servers, workstations, and other networked devices.
Determined if the red flags are malicious or false positive and created detailed write-ups to send to the clients.
Depending on the red flag, investigation may include malware analysis, malware and reputation analysis of IP addresses, payload analysis, and other such tasks

Various Internships, Exton, PA

Summers, Jun 2012 – Aug 2015

Worked in a database conversion process of porting an old FoxPro database to SQL Server.
Wrote SQL queries providing statistics to help ensure data integrity and for troubleshooting assistance.
Worked in an exchange server conversion reconfiguring company devices.
Took care of various day to day IT tasks such as desktop support and rebuilds.
Performed day to day tasks the network administrator gave to me, such as making and running Ethernet cabling, setting up PC’s, and rebuilding PC’s, etc.