Logo

Provides Testimony In

Cyber forensics, cyber, counterintelligence, ransomeware, breach, insider threat, phishing attack, intrusion, installation, operation, cyber troubleshoot, network telecommunications, collection management, in theater operations support, field services, systems planning, cyber security, hacking analysis, exploit of viruses, propogation of viruses, mal ware, trojans, mal deteriming user activity, automatic teller machine

EXPERIENCE SUMMARY

•This expert is a results-driven Security Professional with over 27+ years in IT and IT Security, including years of Intelligence Analysis with multiple government agencies, working in the Cyber intel, Network Telecommunications, SOC (security operations center) Management, SEM (security event management), and Incident Response experience.
•This expert built and managed SOCs (Security Operations Centers) with various organizations such as WMATA and Amtrak, training new teams, building the processes and procedures, working on the proof of concepts for the newly acquired tools and provided metrics and solutions for the overall security posture for the organizations.
•This expert possesses excellent team leadership where he led teams of 6-40 members as direct reports.US/European citizen.
•Active Top-Secret clearance investigation finished in 2019.

SECURITY TOOLS & CORE COMPETENCIES

FireEye (FX, EX, NX), Varonis, SNOW, Microsoft Azure and Sentinel, AWS, Dragos, ArcSight, Splunk ES/ITSI, Sourcefire, Checkpoint, Proofpoint, Bit9, Infoblox, Carbon Black, Zscaler, Anomali, Bluecoat CyberReason, DarkTrace, Tanium, IBM Resilient/CO3, Cisco Iron Port Cisco Firepower, Netskope and Crowdstrike among other tools.
Competent in various Cyber frameworks among them: NIST 800 series, ISO 2700 and the MITRE attack framework.

EXPERIENCE

Amtrack- Security design and Architecture Tech Lead- April 2022 – February 2023

•Serve as the security design and architecture tech lead in the innovation and design group for multiple projects of varying complexity and size to help deliver security solutions for complex assignments and ensure projects are implemented through the Client DevSecOps process in alignment with Client Security Requirements and IT Architectural Standards.
•Conducts business impact analysis to ensure resources are adequately protected with proper security measures by attending to products demonstrations and proof of concepts to solutions such as AWS and Microsoft Azure, Dragos and Microsoft Sentinel.
•Interfaces regularly with staff from various departments, communicating security issues, and responding to requests for assistance and information.
•Analyze vulnerability scan and penetration test reports for security vulnerabilities and recommend feasible and appropriate options for mitigation or resolution.

Marriott | Remote (contract)-Senior Cyber Security Lead – October 2021 to March 2022

•Manages the global CIRT team, experience in assessing and analyzing APT, DDoS, Phishing, Malicious Payloads, Malware using Crowdstrike and Splunk as main SIEMs.
•Strong analytical skills and efficient problem solving to relay the updates to senior leadership.
•Updating protocols and maturing ‘playbooks’ of operational response to cyber threats.
•Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs.

ATT | Remote (contract)- Cyber Security Lead at USAF- August 2020 to September 2021

•Night shift incidents response in a MSSP environment, triaging alerts from various government agencies using tools such as Fidelis and Kibana elastic search, Splunk, SNOW and FireEye.
•Collect, analyze, and enrich the event information to perform the threat analysis.
•Interprets the reports and events of the anomalies to the processes of the Computer Network Directive including the initiation, response, and reporting of the discovered alerts.

Leidos | Silver Spring, MD- Cyber Security Manager at NOAA- November 2019 to July 2020

•Respond to cyber incidents, including responding to N-CIRT and preparing situational awareness reports for NOAA and/or DOC management.
•Defining protocols and maturing ‘playbooks’ of operational response to cyber threats.
•Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs, including DOC and US-CERT in compliance with US-CERT incident reporting and guidelines.
•Participate regularly in IR working group sessions and collaborate across organizational lines and develop depth in your desired cyber discipline and technologies using tools such as Checkpoint, SourceFire and Zscaler.

Infosys | Los Angeles, CA (contract)- Cyber Security Manager/Lead Consultant- February 2019 to November 2019

•Focuses on the Security tools, SIEM monitoring and log source integrations Skills.
•Works with CIRT teams, about 40 people, experience in assessing and analyzing APT, DDoS, Phishing, Malicious Payloads, Malware etc.
•Deep understanding of advanced Security Analytics, Forensics, and Cybersecurity Frameworks such as Mitre Attack, ISO 2700 and NIST 800. Also participated in the critical Incident Response/ Breach Response using tools such as Splunk, Proofpoint, FireEye and AWS.
•Strong analytical skills and efficient problem solving
•Review of the SOC processes and procedures regularly and update the documents.
•Using the capabilities of SIEM and Integrated Metrics to generate the needed reporting reports.
•Project and talent management

AIG | Reston, VA (contract)- Senior Global Cyber Risk Defense Analyst- August 2018 to February 2019

•Manages and executes multi-level responses and addresses reported or detected incidents using tools such as Symantec DLP, Splunk, CyberReason, Anomali, Tanium, SNOW and Darktrace.
•Collects, analyses, and enriches event information and perform threat or target analysis duties.
•Interprets, analyses, and reports all events and anomalies in accordance with Computer Network Directives, including initiating, responding, and reporting discovered events.
•Distributes directives, vulnerability, and threat advisories to identified consumers.
•Provides reporting and metrics around security monitoring by designing dashboards for asset owners and management consumption.

WMATA | Washington, DC (contract)- Cyber Threat Analyst/Manager- November 2017 to June 2018

•Splunk integration and implementation, managed the proof of concept.
•Dedicated resources on the project to upgrade the current SOC.
•Participated in the ISO 27001/2 certifications process, gathering the process and procedures needed to submit to the auditor among other required documentation from various team members.
•Worked on all systems and/or projects within the organization responsible for providing Cyber Security Threat detection utilizing network and host-based Computer Security tools, appliances, and end point products such as FirePower, IBM resilient, Varonis and Splunk.
•Developed and modified new and current cyber security correlation rule sets.
•Documented security incidents as identified in the incident response rules and escalate to management as required.
•Maintained system baselines and configuration management items, including security event monitoring “policies” in a manner determined by the program management.
•Provided documentation and interaction with other analysts and Operations and Maintenance (O&M) personnel to ensure a complete and functioning system that meets requirements.

Ciena Corp | Hanover, MD- Security Operation Center Manager- August 2013 to September 2017

•Built, led, and motivated the team of 7 members in a dynamic environment.
•Partnered with key customers of Ciena’s enterprise network to ensure security compliance across the entire enterprise domain.
•Supervised the development and maintenance of standard procedures related to the SOC
by leading the functional Ciena’s Computer Incident Response Team (CIRT)
•Focused on identifying and countering cyber threats.
•Coordinated with other global offices related to security for escalation of issues.
•Managed the implementation of new technologies within the SOC and lead automation of monitoring administrative tools.
•Maintained current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers.
•Led an operational team who conducts event analysis and triage, focusing on a range of unstructured events. Identify and hunt for related TTPs and IOCs across all internal/external repositories.
•Drafted, edited, and reviewed threat intelligence analysis from multiple sources.
•Managed and monitored the security logs from SEM tools such as Splunk, Proofpoint, Iron Port, SNOW, Infoblox, Carbon Black (Bit9) and FireEye.

JPMorgan Chase | NY- Arcsight Security Analyst- April 2013 to August 2013

•Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management.
•Reviewed raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs, source codes).
•Deductive reasoning, critical thinking, problem solving, and prioritization skills.
•Assisted in the development and maintenance of tools, procedures, and documentation including the resolution of customer escalations, incident handling, and response.
•Using of IDS, IPS using tools such as FireEye and/or other signature matching technology by using tools such as Bluecoat, Peregrine, Conquest, ITSM and PSM.

Ft Meade | MD- Cyber Fusion Analyst- September 2012 to March 2013

•Led and directed diverse functional aspects in the operation of complex cyber security solutions to include network defense infrastructure, security monitoring, event aggregation and correlation, incident management, vulnerability assessment and management using various ESM tools such as Arcsight.
•Advised senior leadership on security strategy, mission alignment, security architecture, and IT security solutions.
•Coordinated resolution of problems and tasks, selling new ideas in support of operational objectives. Interfaced with all areas affected by the project including end users, computer services and client services.

Air Force | Pentagon – Senior Business Analyst, Cyber Security (contract)- March 2012 – July 2012

•Served as a technical advisor in ensuring cyber security standards are implemented to enable Air Force organizations to practice safe security techniques by following the DIACAP process.
•Provided information assurance support for the development and implementation of security architectures to meet new and evolving security requirements on cross domain solutions.
•Set up periodic and other unscheduled briefings on the status of critical joint initiatives for Air Staff, SECAF, Joint Staff, and DoD key officials concerning enterprise network initiatives.
•Served as an Air Force technical representative for IA at technical symposia, industry conferences, seminars, meetings, working groups (DSAWG), panels and advise on cross domain solutions issues.
•Prepared, facilitated, and provided post-event minutes and summaries for action officer, executive, and Congressional level hearings, meetings, seminars, conferences, boards and related activities.
•Facilitated the coordination of actions required to implement IT capabilities at the AF Enterprise level, analyzed technology trends to support IT strategic planning using various ESM tools such as Arcsight.
•Authored, reviewed, and edited policy documents, regulatory instructions, concepts of operation, and other formal documents as necessary to accomplish tasking and program execution.

Senior Consultant, Guidance Software (contract)- June 2011 – October 2011

•Client Management included actively consulting with Federal sector clients on best practices and Cyber Security solutions, products implementation in the client networks and managing the planned expectations.
•Project Management which included providing flexible strategies, creating deliverables in professional structure, and providing detailed reports depicting the overall services provided.
•Provided mentoring to other consultants in the field of Cyber Security using various ESM tools such as Arcsight.

Ft. Meade-DISA- Enterprise Sensor Grid Manager & Lead Network Security Engineer- January 2010 – April 2011

•Acted as the Agency’s sensor grid manager on the Department of Defense (DoD) DISA operated Global Information Grid (GIG) enterprise sensor grid. Prepared daily executive summary of the health of the GIG enterprise sensor and presents the material, as required, to senior government leadership.
•Following DISA SOPs, user guides and STIGs.
•Coordinated and assisted DISA NetOp Centers (DNC), the SOC (watch floor) and Field Security Operations on enterprise sensor capabilities, Incident response, outages, and maintaining HIPAA (PII) guidelines.
•Used tools such as Arc sight ESM Logger/Connectors, Netcentrix, Trickler, Dscape and Remedy to monitor the network intrusions and devices health such as Cisco routers and various switches.
•Participated in the continuous operations (Coop) exercise to maintain 24×7 coverage.
•Acted as a Subject Matter Expert at DCITA (Defense Cyber Investigations Training Academy). Developed and delivered customized Network Investigations & Cyber CI trainings.
•Provided inputs for courseware, concerning new or existing security system procedures and/or programs to ensure compatibility with the customer’s standard operating procedures.
•Developed detailed design courses using best of breed security & Forensics equipment including firewalls, incident response, intrusion detection systems (IDS) and access control servers.
•Also used various tools and software such as Encase, VMware, Netwitness, Forensic toolkit, Snagit, Pcap, Analyst Notebook, mobile Edit, Intrusion detection, Firewalls, TCP/IP, Routing/Switching, IP packets Analysis, intrusion analysis and pen testing.

DSS- Cyber CI Analyst- June 2009 – January 2010

•Performed intelligence analysis on cleared defense contractor networks to support the DSS Counterintelligence mission, Ethical hacking.
•In accordance with DoD National Industrial Security Program (NISP) guidance, collaborated with analytical counterparts across the U.S. Intelligence Community
•Applied knowledge of network fundamentals, open-source tools, and current implementation of those technologies in order to create all-source analytic products and collection strategies.
•Performed all-source intelligence analyses of cyber activities to identify entities of interest; their methods, motives, and capabilities to determine malicious behavior; and recognized emergent patterns and linkages to mitigate the risks and understand adversary targeting of classified programs and cleared personnel.
•Produced technical intelligence reports in support of special programs and system security plans working with Intrusion detection systems, Firewalls, pen testing, TCP/IP, Routing/Switching, IP packets Analysis, intrusion analysis and incident response using tools such as Arc sight to provide expertise and leadership to the team in the development of analytical models and assessments.

Cyber threat Analyst at Fort Meade – 10/2008-06/2009 (Backfill contract)

•Serve as a linguist in the support of the Army Cyber Counterintelligence Activity at the 902d Military Intelligence Group. Conduct Counterintelligence collection operations in a cyber environment to meet Army, DOD and national collection requirements.
•Provide linguistic and cultural subject matter expertise in support of a sensitive Army mission. Conducted open-source research and synthesized research with collected intelligence to meet requirements and tasking.
•Wrote various Intelligence Information Reports (IIRs) on the Portico system where few of them received evaluations by the Intelligence Community.
•Produced Cyber Intelligence Reports that detailed specific threats to Army and DOD equities and identified operational actions to mitigate those threats.

CERTIFICATIONS

  • CISSP/CISM (class cert)
  • Security+E certified
  • Net+ Comptia
  • CEH (Certified Ethical Hacker)

Additional Professional Experience:

12/2006 – 09/2008- Intelligence/Linguist for the DIA (Defense Intelligence Agency)

03/2004 – 08/2006-Intelligence/Linguist for the DIA (Defense Intelligence Agency)

2001 –present– Silver Spring MD- President ECI, LLC

1/2000 -02/2001- Silver spring, MD- Regional Sales Engineer-East coast –Ericsson Inc

1/1999 – 12/1999 – Andover, MA- Lead network engineer/Account manager CMGI-Navinet-

1/1998 – 12/1998 -Westford, MA- Network Support Engineer- Ascend /Lucent-

1/1997 -12/1997-RTP, NC- Consultant Engineer/Project manager- MCI

Speak With This Expert For Free

Request This Expert

Can’t Find The Right Expert?

Click Here & We Will Help You