Cyber Telecommunications Expert Witness

Provides Opinion & Testimony In:

Cyber forensics, cyber, counterintelligence, installation, operation, cyber troubleshoot, network telecommunications, collection management, in theater operations support, field services, systems planning, cyber security, hacking analysis, exploit of viruses, propogation of viruses, mal ware, trojans, mal deteriming user activity, automatic teller machine

Expert No. 3854


Results-driven professional with ten years of intelligence analysis, cyber counterintelligence, and network telecommunications experience including all-source collection management and reporting, in-theater operations support, field services; systems planning, Cyber Forensics, installation, operation, troubleshooting and maintenance.  Over 5 years of project management, sales engineering and account management experience as well.  Possess excellent team leadership, customer and staff management skills. Expert No. 3854 is also an experienced Native Arabic and French speaker with over 5 years of working linguistic/Intelligence analysis based contracts in Iraq and Qatar.


Expert No. 3854 would be a CCA with an active TS / SCI and CI Poly. CI Poly in 2009, SSBI Closed in 2008


2012    CISSP (In class now until December 2012 at Howard Community College, MD)
2011    CCIE Security Boot camp (covered ASA, ACL, IPS, IDM) - CCBOOTCAMP - Texas
2010    Cyber Defense Academy (DCITA) - MD- Counter Intelligence in Cyber Space (CICS)
2009    Cyber Defense Academy (DCITA) - MD- Cyber Online Undercover Techniques (OUT)
2008    Joint Military Virtual University - Tysons Corner- VA- Geospatial Information and Services
2007    Joint Military Intelligence Training Center -VA- Gisting for the 21st Century Linguist
2005    Montgomery College-Rockville-MD- Visual Basic.Net & JAVA.
1993    IDRAC France (European Territory)-France-Paris.
1991    IDIT B.T.S (B.S. Level) Engineering/Business-Paris France


•    Encase Enterprise
•    Encase EDiscovery
•    Encase Implementation
•    Encase Forensics 1 & 2
•    Security+ certified
•    Net+ – comptia.
•    ATM Configuration.
•    CEH (Certified Ethical Hacker)
•    Troubleshooting Frame Relay Networks.
•    Geospatial Information- Joint Intelligence University.
•    Advanced Cisco configuration.
•    Online Undercover Techniques-Cyber-DCITA.
•    Cisco Network Troubleshooting
•    CICS (Counter Intelligence in Cyber Space).
•    DLPT 3/3 in Arabic (MSA, Levantine dialect, Egyptian & Yemeni Dialect, most of the Arabic
      speaking countries) and French and ALTA 5/5


July 2012 - September 2012: Private Company, Germantown, MD:   
•    Provide technical support to security personnel in examining computer resources as directed,
      including the identification and removal of contaminating classified data from unclassified
      systems to return the resource to service.
•    Develop approved Standard Operating Procedures (SOP’s) including escalation procedures for
     clearing various hardware and software platforms, as new requirements are identified or arise.
•    Enable and implement procedures for the remote wiping of systems remotely using DOE’s
      installation of EnCase Enterprise.  tools (such as search or clearing utilities), HbGary and
      FireEye to support the decontamination process, Ethical hacking.
•    Conduct “Lessons Learned” evaluations using the information gained from the evaluation of
      information security incidents to identify recurring or high impact incidents.
      Disseminate findings of cyber activity to the DOE community and National agencies including
      US-CERT and the Intelligence Community.

March 2012 - June 2012: Senior Business Analyst, Cyber Security - Air Force - Pentagon (contract):
•    Serves as a technical advisor in ensuring cyber security standards are implemented to enable    
      Air Force organizations to practice safe security techniques by following the DIACAP process.
•    Provides information assurance support for the development and implementation of security
      architectures to meet new and evolving security requirements on cross domain solutions.
•    Set up periodic and other unscheduled briefings on the status of critical joint initiatives for Air
      Staff, SECAF, Joint Staff, and DoD key officials concerning enterprise network initiatives.
•    Serves as an Air Force technical representative for IA at technical symposia, industry
      conferences, seminars, meetings, working groups (DSAWG), panels and advise on cross domain
      solutions issues.
•    Prepares, facilitates, and provides post-event minutes and summaries for action officer,
     executive, and Congressional level hearings, meetings, seminars, conferences, boards and
     related activities.
•    Facilitate the coordination of actions required to implement IT capabilities at the AF Enterprise
      level, analyze technology trends to support IT strategic planning.
•    Author, review and edit policy documents, regulatory instructions, concepts of operation, and
      other formal documents as necessary to accomplish tasking and program execution.

June 2011 - October 2011: Senior Consultant, Guidance Software (contract):
•    Client Management including actively consulting with Federal sector clients on best practices
      and Cyber Security solutions, products implementation in the client networks and managing the
      planned expectations.
•    Project Management which includes providing flexible strategies, creating deliverables in
      professional structure and providing detailed reports depicting the overall services provided.
•    Planning client engagements and deliverable strategies along with resolving any internal
      department conflicts and identifying risks areas along with providing a proper solution.
•    Provide mentoring to other consultants in the field of Cyber Security.

January 2010 - April 2011: Enterprise Sensor Grid Manager & Lead Network Security Engineer,
•    Act as the Agency’s sensor grid manager on the Department of Defense (DoD) DISA operated
     Global Information Grid (GIG) enterprise sensor grid.  Prepares daily executive summary of the
     health of the GIG enterprise sensor and presents the material, as required, to senior
     government leadership.
•    Coordinate and assist DISA NetOp Centers (DNC), the SOC (watch floor) and Field Security
     Operations on enterprise sensor capabilities, Incident response, outages, and maintaining  
     HIPAA (PII) guidelines.
•    Used tools such as Arc sight Logger/Connectors, Netcentrix, Trickler, Dscape and remedy.
•    Participated in the continuous operations (Coop) exercise to maintain 24×7 coverage.
•    Act as a Subject Matter Expert at DCITA (Defense Cyber Investigations Training Academy).  
      Develop and deliver customized Network Investigations & Cyber CI trainings. Provide inputs for
     courseware, concerning new or existing security system procedures and/or programs to ensure
     compatibility with the customer’s standard operating procedures.
•    Develop detailed design courses using best of breed security & Forensics equipment including
     firewalls, incident response, intrusion detection systems (IDS) and access control servers. Also
     the use of various tools and software such as Encase, VMware, Netwitness, Forensic toolkit,
     Snagit, Pcap, Analyst Notebook, mobile Edit, Intrusion detection, Firewalls, TCP/IP,
     Routing/Switching, IP packets Analysis, intrusion analysis and pen testing.

June 2009 - January 2010: Cyber CI Analyst, SAIC, Linthicum, MD:
•    Perform intelligence analysis on cleared defense contractor networks to support the DSS
      Counterintelligence mission, Ethical hacking.
•    In accordance with DoD National Industrial Security Program (NISP) guidance, collaborate with
      analytical counterparts across the U.S. Intelligence Community; apply knowledge of network
      fundamentals, open-source tools, and current implementation of those technologies in order to
      create all-source analytic products and collection strategies. 
•    Perform all-source intelligence analyses of cyber activities to identify entities of interest; their
      methods, motives, and capabilities to determine malicious behavior; and recognize emergent
      patterns and linkages to mitigate the risks and understand adversary targeting of classified
      programs and cleared personnel.
•    Produce technical intelligence reports in support of special programs and system security plans
      working with Intrusion detection systems, Firewalls, pen testing, TCP/IP, Routing/Switching, IP
      packets Analysis, intrusion analysis and incident response using tools such as Arc sight to
      provide expertise and leadership to the team in the development of analytical models and

October 2008 - June 2009: Cyber Analyst, MEP, Fort Meade, MD:
•     Linguist in the support of the Army Cyber Counterintelligence Activity at the 902d Military
      Intelligence Group.
•    Conduct Counterintelligence collection operations in cyber environment meeting Army, DOD and
      national collection requirements.
•    Provide linguistic and cultural subject matter expertise in support of a sensitive Army mission.
      Conducted open source research and synthesized research with collected intelligence to meet
      requirements and tasking. Wrote various Intelligence Information Reports (IIRs) on the Portico
      system where few of them received evaluations by the Intelligence Community.
•    Produced Cyber Intelligence Reports that detailed specific threats to Army and DOD equities
      and identified operational actions to mitigate those risks and threats using Intrusion detection
      systems, Firewalls, TCP/IP, Routing/Switching, IP packets Analysis, intrusion analysis.

December 2006 - September 2008: Intelligence/Linguist, DIA, Northrop Grumman and NWB, NMEC, VA:
•    Manage production of intelligence reporting from tactical to strategic level, responds to
      evaluations of intelligence reporting, creates and submits intelligence requirements, targets
      and assesses intelligence gaps, creates and monitors analytical support products, conducts
      presentation of intelligence products.
•    Maintains and increases organizational knowledge of analytic methodologies, best practices,
      and common procedures for community activities.

March 2004 - August 2006: Intelligence/Linguist, DIA (Defense Intelligence Agency):
•    Based in Qatar and Iraq, worked with the DOD to interpret various data using linguistic and
      tech skills.
•    Managed tools such as DOCEX for HUMINT.
•    Maintain and increase organizational knowledge of analytic methodologies, best practices, and
      common procedures for community activities.

2001 - Present: President, ECI, LLC, Silver Spring, MD:
•    ECI (Private Company) created and founded an ecommerce website: (Private) .com as
      well as a retail store in a Maryland shopping center.
•    Handled licensing, raised the Capital to create the assets with the banks, and managed all
      related business aspects with the Corporation.

January 2000 - February 2001: Regional Sales Engineer - East Coast, Ericsson Inc., Silver Spring, MD:
Traveled all over the country to qualify our leads working with the sales team on a day to day basis between the Product Unit and Business Unit and marketing to get every new product deployed and worked with tech support to get resolutions on issues encountered.
January 1999 - December 1999: Lead Network Engineer / Account Manager, CMGI-Navinet, Andover, MA:
•    Provide support to various ISPs as the account manager to resolve problems related to the
      internet, dial-up networking, Telcos and different Dns and servers issues.
•    Supported Firewalls, TCP/IP, Routing/Switching and IP packets Analysis.
•    Manage team and related organizational projects, installing and implementing tools as Navis
      Access from Lucent.

January 1998 - December 1998: Network Support Engineer, Ascend/Lucent, Westford, MA:
•    Provide Support Help Desk to the sales force.
•    Perform Network Management services using HPOpenView, dial-in using ProComm Plus, or
      telnet through a UNIX machine. Monitor and maintain communications network.
•    Perform diagnostics and repair on lines and related equipment.
•    Configure switches and Ascend Routers to support WAN environment and worked on circuits
      and ports.
•    Downloaded CP software and helped customers bring up their switches.
•    Helped on customer’s network design and worked internationally with foreign accounts.
•    Supported Firewalls, TCP/IP, Routing/Switching and IP packets Analysis.

January 1997 - December 1997:   Consultant Engineer/Project Manager, MCI, RTP, NC:
•    Performed circuit tests for international customers in Global Network Management Center.
•    Provided 1st and 2nd level support on a 24×7 shift, troubleshooting DXCS, CSU/DSU, and Cisco
      Routers using MCI tools.
•    Used Netview 6000 and HP OpenView to diagnose alarms and interfaces.
•    Worked for Concert (a joint venture between British Telecom and MCI) on the European contact
•    Processed all project management duties including sales, proposals, monthly forecasts and
      account profiles in a timely fashion.
•    Installed, monitored, and maintained communications network.
•    Controlled the performance and status of network resources.
•    Supported Firewalls, TCP/IP, Routing/Switching and IP packets Analysis.