Co-Founder/Part-Time Researcher

FireRing.io, San Jose, CA / Huntsville, AL

July 2023 – Present

• IT Security Services: Provided IT security services and brand intelligence for healthcare institutions and educational facilities.
• Vulnerability Assessments: Conducted scans and vulnerability assessments for over 8,000 public and private US and Canadian-based clinics, hospitals, schools, and offices.
• Client Database Development: Generated a database of potential clients based on target demographics and needs assessment to drive business growth.
• Security Configuration: Performed vulnerability scanning, traffic analysis, and ASA configuration for ThermoFisher Vaccine Freezer to ensure secure operations.
• Product Security Monitoring: Collaborated with Intuitive Surgical product security team to track and monitor Sonicwall CVEs on DaVinci Si surgical robot, enhancing overall system security.

Insider Threat Analyst

Adobe, San Jose, CA

March 2023 – December 2023

• Workflow Development: Created new workflows based on metrics of past and present Adobe insider threat incidents to improve detection and response processes.
• Case Triaging: Successfully triaged a 12+ month backlog of insider threat cases involving users exfiltrating Adobe IP and infiltrating competitor IP.
• Endpoint Monitoring: Enhanced functionality of self-hosted End-of-Life ObserveIT deployment by processing employee screen recordings using ugrep and Tesseract for improved monitoring capabilities.
• Legal Reporting: Reported case findings to the legal team as a precursor for potential litigation, ensuring compliance and preparedness.
• SIEM Implementation: Coordinated with stakeholders to implement a coordinated SIEM solution utilizing Purview and ObserveIT APIs for enhanced security monitoring.
• Contract Role: Fulfilled this position through Nextgen.

Automotive Security Specialist

Lucid Motors, Newark, CA

May 2022 – December 2022

• Vehicle Security Operation Center (VSOC): Collaborated with security contractors and data scientists to implement and operate a VSOC by creating an in-house SIEM system.
• Telemetry Monitoring: Monitored connected car telemetry control units for anomalies from onboard CAN and Automotive Ethernet networks.
• False Positive Reduction: Coordinated with data science and maintenance teams to eliminate odometer modification false positives during maintenance by synchronizing Linux-based IoT systems using Python over MQTT.
• Compliance Audit: Assisted the compliance specialist with UN R155/R156 audit of the Lucid Air electric vehicle. Intrusion Detection: Researched use cases for automotive network intrusion and recreated third-party penetration test attack scenarios for detection.
• Telemetry Control Unit Audit: Audited the Telemetry Control Unit for security and quality, resulting in a reduction in image size and elimination of exploitable API calls to cloud infrastructure.
• Contract Role: Fulfilled this position through Xoriant.

SOC Analyst L3

IBM/Kyndryl, Remote

September 2021 – April 2022

• Incident Response: Revised and created new incident response playbooks following the separation from IBM to Kyndryl.
• Identity Access Management (IAM): Collaborated with cross-functional teams to standardize IAM processes for the newly formed company.
• Case Reporting: Spearheaded an initiative to standardize case reporting formats and criteria, leveraging previous SOC experience.
• Endpoint Investigations: Conducted thorough investigations on endpoints using CrowdStrike tools.
• Contract Role: Fulfilled this position through Experis/Manpower.

SOC Senior Analyst

NASA Security Operations Center, Mountain View, CA

January 2019 – June 2020

• Network Monitoring: Monitored diverse network types nationwide across NASA’s numerous flight and research centers to ensure security and integrity.
• Packet Capture Optimization: Reverse engineered and improved in-house Python-based packet capture code to parse alerts with a new SIEM, significantly reducing the time and effort required for analysts to multitask incidents.
• Threat Hunting: Hunted L3/L4 egress session traffic to identify Command and Control (C2) activity using Splunk Enterprise Security (ES).
• Incident Investigation: Investigated potential IP blocks and triaged false positives using Fortigate logs in conjunction with Arcsight and Splunk ES, enhancing team efficiency.
• Encrypted Traffic Analysis: Analyzed encrypted network traffic at a high level and used FireEyeHX ETDR (Endpoint Threat Detection and Response) solution to provide corresponding low-level contextual information to support investigations.
• Government Contractor Role: Fulfilled this position through NTT Data Federal, formerly Dell Services.

Lead Control Room Analyst and Network Engineer

NASA Advanced Supercomputing, Mountain View, CA

June 2015 – December 2019

• Data Management: Led data management and compute queue restructuring initiatives, delivering 24/7 support for Pleiades and Electra to 1,500 scientists and researchers worldwide.
• Team Leadership: Monitored productivity and efficiency of junior analysts; recruited, selected, and trained team members to enhance overall performance.
• System Problem Analysis: Conducted initial analysis of network and system problems, including escalating issues to reboots of high-performance supercomputer nodes, dumps, and kernel debugging.
• Access Control Management: Managed user and group access controls using PKI, RSA Archer, UNIX/Linux ACLs, and LDAP across SUSE and Redhat environments.
• Automation Scripting: Co-authored scripts to automate ticket submissions, reducing time and effort needed for coordination with datacenter technicians; recommended security improvements and oversaw metrics.
• Disaster Recovery: Coordinated disaster recovery efforts during facility crises, revising emergency procedures for improved clarity in crisis situations such as fire, power loss, and cooling failures.
• Network Hardening: Coordinated with representatives from the Department of Homeland Security to harden datacenter and enterprise networks to comply with Enterprise External Border Protection (EBPro) initiative.
• Critical Mission Support: Continuously expanded and performed break-fix support of networks that supported critical NASA missions, including Pleiades, Kepler space simulation, International Space Station, and Quantum Artificial Intelligence Laboratory (QuAIL).
• Security Compliance: Updated and revised network security controls, control compliance, and mission-critical exemptions in alignment with NIST 800-53 guidelines.
• Operational Efficiency: Developed working relationships with engineers at universities, NREN partners, and other NASA facilities (Glenn, Goddard, JPL, Johnson Space Center) to improve operational efficiency.
• Access Control Implementation: Continuously managed and implemented Access Control Lists (ACLs) on Cisco IOS routers and switches to align with security controls and block requests.
• Government Contract Role: Fulfilled this position through CSC, CSRA, General Dynamics, and Inuteq/ASRC.