Summerville, South Carolina, United States
Cybersecurity executive with 20+ years securing SaaS, cloud platforms, and enterprise environments.
• Directly responsible for the protection of the “lives” of tens of millions of individuals who trust their personal, financial, and medical information to the Benefitfocus SAAS platform. • Established a formal threat discovery and response program from the ground up to include people, processes, and technology. • Developed and implemented a use case methodology for the development and documentation of custom threat detection content. • Hire, train, and manage a team of up to eight analysts/engineers. • Manage operational relationship with a MSSP (vSOC) providing monitoring and threat hunting. • Established a formal vulnerability management program from the ground up that ultimately resulted in a 95+% increase in vulnerability remediation. • Manage the operations and monitoring of all security technologies including SIEM, IDS, AV, EDR, HIPS, WAF, DLP and others. • Develop and regularly report metrics to track process and technology performance. • Manage engineering support of cyber security detection and response technologies. • Evangelize Benefitfocus Cyber Defense capabilities to customers, prospects, and 3rd party customer/regulatory audits. • Developed and led numerous internal incident response tabletop exercises. • Led detection and response operations in blind 3rd party red team exercises resulting in “top 10” blue team performances according to two separate industry leading red teams.
• Supported the Network Security Monitoring team providing Computer Network Defense, intrusion detection, and analysis services to numerous DOD subscribers. • Daily use of various CND tools and security appliances for incident detection and analysis including ArcSight, Snort, SILK, Wireshark, HBSS, Intrushield, Ironport, etc, in a Linux environment. • Performed high-level, long term network traffic analysis beyond that of basic event and intrusion analysis to include investigation of exploits, tactics, techniques, and procedures used by attackers. • Supported the Cyber Threat Activity team with on demand detection and analysis of current real world hostile cyber actors. • Performed daily network flow and packet capture analysis in support of the CND mission. • Trained junior staff in CND operations and intrusion analysis/incident handing. • Created status reports for subscribers presenting various daily detection metrics, as well as reports detailing incident information, analysis, and remediation instructions.
-Managed all security monitoring for the MSPRC network supporting 600+ users. -Preformed mock assessments (interviews, scanning, documentation reviews) to prepare for blue team assessments. -Led the implementation of NetIQ Security Manager log correlation software -Conducted trend and log analysis to identify potential security incidents and responded to alerts. -Analyzed logs from Cisco IOS devices, Windows, Linux, and security appliances -Analyzed security requirements and developed security policies, procedures, and controls to ensure compliance with federal guidelines. -Provided regular technical and non-technical reports to management and federal oversight concerning the condition of network threats, vulnerabilities, incidents, and other various metrics. -Audited network and systems identifying potential vulnerabilities using Nessus Vulnerability Scanner and other tools/techniques. -Managed facility badge and access control system. -Participated in the roll-out of a new datacenter and assisted in the implementation of a new network architecture that incorporated the use of separately managed security segmented zones. -Evaluated and recommended new security technologies to improve the posture of the network.
• Served as the Information Systems Security Officer (ISSO), managing a team of three Computer Security professionals. • Led the Certification & Accreditation process for WSI-SRS computer systems to include the development of System Security Plans, Risk Assessments, Configuration Management Plans, System Tests and Evaluations, and Contingency Plans. • Managed the design, implementation, and operation of a classified diskless network to handle all classified information processing, effectively eliminating Accountable Classified Removable Media. • Analyzed security regulations to ensure compliance with numerous DOE Manuals (205.1A, etc.), the DOE-EM PCSP, PSP, FIPS, and NIST Special Publications (800-53, etc.). • Managed security detection and response capabilities utilizing of IBM Proventia Intrusion Prevention System, Snort Intrusion Detection System, and system event logs. • Led the vulnerability management program utilizing Tenable Nessus and ISS Internet Scanner to ensure compliant operations. • Provided regular technical and non-technical reports to management and federal oversight concerning the condition of network threats, vulnerabilities, incidents, and other various metrics. • Conducted forensic reviews of 100’s of computer systems to support the DOE using EnCase Enterprise while representing WSI-SRS on the DOE SRS Cyber Forensic Team.