SUMMARY:

• 15 years experience working in network operations and telecommunications.
• 7 years experience working in cyber security and network defense.
• Experience using network defense tools including Arcsight, Wireshark, NIKSUN, Netwitness, Sourcefire, Akamai, Websense, TippingPoint, McAfee IntruShield, FireEye, Dragon IDS, NTOSpider, FTK Imager, Fidelis, IronPort, Proofpoint.
• Extensive experience with installation, operation, and troubleshooting of several types of network devices, transport systems, and various other communications solutions.
• Experience supervising and training technical staff, briefing senior management, and ensuring contract performance requirements are met or exceeded.
• Active Top Secret security clearance.

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Deputy Branch Chief

Responsibilities:

• Manage team of analysts performing 24/7 cyber security operations.
• Ensure 24/7 monitoring of agency security and network infrastructure.
• Direct investigations into possible intrusion attempts and suspected malicious activity across large enterprise network.
• Review incident cases to ensure accurate findings, thorough documentation, and adequate response measures.
• Train analysts in advanced threat detection and mitigation techniques.
• Brief senior level managers on cyber security operations, active case status, and overall agency security status.
• Coordinate between security engineering and security operations to ensure security tools are continually improved to meet the needs of the analysts.
• Create reports and briefings detailing incident categories, case status, and recent trends.
• Write SOPs to ensure proper training of team members.
• Investigate possible insider threats, as well as potential fraud, waste, and abuse cases.

Confidential, Washington, DC

Senior Cyber Security Analyst

Responsibilities:

• Perform IDS analysis and Incident Response functions for rapidly growing network.
• Monitor and investigate alerts using Sourcefire IDS.
• Utilize cyber security tools such as Splunk and IronPort.
• Analyze packets and log data to identify malicious activity or confirm false positive alerts.
• Ensure quarantine of compromised systems, prevention of further activity, retrieval of relevant data for analysis, and safe restoration of normal activity.
• Conducted dynamic/behavioral malware analysis to confirm malicious activity.
• Track and analyze advanced persistent threats and evolving exploitation methods.
• Review various intelligence sources for information regarding new threat indicators.
• Utilize open source tools to analyze suspicious domains, addresses, and files.
• Open and track cases used to document investigations and response activities.

Confidential, Washington, DC

Senior Cyber Security Analyst

Responsibilities:

• Detected, investigated, and mitigated possible intrusion attempts and suspected malicious activity across large enterprise network.
• Monitored and investigated alerts using Arcsight SIEM.
• Utilized cyber security tools such as Netwitness, FireEye, Tipping Point, and Dragon IDS.
• Analyzed packets and log data to identify malicious activity or confirm false positive alerts.
• Performed incident response actions to find and quarantine compromised systems, prevent further activity, retrieve relevant data for analysis, and safely restore normal activity.
• Conducted dynamic/behavioral malware analysis to confirm malicious activity.
• Reviewed traffic logs, application rules, and security policies in Palo Alto Firewalls.
• Performed vulnerability scans on publicly accessible servers using NTOSpider.
• Created and analyze hard drive images via FTK Imager and EnCase.
• Tracked and analyzed advanced persistent threats and evolving exploitation methods.
• Wrote SOPs to help properly train team members in intrusion detection and incident response.
• Investigated possible insider threats, as well as fraud, waste, and abuse.
• Reviewed various intelligence sources for information regarding new threat indicators.
• Prevented future incidents by implementing blocks and creating alerts for relevant indicators.
• Utilized open source tools to analyze suspicious domains, addresses, and files.
• Opened and tracked cases used to document investigations and response activities.

Confidential, New Carrollton, MD

Network Operations Technician

Responsibilities:

• Provided support for a global classified network delivering data, voice, and video services to defense and intelligence community users.
• Monitored and maintain network backbone routers and links between routers.
• Troubleshoot losses of connectivity between routers, switches, and end user equipment.
• Configured Cisco routers, switches, VoIP phones, and VTC’s to support new customers, upgrades, and life cycle replacements.
• Remotely managed and configure KG - 175 and KIV-7M encryption devices..
• Coordinated troubleshooting between commercial vendors and customer locations.
• Identified and investigated any degraded connections on the network.
• Assisted field support technicians and on site customers with troubleshooting problems, new equipment installations, equipment upgrades, and replacements.
• Tracked outages and projects using Remedy.

Confidential, Washington, DC

Intrusion Detection Analyst / Incident Responder / Team Lead

Responsibilities:

• Detected, investigated, and mitigated possible intrusion attempts and suspected malicious activity across global network.
• Investigate alerts, track cases, and maintain watch lists in Arcsight SIEM.
• Provided supervision and training for analysts to ensure accurate analysis, use of information, and quick response to security related incidents.
• Utilized IDS tools such as NIKSUN NetDetector, McAfee Network Security Manager, FireEye, and Fidelis.
• Analyzed packets using Wireshark to identify malicious activity or confirm false positive alerts.
• Performed incident response actions to quarantine compromised hosts and mitigate further breaches.
• Conducted dynamic malware analysis using tools such as InCtrl5, Process Explorer, and Process Monitor.
• Prevented incidents by conducting proactive investigations based on actionable intel extracted from open and closed reporting sources.
• Mitigated new threats by implementing blocks on newly identified indicators and maintaining updated watch lists.
• Investigated alerts indicating possible classified data spills on unclassified networks.
• Identified malicious e-mail activity and misuse using Proofpoint.
• Tracked cases used to document investigations and response activities.
• Created reports to document case statuses, event categorization, and other data used for improving agency security measures.
• Briefed managers and executives about ongoing CNE activity against the agency, potential impact of successful activity, and progress of mitigating action.

Confidential, Arlington, VA

Senior Network Analyst / Shift Supervisor

Responsibilities:

• Provided 24/7 support for multiple large scale global networks, providing classified and unclassified connectivity to warfighers, VIP’s, and support personnel.
• Maintained several thousand telecommunications circuits used to interconnect with outside networks, provide secure network access for other agencies, and support legacy systems.
• Supervised and trained a shift of 12 technicians to ensure technicians perform with a high degree of proficiency, and contract requirements are met or exceeded.
• Performed troubleshooting, fault isolation, and restoration of outages on data, voice, and video connectivity within the Pentagon ITA network.
• Monitored optical transport systems and IP networks using NetCool and HP Openview network monitoring software.
• Utilized testing and troubleshooting tools such as bit error rate testers, oscilloscopes, multimeters, optical loss test sets, and cable testers to aid in fault isolation.
• Loaded, configured, and operated most commonly used cryptographic devices, including Taclane (KG-175, Fastlane (KG-75), KIV-7M, KG-194, and others.
• Performed testing and troubleshooting various circuits including DS0, DS1 / T1, DS3, OC3, etc.
• Ensured proper implementation, destruction, and accountability of COMSEC materials, as well as proper documentation of all COMSEC actions.
• Maintained and monitored transport systems such as Cisco MSPP, Nortel Optera 3500 SONET, and Promina/IDNX.
• Created reports to track outage times, reasons for outages, and other deliverable metrics.
• Provided briefings for managers, directors, and customers detailing the current status of high priority outages.

Confidential

Circuit Actions Manager / Tech Controller

Responsibilities:

• Provided support for on base networks and communications infrastructure as well as connectivity to other stations around the world.
• Worked as assistant circuit actions manager, implementing circuit and trunk installations, modifications, deactivations, and quality control testing.
• Engineered new circuits to meet customer and security requirements and include red and black test points used for quality control testing and outage troubleshooting.
• Fabricated cables to various electrical standards, including multipin, coaxial, and modular, to meet requirements of local equipment.
• Installed various types of multiplexers, CSU’s, modems, routers, switches, encryption devices, patch panels, fiber optic and copper cabling, and distribution frame cross connections.
• Performed troubleshooting and fault isolation on outages using various troubleshooting tools, including bit error rate testers, oscilloscopes, cable testers, multimeters, breakout boxes, protocol analyzers, etc.
• Designed and implemented solutions to move existing circuits to new equipment and cabling in order to upgrade users still using outdated equipment.
• Installed, loaded, configured, and operated most commonly used encryption devices.
• Maintained DISA directed programs such as Trend Analysis, Facility Link Data, Quality Control, and Facility Status Reporting.
• Prepared and processed paperwork for circuit installations, modifications, and deactivations to include Delayed Service, In-Effect, and Exception reports and all other associated paperwork.
• Kept circuit history folders up to date and maintained all necessary TSR/TSO traffic, in-effect/delayed service reports, IT&A and QC test data, and circuit diagrams.
• Created and updated circuit layout records to show accurate circuit information, equipment and wiring diagrams, and points of contact needed for troubleshooting and coordination.
• Conducted trend analysis used to identify and address frequent and related problems.