Professional Highlights

• Subject Matter Expert SME : Cyber Forensics RE Computer Engineer, providing Persistent Threat Intrusion PTI / APT incident response, with analysis and rapid reverse engineering of code to facilitate risk mitigations and eradication, using most advanced techniques available. Tools used: AFR Custom Scripts , HBGary Active Defense / Responder Pro, EnCase, Scrutinizer, Palo Alto, FTK Suite, SanboxIE, Mandiant, Invincea, Cuckoo, GFI Sanbox, IDaPro, PE Analyzer, to name a few.
• SME Ten 11 years of FC/IP-SAN switched fabric systems working with Cisco MDS/Catalyst, Brocade Directors, QLogic, Apcon Intellapath, DELL PowerVault, CLARiiON, EMC Symmetrix DMX Series, Celerra DM, NetApp, DataCore SAN Melody and Symphony, FalconStor IPStor, InfiniBand gateways, including multiple GFS file solutions.
• SME: Six 7 years of desktop virtualization via thin hypervisors Sandboxing , VDI User Space hypervisors , and traditional full machine VMM, including operational Linux Embedded / WinPE Windows flash boot environments.
• SME: NT4-W2K10 / 95-Win8 and clustering in an Enterprise Environment, with sixteen 17 years of System WAN/LAN Network design and implementation with best performance RIO returns.
• Specialized Toolsets: Extensive experience with the best of breed tools: as VMware, SysInternals, EnCase, ProDiscover, HB-Gary, Volatility, Mandiant, FTK, IDA Pro, WinPE/Bart, WinHexPro, R-Tool, Nmap, Nessus, WinDBG, Wireshark more.
• Electronics Troubleshooter: 22 years of experience with: POTS, ISDN, T1, DS3, ATM, F-Relay, HF, VHF, UHF, Microwave, MOSCAD, CDMA, TDMA, Fiber Optics SM MM, coax, S/UTP, TCP-IP, Wi-Fi, and AC power filtering.

Work Experience

Confidential

Advanced Persistent Threat Intrusion APT / PTI incident response for the last four years, and has captured and provided analysis of undetected malware and rapid reverse engineering of such found malware to facilitate risk assessment and mitigations to prevent reoccurrences, and has developed and implemented new procedures and technologies such as memory analysis / thread analysis to expedite and automate the reverse engineering process. This has reduced response time from days of effort to a few hours in their production environment by the development of these processes. He has also spear head developed a VDI Office On a Stick solution for use by senior staff to provide a true potable application desktop on a USB stick to reduce the need to carry a unique laptop, and has performs deep technology reviews to stay ahead of the industry curve along with providing advanced VIP data recovery and reconstruction services to the Bank.

Work Experience cont.

Confidential

Resident EMC Senior Solutions Architect systems engineer, in support and management of the enterprise SAN storage systems used by NMCI-ISF. Work to resolve critical RTOP outages and assist with the updating of documentation of the systems in support of daily operations. Also performs VIP data recovery services as well as CND design recommendations to HP. Was flipped from KForce EMC-partner to EMC after first 90 days.

Confidential

Provided support in planning the migration, and transition requirements from JFCOM's HP-EVA systems to the new Joint Staff EMC V-Max storage. Provided the engineering team with guidance in the design and implementation of the EMC storage systems and worked with the staff in producing documentation for daily operations of the systems. This was a short term project job.

Confidential

As a senior member of the Cyber A R team, he has provided Advanced Persistent Threat Intrusion PTI / APT incident response to numerous clients including the VA, DoD, and World Bank in the capture and analysis of new malware, with the rapid reverse engineering of such found malware to facilitate risk assessment and mitigations. This has led efforts in vetting new technologies to expedite the rapid reverse engineering process that would normally take days of effort to a few hours by developing processes and tools to use, including technology deep dives that included memory analysis, thread process analysis, End-point security, self-boot flash drives, zero footprint portable applications, and virtualizations in an effort to improve safety of application used both in local and remote environments. He has also provided DoD infrastructure support such as Microsoft AD migration from a flat Win2K domain to a tree domain Win2K3structure with COOP capabilities, and has provided STIG hardening of DoD systems, and was a lead engineer of a flawless restart of storage and services migration of a 10 rack server farm to a new facility for the EPA.

JOB RESPONSIBILITIES INCLUDE:

• To provide leading edge PTI / APT detection and response to reduce risk and data loss, and reduce malware incidents.
• Develop tools and SOP's for client needs and environment, and to provide best ROI for efforts.
• Provide leadership and mentoring to team members, and to grow the teams talents and resources.

Confidential

Senior Systems Engineer

SME assisted JFCOM / TASC in developing and testing an information sharing and collaboration architecture to strengthen communications between the Department of Defense and multinational mission partners during operations of all kinds. Known as IMISAS Interagency and Multinational Information Sharing Architecture and Solutions Experimentation His responsibility was to work with other SME and Analysts in the development of an operational prototype that allows real-time collaboration across multiple domains.

Work Experience cont.

Senior SAN Engineer:

• SME in SAN based GFS/block/file systems, lead development of a deployable high speed laboratory SAN network using commercial over the shelf COTS technologies that reduced the project cost over 400 over traditional SAN solutions, saving the lab over 1.2 million dollars. Allowing the lab's 350 plus FC/IP port computers to be reconfigured and re-booted in under 90 seconds. This rapid provisioning of boot-off-SAN provided operational status in minutes, instead of hour or days that had been previously typical. also led research for multi-petabyte file solutions using
• multi-mounted geo-dispersed common file GFS system for development. He was responsible for writing White Papers, including data security, and alternate data stream retrieval. In doing forensic work for USJFC, conducted computer investigations including evidence handling, acquisition/collection and duplication of digital evidence. He recovered digital evidence including deleted files, detected files of interest, searched file slack and files fragments, conducted hash analyses and files signature analyses, and wrote reports based on the findings

Confidential

Enterprise SAN Engineer / Cluster SME:

• EDS NMCI Performance Assessment was Far Exceeds Expectations several years in a row.
• SME for NMCI SAN enterprise storage projects Technical leader in the planning, design and implementation of physical and logical analyses of hardware / software problems and deficiencies across classified and unclassified server farms.
• Planned and implemented technical refreshes to minimize customer impact.
• Planned and implemented roll-out of the EMC DMX-2000 Symmetrix Celerra DM solution.
• Provided tier 5 level SAN / Server support for broad system outages.
• Provided technical leadership for 12-15 Sr. Systems Administrators located across the United States and Hawaii.
• Reviewed and tested NMCI WAN/LAN Network, hardware, system implementation with debugging.
• Created engineering White Papers on system performance with best RIO in mind.
• Provided recovery and forensic analysis support directly NCIS and EDS incident teams.
• Reverse engineered problems / incidents to their root cause in the production systems, including rogue events.
• Provided training support and mentorship to my tier 4 / 5 SAN teams and

Sr. SAN Systems Administrator:

• EDS NMCI Performance Assessment was: Far Exceeds Expectations.
• Technical lead for the NMCI East Coast SAN shift teams, over saw data spillage repair.
• Directly sub-supervised and coached six other SAN team members on four shifts, on call 24/7/365 as required.
• Worked with redundant path DELL SAN clusters with DELL 650's and CLARiiON 4700's through Director Class Switches, providing provisioning / configuration changes of LUN's for systems with StorageC and Power-Path / Navisphere control Software.
• Researched, analyzed, and executed new tools and techniques to support production SAN environment and

Tech Team / Red Team- SAN Cluster W2k:

• Coordinated operational support plans for upgrades and changes to the East Coast server farms related to Print Clusters, File Clusters, and Exchange Clusters.
• Provide senior level support to 24/7 shift administrators.
• Lead performance evaluation reviews of SAN server network and analyzed user requirements and statistics to identify trends and resolve performance or problem issues.
• Responsible for the NOC migrations to the new SAN Delivery and Installation for multiple server farms.