Recent experience


BlueCross BlueShield South Carolina

Subject Matter Expert Mar 2017 - Present
  • Develops operational cybersecurity playbooks for security event triage and incident response
  • Develops and maintains cybersecurity operations procedures for real-time monitoring, threat intelligence gathering, and incident response
  • Designs, deploys, and maintains Cyber Threat Analysis Center capabilities (see MITRE’s “Ten Strategies of a World-Class Cybersecurity Operations Center”)
  • Develops analyst documentation policy and procedure
  • Performs advanced threat hunt activites
  • Performs threat intelligence gathering, analysis, and dissemination
  • Develops and deploys advanced analytics

CERT

Software Engineering Institute

Carnegie Mellon University

Network Security Analyst Jan 2015 - Mar 2017

Where I work is not a CERT, it is THE CERT. To understand our mission, please see this page.

  • Explores innovative new ways to bring to bear network flow metadata, raw packet captures, behavior-based indicators, machine learning, and various enrichment techniques to provide government departments and agencies with deeper, more robust, timely, and actionable network intelligence.
  • Designs and employs unique network visualization techniques to provide real-time or retrospective insight into threat behavior.
  • Works in cooperation with various government agencies (DHS, DISA, DoD, USSS, etc.) to understand, coordinate, and satisfy sponsor needs
  • Architects and employs big data analytics (R, Spark, Hadoop, etc.) to quickly mine potential threat data to facilitate and enhance threat hunt and situational awareness capabilities
  • Provides subject-matter expertise (SME) in consultative/advisory roles across functional groups within the organization and to government departments and agencies
  • Works to understand Computer Network Defense (CND), Computer Network Exploitation (CNE), and Computer Network Attack (CNA) in a holistic manner, applying lessons from each across the spectrum of Blue Team/Red Team activities
  • Provides classroom instruction on a variety of topics (e.g., Cyber Kill Chain, cryptography, etc.) to various government departments and agencies
  • Gives back to the community through conference presentations, white papers, etc.

Sabbatical

Jan 2014 - Jan 2015
  • One-year sabbatical to spend more time with family and explore personal interests

Infoblox

Senior QA Engineer Aug 2011 - Jan 2014
  • Instrumental in winning company’s largest multimillion dollar ISP sale, creating test and presentation strategy
  • Hardened DNS, DHCP, and IP Address Management (DDI) products using tools such as Ixia BreakingPoint, Metasploit, Kali Linux, and various fuzzing tools
  • Ensured product security posture by developing automated security regression tests in Python
  • Promoted balance between product security and performance by designing efficient anti-DDoS algorithm

Nominum

Performance Engineer May 2006 - July 2011
  • Analyzed product traffic via Wireshark to uncover product weaknesses and worked with developers to devise countermeasures
  • Mined terabytes of packet traffic for pattern analysis using Python and C
  • Collaborated with developers to develop novel product features and attack countermeasures without sacrificing product performance

Self-employed

Vulnerability Assessor Jan 2006 - May 2006
  • Ensured client security through vulnerability assessments using commercial off-the-shelf tools such as Metasploit, Nessus, nmap, hping3, etc.
  • Performed client log analysis to identify suspicious and anomalous behavior
  • Evaluated client attack surfaces and assessed client security
  • Recommended vulnerability remediations and improvements to customer security architecture based on reported findings

Mirapoint

Developer, Security group Jul 2004 - Jan 2006
  • Integrated third-party antivirus solutions into proprietary, legacy C/C++ API on top of sendmail
  • Collaborated on design and development of new security features, including antispam and antivirus solutions
  • Reverse-engineered certain closed APIs via black-box testing

     

Clearances


  • DoD Top Secret/SCI (Current)
  • DHS Top Secret Suitability (Current)

     

Certifications


  • DoD 85708140 IAT Level 3 Certified
  • DoD 85708140 IAM Level 2 Certified
  • DoD 85708140 IAM Level 3 Certified
  • DoD 85708140 IASAE Level 1 Certified
  • DoD 85708140 IASAE Level 2 Certified
  • CISSP
  • Security+
  • Linux+
  • OSCP

     

Education


  • University of Chicago, M.A. and A.B.D. Experimental Cognitive Psychology

    • Created a connectionist, simulated-annealing model of expository and narrative text comprehension. Coursework included graduate-level statistics, connectionist modelling, robotics.
  • University of Memphis, B.S. Experimental Cognitive Psychology

    • minors: mathematics, computer science, philosophy

     

Honors and Awards


  • Invited researcher at the DEUTSCHE FORSCHUNGZENTRUM FÜR KÜNSTLICHE INTELLIGENZ GMBH (German Institute for Artificial Intelligence)
  • Advisor, Linux Professional Institute (LPI) Certification (this became the CompTIA Linux+ certification)
  • Chair, SAGE Certification Ethics subcommittee
  • Director and Vice President, SAGE Certification
  • Founder and Leader, GOSSiP Project
  • Invited keynote speaker, USENIX LISA Conference
  • Founder, ISSA Silicon Valley Chapter