Lead Software Developer/Operations Engineer2018 - 2020CapitalOne Financial
Technologies: Amazon Web Services (AWS), DigitalOcean, Google Compute Engine (GCE), Linkerd, Gloo, Codecov, Codefresh, Drones, Kubernetes, Python, GoLand, Go
- Designed the plan to deploy OSQuery to all enterprise endpoints in the organization. Responsible for developing a technology stack that ensured no data loss, minimal time from the endpoint to SIEM.
- Designed and developed an internal file hash indexer (written in Go), that allowed SOC analysts to easily answer the question “has this file had ever been seen in our network” The project is an internal representation of an API similar to VirusTotal.
- Worked closely with the application team to support stress testing of multi-cloud and 3rd party CNCF application integration of CapitalOne container orchestration platform, CriticalStack.
- Migrated multiple legacy applications to the Kubernetes platform in support of the effort to utilize a methodology focused on mutability and elasticity.
SOC Manager and Senior Cybersecurity Analyst2017 - 2018InfoReliance
Technologies: Basecamp, Unix, Linux, Ansible, Amazon DynamoDB, AWS Lambda, Python, McAfee
- Managed team of two developers, three analysts, and one infrastructure personnel responsible for customer security platform. Defined SLAs and identified SLOs to support the company's priorities.
- Designed and implemented network engineering plans to determine the best location for McAfee and open-source sensors and data collectors.
- Led development of an open-source, “serverless” incident management system that utilizes many of AWS technologies.
- Interfaced daily with customers to ensure maximum communication and on-time deliverables.
- Utilized the McAfee SIEM stack to develop analytics and correlation rules against real time endpoint and network data.
Surface Warfare Officer and Computer Network Defense Analyst2009 - 2017United States Navy
Technologies: Splunk, Java, Python, Git, Ansible, Linux, Unix
- Handled the personal and professional growth of 14 employees ranging from continued education training to managing timesheets and leave requests.
- Developed Python-based software to extract event-based data from various sources for analysis, automating the formerly manual process of moving data from collection sources to analysis platforms to include Splunk.
- Created, tested, and deployed custom analytics to identify malicious activity and misconfigurations on enterprise networks.
- Maintained technician level knowledge on networking equipment and advanced external RF communications equipment.
- Served as the head network administrator of a medium-sized Windows domain. The network consisted of two domain controllers, 100 endpoints, 2 RHEL servers, 14 networking devices, and supported 150 personnel.
- Identified systemic security issues with UNIX/Linux systems and provided recommendations for mitigating those issues.
- Conducted vulnerability assessment teams focusing on identifying attack vectors and analysis of intrusions, and worked with partner organizations to expand the analysis.
- Managed development and deployment of five software development efforts that supported data analysis and synchronous global operations.