I am an information security practitioner with a versatile skillset that includes incident response/computer forensics, network analysis, reverse engineering and scripting expertise. I've lead and participated in incident response engagements involving nation state/financial actors at FireEye, IBM and JPMorgan chase. I've written network and file decoders for 20+ malware families through reverse engineering. I enjoy writing reports and assisting customers with briefings and post-breach remediation assistance.
Work Experience
FireEye, Inc.
Senior Applied Security Researcher
|
Feb 2018 - Feb 2019
Architected large, complex security event system including database, REST API, SDK, CLI and UI components
Performed development tasks in python
Worked with users during development and testing to gather requirements and change requests
Utilized X15 platform to store and retrieve large volumes of data. Designed 40+ table schema with minimal documentation available.
Wrote scripts to perform automated provisioning, configuration and maintenance tasks
Worked alongside software engineers to productionize code
IBM
Security Consultant
|
Apr 2017 - Feb 2018
Built both frontend (JS/PHP) and backend (MySQL/Python3/Synapse) components of systems
Identified, evaluated and ingested data for research systems
Configured and maintaind VXStream Malware Sandbox environment
Assisted in building out data model used to record and query intelligence
Performed threat research and triaged malware samples
FireEye, Inc.
Lead Security Analyst
|
May 2014 - Apr 2017
Conducted large scale incident response for intrusions involving Nation State/Targeted Threat/Financial actors for FireEye as a Service clients.
Wrote utilities to decrypt/decode network traffic, file/registry artifacts (configuration/data files, keylog files, exploit payloads, etc.) as a tactical solution to aid and inform incident response activities.
Interfaced directly with members of customer incident response teams during engagements, offering remediation recommendations, giving status updates and reporting findings.
Wrote tools to simplify hunting in large data collections.
Wrote comprehensive reports detailing all aspects of the targeted attack lifecycle.
JPMorgan Chase
Incident Responder
|
Sep 2012 - Apr 2014
Worked several high criticality investigations involving customer facing, business critical systems
Performed computer forensics on Windows and Unix systems
Wrote incident overviews for senior management, privacy, and legal teams
Reverse engineered malware samples to gain a level of understanding not captured by automated analysis tools and wrote detailed deep dive reports on several malware families
Wrote decryption utilities for several exploit kits and malware families
JPMorgan Chase
Security Operations Center Analyst– JPMorgan Chase & Co.
|
Jun 2011 - Sep 2012
Conducted triage on security alerts from various log feeds
Gauged severity of security incidents and escalated to the appropriate teams for remediation
Wrote log parsing scripts and regular expressions to identify malicious network traffic
Submitted enhancement requests to improve security monitoring and implement new signatures
Conducted training and shadowing sessions for new team members
JPMorgan Chase
Security Operations Center Intern
|
May 2010 - Jun 2011
Worked on projects involving metrics and process improvement for the Security Operations Center
Assisted with tier one SOC case work
Syracuse University
Networking Lab Technician
|
Dec 2009 - May 2010
Developed, tested and conducted networking labs for the IST233 (Intro to Networking) and IST452 (Advanced Networking) classes.
Routinely configured ten switch network using Cisco IOS to meet changing lab requirements over the course of the semester
Education
Syracuse University
Certificate of Advanced Study Information Security
|
2011 - 2013
Syracuse University
Bachelor of Science Information Management and Technology