Who I am
Motivated security specialist focusing in information security and risk management through the creation of policies, response plans, and preventative technical controls based off of real world experience from penetration testing and handling security incidents. Increases an organization’s security posture and objectives with innovative solutions while allowing for innovation and transformation. Strong communication skills with the ability to effectively speak to technical and non-technical team members.
Experience
North America GEM (Global Event Management) Operational Response, Senior Vice President, Citi (Security Operations Center), New York, NY (Aug 2022 – Present)
The Global Event Management (GEM) Operations team leads the operational response to the most critical cybersecurity vulnerabilities, known as GEMs, and to drive tactical and strategic improvements to the GEM Process. Within the GEM Operations Team, the GEM Operational Response NAM Lead maintained oversight of all potential and newly activated GEMs, including tactical coordination with security, engineering, and operations SMEs, align with Fusion Center communications, organize remediation response instructions and data, manage stakeholders, and provide remediation/status reporting. These efforts were in partnership with EMEA and APAC regional leads, to provide around-the-clock vulnerability data and stakeholder support.
Red Team Pen Tester, Vice President, Citi (Security Operations Center), New York, NY (Jan 2020 – Aug 2022)
Identified and evaluated organizational risk through various methods, including penetration testing, adversary simulations, and analysis of publicly reported vulnerabilities. As part of my responsibilities, I led vulnerability assessments and effectively coordinated with engineering teams to address new vulnerabilities impacting the global infrastructure. This included conducting comprehensive risk evaluations and providing informed remediation recommendations. I also led the careful selection and implementation of multiple security tools to increase the security posture of the organization.
IT Security Operations Analyst, JetBlue Airways (IT Security Operations), New York, NY (May 2018 – Dec 2019)
Orchestrated several proof-of-concept projects, which involved rigorous vendor selection, business case development, defining testing parameters, and strategizing post-purchase product deployment. This was accomplished by delivering comprehensive recommendations to the Director of Infrastructure and the Chief Information Security Officer (CISO). Assisted on the migration of an eCommerce website's Web Application Firewall (WAF), maintaining robust security measures while minimizing operational impact. In the event of security incidents, I supported the external forensics team and coordinated forensic collections and evidence handling and provided remedication recommendations to leadership.
Incident Response Consultant, LIFARS (Forensics, Security, & Incident Response), New York, NY (Sep 2017 – May 2018)
Worked as a technical resource on multiple security and forensic engagements. Created internal documentation on forensic procedures and assisted in monitoring internal security systems and managing the forensics lab. Worked and led multiple incident response engagements of varying sizes including on-prem infrastructure and cloud infrastructure including Office 365 deployments.
IT Security Consultant, Kraft Kennedy (Information Security & Governance), New York, NY (Jan 2016 – August 2017)
Worked as a technical resource on multiple penetration testing and security assessment engagements. Designed report deliverables for security engagements and assisted with the creation of new products to increase revenue while decreasing costs, time, and effort. This included migrating products from hourly rates to fixed fee engagements with automated workflows.
Intern, Fordham University (University Information Security Office), New York, NY (Sep 2015 – Dec 2015)
Worked in a SOC type role reviewing IDS logs and tracking down events. Automated several workflows to handle alerts and copyright notifications.
Education
M.S. Technology Management, Columbia University, New York, NY (May 2023)
M.S. Cybersecurity, Fordham University, New York, NY (Jun 2016)
B.S. Computer Science, Rensselaer Polytechnic Institute, Troy, NY (May 2015)
Training
SEC560: Network Penetration Testing and Ethical Hacking, SANS (5 day training, September 2016, NY, NY)
SEC503: Intrusion Detection In-Depth, SANS (5 day training, June 2017, NY, NY)
TrustedSec: Bypassing Security Defenses, TrustedSec (2 day training, August 2013, Las Vegas, NV)
Microsoft Partner Training: Securing Office 365, MSFT (1 day training, New York, NY)
Akamai Web Performance Foundations, Akamai Technologies (2 day training, New York, NY)
Memberships, Awards, & Publications
CVSS Special Interest Group (FIRST), Member/Co-author
Voting member on the Common Vulnerability Scoring System Special Interest Group (CVSS SIG) working to develop and publish CVSSv4.
Phi Kappa Phi Honors Society (ΦΚΦ), Member
Oldest all-discipline honors society in the United States, founded in 1897. Membership is by invitation only, by an established campus chapter, and is restricted to students with integrity and high ethical standards and who are ranked scholastically in the top of their class, regardless of the field of study.
GIAC Advisory Board, Member Verify
Made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program. Participation is by invitation only and is offered to certification holders who earn a score of 90% or better on at least one exam.
SANS Ninja Coin, Coin Holder
Awarded to those who win the capture the flag challenge at the end of the SEC560 course. The Coin is meant to be an honor to receive it; it is also intended to be rare.
Boy Scouts of America Eagle Scout and Order of the Arrow (BSA), Member
Achieved the rank of Eagle Scout in 2006 at 14.