Objective: Seeking positions in Splunk Administration, Computer Incident Response, Intrusion Detection, Firewall

Administration, Information Security, System Administration, and Network Support.

SECURITY CLEARANCE
• DOD Top Secret Clearance SCI Poly (09/2021)
• DOD Secret Security Clearance
• Public Trust

CERTIFICATIONS
• Splunk Enterprise Certified Architect (Est. Completion Feb 2020)
• Splunk Enterprise Certified Admin (Sep 2019)
• Splunk Certified Admin 6.3 (Oct 2016)
• Splunk Certified Power User (March 2016)
• Security + Certified (30 July 2009)

Key Skills: — Wireshark/BRO/SPLUNK — Tabletop Exercise — Communications Security(COMSEC)

— Nessus Vulnerability Scan
— WebSense/FootPrints/Remedy
— McAfee Network Security Man
— Imperva DAM/WAF
— FireEye Malware Protection
— Arc Sight Logger
— HP Web Inspect
— Incident Response — Trend Micro Deep Security Manager
— Risk Management — Performance Management
— Information Assur — Intrusion Prevention System
— Security Controls — Information Systems Security Management
— Splunk/ES — Demilitarized Whitelist/Blacklist Administration
—NMAP — Vulnerability Management

Work History:

Feb 2019 to Present Critical Incident Response Manager , Federal Bureau of Investigations, Washington DC,
The contractor shall assist the government in developing a comprehensive FBI-wide cyber incident response strategy
and plan. The strategy and plan shall comply with DOJ and ODNI cyber incident response requirements. The
contractor shall include FBI specific refinements/enhancements to the Threat Vector Taxonomy identified by US-
CERT and NIST 800-61 Revision 2 in the strategy and plan. The contractor shall interact with technical and non-
technical personnel across the FBI involved with all aspects of cyber incident response processes in order to complete
this task

Sep 2017 Thru Jan 2019 Cybersecurity Tier II Analyst, Department Of Energy, Las Vegas, Nv
• Perform the monitoring, analysis, correlation and reporting of cybersecurity issues
• Provide guidance and recommendations for new tools based on changes in threats, architecture, technological
advances, or organization mission
• Implementation of new tools and modifications to architecture; updates, maintenance, and monitoring of cyber
security tools
• Analyze changes, events, and other potential incidents for risk to the environment; event analysis, incident
determination, and incident management.
• Network traffic analysis, firewall functionality, log analysis
• Experience with Security Incident and Event Management tools, Log Management and Correlation tools, and
Antivirus/anti-malware tools

Sep 2016 thru Sep 2017 Security Engineer, Incident Response, TSA/DHS, Bossier City, La
• Security Engineer for Transportation Security Administration
• Troubleshoot and remedy various technical issues dealing with McAfee Sidewinders and Cisco ASA firewalls
• Administers Norton Secure Endpoint Protection antivirus while protecting/recovering critical data
• Coordinates/creates RFC request to update changes on Cisco ASA and McAfee Sidewinder firewalls
• Utilize BMC Remedy IT Service management tool for tracking, monitoring, updating customer IT issues
• Provides network content filtering using McAfee Web washers and Microsoft ISA
• Utilize Arcsight/SourceFire to monitor and troubleshoot network security related issues
• Monitors Solarwinds and provides technical expertise on various security subjects for TSA network
• Administers Site Protector, monitors for Security Events
• Utilize Microsoft Antigen and Forefront to update and block malicious emails
• Establish and manage Logger user/group controls, specify global login, password, resource authorization and
authentication settings, alerts and notification policies
• Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security
authentication settings, and optional connector management facilities.

• Provide day-to-day management/maintenance of ArcSight devices

• Performed Nessus Vulnerability scanning/reported findings

July 2015 thru Augus 2016, Senior Cloud Security Engineer, NASA, Washington DC
• Responsible for providing technical guidance for the security of general support systems and major applications.
• Provides guidance to partners and customers in helping them understand AWS cloud services and how security
compliance is achieved while operating in a public cloud environment. 
• Ensure complete security measures for business practices within the design, network integration/implementation,
and system and application level security
• Performs security control assessment in using FedRamp guidance and conduct independent scans of the network
• Develops and maintains the Plan of Action and Milestones and supports remediation activities.
• Manage and maintain applications and systems security posture deployed to AWS.
• Experience using and configuring the Distributed Management Console (DMC). 
• Develop reliable, efficient queries that will feed custom alert, dashboards and reports in Splunk
• Maintain a close partnership with Splunk on feature requests, upgrade planning, and product roadmap alignment
• Optimizes system operation and resource utilization, and performs system capacity planning/analysis while
maintaining the security posture.
• Leveraged the full utility of Splunk technology in order to monitor cyber security, protect IT infrastructure, and
enable rapid containment and resolution of IT security incidents.
• Troubleshoot Splunk server problems and issues, set-up log indexing utilizing universal forwarders
• Monitor Splunk infrastructure for capacity planning and optimization
• Developed incident management processes, playbooks and stakeholder communication mechanisms for the HQ
Security Operations Center.
• Detected security incidents via network and host monitoring utilizing Splunk Enterprise/Trend Micro Deep
Security Agent. Determined their severity and impact, conducted threat analysis as required with various logs
network and system forensic investigation techniques. 
• Architected Imperva Web Application Firewalls for AWS hosted on the internet supporting mission critical
operations. Tasks include SecureSphere configuration, AWS ELB deployments, AWS CloudFormation creation
and updates, and AWS Route 53 changes

Nov 2014 Thru May 2015 Security Analyst, Security Operations Center, Hergavec Group, Las Vegas NV,
• Utilizes McAfee SIEM/ESM to analyze/locate and mitigate malicious activities across network
• Effectively coordinates Computer Security Incident Handling process
• Monitors McAfee NSM/IPS, and FireEye for malicious inbound traffic.
• Utilizes CounterACT Forescout Network Access Control for swift network host access removal
• Administers CA ticketing system to create/track and close all security related incidents
• Monitor Imperva DAM/WAF for database intrusions
• Participate in root cause analysis of critical events for improving preventative and reactive processes
• Responsible for reporting, escalating, and remediating anomalous events based on the established protocol
• Performs day-to-day security log review and analysis in adherence with MICS, SOX, and PCI requirements,

July 2012 thru May 2014 Security Engineer, Incident Response, TSA/DHS, Crystal City VA,
• Security Engineer for Transportation Security Administration
• Troubleshoot and remedy various technical issues dealing with McAfee Sidewinders and Cisco ASA firewalls
• Administers Norton Secure Endpoint Protection antivirus while protecting/recovering critical data
• Coordinates/creates RFC request to update changes on Cisco ASA and McAfee Sidewinder firewalls
• Utilize BMC Remedy IT Service management tool for tracking, monitoring, updating customer IT issues
• Provides network content filtering using McAfee Web washers and Microsoft ISA
• Utilize Arcsight/SourceFire to monitor and troubleshoot network security related issues
• Monitors Solarwinds and provides technical expertise on various security subjects for TSA network
• Administers Site Protector, monitors for Security Events
• Utilize Microsoft Antigen and Forefront to update and block malicious emails
• Establish and manage Logger user/group controls, specify global login, password, resource authorization and
authentication settings, alerts and notification policies
• Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security
authentication settings, and optional connector management facilities.

• Provide day-to-day management/maintenance of ArcSight devices

• Performed Nessus Vulnerability scanning/reported findings

Mar-2011-Mar 2012 Firewall Administration, Department of State, Washington, DC

• Monitor and manage MacAfee Control Center and NAGIOS for device alerts (Stonegate and Sidewinder
Firewalls) and clusters to include active connections, performance, logging activity, disk space, suspicious log
activity, anomalies, and cluster load balance
• Monitor Blue Coat Proxy preventing illegal web surfing
• Perform daily back up of Sidewinder/Stonegate firewalls
• Monitoring Department Of State/State Aid firewalls for over 30 foreign connectivity sites
• Performs onsite Tier 2 technical support and troubleshooting of firewall and content filtering systems to
include firewall rule sets, ports, any database modification requests and reports of objectionable content
availability
• Modify and configure rule bases as requested by and approved by the Firewall Advisory
• Process and implement IP blocks requested by the CIRT team and make the appropriate changes on all applicable
firewalls
• Monitor, track, and update Remedy tickets as necessary in order to maintain current status for all
incidents/problems; escalate incidents/problems to Tier 3 Exchange engineers; assist FW engineers in root cause
analysis.

Jan-Sep 2011 Intrusion Detection Analyst, DODIG, Crystal City

• Ensure all DOD IG procedures are followed, emphasizing teamwork and awareness, interfacing with client and
security partners, and maintaining coverage and performance standards at all times
• Analyze daily user traffic utilizing SPLUNK/BRO/SOURCE FIRE/NIKSUN,
• IDS event handling of real time detection and identification, analysis and correlation
• Escalation, notification, responding, remediation and formal reporting
• Collaborate with community partners to combat the threats and techniques used by adversaries
Employ the DoD OIG production IDS tools and systems (including Bro-IDS, Sourcefire, TippingPoint, Splunk,
• Niksun, Wireshark, Websense, and Qtip) to monitor/detect cyber-threats/ intrusion attempts on DOD IG network
• Develop and tune custom Bro-IDS policies for increased automated detection
• Manage and maintain Websense web content filter
• Put in block for malicious websites using Websense
• Create and edit sourcefire rules and variablesCreate custom filters for TippingPoint with CSW tool Analyze
network traffic to identify potential threats to security and/or misuse of DOD IG networks

United States Air Force 1991-2011

2009-2011 Non Commissioned Officer in Charge, Network Support, Pentagon, Arlington, Va

• Manage 7 Juniper firewalls, 13 Cisco routers, and 31 INEs that sustain a 99.9% uptime for Joint Staff circuits
• Operates 10 Oracle dbase servers; manages four fixed/three deployable server enclaves supporting 6,200 users
• Manages & administers GSORTS database/application to ensure availability of 1.9M+ force readiness records
• Utilize General Dynamics Encryptor Manager (GEM) to remotely configure/troubleshoot 100 TACLANE
• encryptors and Fastlane ATM/SONET encryptors worldwide
• Led crew of 12 operators in Creating/monitoring user Remedy trouble tickets, oversaw closure of 1500+ tickets.
• Maintain Juniper firewalls utilizing Network Security Manager

2008-2009 NCOIC Advanced Programs Network Operations, Nellis AFB, Nevada

• Maintained 15 network servers supporting F-22A, F-16, F-15C, F-15E, A-10 and H-60 operational test data
• Performed audits on 95 networked SAP computers; purged 100% of dispensable logs--zero security incidents
• Monitored User’s Remedy/Footprints trouble tickets, quickly solving most problems on first call
• Conducted emissions security (EMSEC) inspections and completed accreditation packages for classified systems
• Responsible for installation, maintenance and security of $.1M network infrastructure supporting 300+users
 2004-2008 (NCOIC) 547th IS JWICS Information Systems Security Officer , Nellis AFB, Nevada
• Managed/configured switches, routers and encryption devices used to support file, web server, and email access
• Managed $2.5M Top Secret (TS) network supporting the Air & Space missions for five diverse AF Wings
• Delivered 8,736 hrs of TS network support for global Predator/Reaper ops--99.7% equipment/circuit up-time rate
• Sole administrator of M3 Messaging Server utilizing RED HAT system administration
• Performed Network eEye Retina Vulnerability scans, Helped mitigated over 100 network vulnerabilities.

2001-2004 Network Control Center, Nellis AFB, Nevada

• Led fix efforts for 200+ Remedy trouble tickets 98% call resolution--eliminated tier two support--saved 30+ man
hours
• Configured and maintained computers and provided superior maintenance support to over 3,000 users
• Administered Combat Information Transfer System/Base Information Protection (CITS/BIP) equipment to
protect
• $16.1 million Metropolitan Area Network (MAN)
• Employed hardware/software tools to deter, isolate, and recover from network security intrusions for base
• network of 3,800 personnel, 2,700 computers, 22 routers, 95 switches, and 36 Unix systems

System
Administration — Network + — A+ — Juniper Network Security Manager
Training — CCNA Boot Camp — Security + Certified — GCCS-J Oracle Administration
Highlights: — Database Fundamentals — Taclane Operator — Unix System Administration
--- CompTia Advanced Security Practitioner (CASP) — Certified Ethical Hacker (C|EH)