Work Experience

Corporate Security, Risk and Compliance

  • Consulted with early-stage startups to establish their security organizations with the goals of SOC 2 and ISO 27001 compliance.
  • Developed an assessment and reporting methodology for evaluating clients against the CIS Critical Security Controls. Executed assessment and delivered report for ~25 clients.
  • Assisted in writing and reviewing security policies and procedures, including creating initial AI guidance and policies for 60+ clients.
  • Performed vendor reviews as a part of third party risk management processes.

Enterprise Analyst

  • Served as the dedicated security analyst for a 4-8 clients at a time, interfacing directly with client security and IT teams to maximize the value of our product.
  • Performed threat hunting to identify previously unseen threats and guide detection tuning.
  • Created saved searches for future hunting, correlation-based alerting, and recurring reports.
  • Trained and mentored new analysts both on the enterprise team and in the SOC.
  • Assisted documentation teams to ensure accuracy and clarity of internal and external docs.

SOC Analyst

  • Worked with clients to to deploy and configure IDS and logging appliances to ensure visibility consistent with client security goals.
  • Analyzed attack events to determine threat level and success, escalating when necessary, and providing remediation and prevention guidance.
  • Investigated missed attacks and worked with other teams to continually improve detection logic and configuration guidance to prevent future misses.

Volunteer Work

Reddit CFB - Moderator (February 2018 - Present)

  • Worked in a highly distributed team to moderate the world’s largest college football forum with 4.4 million members and 25 million user submissions annually.
  • Developed content moderation strategies and policies, communicated these internal to the mod team, and created public-facing documentation for delivery to users.
  • Collaborated on tools to automate moderation tasks and reporting using Python, APIs, and platform-native tools.

Certifications

GIAC Certified Intrusion Analyst (GCIA)
Analyst number 12494 - Earned December 2017