Work Experience
Security Consultancy (June 2022 - October 2024)
Corporate Security, Risk and Compliance
- Consulted with early-stage startups to establish their security organizations with the goals of SOC 2 and ISO 27001 compliance.
- Developed an assessment and reporting methodology for evaluating clients against the CIS Critical Security Controls. Executed assessment and delivered report for ~25 clients.
- Assisted in writing and reviewing security policies and procedures, including creating initial AI guidance and policies for 60+ clients.
- Performed vendor reviews as a part of third party risk management processes.
Managed Security Service Provider (April 2017 - March 2022)
Enterprise Analyst
- Served as the dedicated security analyst for a 4-8 clients at a time, interfacing directly with client security and IT teams to maximize the value of our product.
- Performed threat hunting to identify previously unseen threats and guide detection tuning.
- Created saved searches for future hunting, correlation-based alerting, and recurring reports.
- Trained and mentored new analysts both on the enterprise team and in the SOC.
- Assisted documentation teams to ensure accuracy and clarity of internal and external docs.
SOC Analyst
- Worked with clients to to deploy and configure IDS and logging appliances to ensure visibility consistent with client security goals.
- Analyzed attack events to determine threat level and success, escalating when necessary, and providing remediation and prevention guidance.
- Investigated missed attacks and worked with other teams to continually improve detection logic and configuration guidance to prevent future misses.
Volunteer Work
Reddit CFB - Moderator (February 2018 - Present)
- Worked in a highly distributed team to moderate the world’s largest college football forum with 4.4 million members and 25 million user submissions annually.
- Developed content moderation strategies and policies, communicated these internal to the mod team, and created public-facing documentation for delivery to users.
- Collaborated on tools to automate moderation tasks and reporting using Python, APIs, and platform-native tools.
Certifications
GIAC Certified Intrusion Analyst (GCIA)
Analyst number 12494 - Earned December 2017