Operating Systems

RedHat/Fedora, Ubuntu/Debian, Windows 2008/2012 R2, Security Onion, Mac OS X, OpenBSD/FreeBSD.

Data visualization

Visual Insights Advizor, d3, OpenGraphiti, d3dash, Kibana, Qbana, Spotfire


Wireshark, Argus, CapAnalysis, tcpdump, ELSA, Kazimir, ntopng, nDPI, Sagan, Moloch. SiLK, CRITS, MISP 

Log Management

Splunk, Rsyslog, Syslog-ng, Logger, Logstash, ELSA and more. 


HP ArcSight, Intel SIEM, RSA Security Analytics, Splunk and OSSIM. 

Intrusion Detection/Prevention

Snort/Sourcefire, Suricata, Bro-IDS, McAfee, TippingPoint

Work History

Work History
Dec 2004 - Present


Distributed Honeynet Project
  • Lead the direction and focus of the project with the other founding members.
  • Designed and architect the framework for our Distributed Honeynet Project.
  • Designed, architect and implemented a streamlined and modular approach of incorporating other honeynet infrastructures to work with ours to expand our visibility and exposure.
Sep 2012 - Present

Principal Consultant

SEMplicity Inc.
  • Designed and implemented the Threat Intelligence framework that leverages 3rd party TI data to be incorporated into our customer environments and leveraged with Business relevant data to generate actionable threat reports.
  • Designed and implemented various large SIEM architectures for various customers ranging from TELCO’s to large Fortune 500 companies.
  • Principal Consultant for the SIEM practice, this entails handling the major contracts we won and assisting my team members on other contracts and projects.
  • Complete customization of existing SIEM infrastructures including custom parsers, reporting, correlation rules, etc… to provide the customer(s) with high visibility into their network activity from a security perspective.
  • Designed and implemented a framework for integration of a product into both ArcSight and QRadar.
  • Responsible for creating standardized documentation and best practices to be used by our consultants on various engagements across our various service offerings.
  • Involved in both pre-sales and post sales consulting to ensure completion of the agreed upon deliverables.
  • Created custom tools for our consultants to use while on engagements.
May 2010 - Jun 2011

Sr. Security Engineer

LiveOps, Inc.
  •  Designed and implemented a monitoring infrastructure consisting of several WAF, IPS/IDS to monitor our external facing applications as well as our internal production segments.
  • Designed and implemented a custom application to augment splunk which gave us the ability to incorporate our SDEE logs into the splunk application which then gave us the ability to showcase our high-level overview of all security data being collected.
  • Responsible for maintaining sensing and reporting capabilities back into the SOC. Responsible for maintenance, administration and configuration of the log aggregation solution. Along with creating custom views, reporting and automated alerting for both operational and security use.
  • Responsible for administration of our file integrity monitoring solution that augments our PCI compliance solution.
  • Network traffic visualization to facilitate monitoring and trending analysis.
Nov 2009 - May 2010

Sr. Security Consultant

Mandiant (NASA Ames Research Center)
  • Infrastructure lead supporting the next generation Security Operation Center for a large government client.
  • Responsible for maintaining sensing and reporting capabilities back to the SOC. Responsible for maintaining availability, reporting and communication of the SIEM between it, it's event-sources and the database.
  • Responsible for the creation of the logic to correlate attacks across multiple event sources and attempt to make a determination of the possible outcome. Assisted with the architecture of the Phase 2 implementation; which included a 3 Tier infrastructure to support over 30 million events per day.
Apr 2008 - Jan 2009

Sr. Security Architect

Decurity LLC
  • On-­‐site Subject Matter Expert (SME) with regards to SIEM technology for large TELCO in Madrid. While still maintaining large customers back in the USA.
  •  Designed and implemented a SIEM solution for the necessary customer requirements regardless of vendor, implementation of various SIEM technologies including NitroSecurity, QRadar, ArcSight and Envision.
  •  Create and document the analysis work-­‐flow, usually consisting of a three tier phase.
  • Through a detailed network model, model confidence and severity ratings can provide the necessary criteria for the correlation evaluation to be most accurate and thus provide business relevant data to contextual system/security logs.
  • Customize the default correlation logic to satisfy customer requirements. This includes creation of custom correlation rules and more. Thus giving the customer the ability to handle large amounts of alert data without overwhelming the analysis team.
  • Produced and provided the training and documentation to customer to transfer knowledge of the customization and implementation specifics for their environment.
Feb 2007 - Apr 2008

Senior Security Engineer

Dillard's Store Services
  •  Designed and implemented a Network based IDS infrastructure to provide detection visibility into 90% of network traffic traversing our links.
  • Tasked with daily administrative tasks and tuning of all devices. Including creating of custom detection signatures and updates, user administration, provisioning and implementation.
  • Designed and presented implementation scenarios to meet IPS requirements. Received the approval and implemented Intrusion Prevention at our most critical areas. Responsible for tuning and maintenance of IDS functionality for the Wireless infrastructure. This wireless network included HQ, Distribution Centers and all 300+ Dillard's stores.
  • Created Policy and Procedures for[network/wireless] Intrusion Detection Systems, Security Event Monitoring and Alert/Event data. Architected/Designed and implemented the High Availability Enterprise Encryption solution to protect personal identifiable consumer information. Created policies and procedures for the enterprise implementation and actively administer the solution. Designed and implemented the PKI solution to support the Enterprise Encryption deployment and PCI compliance key lengths and rotation/management.
  • Tasked with stress-testing the implementation for the Christmas rush anticipation, through stress testing brought the implementation to its knees and corrected the recommended settings as provided by the vendor.
  • Architected/Designed the Security Event Management solution to provide a customized infrastructure for analytical capabilities. Reduced analysis time per-event in half. Engineered the ability to pull packet payload from reporting devices. Leveraged the existing in-house logging solution to further provide analytical capabilities.
  • Responsible for maintaining our Correlation and log aggregation solution. Created standards, procedures, and flowcharts on Analysis techniques, SourceFire deployments, and Correlation to support PCI DSS, SOX audits, as well as external/internal audits.
  • Security awareness training for associates and staff alike. Created and taught several Security classes including IDS Technology w/SourceFire, TCP/IP Introduction and Primer, and various others.
  • Lead analyst and member of Incident Response Team. Also created the Incident Response procedures alongside my teammates.
Jan 2006 - Feb 2007

Systems Security Specialist/Threat Team Lead

Acxiom Corporation
  • Lead Architect for Phase 1.5 which was to re-­‐design, consolidated and upgraded an existing IDS infrastructure and incorporate into our SIEM solution.
  • Consolidation efforts allowed us to extend monitoring capabilities to a global scale on the network; reaching to our remote offices in London, Poland, France and more which provided us with an N design.
  • Designed, maintained and applied unique IDS/IPS policies for each unique monitored zone/network/segment to ensure relevant alerts were only being monitored.
  • Established “Best Practices” for deploying IDS/IPS sensors internally/externally, IDS/IPS Policy, Signatures and monitoring equipment (Taps, replay switches, etc...)
  • Established time-­‐line best practices for applying Critical/Important/Informational signatures across our IDS/IPS platform(s).
  • Lead the integration of our IDS/IPS alerts to our SIEM solution. Created custom correlation logic whichallowed us to discover and mitigate several worm outbreaks before causing any damage to our operational status.
  • Lead Architecture for the 10GB IDS project to provide visibility from a monitoring and analysis perspective into our most business critical “hive” that performed data-­‐crunching capabilities.
  • Responsible for deployment,  management and tuning of our perimeter Intrusion Prevention Solution.
  • Saved the company $250,000 USD annually by removing the MSSP in place by stream-­‐lining thdeployment and management of our global IDS deployment and reducing our alerts by 99%. 
  • Created standards, procedures, and flowcharts on Analysis techniques, IDS/IPS provisioning, deployments, management, and Correlation to support ISO 17799, SOX audits, as well as external audits.
  • Technical director of Threat Team and Analysis Team.

Publications / Conferences