Experience

Cyber Incident Response and Intrusion Forensics Team (CIRIFT) is responsible for Digital Forensics, Incident Response, and the Insider Threat program.

Built internal automation for and conducted insider threat cases.
Coordinated with Legal, PR, Compliance and Security teams during public investigations.
Built valuable relationships with law enforcement and intelligence organizations.
Created documentation and implemented controls in support of global compliance work including SOC2, NIST, ISO 27001, and the Monetary Authority of Singapore.
Led incident response while mentoring and training other security professionals.

Responded to security incidents and manage them from scoping through to remediation.
Reviewed control environment, plan, and implement security projects.
Trained financial investigators on technical investigative techniques, decreasing the time needed to file Suspicious Activity Reports (SAR).
Collaborated with our Threat Intelligence team on assessing the risk specific virtual and physical threats pose.

I am an instructor for the Cybersecurity Professional program that is delivered through a partnership between HackerU and the UM Division of Continuing and International Education. We help students build the knowledge needed to start successful careers in Cyber Security. We do this by teaching the concepts needed for them to complete realistic hands-on labs that gives them experience they would have otherwise needed from time in the field.

I am authorized to teach the following courses: Intro to Cyber Security, Microsoft Security, Networking, Linux, Network Security, Cyber Infrastructure & Technology (CIT), Ethical Hacking, and DFIR.

The DFIR course covers endpoint forensics including analyzing Prefetch, AppCompatCache, MRU, Registry, process trees and network artifacts through memory, and the contents of portable executables (EXE files)

Below are my responsibilities.

As the Security Team Lead, I was responsible for directing our Security Operations Center and providing security leadership for our internal teams, clients, and partners. Below are some highlights of accomplishments.

Created new service offerings, validated market fit, and brought them to market.
Partnered with software vendors to bring new implementation service to market, allowing us to service larger organizations.
Improved reliability of VoIP system while decreasing cost by more than 50%.
Created yearly release event including coordination of all technology, vendors, and internal teams. Recordings are available at Vijilan.com/Release2020
Created Applicant Tracking System (ATS) using Power Automate, SharePoint, and other Microsoft 365 products.
Organized weekly interdepartmental meeting with a new format that introduced training time and resulted meetings ending on time or early instead of going over by 1 hour.
Created “Fusion” schedule that resulted in a more diverse workload for operators, higher job satisfaction, flexibility to respond to scheduling changes, reduction of exposure to ticket fatigue, and introduced opportunities for professional development.

Below are the duties I was responsible for.

Establish and maintain the information security vision and programming to include policy creation, training, risk assessments, and incident response to ensure assets are adequately protected
Identify, architect, plan, and deploy security controls to protect our production network. This included controls to protect our cloud environment, remote access, and mobile assets.
Lead incident response to internal and external security incidents from managing the triage process through leading postmortem reviews and presenting recommendations to relevant teams.
Created visualization using PowerBI to prioritize what detections and client environments should be reviewed based on multiple types of frequency analysis and engagement data, resulting in a reduction of cost while increasing the value of detentions
Meet with clients to identify how our products and services could help them accomplish business objectives, including deployment of SIEM technology
Conduct vendor vetting and management
Assist our internal teams as a technical resource during internal and external meetings
Manage department hiring process from writing the job descriptions to advertising the jobs, interviewing candidates, and making job offers.
Review and manage budget for security related capital and operational expenses, training, and staff needs
Provide regular updates to the executive management team on status of the company’s risk posture and security program

In this role I served as a Level 2 analyst in a Security Operations Center protecting local, regional, and international companies as well as county governments and agencies. Below are the duties I was responsible for.

I focused on joining my customers with the right technologies to help them meet their goals. I did this by working with my clients to understand their business and then kept those business goals in mind as I worked to provide technology solutions. Projects have included analyzing network infrastructure, identifying and implementing new productivity software, and website design.

At DFIRCON 2019 I attended the FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response class. The course was an in-depth instruction on how to conduct an investigation with network artifacts. We finished with a hands-on simulated incident where we lived through the first 24 hours of a breach investigation.

This was a class for the Checkpoint CCSA certification through the D.O.L. TechHire Grant at MDC’s Wolfson campus. In this program, we were both working on our own CheckPoint environments and using the CyberBit CyberRange.