Large Federal Agency

● Lead Splunk Engineer and architect for 30 person team on 40TB AWS cloud Splunk deployment for large U.S. gov agency.

● Developed complex indexation strategy and account delegation model for 50+ sites for aggregation into one centralized location.

● First installation of Cribl, log streaming consolidation and correlation technology, for a large U.S. federal entity.

● Tuned Splunk searches taking 2+ hours down to less than a few seconds over billions of events across entire government agency.

Managed Services Provider

● Cleaned up poorly performed data onboarding

● Utilized field aliases, tags, eventtypes for the Common Information Model (CIM)

● Created better correlated searches in enterprise security for real time use of Security Operations Center (SOC)

● Aided Managed Detection & Response (MDR/MSSP) team with data quality issues for 60+ data sources over 3 customers

● Created correlation searches in Splunk Enterprise Security for missing sourcetypes, indexes or forwarders on all MSSP segments.

● Developed advanced regular expressions for 300+ field extractions, field aliases for proper CIM compliance.

● Utilized Github repository as a change control measure to commit changes to index clusters, heavy forwarders and deployers.

U.S. Army

● Stood up Splunk Enterprise Pilot in AWS Government Cloud

● Troubleshot issues with AWS gov cloud and a hardened enclave environment (HCE)

● Configured ServiceNow integration to work with Splunk flawlessly

Lily Pharmaceutical

● Troubleshot Splunk installation issues for pharmaceutical company

● Trained company’s Splunk administrators on best practices for data onboarding

U.S. Virginia Army National Guard

● Installed and configured Splunk Enterprise stand-alone instance

Department of Homeland HQ

● Transitioned legacy SIEM technology, ArcSight, over to Splunk Enterprise and Splunk Enterprise Security

● Stood up full implementation of Splunk and Splunk Enterprise Security, 6 TB ingest rate/day.

● Onboarded data from over 20 sources, syslog and security applications

● Created custom install scripts for Linux and Windows used to install Splunk on hundreds of client servers/machines

Nutanix

● Full Splunk environment upgrade from v 6.6 to 7.0.3

● Live demo to customer of how to correctly use the Splunk data model and map fields to CIM format

● Created 20 correlation searches and alerts with the Splunk Security Essentials App

● Performed technical assessment of Splunk environment and found over 6000 errors in the environment

● Reviewed Splunk logical and physical architecture for compliance with best practices

● Helped customer estimate license sizing and growth projections for future Splunk scaling.

City of Columbus, Ohio

● Installed/configured the NetApp application and technology add-on to assist with Columbus, OH police officer body camera data

● Configure SSL encryption on all Splunk servers across enterprise Splunk environment.

Zurich/Farmers Insurance

● Administered Splunk implementation work to migrate all financial asset and risk data into Splunk for the Zurich enterprise.

● Designed and developed enterprise dashboards from real-time vulnerability data using advanced searches and reports, data models,

macros, summary indexes, load jobs, user permissions, tokens and drilldowns.

● Translated CISO/CTO requirements into a powerful proof of concept (POC) solution, for replication of business intelligence, data

correlation, and automation into Splunk - enabling more informed c-suite decisions.

● Created custom configurations in Splunk to handle use case/content development from various data sources dashboard creation efforts

and developed a configuration migration plan to migrate asset and risk data from Data Mart into Splunk.

● Managed a large effort for using Splunk as an automation tool to replicate business logic previously completed by manual processes

in a custom SQL Database solution.

● Launched a Splunk dashboard solution to automate 15 Key Performance Indicators (KPIs) and radically increased enterprise security

for Zurich Insurance Group.

● Created 50+ advanced Splunk search queries to analyze and report client data findings, improving network cyber threat visibility.

● Integrated multiple data sources into a centralized Big Data Analytics Intelligence Platform for optimal visualizations - establishing

executive-level dashboards and reports to make risk-based decisions for remediation/mitigation of identified issues.

Internal Revenue Service (IRS)

● Responsible for developing an approach to import, correlate, and normalize disparate data sets of structured and unstructured data

including: Plans of Actions and Milestones (POAMs), risk-based decisions (RBDs), network/operating system vulnerability scan data,

database vulnerability scan data and compliance scan data, in order to improve the overall cyber posture of the enterprise.

● Gathered, aggregated, correlated, analyzed, and visualized security data to highlight trends, issues with processes, prioritized

mitigations, and recommended remediation approaches to improve security posture of the organization.

● Developed visualizations depicting vulnerabilities and organizational trends in patch management to highlight gaps for improvement.

Defense Manpower Data Center (DMDC)

● Analyzed/planned quarterly cyber application release schedule for 12 applications to ensure seamless implementation for the client.

● Coordinated with team of 10+ developers and engineers to implement Identity and Access Management (IdAM) and Access-Based-

Access-Control (ABAC) security solutions for the entire Department of Defense (DoD).

● Established executive-level dashboards and reports to make risk-based decisions for remediation/mitigation of identified issues.

U.S. Air Force Warfighter

● Managed staff of 15+ in combat/non-combat operations, ensuring security for Balad Air Base, Iraq – a critical U.S. military outpost.

● Coordinated and dispatched on-duty patrol activities in community of 14,500+ during routine, emergency, and contingency operations.

● Directed full spectrum threat response and protection for over $700M in property, equipment, and supplies – zero loss of life.

● Led teams during 13 indirect fire attacks; identified impact site of unexploded ordinances, established cordons/evacuated personnel.