As the Director of Information Systems Security at Advantage Technology, I am charged with leading our Information Security Services team on behalf of our customers. We deliver a number of advisory services in addition to security compliance testing, awareness training, and other professional security services. I have nearly 20 years of industry experience in information security, with a strong background in security operations, applied threat intelligence, policy development, operational procedure development, incident management, malware research, network defense architectures, network penetration testing, intrusion prevention technologies, endpoint protection and analysis and counterintelligence control operations.
Before coming to Advantage Technology, I was the Director of Global Threat Intelligence for one of the largest private security firms in the world. I assisted in architecting and developing security automation/orchestration platforms, enhanced threat analysis and a real-world simulation testing framework (a framework for structured security testing to validate the effectiveness of security products). In my role with the Global Threat Intelligence team, I led the development of dark web research methodologies and industry specific honeypots for intelligence research.
As a former Principal Security Consultant for for a prestigious security firm, I provided a wide range of tactical services to clients in multiple industries including law enforcement, state and federal government, medical, financial, oil and gas, energy, entertainment, and gaming. This experience included architecture and policy review, vulnerability detection and exploitation, physical security assessments, social engineering exercises, targeted phishing attacks, application testing, wireless security testing and incident response services.
Before joining Accuvant, I was the Cyber-Security Operations Manager for the State of West Virginia’s Office of Technology. My responsibilities included researching, designing, deploying and operating a statewide intrusion control and monitoring program, in addition to designing and building the state’s first consolidated Cyber Security Operations Center (CSOC). In this position, I also supported the West Virginia Critical Infrastructure Protection Task Force (WVCIPTF), where I provided security guidance and expertise to military leadership, government executives and agency heads. From 2007-2011, I was the chief incident responder for the executive branch of West Virginia, responding to and managing thousands of incidents.
In my free time, I am a musician and a volunteer. I have been involved in the Infosec volunteer community where I co-founded a statewide technology group 304geeks and SecureWV/Hack3rcon, an annual information security conference held here in Charleston. I am also a longtime mentor/anchor for DigiSo, a local business incubator here in Charleston. I have volunteered at Marshall University’s Appalachian Institute of Digital Evidence (AIDE) where I have given several presentations. Additionally, I like to play music. I’ve been playing guitars, mandolins, and basses since I was a kid.
- I have been fortunate enough to have been invited to participate in a number of unclassified, state and federal exercises including the NSA’s Cyber Defense Exercise (CDX) 2009-2011 and Cyber Storm II and III.
- In 2013, I developed an open source DNS security tool titled Scrape-DNS. This tool has been adopted and included in a number of security testing toolkits and frameworks, including Metasploit, Recon-ng and ArchAssault.
- In 2010, I won the Risk Management Initiatives Award for the design and deployment of a ‘Web Filtering and Bandwidth Control System’ for the State of West Virginia.
- In 2009, I was the team leader for the winning team for the (Innagural) DHS National Capture/Defend the Flag contest. Our team won both the attack and defense competitions leading to the overall victory.
- In 2005, I was appointed Chairman of the Subcommittee on Incident Response and Management for the State of West Virginia, resulting in the development of the State’s Information Security Incident Response Plan.
- GIAC Certified Penetration Tester (GPEN)
- GIAC Certified Wireless Penetration Tester (GAWN)
- GIAC Certified Web Application Penetration Tester (GWAPT)
- Certified Computer Hacking Forensics Investigator (CHFI)
- Snort Certified Professional (SnortCP)
- Enterasys Security Systems Engineer – Dragon (ESSE-D)
- Tenable Enterprise Certified Professional (TECP)
- Tenable Nessus Certified Professional (TNCP)
- Tenable Nessus Audit Certified Professional (NACP)
- Protected Critical Infrastructure Information (PCII) Authorized User
- Chemical-terrorism Vulnerability Information (CVI) Authorized User
- CompTIA certified A+ Technician
- Microsoft Operations Framework (MOF)
- DeVry University
- Management Information Systems
- West Virginia State University