Experience

Independent Consulting Practice · Remote — multiple clients

Serving multiple MSSP and SMB clients across incident response, infrastructure recovery, server modernization, automation, and website engineering.

• Provide independent cybersecurity, infrastructure, and technical consulting services to multiple clients, including MSSPs and small to mid-sized organizations, after the closure of Zyston in November 2025.

• Deliver hands-on consulting across incident response, investigative support, infrastructure recovery, server modernization, virtualization, workflow automation, and website troubleshooting.

• Conduct incident response and investigative support for client environments, helping organizations assess, contain, and work through security-related events and operational issues.

• Rebuild damaged, aging, or unstable servers and restore business-critical services through structured recovery, remediation, and modernization efforts.

• Migrate and upgrade servers into more modern and supportable environments, including virtualization-focused approaches that improve resiliency, maintainability, and operational continuity.

• Support clients with Azure and Windows administration activities, including permissions, storage architecture, data movement, general systems support, and environment cleanup.

• Assist with technical recovery and infrastructure stabilization efforts following outages, failures, misconfigurations, or security-related disruptions.

• Design and implement workflow automations to reduce manual effort, improve consistency, and streamline operational or customer-facing business processes.

• Support business process automation initiatives, including CRM-centered workflow design where operational efficiency and repeatability are needed.

• Troubleshoot and repair websites, integrations, and application-related technical issues that affect customer operations and business functionality.

• Serve as both a technical executor and advisor, helping clients translate business problems into workable technical solutions rather than focusing only on tool administration.

• Apply prior experience from MSSP leadership, enterprise security operations, infrastructure engineering, and customer-facing technical work to solve problems quickly with minimal ramp-up time.

Zyston LLC · Dallas, TX (Hybrid)

• Led enterprise vulnerability and exposure response across on-prem, AWS, Azure, and hybrid environments using platforms such as Wiz, SafeBreach, and Gem Security, driving zero-day triage, cloud detection maturity, validation depth, and defensible outcomes for heavily regulated financial-services and payment-processing customers.

  cloud securityvulnerability management

• Led global cyber operations, including AI integrated operations, and enterprise-scale tech supporting highly regulated customers. Operated as the primary technical lead bridging Cyber, Engineering, Data, and Compliance (GDPR/ISO27001/NIST CSF, NIST SP 800-53+) to drive evidence generation, analytics, and risk transparency.

  cybersecurity program managementrisk reporting

• Lead a global 24×7 SOC with 20 cybersecurity analysts supporting investigations, threat hunts, vulnerability management, advanced technologies, Hoplite, Advanced Technologies, publications, and emerging threat operations. Served as the technical and operational lead for escalations, workflows, and analyst development.

  incident responsesoc operations

• Led creation and refinement of cyber indicators, dashboards, saved searches, response workflows, and cloud / identity detections across Sumo Logic / CSE, Splunk, Datadog, ServiceNow, SentinelOne, CrowdStrike, AWS telemetry, Git-managed content repositories, Azure DevOps pipelines, and customer-specific log sources.

  security monitoring

• Incident Commander for tier 1 incident response operations, including ransomware, BEC, data theft, privilege escalation, and cloud intrusion events, coordinated cross-functional response across customers, internal stakeholders, and legal teams. Effectively reducing and at times preventing MITRE ‘Impact’ TA goals.

  incident response

• Built and governed a Global Security Incident Response Framework with runbooks, decision trees, evidence-handling standards, service metrics, and escalation workflows; converted threat intelligence and incident response lessons learned into new detections, thresholds, playbooks, and tuning priorities.

  incident responsesecurity monitoring

• Managed a 24x7 global SOC / CSIRT supporting 80+ highly regulated customer environments and a 20+ person organization operating with director-level scope across Security Analysts, Threat Hunting / Threat Emulation, Autonomous AI SOC / Threat Content Development, Emerging Threat Bulletins, and VMaaS.

  csirtsoc operations

• Directed a 24×7 global SOC and CSIRT with 20+ analyst and incident responders supporting over sixty environments across regulated industries, overseeing incident response, engineering, tier 1 incident commander, DFIR operations, threat hunting, publications, and vulnerability escalation functions

  incident responsesoc operations

• Led global cyber operations, AI-enabled detection engineering, and enterprise-scale automation programs supporting highly regulated customers. Operated as the primary technical lead bridging Cyber, Engineering, Data, and Compliance to drive evidence generation, analytics, and risk transparency.

  incident responsesoc operations

• Directed high-volume detection and response operations involving 500+ alarms per day, including nested-signal investigations; led teams building and tuning 1,500+ ATT&CK-aligned detections, correlation rules, and analytics that reduced false positives by 88% and duplicate alert handling by 77%.

  security monitoringthreat detection

Ativion (Rebranded Impero Software. Acquired ContentKeeper Technologies) · Remote

• Led multi-disciplinary global security engineering programs across cloud, network, AI-assisted analytics, threat intelligence, and compliance. Functioned as a cross-functional advisor to Product, Engineering, HR, and Compliance while delivering technical validation, data-driven program governance, and ML-enabled operational insight.

  cross functional leadershipcybersecurity leadership

• Regularly featured at various coalitions, trade shows, and conferences sharing insights on cybersecurity trends, threat intelligence, and best practices, providing TTPs for OSINT, training, and collaboration to eliminate cyber threat information debt in various markets.

  cybersecurity awareness trainingthreat intelligence

• Spearheaded strategic threat intelligence initiatives, leading an elite team of cybersecurity experts in identifying and mitigating cybercrime threats and activities, overseeing threat detection, incident response, and risk mitigation.

  incident responserisk assessmentsthreat intelligence

• Positioned as a cross-functional technology leader partnering with Product, Engineering, HR, Compliance, Legal, and Executive teams to modernize platforms, align investment strategies, and drive multi-year technology transformation.

  cross functional leadershipcybersecurity program management

• Served as an external-facing security leader: participated in coalitions, conferences, trade shows, and podcasts, sharing OSINT-driven insights, threat trends, and best practices to reduce “threat information debt” across markets.

  cross functional leadershipexecutive communication

• Owned cross-functional security engineering programs across product, cloud, network, CTI, and compliance. Drove strategy, governance, and XO reporting while partnering with engineering leaders to translate risk into roadmaps.

  cross functional leadershipcybersecurity program management

• Ran incident response and investigation coordination across multi-tenant cloud services, endpoint platforms, and customer-facing applications, ensuring consistent decisioning and post-incident learning.

  incident responseroot cause analysis

• Led global cybersecurity operations spanning threat detection, incident response, threat intelligence, vulnerability/risk management, and product security for customer-facing platforms.

  incident responsethreat intelligencevulnerability management

• Stays up to date with the latest cybersecurity trends, threats, and technologies to keep the organization ahead of potential risks. Guests at various podcasts speaking on Cybersecurity.

  cybersecurity awareness trainingthreat intelligence

• Directed transformation programs integrating threat intelligence, engineering, product, and operations, ensuring technology investments aligned to business strategy and value delivery.

  cybersecurity program managementthreat intelligence

Impero ContentKeeper Technologies LLC

• Applied governance to AI- and machine-learning-heavy security use cases, combining internally developed and commercial tooling with validation, approval gates, false-positive review, performance measurement, and operational guardrails to ensure analyst trust and defensible control performance across content engineering, threat analytics, and autonomous-SOC-style workflows.

• Led multi-disciplinary global security engineering programs across cloud, network, AI-assisted analytics, threat intelligence, and compliance. Functioned as a cross-functional advisor to Product, Engineering, HR, and Compliance while delivering technical validation, data-driven program governance, and ML-enabled operational insight.

  cross functional leadershipcybersecurity program management

• Built and tuned detections and investigative workflows across identity, endpoint, network, web, and cloud telemetry, including privileged-access, insider-risk, anomalous-user, and data-exposure monitoring with CyberArk, ManagedMethods, Okta, AD, Microsoft 365, Palo Alto Networks, Fortinet, Cisco Firepower, and adjacent platforms.

  security monitoringthreat detection

• Implements and maintains technology solutions for the Army's network and server infrastructure as part of ContentKeeper customer support; works independently to identify and analyze IT operations, prioritize solutions, and keep hardware and software available, reliable, and efficient.

• Led cybersecurity operations, product and customer security engineering, threat detection content, incident handling, and technical execution across a global business (including ContentKeeper) serving 1,000+ customer environments, many operating under regulated requirements.

  cybersecurity program managementincident response

• Built configuration-management practices for the security team and partnered with engineering, infrastructure, support, and leadership teams to turn security findings into product improvements, customer guidance, measurable remediation, and stronger operating discipline.

  security engineering

• Regularly featured at various coalitions, trade shows, and conferences sharing insights on cybersecurity trends, threat intelligence, and best practices, providing TTPs for OSINT, training, and collaboration to eliminate cyber threat information debt in various markets.

  cyber defensethreat intelligence

• Utilizes various networking technologies to implement decryption. Has to integrate with Windows, Linux MacOS, VMware, OpenStack, and Proxmox. Integrates security product with NAC, IDS, IPS, FW, AV, Proxies, DLP, PKI, SSL/TLS, SSL visibility, VPN solutions.

  network security

• Supports an internet content-filter solution to integrate with various customer technologies; writes and modifies control-language programs for system management; monitors network functionality and utilization and enforces security protocols.

  web filtering

• Installs, operates, and maintains data-networked equipment and components across PCs, printers, scanners, LANs, servers, tape-backup systems, WANs, routers, switches, hubs, leased circuits, firewalls, IDS, and network-management systems.

  systems administration

Waco ISD

• Upon being hired, evaluated and redesigned the District WiFi, relocating 3 WiFi controllers to a different 4500X, relocated over 500 SVIs, causing a 2-3% decrease in usage, allowed the removal of the 4500X from production. Further, conducted a Wireless audit, which led to reconfiguration that changed over 1200 access point’s configuration. Greatly reduced wireless issues at remote sites.

  wireless networking

• Revamped the District's web filtering solution, enabling seamless integration with Active Directory (AD), Network Access Control (NAC), and Security Information and Event Management (SIEM) systems. Within just three months of implementation, real-time alerting identified and provided timely assistance to three individuals in crisis, demonstrating the system's life-saving capabilities.

  active directorysiemweb filtering

• I originally had a yearly 1.1 mil budget that was said to encompass 15 sections of IT within the organization that covered over 32 satellite locations. Using a cost/benefit analysis and vulnerability assessment that was with our BIA audit, every section was drastically under budget, had legacy end of life equipment, and had known vulnerabilities that were unable to be patched.

  risk assessmentsvulnerability management

• Built the configuration-management program for district technology operations, implemented an MSSP-backed security plan and program, and strengthened privileged-access monitoring, anomalous-user visibility, Active Directory governance, managed threat-content development, penetration-testing support, and cloud-connected service accountability across the environment.

  vulnerability management

• Redesigned the District WiFi, relocating 3 WiFi controllers to a different 4500X, relocated over 500 SVIs, causing a 2-3% decrease in usage, allowed the removal of the 4500X from production. Further, conducted a Wireless audit, which led to reconfiguration that changed over 1200 access point’s configuration. Greatly reduced wireless issues at remote sites.

  wireless networking

• Changed the District from a web filter solution to a different solution. Implemented the AD integration as well as the NAC integration with the solution, allowing for alerting to populate the user account. Within three months after implementing, real time alerting detected 3 suicidal people, was able to track down and provide help within the hour.

  network securityweb filtering

• Designed and implemented the Global Protect VPN solution for the District with a least-privilege configuration, granting internal fileshare system and domain authentication access to all staff and students. Successfully configured both Palo Alto's Global Protect and ContentKeeper Mobile Agent VPNs to work seamlessly.

  least privilegevpn

• Implemented SSL decryption and built 70+ UEBA and behavioral-risk profiles, some reaching 10,000 configuration lines, to detect insider threats, policy violations, anomalous browsing, self-harm indicators, compromised accounts, data misuse, and other advanced threat-detection scenarios.

  security monitoring

• Changed the district from one web-filter solution to another; implemented AD integration and NAC integration with the solution so alerting populated the user account. Real-time alerting detected 3 suicidal people within 3 months of implementation and provided help within the hour.

  nacweb filtering

• Engineered Global Protect VPN for the District with least-privilege configuration, resulting in every staff and student having access to internal fileshare systems and domain authentication. Configured Palo Alto’s Global Protect and ContentKeeper Mobile Agent VPNs to both work.

  least privilegevpn

Army Cyber

• With the Cyber Protect Team, I was their threat hunt/vulnerability assessment lead. Part of the vulnerability assessment responsibilities is analyzing the current environment, formulating and planning remediation steps and presenting the changes to the environment owner.

  threat huntingvulnerability assessments

• Built detections for adversary behavior, suspicious authentication, privileged misuse, lateral movement, defense evasion, and exfiltration patterns while coordinating across analysts, engineers, and commanders to contain threats and protect operational continuity.

  security monitoringthreat detection

• At Cyber Shield 17 and 18, awarded a medal for outstanding performance in security the network and training other service members to do the same, received recognition and a coin of excellence from Washington’s Lieutenant Colonel, Commander for performance.

  training development

• During a weekend training exercise, conducting ‘hunt’ operations, successfully found and advised to isolate a rouge, insider threat machine within minutes of starting, Texas CPT received Top 7 recognition out of 30 states that were in competition/exercise

  incident responsethreat hunting

• At Cyber Shield 17 and 18, as a Forensic Expert, investigated over 150 computers, 3 server systems, to find compromises in their systems, effectively shutting down all ‘call-outs’ and re-stabilizing the integrity and confidentiality of the systems

  dfir

• While I was with Texas’ Cyber Protection Team, I analyzed the current “go box” for incident response and proposed a tool set for the CPT to use. They approved of the tool set and approved of me implementing the OS image for rapid deployment.

  incident responseplaybook development

• At Cyber Shield 17, as a Forensic Expert, investigated over 50 VM OS, 3 server systems, to find compromises in their systems, effectively shutting down all ‘call-outs’ and re-stabilizing the integrity and confidentially of the systems

  forensics trainingincident response

• Led multi-state workforce development and operational training programs; partnered with state leadership on readiness strategy, talent development, and capability modeling. Awarded multiple recognitions for leadership and performance.

  people leadershiptraining development

• During training exercise, conducting ‘hunt’ operations, successfully found and advised to isolate a rouge, insider threat host in record time, Texas CPT received Top 7 recognition out of 30 states that were in competition

  incident response

• Performed defensive cyber operations, digital forensics, malware analysis, and threat hunting in mission-focused environments supporting multiple 100,000+ account ecosystems and organizations worth hundreds of millions.

  incident responsemalware analysis

Groesbeck ISD

• Project lead for Change Management to split 1 Server 2012 R2 to Configured and Administered 4 Server 2012 R2’s to run Google Cloud Print Service with over 150 printers across the district, splitting the printers by campus for over 2200 users in 2 weeks, causing a 75% printer help desk ticket reduction. Primary technician for all technology repairs in the district, to include over 2200 Chromebooks, 200 projectors and over 150 printers

  change management

• While working in a large scale (4A) school district with over 2200 students and over 200 employees, I worked on developing information security technical documentation, authorization and accreditation documentation, such as risk assessments for every football games, UIL events and community events and the impacts that those events have on our IT SEC.

  policy developmentrisk assessments

• Created documentation, audited and maintained over 150 printers in the District. Assisted in changing out over 10 Cisco/Dell switches, and installing over 100 access points. Effectively conduct ‘roll-in’ and ‘roll-out’ annually, users turn in over 2200 Chromebooks at the end of the year and are re-issued them after the summer, no loss of inventory

  technical documentation

• I recommended to the district to increase its student’s PII and PHI database’s uptime to their board of directors. After evaluating, analyzing and developing the management processes that would change from the current legacy tardy system that was at the end of its life cycle, to the upgraded newer solution.

  cyber defenserisk assessments

• At Groesbeck ISD, while serving as an appointed Information Security Officer (ISO) from the IT department involving the student PII and PHI database; evaluated, analyzed and developed a management processes that would change the current legacy tardy system that was at the end of its life cycle.

  cyber defenserisk assessments

• Conducted a Continuity of Operations Plans review that led to distribution of systems across the district to lower risk and increase availability; a later main-campus power outage validated the design when the remaining 4 campuses took zero impact due to redundancy.

  business continuitydisaster recovery

• Formulated complex change strategies; frequently sought and gave input from other districts to evaluate options for change and encourage buy-in. Effectively collaborated with other districts and local government agency teams on information technology programs.

  change managementvendor management

• At Groesbeck ISD, another example apart from the database is when I configured their Disaster Recovery locations for each of their campuses. Part of this process, I reconfigured their print servers into smaller and split up virtual and physical servers.

  disaster recoveryserver migrations

• Formulated complex change strategies across districts and local government agencies; deployed VPN connections between districts and Public Key Infrastructure to share resources between 5 3A/4A schools and increase research data available for students.

  pkivpn

• Led the changeout of 10+ Cisco/Dell switches and installation of 100+ access points, upgrading to WPA2-Enterprise and two-factor Google authentication for network access; significantly improved saturation, throughput, security, and availability.

Self Employed

• Consulted and Configured over 25 Small Office/Home Office businesses. While I had over 25 customers (not the video game tournament companies) that I constantly consulted for, I would analyze their goals and objectives and then architect and implement their custom made solution.

  network securitysecurity engineering

• While being self-employed, part of the consulting I would offer is to coordinate with every department in the customer’s organization and build a better workflow. The workflows I would recommend building towards increased their security, as well as better business practices.

  network securitysecurity engineering

• While self-employed, analyzing customer’s environment and researching, building build-of-materials, submitting RFP responses, RFI responses with cost/benefit analysis was what I did with every customer.

  network securitysecurity engineering

• Delivered end-to-end IT and security consulting, including vulnerability assessments, penetration testing, remediation planning, and high-availability design targeting 99.999 percent uptime.

  penetration testingvulnerability assessments

• When I worked for myself from 01/06-10/2015, I had to coordinate and engineer cyber security measures for over 100 videogame networks for tournaments and competitions.

  cyber defensenetwork security

• Assisted in planning large system software and hardware upgrades for multiple churches, including audio and light equipment, and assisted with configuration.

• Conducted vulnerability assessments, penetration testing, and configuration reviews across servers, endpoints, and applications.

  penetration testingvulnerability assessments

• Managed and mentored three technical personnel using a standardized Identify, Recommend, Execute delivery model.

  technical mentoring

• Managed the CVE lifecycle, providing remediation guidance and verification focused on risk reduction and uptime.

  cve managementvulnerability remediation

• Led infrastructure modernization projects to eliminate legacy vulnerabilities and reduce attack surface.

  infrastructure modernizationnetwork modernization