ACADEMIC

Drexel University

• Adjunct Professor, College of Computing & Informatics

• INFO 210: Database Management Systems

  • Database design using E-R, relational schema, set theory, relational algebra, build SQL queries.

• CT 200: Server

  • Introduces administration and management of Windows Server operating system.

• CT 201: Information Technology Security

  • Information security topics to familiarize students with technologies and policies to support confidentiality, integrity, and availability.

• CT 432: IT Security System Audits

  • Theory, methodology, procedures, and labs for students to acquire the fundamental working knowledge of system audits.

Capitol Technology University

• RSC-820: Situation Awareness Analysis and Action Plan Processes

• DSR-925: Dissertation Preparation

• DSR-951: Dissertation Research

• IAE-682: Internal Protection (two guest lecturer sessions)

• IAE-845: Doctoral Pedagogy (student)

• Doctoral chair, committee, and mentor for Ph.D. and D.Sc. students

Manning Publications

• liveProject: Developing Secure Java Application [ Course Link ]

Cybrary Instructor

• NIST 800-53: Introduction to Security and Privacy Controls [ Course Link ]

• DevSecOps Fundamentals [ Course Link ]

• Cybrary Fellowship Program

EDUCATION

• Doctor of Science (D.Sc.), Cybersecurity, Capitol Technology University, 2019

• Master of Science (MS), Electronic Commerce, University of MD, University College, 2007

• Bachelor of Science (BS), Computer Information Systems, University of MD, University College, 2001

PUBLICATIONS

1. Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators [ doi:10.1007/978-3-030-63089-8_34 ] - FTC 2020 Vancouver, Nov. 2020

2. A Framework for Sensing Radio Frequency Spectrum Attacks on Medical Delivery Drones [ doi:10.1109/SMC42975.2020.9283478 ] - IEEE SMC 2020 Conference Toronto, Oct. 2020

3. Hybrid Skills: A Quantitative Analysis of Cybersecurity Professionals Skills Maintenance for Jobs of the Future

4. Active Cyber Defense: A Case Study on Responses to Cyberattacks (dissertation) - [ ProQuest: 13886134 ]

CERTIFICATIONS

• Certified Information System Security Professional (CISSP)

• Offensive Security Certified Professional (OSCP)

• Offensive Security Certified Expert (OSCE)

• AWS Certified Solutions Architect – Associate - 2021

• AWS Security Specialty - 2021

• CNCF: Certified Kubernetes Administrator (CKA) - 2021

• CNCF: Certified Kubernetes Security Specialist (CKS) 2021

SPEAKING ENGAGEMENTS

4/21/21 DISA Cyber Development Directorate brown bag

• Cyberhygiene for protecting systems, processes, applications, and supply chain

3/24/21 InfraGard MD, Cybersecurity Conference on Incident Response

• Identify Vulnerabilities First or Learn to Love Response and Recovery

1/9/21 IJATL Symposium on International Cybersecurity Leadership

• Hybrid Skills: Cybersecurity Skills Needed for Jobs of the Future

11/5/20 Future Technologies Conference (FTC) 2020, Vancouver [ doi link ]

• Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators

10/12/20 IEEE Systems, Man, and Cybernetics (SMC) 2020, Toronto [ doi link ]

• A Framework for Sensing Radio Frequency Spectrum Attacks on Medical Delivery Drones

4/23/20 WhiteSource Secure Coding Virtual Summit [ YouTube Link ]

• Secure Coding and Vulnerabilities Panel

4/22/20 Information System Security Association (ISSA) Central Maryland

• DevSecOps: Integrating and Maturing a Security Culture

2/1/20 National Association of Secretaries of State, 2020 Winter Conference

• Cybersecurity for the State Archives and Records Management

1/16/20 InfraGard MD, Annual Cybersecurity Conference

• DevSecOps: Integrating a Security Culture

7/13/19 Social Security Administration Cybersecurity Conference

• The State of Cybersecurity Threats

8/26/15 Federal Computer Security Managers

• Implementing E3A using the XLA Threat Reduction and Correlation Tool (xTract)

PATENTS

1. US Patent #9,385,993 - Media for detecting common suspicious activity occurring on a computer network using firewall data and reports from a network filter device [ USPTO: 9385993 ]

PROFESSIONAL ASSOCIATIONS

• International Information Systems Security Certification Consortium (ISC)²

• InfraGard, Maryland Members Alliance

• IEEE Member

PROFESSIONAL EXPERIENCE

04/15 - Present: Cybersecurity Consultant

• Lead design of cloud enterprise security architecture in Amazon Web Services (AWS)

• Managed program work for IA division through full SDLC of the system

• Implemented DevSecOps pipeline for CI/CD

• Developed custom software to automate DHS Einstein notices (granted US Patent #9,385,993)

• Designed and deployed automated vulnerability scanning architecture

• Secure code review of Java, PHP, and .Net applications

• Incident response and investigation of security events using Security Center, netflow, and FireEye suite

• Webapp testing with WebInspect, AppSpider, Burp Suite Pro, Metasploit, and Kali Linux tools

• Developed security engineering whitepapers to facilitate discussions on implementation

01/03 - 04/15: Independent Consultant

• DIACAP services for the Military Sealift Command

• Technical Lead on Security Test and Evaluations (ST&E)

• Consulting for shipboard management and satellite security

• Managed Linux, Solaris, and Windows Server

• IA support for Risk Management Framework (RMF) services at Federal Government site

04/00 - 01/03: InfoSec Consultant

• Penetration testing with various government and commercial entities

• DITSCAP Certification & Accreditation (C&A), documentation development and review

• Managed DNS, Web, IDS, and routers for external network

• Performed network security assessments

• Worked on a pilot Public Key Infrastructure (PKI) project with Army Materiel Command

• Java application development for custom applications

09/98 - 01/01: Senior Network Security Analyst

• Computer intrusion investigations

• Performed network penetration testing

05/94 - 09/08: System Administrator

• Installed and managed Linux, Solaris, Windows, and FreeBSD

• Installed Oracle database on multiple platforms

• Designed web email service integrating Apache, PERL, LDAP and Oracle database