A significant portion of my leadership experience was centered on directing global cyber incident response operations across highly complex, interconnected core networks. This immense responsibility encompassed securing traditional corporate IT infrastructures, expansive cloud deployments, and highly sensitive Operational Technology (OT) environments, including active manufacturing floors, automated packaging systems, and vital critical infrastructure. To ensure continuous, 24x7 global defense across these sprawling environments, I managed a remote 30-person security operations center structured around five core pillars of responsibility: incident response, digital forensics, threat intelligence, SOC operations. This involved orchestrating complex response activities through a highly distributed team, including personnel stationed in Romania, JPAC region, and the US.

I led both in-house security analysts and managed outsourced Digital Forensics and Incident Response (DFIR) services to thoroughly investigate and resolve unauthorized access and other highly complex cyber events. Recognizing the critical and fragile nature of our manufacturing and infrastructure systems.

Beyond establishing robust monitoring and reactive capabilities, I prioritized proactive defense through extensive project work focused on penetration testing and purple teaming exercises. To continuously validate and elevate our organizational security posture, I actively led complex red and blue team operations, alongside targeted Tabletop Exercises (TTX). This collaborative, purple-team approach allowed us to rigorously test our environments against simulated, real-world attack scenarios. By analyzing the outcomes of these exercises, we could identify hidden vulnerabilities, refine our detection logic, and drive the continuous improvement of our security posture. The actionable insights gained from these penetration tests directly informed the development and implementation of our formal incident response processes, ensuring our playbooks were battle-tested and effective before a real crisis occurred.

I designed and implemented a formal Insider Risk Program from the ground up. For my execution of this Insider Threat Program, I was honored with a formal Letter of Recognition in 2021

Incident Response:

• Refined the Incident Response program to provide clear guidelines, playbooks, manuals, and standard operating procedures.

• Formalized critical escalation pathways and clear chains of responsibility across SOC roles.

• Standardized the People, Process, and Technology (PPT) framework governing response actions across the entire incident lifecycle.

• Formed a ongoing and working partnership with lagel, crisis management and business operations.

• Acted as technical expert in remediation of discovered or exploited vulnerabilities.

• I designed and implemented a formal Insider Risk Program from the ground up. For my execution of this Insider Threat Program, I was honored with a formal Letter of Recognition in 2021

• I designed and implemented a formal ransomware response program from the ground up. I was honored with a formal Letter of Recognition in 2020

Threat Intelligence:

• (In House) Architected a centralized threat intelligence system, correlating historical telemetry with daily intelligence reporting to drive proactive defense.

• Formalized the People, Process, and Technology (PPT) framework for robust threat hunting operations..

• Integrated the organization into industry-wide threat intelligence sharing programs via ISAC.

• Operationalized private threat feeds and continuous dark web monitoring to identify external risks early and take corrective actions.

Security Architecture and Engineering:

• Architected and executed enterprise SIEM solution.

• Engineered policies for Endpoint Detection and Response (EDR) systems to maximize coverage.

• Engineered cloud policy and security workflow for ongoing secure monitoring, response and deployment.

• Formulated comprehensive security policies and procedures to secure containerized workloads and infrastructure.