Resume


Objective


My passion lies in helping my clients and customers discover the facts, achieve the stability, and maintain the trust they need to succeed. I use my knowledge and experience in the digital forensics and incident response fields to positively influence the wheels of justice and help create a secure, fair, and ethical environment for everyone.


Experience


Microsoft Corporation
Dates: August 2015 – Present
City: Redmond, Washington
Position: Senior Security Analyst

I am currently a senior security analyst in the Microsoft Security Response Center (MSRC), and a member of the Cyber Defense Operations Center (CDOC).

Working within the Cloud + AI business, I focus heavily on digital forensics and incident response within Azure and its National Cloud offerings including Azure Government, and Azure Deutschland.

I drive threat-monitoring programs and respond to threats with my digital forensics background. My expertise helps the company resolve the most critical and sophisticated issues that may arise in the Center.

I work in close partnership with the Corporate, External, & Legal Affairs (CELA), Microsoft Threat Intelligence Center (MSTIC), and Digital Crimes Unit (DCU) teams to build capabilities and provide DFIR at cloud-scale, serving the needs of cybersecurity, compliance, and the law.

Zebeth 90s LAN
Dates: 2013 – Present
City: Lynnwood & Sedro-Woolley, Washington
Position: Owner

Zebeth 90s LAN provides a venue and infrastructure for enthusiasts to bring 1990s-era computers to a central location, network them together, and play video games. I manage all aspects of the 90s LAN, including security and vulnerability management of legacy and deprecated systems.

Cascadia Forensic Services, LLC
Dates: August 2014 – January 2016
City: Sedro-Woolley, Washington
Position: Owner, Lead Forensics Investigator

Cascadia Forensic Services was a boutique digital forensics and information security company. Founded in 2014, CFS provided its clients with world-class service and bulletproof results.

Biblioso Corporation @ Microsoft
Dates: May 2015 – August 2015
City: Redmond, Washington
Position: v- System Administrator

Biblioso Corporation provides vendor staffing to Microsoft. Through them I worked in the Cloud + Enterprise division doing tier two work on a systemic cybersecurity architecture change.

Blank Law + Technology P.S.
Dates: 2007 – 2014
City: Seattle & Mount Vernon, Washington
Position: System Administrator, Digital Forensics Investigator, InfoSec First Responder

Blank Law + Technology is a law firm specializing in digital forensics and electronic discovery work. I filled many roles at BLT, notably lead forensics investigator, security incident first responder, systems/network engineer and administrator, and information security manager.

TestudoData, LLC
Dates: 2007 – 2014
City: Seattle & Mount Vernon, Washington
Position: Security & Technology Manager, Technical Support Manager, Sales Engineering

TestudoData was an information security services company specializing in communications systems and cloud-based services. I had several roles at TD, including management of the customer-facing technical support group, new service evaluation, and systems/network administration.

EDEN – Electronic Discovery Extraction Network
Dates: 2009 – 2014
City: Seattle, Washington
Position: Electronic Discovery & Digital Forensics Expert

I co-developed EDEN, an organization that connects IT, e-discovery, and digital forensics professionals. I maintained the website and other EDEN resources and the training for forensic jobs referred out to the EDEN member base.

Zebeth Systems
Dates: 2011 – 2012
City: Lynnwood, Washington
Position: Owner

Zebeth Systems focused on repairing classic and modern video game hardware, from Atari 2600 to Xbox 360. Electronics repair, soldering skills, and a steady hand are key to this type of work.

 


Skills


  • Enterprise Cybersecurity Incident Response – I currently lead the C+AI Security Operations Center Investigations & Forensics team within MSRC at Microsoft. With over 3 million servers in over 100 datacenters supporting Microsoft’s online services located across the globe, there are always security incidents to respond to. My team identifies and eradicates malware and live attacker threats from within this diverse environment using the latest tools and sophisticated techniques to protect customer data hosted in services such as Azure, Office 365, and OneDrive.
  • Forensic Acquisition & Investigation – I manage and perform forensic investigations at all EDRM stages. I have extensive experience forensically duplicating media, acquiring mobile device and cloud data, and seizing hardware and original storage media for preservation. I provide this work either in-house or on-site, and have flown across the United States for on-site acquisitions and investigations.
  • IT Support – I have experience managing backend systems supporting forensic and eDiscovery labs. This includes Windows/SQL Server administration for Relativity, providing network storage solutions for forensic work product, managing the licensing of forensic software, and administering the Concordance, LAW, EnCase, and FTK environments. I have also managed Active Directory, Exchange, web servers, IP phone networks, and various supporting equipment and services. I am also experienced with backup strategy creation and implementation, and disaster recovery planning.
  • On-the-Fly Learning and Decision Making – Digital forensics is a unique challenge. It requires me to think about novel solutions to issues that develop at all phases of an investigation in a very short timeframe. I have an innate ability to rapidly and accurately learn new systems and procedures, which has allowed me to excel in my field.
  • Documentation – Creation of declarations, affidavits, and formal reports of finding are all strong skill areas. I am thoroughly versed in technical writing, such as FAQs, SOPs, and network AUPs. Customer-facing content is another area I enjoy working. Finding the right balance between the company’s interests and the client’s trust is thoroughly engaging.
  • Attorney Support – I am frequently involved in meetings, conference calls, and on-site training sessions to provide expert advice on many issues including data and device access, search term requirements and recommendations, preservation of existing data, and security of networks and equipment with legal and IT staff at many law firms across the country. Bridging the gap between technical jargon and legalese is an art form I am fluent in.
  • Expert Witness – I work as an expert witness in person and via teleconference. I have provided expert testimony in various civil and criminal matters including IP litigation and homicide.
  • Client Matter History – I have logged thousands of billed hours on over 175 client matters. My clients have included major public utilities, law firms, Fortune 500 companies, law enforcement agencies, public defense organizations, and state/local governments. I have a proven track record of solid work that holds up under the scrutiny of opposing experts and the rule of law.

 


Software Proficiency


Digital Forensics

  • AccessData FTK (Forensic Tool Kit) versions 1 – 5
  • EnCase (Guidance Software)
  • X-Ways Forensics (WinHex)
  • Cellebrite UFED + Physical Analyzer
  • Oxygen Forensic Suite
  • MacForensicsLab
  • Paraben Device Seizure
  • Acronis True Image
  • Norton Ghost
  • FTK Imager
  • Autopsy
  • Scalpel
  • Ophcrack

Incident Response

  • ArcSight ESM/Logger
  • Splunk
  • Resilient
  • F-Response

e-Discovery

  • kCura Relativity
  • LexisNexis Concordance
  • LexisNexis LAW PreDiscovery
  • iCONECTnxt
  • Summation

Server Software

  • Windows Server 2003/2008/2012/2016
  • Linux servers incl. Red Hat Enterprise Linux, OpenSUSE, CentOS
  • Exchange Server
  • Microsoft SQL Server
  • MySQL, PostgreSQL server
  • Active Directory
  • ZixGateway email encryption appliances
  • Apache web server
  • IIS web server
  • BIND & Windows DNS servers
  • In-depth knowledge of DNS functionality and configuration
  • Microsoft Dynamics
  • SugarCRM
  • IRC daemons and bouncers
  • Sendmail & postfix
  • CMS systems: Joomla! / WordPress

Network Infrastructure

  • Network physical and virtual engineering
  • Firewalls incl. SonicWall, pfSense, etc…
  • Security information and event management (SIEM)
  • Wireshark (packet sniffing and analysis)
  • HP and Dell managed switch administration
  • TFTP / boot from Ethernet
  • Wake-on-LAN (WOL)
  • Wireless Access Point (WAP) deployment
  • WiFi administration
  • Wireless traffic capture

OS Expertise

  • Windows desktop 9x/2k/XP/Vista/7/8/10
  • Microsoft Office document analysis for versions 2003/2007/2010/2013/2016
  • Linux desktop incl. Gentoo, Debian, Mandriva, KNOPPIX, Ubuntu
  • Mac OS X
  • Android
  • Apple iOS (iPhone, iPad, iTouch)

Cloud Services

  • Deep understanding of Cloud services
  • Office 365 administration
  • ZixPortal web-based email encryption portal
  • Google Apps administration
  • McAfee SaaS Email Protection
  • Postini / Google Message Security
  • Reflexion email filtering
  • Proofpoint Essentials
  • FiLink
  • Voltage Security
  • Webroot web filtering
  • Sonian email archiving
  • MX Force email filtering
  • Webroot SecureAnywhere
  • McAfee Endpoint Protection
  • iScan
  • iCloud
  • Google Drive
  • Dropbox