Director of Managed Security Operations with over 10 years of experience delivering, managing, and scaling technical operations in high-stakes environments. Expert in enterprise security tools, EDR platforms, and SIEM technologies.
I lead security operations at scale, overseeing SOC, threat operations, and vulnerability management delivery across managed services environments. My work sits at the intersection of detection engineering, team development, and operational excellence.
I specialize in building high-performing teams through periods of rapid growth, bringing structure to ambiguity, and driving long-term sustainable success. I take an engineering-minded approach to everything from staffing models and service delivery to detection logic and incident response.
Currently focused on operational transformation, detection-as-code practices, and advancing the maturity of managed security delivery.
Executive leader over SOC, threat operations, and vulnerability management delivery. Direct oversight of people managers with P&L accountability for the security operations domain. Supervise operations across 160+ accounts ensuring 24x7x365 coverage. Transformed service delivery model, improved MTTX metrics, and advanced detection engineering capabilities through optimized logic, quality controls, and accelerated release cycles.
Owned managed service and professional service delivery for 100+ clients. Oversaw team leads and technical resources delivering SIEM, vulnerability management, EDR, and SOAR services. Scaled the team from 4 to 30 security engineers during rapid expansion. Built delivery models, onboarding programs, and reorganized teams to streamline operations.
Delivered managed security services including SIEM content development, vulnerability management platform deployment, and detection tuning. Served as primary technical liaison between clients and internal teams. Built documentation standards, processes, and templates for service delivery.
Supported helpdesk, security operations, and technical operations for a corporate credit union. Managed IDS, EDR, endpoint patching, and vulnerability management across the enterprise. Built email and endpoint security programs and automated business processes to reduce manual effort and costs.
Building and managing 24x7 security operations centers, staffing models, shift handoff processes, and analyst development programs.
Threat-informed detection development, detection-as-code practices, SIEM content engineering in Splunk and Sentinel.
Deep expertise in Splunk, Microsoft Defender, Microsoft Sentinel, and CrowdStrike Falcon across enterprise environments.
Scaling managed security services with consistent quality and operational maturity across diverse environments.
Root cause analysis, escalation frameworks, and building repeatable IR processes across complex environments.
Evaluating and implementing SOAR and triage automation platforms to accelerate SOC workflows and reduce noise.
I'm open to conversations about security operations leadership, detection engineering, and building high-performing security teams. Reach out below or connect with me on LinkedIn.