Brandon Rizzo

●Providing technical leadership on the threat intelligence team, supporting and representing threat intelligence and our efforts across the company. Leading and participating in threat assessments. ●Building bridges between functions, with a goal of improving and and optimizing our prevention/detection/response to emerging threats. ●Vendor management, onboarding, RFPs, negotiations, etc. ●Onboard, and ramp up new team members. Played an instrumental role in expansion and growth of the team from just a few members to over 3x in size and 3x locations. ●Interviewing/hiring of security engineers and industry specialists (72+interviews and counting). ●Providing input to team, organization, and cross-company security strategies and efforts ●Justified the replacement of internally developed threat intelligence system. Onboarded 3P Threat Intelligence Platform (TIP), manage and consult/provide guidance for usage, and partner on the development of integrations with stakeholders across the company. ●Providing mentorship to internal aspiring security engineers and current security engineers looking to progress in their careers or job functions.

●Led engineering integration efforts to ensure threat intelligence is delivered to analysts and defenders in the tools they use most often. These integrations included TIP integration w/Case Management, TI integration with big data repositories, and others. ●Leveraged threat intelligence to improve the prioritization of preventative controls and mitigations to improve defenses of Microsoft. ●Supported response to internal incidents by managing intelligence collected during investigations and building a common understanding of threat activities. Standardized this process for all large security adversary-related incidents. ●Provided actionable insights for threat mitigation via hand-crafted threat summary reports to executive leadership and key stake holders including the CISO, Board of Directors, etc. ●Managed and evangelized a Threat Intelligence Platform (TIP) utilized to store, tag, process, and disseminate indicators across the various Microsoft defender teams. ●Fulfilled the Threat Intelligence Officer Role for Microsoft's Digital Security and Risk Engineering (DSRE) Threat Intelligence Team, embedded within the Cyber Defense Operations Center. ●Delivered relevant and actionable Indicators of Compromise (IOCs) to teams across Microsoft to improve our ability to detect threats in our environment. ●Collected, processed and analyzed open source reporting as well as 1st and 3rd party threat intelligence feeds for relevance. Developed a process to prioritize and categorize these various data sources.

● Led threat hunting initiative for the enterprise, including vendor technology reviews, security control recommendations, gap analysis, and threat-hunting strategy development. ● Utilized as a technical SME by SOC engineers and analysts in the areas of URL Filtering, E-mail Security, IPS/IDS, endpoint security, SIEM technologies, logging, malware analysis, threat intelligence, and many more areas. ● Key contributor to creation and development of REI’s Incident Response (IR) playbook/runbook. ● Developed and integrated security control capabilities into SIEMs such as Splunk, by way of creating new dashboards, searches, automated alerts, and reporting. ● Provided technical mentorship to SOC personnel and created several technical capabilities to improve security detection posture throughout the company. ● Developed enterprise-wide review process for all data sources feeding REI's SIEM solution, resulting in much higher data relevancy, and less storage utilization.

Monitored and improved enterprise-wide network threat detection, prevention, and response platform utilized by numerous federal agencies. Performed suspicious binary triage on a consistent basis, advancing customer’s denylisting capabilities, enabling accurate detection via the creation and deployment of Snort and Yara rules. Prevented malware command and control (C2) servers from communicating with infected endpoints utilizing regex pattern blocking and automated IP address/URL blocking strategies. Utilized Splunk to create custom dashboards based on malicious event data and indicators within customer environments. Provided mentorship to fellow analysts on threat analysis and cyber triage tools, which improved the collective understanding of the continuous shift towards threat-driven analytics. Maintained, tuned, and monitored Intrusion Prevention System (IPS) signatures to minimize false positives and increased the accurate prevention and mitigation of malware from customer systems. Configured system alert notifications for a vast network of security sensors to improve the ease of further analysis within SIEM environments. Provided malware analysis support, created custom dashboards within SIEM environments, and performed various systems engineering tasks in relation to FireEye/Mandiant security appliances.

Led technical engagements with key U.S. Intelligence Community partners, using well-developed interpersonal skills and ability to foster cooperative problem solving, regarding high-priority cyber operations. Led multiple technical analysis integration efforts that resulted in comprehensive analysis community-wide against several several high-priority emerging foreign cyber threats. Conducted advanced technical research of metadata and content, incorporating advanced cloud-based analytics and data science best practices, to expose intelligence leads and exploitation opportunities, maintain continuity, ensure continued collection, provide indications and warning, and identified potential targets of interest for future intelligence operations. Delivered high-impact technical analysis and improved the Agency’s overall analytic capability by documenting and sourcing technical data across multiple tools and services. Created comprehensive sourcing standards for technical data sharing, ensuring meaningful technical data was readily available to pertinent cyber operators, analysts, and leadership. Outlined technical priorities and partnered extensively with Cyber Threat Operations Center and support staff to develop innovative intelligence development solutions, including improving in-house ability to use analytic resources from other organizations for mapping non-traditional target digital networks.

Provided Computer Network Operations expertise in support of Navy, National, and Joint requirements in the areas of Digital Network Intelligence (DNI) and Computer Network Defense (CND), resulting in intelligence community awareness on highly sensitive and time-critical targets.