- Built and lead Coca‑Cola’s global Insider Risk and Data Loss Prevention program, migrating from Symantec DLP to the Microsoft security suite.
- Serve as incident commander for insider threat investigations, identifying, triaging, investigating, and remediating security detections and anomalous behavior across endpoint, identity, and data telemetry.
- Own investigations end to end, ensuring defensible outcomes aligned with regional employment laws and global data protection regulations.
- Designed and implemented preventative, detective, and risk‑scored controls, including proactive blocking, behavioral indicators, and conditional access enforcement.
- Authored and maintained advanced policies across Purview & Defender, DLP, DSPM, and Insider Risk Management, combining natural language classifiers with technical conditions.
- Compensated for platform gaps by engineering custom analytics and tooling using Microsoft Sentinel (SIEM) (KQL), Python, SQL, PowerShell, and Power BI to automate analysis and visualize insider risk.
- Conduct proactive insider threat hunting in large‑scale data environments, applying modern adversary tradecraft to identify misuse, credential abuse, and staged exfiltration.
- Produce standardized metrics and executive reporting to support investigations, measure risk trends, and streamline incident response.
- Partner closely with HR, Legal, Privacy, Physical Security, and Ethics to provide technical evidence and clear narratives for sensitive investigations. (Insider Risk Working Group)
- Developed the Insider Risk charter, CONOPS, governance model, and stakeholder engagement approach across crown jewels, critical assets, and critical sites.
- Perform physical site assessments with respect to data protection and insider risk exposure. (Sabotage)
Act as a technical mentor and force multiplier, raising analyst capability in investigation ownership, incident command, and insider threat tradecraft
