Tim
Salvador

Drove enterprise IR, SIEM automation, and threat monitoring across Azure and O365, improving detection accuracy 40%, cutting investigation effort 50%, and reducing response time 30–35%.

• Automated log monitoring and SIEM workflows, delivering +40% detection accuracy and −50% manual investigation effort
• Deployed incident tracking and proactive detections, reducing threat response time by 30–35%
• Built NIST 800-61 and ISO 27001 aligned IR playbooks and policies to standardize response and ensure compliance
• Enhanced continuous monitoring with InsightIDR and KQL/Kusto to expand cloud and endpoint visibility
• Directed IR, threat monitoring, and forensics teams; mentored analysts in triage, malware analysis, and threat hunting
• Delivered executive briefings on major incidents, improving decision velocity and audit readiness

Led SOC, cloud, and AppSec across endpoints, AWS, and GCP, delivering 35% faster IR, 50% broader detection coverage, 70% posture improvement, 100% ISO 27001/NIST compliance, and 80% cost reduction.

• Directed SOC and DFIR programs; expanded detections +50% and cut MTTR −35%
• Engineered security controls and use cases, improving posture +70% with 100% ISO 27001/NIST alignment
• Implemented Chronicle Backstory for continuous monitoring across cloud and endpoints
• Migrated on-prem security stack to cloud-native platforms, reducing costs −80%
• Streamlined WAF, raising detection accuracy +90% and reducing false positives −75%
• Ran audits, vendor reviews, and awareness programs, reducing phishing risk −50%

Led Red, Blue, and Green Team ops and AWS-based detections to cut resolution time 25%, identify vulns in 95% of systems, and harden posture via AppSec, AV-evasion testing, and GDPR-compliant audits.

• Ran Red/Blue/Green operations and proactive hunting, reducing resolution time −25%
• Drove pen testing and vuln scans with 95% vuln identification and remediation follow-through
• Engineered AWS detections and network traffic analytics to strengthen SOC triage
• Performed malware reversing, Wi-Fi testing, AppSec reviews, and AV-evasion assessments
• Coordinated GDPR-compliant audits and authored IR playbooks

Directed frontline IR and SIEM modernization, cutting response time −40% while strengthening cloud frameworks, proactive detections, and coverage across network and endpoints.

• Led enterprise IR and optimized SIEM rules and pipelines, −40% response time
• Engineered cloud security frameworks and logging for improved visibility and detections
• Conducted pen testing and vuln remediation for critical exposures
• Mentored teams on attacker TTPs and DFIR methods to elevate readiness
• Ran tabletop exercises and authored playbooks to standardize incident handling

Led network security and IR for Chicago operations, achieving −25% incidents and −20% human-error events via PCI-aligned controls, proactive scanning, and training-driven risk reduction.

• Engineered network security controls, IR protocols, and PCI/NIST/CIS policies; −25% incidents
• Performed vuln assessments, PCI audits, and vendor reviews to 100% PCI compliance
• Built monitoring, IDS rule reviews, VPN cert lifecycle, and production observability
• Delivered security awareness programs and workshops, −20% human-error incidents

Built and secured multi-site ISP networks across 97 locations for ~9,000 users, delivering encrypted Wi-Fi and VPN, PTP/PTMP wireless, and hardened routing to reduce attack surface.

• Designed and operated secure Cable/DSL/Ethernet and wireless backhaul across 97 sites
• Implemented encrypted Wi-Fi, VPN, and segmented architectures to prevent unauthorized access
• Engineered PTP/PTMP wireless (IEEE 802.11a, proprietary 60GHz) to improve throughput and security