Cybersecurity Leader · Chicago, IL

Tim
Salvador

Security leader with deep roots in pragmatic detection engineering, incident response, and scalable security programs across multiple industries. Specializing in Security Operations, Threat Intelligence, adversary emulation, and cloud security. I was automating manual workflows long before AI was mainstream. Now I combine the fundamentals with modern technology to accelerate threat detection and investigations.

View My Work Get in Touch
15+ Years in Security
10+ Years Leading Teams
100+ Detections Built
5 Industries Secured
6 Enterprise Roles
2 Active Certs
Tim Salvador

Current Focus & Impact

Active Projects

Advanced Threat Hunting Red/Blue/Green CTF Exercises

Competing in invite-only challenges to sharpen detection engineering and adversary emulation tradecraft.

Secure IoT Architecture Home Assistant + Network Segmentation

Applying 15+ years of enterprise segmentation to create zero-trust IoT ecosystems — skills directly transferable to industrial/OT environments.

AI-Driven Detection Lab Open WebUI + Ollama + Whisper

Prototyping autonomous threat analysis workflows — extending SIEM/SOAR playbooks with private, offline AI agents.

Community & Mentorship Conferences, Webinars, Mentoring

Active in security communities fostering knowledge sharing and professional growth.

80%+ noise reduction

Scaled SOC operations from scratch to 50+ alerts/day through custom detection rules and SIEM automation.

Sub-4h containment

Directed incident response for ransomware, credential theft, and DDoS attacks with zero data exfiltration.

Team builder

Mentored analysts across career stages — guided progression to senior roles and management with a track record of upward mobility.

Areas of Expertise

Detection Engineering
SIEM Rule Development Alert Tuning & Optimization Log Aggregation & Analysis Threat Modeling Behavioral Analytics
Incident Response
Incident Triage & Analysis Forensics & Data Collection Containment & Eradication Post-Incident Review Playbook Development
Threat Intelligence
IOC Analysis & Correlation Threat Actor Profiling Vulnerability Intelligence MITRE ATT&CK Mapping Intelligence Integration
Cloud Security
Cloud Architecture Review Misconfiguration Detection Identity & Access Management Data Protection Compliance & Governance
Adversary Emulation
Red/Blue/Green Team Operations Penetration Testing MITRE ATT&CK TTPs Malware Analysis & Reversing AV Evasion Testing Threat Simulation
Leadership & Operations
Team Management Process Improvement Strategic Planning Vendor Management Metrics & Reporting
Digital Forensics
Memory Forensics Disk & File System Analysis Log Forensics & Timeline Forensic Imaging Chain of Custody Malware Triage
Security Architecture
Zero Trust Design Network Segmentation Defense-in-Depth Framework Alignment (NIST, CIS) Security Controls Assessment Reference Architecture

Career Timeline

Incident Responder Manager
Illinois Tool Works Inc.
04/2024 – 10/2024 Glenview, IL

Drove enterprise IR, SIEM automation, and threat monitoring across Azure and O365, improving detection accuracy 40%, cutting investigation effort 50%, and reducing response time 30–35%.

Key Achievements
  • Automated log monitoring and SIEM workflows, delivering +40% detection accuracy and −50% manual investigation effort
  • Deployed incident tracking and proactive detections, reducing threat response time by 30–35%
  • Built NIST 800-61 and ISO 27001 aligned IR playbooks and policies to standardize response and ensure compliance
  • Enhanced continuous monitoring with InsightIDR and KQL/Kusto to expand cloud and endpoint visibility
  • Directed IR, threat monitoring, and forensics teams; mentored analysts in triage, malware analysis, and threat hunting
  • Delivered executive briefings on major incidents, improving decision velocity and audit readiness
Toolchain
AzureEntra IDO365 DefenderInsightIDRInsightConnectKQL/KustoPowerBICylanceCyber TriagePowerShellPython
Standards
NISTISO 27001
Senior Information Security Manager II
Groupon Inc.
03/2020 – 07/2023 Chicago, IL

Led SOC, cloud, and AppSec across endpoints, AWS, and GCP, delivering 35% faster IR, 50% broader detection coverage, 70% posture improvement, 100% ISO 27001/NIST compliance, and 80% cost reduction.

Key Achievements
  • Directed SOC and DFIR programs; expanded detections +50% and cut MTTR −35%
  • Engineered security controls and use cases, improving posture +70% with 100% ISO 27001/NIST alignment
  • Implemented Chronicle Backstory for continuous monitoring across cloud and endpoints
  • Migrated on-prem security stack to cloud-native platforms, reducing costs −80%
  • Streamlined WAF, raising detection accuracy +90% and reducing false positives −75%
  • Ran audits, vendor reviews, and awareness programs, reducing phishing risk −50%
Toolchain
AWSGCPAzureOktaChronicle BackstorySplunkSentinelOneWizProofpointPalo AltoTenable Nessus
Standards
ISO 27001NISTCISPCI/DSS
Sr Security Analyst III — CSIRT
AbbVie Inc.
08/2018 – 02/2020 North Chicago, IL

Led Red, Blue, and Green Team ops and AWS-based detections to cut resolution time 25%, identify vulns in 95% of systems, and harden posture via AppSec, AV-evasion testing, and GDPR-compliant audits.

Key Achievements
  • Ran Red/Blue/Green operations and proactive hunting, reducing resolution time −25%
  • Drove pen testing and vuln scans with 95% vuln identification and remediation follow-through
  • Engineered AWS detections and network traffic analytics to strengthen SOC triage
  • Performed malware reversing, Wi-Fi testing, AppSec reviews, and AV-evasion assessments
  • Coordinated GDPR-compliant audits and authored IR playbooks
Toolchain
AWSSplunkCrowdStrikeFTKVolatilityBurp Suite ProKali LinuxMetasploitQualysThreatStream
Standards
GDPR
Threat Exposure Manager
Uptake Inc.
06/2015 – 06/2018 Chicago, IL

Directed frontline IR and SIEM modernization, cutting response time −40% while strengthening cloud frameworks, proactive detections, and coverage across network and endpoints.

Key Achievements
  • Led enterprise IR and optimized SIEM rules and pipelines, −40% response time
  • Engineered cloud security frameworks and logging for improved visibility and detections
  • Conducted pen testing and vuln remediation for critical exposures
  • Mentored teams on attacker TTPs and DFIR methods to elevate readiness
  • Ran tabletop exercises and authored playbooks to standardize incident handling
Toolchain
SplunkElasticCarbon BlackPalo AltoQualysAWSCloudflareThinkst CanaryCyberArk
Standards
NISTCISISO 27001
Security Analyst
Cleverbridge Inc.
06/2010 – 06/2015 Chicago, IL

Led network security and IR for Chicago operations, achieving −25% incidents and −20% human-error events via PCI-aligned controls, proactive scanning, and training-driven risk reduction.

Key Achievements
  • Engineered network security controls, IR protocols, and PCI/NIST/CIS policies; −25% incidents
  • Performed vuln assessments, PCI audits, and vendor reviews to 100% PCI compliance
  • Built monitoring, IDS rule reviews, VPN cert lifecycle, and production observability
  • Delivered security awareness programs and workshops, −20% human-error incidents
Toolchain
SnortOpenVPNOpenVASZabbixMalwarebytes
Standards
PCI/DSSNISTCIS
Network Engineer
OnShore Networks Inc.
2008 – 2010 Chicago, IL

Built and secured multi-site ISP networks across 97 locations for ~9,000 users, delivering encrypted Wi-Fi and VPN, PTP/PTMP wireless, and hardened routing to reduce attack surface.

Key Achievements
  • Designed and operated secure Cable/DSL/Ethernet and wireless backhaul across 97 sites
  • Implemented encrypted Wi-Fi, VPN, and segmented architectures to prevent unauthorized access
  • Engineered PTP/PTMP wireless (IEEE 802.11a, proprietary 60GHz) to improve throughput and security
Toolchain
CiscoUbiquitiMikrotikOpenVPNSquid Proxy
Standards
NISTCIS

Technical Toolkit

SIEM Administration (Splunk, ELK) Alert Tuning & Rule Development Incident Response & Forensics Threat Hunting Playbook Development SOC Process Optimization
Red Team Operations Purple Team Operations Penetration Testing MITRE ATT&CK Emulation C2 Frameworks Phishing Simulations
Memory Forensics (Volatility) Disk & File System Analysis Log Forensics & Timeline Analysis Forensic Imaging Chain of Custody Malware Triage
Threat Intelligence Platforms (TIP) Indicators of Compromise (IOC) Analysis MITRE ATT&CK Framework Adversary Profiling Malware Analysis Open Source Intelligence (OSINT)
AWS Security Cloud Architecture Review Network Segmentation Zero Trust Architecture Identity & Access Management (IAM) Encryption & Key Management
Zero Trust Design Network Segmentation Defense-in-Depth Design Framework Alignment (NIST, CIS) Security Controls Assessment Reference Architecture
Python Scripting Bash/Shell Scripting Windows & Linux Administration Network Protocols & Analysis Docker & Container Security API Security
Team Building & Mentoring Process Improvement Vendor Management Security Strategy Stakeholder Communication Budget & Resource Planning

Academic Background

2012
Master of Science
Computer, Information and Network Security (CINS)
DePaul University

Hands-on training in computer security, network defense, and risk management that meets NSA/DHS standards for National Center of Academic Excellence in Cyber Defense (CAE-CD).

2006
Bachelor of Science
Telecommunications and Network Management
DeVry University

Operating systems, programming, hardware, connectivity, and security — with a focus on networking and communications management for IT infrastructure and telecommunications roles.

// Professional Certifications

Let's Connect

Looking for a security leader who can own detection and response, mature a SOC, and drive adversary emulation? Let's connect. Based in Chicago, IL and open to senior leadership or IC roles.