Senior Cybersecurity Leader and SecOps Architect
Resume:
PROFILE
Seasoned Cyber Security professional
with over 20 years’ experience providing
support and consultation services in both
private and public sectors. Diverse cyber
and engineering background with
specialty in hunting, threat, incident
response and digital forensics. Expert in
technology strategy, architecture,
design, deployment, and security
operations.
EDUCATION
Nova Southeastern University
M.S. - Computer and Information Sciences
University of South Florida
B.S. - Computer Science
SECURITY CLEARANCE
TS/SCI with CI Poly
CERTIFICATIONS
ISACA CISM/CISA
Microsoft Azure Security Engineer
Microsoft Azure Administrator
Microsoft Security Operations Analyst
ITIL v3 Foundations / Sec+ /CICP
SKILLS & EXPERIENCE
Executive Level Presentation
Technology Adoption Planning
Solution Pilots/Proof-of-Concepts
Hybrid Cloud Solution Design
Identity & Access Management
Infrastructure Security – ZTA
Endpoint Management & Security
Scripting and Automation
TECHNOLOGY AREAS
Google Cloud Platform (GCP)
Gemini
Google SecOps
Security Command Center
Security Validation
BeyondCorp
ELGIN F. FAVIS
******@*******.*** www.linkedin.com/in/efavis 863-***-**** GOOGLE
Principal Cyber Security Consultant Aug 2025 - Present Lead strategic security initiatives supporting mission-critical federal programs. Drive risk mitigations, incident response/handling, and compliance across complex cloud and hybrid environments. Collaborate with cross-functional teams to architect scalable SecOps solutions, enhance emerging threat detection, and align security posture with evolving regulatory frameworks
• Implement and optimize Google Cloud security solutions, including Google SecOps, Security Validation, and BeyondCorp ZT.
• Architected ZT controls within SAP environments, integrating identity- aware proxies, granular access policies and continues risk evaluation.
• Integrated Google AI and other ML driven tools to enhance threat detection, anomaly scoring, and predictive risk modeling across enterprise workloads.
• Developed Splunk dashboards and correlation searches to support real-time threat detection and compliance reporting.
• Integrated MSFT MDE, Sentinel and Purview into hybrid environment to enhance visibility and controls.
• Supported ENS across enclaves, ensuring alignment with STIGs and IAVM compliances.
• Conducted vulnerability assessments using ACAS, streamlining remediation workflows and reporting cycles.
MICROSOFT CORPORATION
Principal Cyber Security Consultant Feb 2018 – Oct 2025 Trusted Cyber Advisor for DoD organizations such as AFCYBER and ARCYBER focusing in Defensive Cyber Operations incident handling, process and incident response. Delivers and supports numerous Microsoft security solutions such as Microsoft M365 Security (XDR) and Azure infrastructure and its security solutions. Guide customer architecture, design, and adoption through presentations, workshops, proof-of-concepts, assessments, enablement planning, and solution implementation. Provides subject matter expertise in security best practice on cloud and on-prem infrastructure. Experienced and seasoned on DoD policy, planning and strategy.
Sr. Identity Premier Field Engineer Feb 2017 – Feb 2018 Deliver digital transformation program of change, aligned with business objectives that is focused on Identity and Security. Microsoft Identity resource specializing in Identity Manager as it transitions to Azure AD. Implements, assesses, and optimizes customer Identity solutions. Support the architect and design of new Identity Infrastructure and provides guidance on Just-In-Time (JIT) and Just-enough-Administration (JEA) practice and process. Assess maturity model, guide prioritization and delivery of identity technology-enabled solutions.
Tampa, FL
PROFILE
Seasoned Cyber Security professional
with over 20 years’ experience providing
support and consultation services in both
private and public sectors. Diverse cyber
and engineering background with
specialty in hunting, threat, incident
response and digital forensics. Expert in
technology strategy, architecture,
design, deployment, and security
operations.
EDUCATION
Nova Southeastern University
M.S. - Computer and Information Sciences
University of South Florida
B.S. - Computer Science
SECURITY CLEARANCE
TS/SCI with CI Poly
CERTIFICATIONS
ISACA CISM/CISA
Microsoft Azure Security Engineer
Microsoft Azure Administrator
Microsoft Security Operations Analyst
ITIL v3 Foundations / Sec+ /CICP
SKILLS & EXPERIENCE
Executive Level Presentation
Technology Adoption Planning
Solution Pilots/Proof-of-Concepts
Hybrid Cloud Solution Design
Identity & Access Management
Infrastructure Security – ZTA
Endpoint Management & Security
Scripting and Automation
TECHNOLOGY AREAS
Microsoft 365 Defender (XDR)
Sentinel/MDE/MDI/MDO/MDC/MDCA
Microsoft Azure (Infrastructure & Security)
Microsoft Exchange / Exchange Online
Active Directory / Azure AD
PAM/PAW/PIM/ACLX-ray
PowerShell, ARM/JSON, C#, Kusto
ELGIN F. FAVIS
******@*******.*** www.linkedin.com/in/efavis 863-***-**** CATALINA
Sr. Security Architect Feb 2015 – Feb 2017
Technical lead for application and services operations, focused on secure cloud engineering at Catalina. Led the deployment of key security components including Web Application Firewalls, vulnerability scanners, endpoint protection, and centralized monitoring via Security Center. Authored Azure Cloud Security policy outlining RBAC, access controls, and governance standards. Oversaw technology integration across systems, ensuring alignment with security best practices and regulatory compliance. GENERAL DYNAMICS / ARMA GLOBAL
Sr. Security Engineer Jan 2014 – Feb 2015
Lead cyber engineer of USCENTCOM future ops. Architected, managed, and designed future Computer Network Defense appliances within the SIE Technical lead for application & services operations and engineering teams. Led technology integration and planning for all systems, ensuring adherence to security guidelines and best practices. INTEGRATED SOLUTIONS MANAGEMENT
Sr. Systems Security Specialist Aug 2012 – Jan 2014 Computer Security Incident Response (CSIRT) lead for USSOCOM responsible in identifying, mitigating, and neutralizing cyber threats that impact USSOCOM SIE. Maintains Information Assurance/Computer Network Defense (IA-CND) situational awareness of USSOCOM SIE network while reviewing security threats and determines/implements effective countermeasures in accordance with established policies, regulations, and directives.
SAIC
Sr. Cyber Security Analyst / Network Engineer Oct 2007 – Aug 2012 Led malware and intrusion analysis as part of USCENTCOM’s hunt team, driving network security assessments and incident response across HQ and CFH. Managed over 150 WAN routers, firewalls, and satellite links throughout the AOR. Conducted network forensics and NetFlow investigations using tools like Spectrum, CiscoWorks, NetQoS, and Reporter Analyzer, supporting Cyber Network Defense operations and architectural reviews. UNITED STATES AIR FORCE
Cyber Section Chief Feb 1995 – Present
Senior enlisted leader overseeing cyber operations and client systems for USAF networks. Directed Active Directory policy enforcement, system configurations, and helpdesk operations across enterprise environments. Trained and mentored junior technicians in Windows administration, hardware/software lifecycle management, and secure system recovery protocols. Executed weekly audits, patching, backups, and antivirus updates to maintain mission assurance and compliance. Tampa, FL
PROFILE
Seasoned Cyber Security professional
with over 20 years’ experience providing
support and consultation services in both
private and public sectors. Diverse cyber
and engineering background with
specialty in hunting, threat, incident
response and digital forensics. Expert in
technology strategy, architecture,
design, deployment, and security
operations.
EDUCATION
Nova Southeastern University
M.S. - Computer and Information Sciences
University of South Florida
B.S. - Computer Science
TECHNOLOGY AREAS
Cloud Infrastructure: Azure
IaaS/PaaS/SaaS, Azure SQL Database,
Azure AD, Azure Automation, Logic Apps,
Key Vault, AWS
SIEM: Azure Sentinel, Splunk, ArcSight
Mail: O365, Defender for Office,
Exchange Online, Exchange Online
Protection, Azure Information Protection,
Defender for Cloud, Defender for Cloud
Apps, Defender for Identity, IronPort
Windows: Microsoft Endpoint Manager,
PowerShell, ARM, Microsoft Windows
Server, Windows, Active Directory, Group
Policy, DNS, DHCP, Certificate Services,
IIS, Hyper-V, MDT, VMware ESXi/vSphere
Endpoint Security: Defender for
Endpoint, BeyondTrust, HBSS, Tanium
Firewall: Palo Alto IPS, SourceFire, Snort,
Securify, Azure Firewalls
Forensics Tools: Encase, FTK
Others: JSON, Kusto, Bluecoat,
Websense, C#, JavaScript, vbs, git,
GitHub
HOBBIES & INTERESTS
ELGIN F. FAVIS
******@*******.*** www.linkedin.com/in/efavis 863-***-**** RECENT PROJECTS
Azure OpenAI (AOAI) Nov 2021 – Present
Lead Azure OpenAI integration effort supporting ARCYBER, beginning with G2 and expanding across Unified Network Operations and the broader DCO community. Acted as a trusted AI advisor, aligning AOAI capabilities with mission requirements through tailored use case development, workshops, and enablement sessions. Partnered with Microsoft AI architects to deliver a proof of concept integrating MCP server and services, showcasing operational value through real-time information assistant capabilities. Demonstrated seamless MCP integration with the Army’s ticketing system, enabling intelligent triage, contextual response generation, and enhanced cyber workflow automation. Positioned AOAI as a transformative asset in modernizing ARCYBER’s hybrid operations and accelerating mission agility.
Technology areas: Azure OpenAI, CoPilot, Information Assistant, MCP Microsoft Defender for Endpoint Nov 2018 – Present Served as trusted cyber advisor to ARCYBER, delivering executive briefings, tech demos, workshops, RFIs, and pilot planning. Championed Microsoft Defender for Endpoint (MDE) as the Army’s standard, driving transformation across cyber operations tiers. Integrated modern endpoint management and Zero Trust principles to build hybrid security capabilities. Led competitive displacement of legacy tools (McAfee, Tychon) by demonstrating Microsoft 365 Defender XDR value.
Technology areas: MDE, MECM, MEM, Intune, AAD, W10, Server, PowerBI Microsoft Defender for Office Jul 2021 – Present
Co-architect and delivery consultant, conducting assessments of Cisco IronPort ESA configurations, mapping existing configurations/settings to EOP/MDO, enabling new features/capabilities, and leading enablement activities for customer migration to EOP/MDO for Exchange hybrid and M365 security. Led envisioning and enablement workshops, whiteboarding sessions, leadership briefings with TDMs/BDMs, and implementation activities with email security admins and cybersecurity operators. Technology areas: Purview, Exchange 2016, Exchange Online, Exchange Online Protection, Microsoft Defender for Office, Cisco IronPort ESA. Azure Sentinel/MDI/AIP Mar 2022 – Present
Delivered Azure Sentinel, Microsoft Defender for Identity (MDI), and Azure Information Protection (AIP) solutions. Led architecture and design assessments, configured connectors, and enabled automation via notebooks, playbooks, and workbooks. Integrated MDI with Sentinel and collaborated with DCO stakeholders on operational use cases. Supported AIP adoption, developed/tested CUI and classification labels, and transitioned Office Message Encryption from S/MIME. Directed Microsoft Services sprint teams to iterate features aligned with customer personas and scalable architecture.
Technology areas: Azure Sentinel, Microsoft Defender for Identity, Azure Information Protection, Connectors, Workbooks, Kusto Query Language Tampa, FL
Contact this candidate