Portrait of Ryan Goodman Ryan Goodman
New York City, US rlg3686@rit.edu LinkedIn

InfoSec Manager | SOC/IR | Lead Security Engineer

Security operations leadership for high-volume, high-consequence environments.

Ryan Goodman is a cybersecurity leader based in New York City, focused on Security Operations, Incident Response, detection engineering, and automation. He is seeking full-time cybersecurity opportunities.

View Experience

Career Summary

Dedicated InfoSec Manager SOC/IR and Lead Security Engineer with 7+ years of incident response and security operations experience across crypto, SaaS, federally funded research, and MSSP environments.

About

From curiosity to cyber operations leadership.

Ryan originally considered archaeology before choosing cybersecurity at Rochester Institute of Technology. That path turned into a career centered on defending critical systems, leading incident response, and building durable security operations programs.

Today, he leads security operations at a global crypto exchange and crypto news media company, dealing with the world's most sophisticated adversarial threats, with a practical bias toward response quality, measurable process improvement, and automation that reduces time to detect, respond, and resolve.

“You’re good with computers. Why don’t you try a career in technology or engineering instead?”

A pivotal nudge that helped redirect Ryan toward cybersecurity.

Experience

Building and leading modern security operations.

Bullish

InfoSec Manager, Security Operations and Incident Response

March 2025 to Present

  • Leads the US Security Operations Center in a follow-the-sun operating model.
  • Achieved a Significant Achievement rating within 9 months, placing in the top 90th percentile of the company.
  • Serves as principal Splunk, Google SecOps, and Proofpoint investigator, resolving 15+ high-impact incidents from 1,000 alerts across 8+ tools within SLA.
  • Owns monthly security operations metrics, the on-call process, and incident response leadership as an incident commander.
  • Built the company AI SOC capability, reducing initial alert triage effort by over 90% by gathering facts across connected telemetry and enriching investigations automatically.
  • Designed the AI SOC to agentically pull context from Slack, Atlassian Jira and Confluence, and securely read email data to accelerate alert understanding and response.
  • Built specialized AI agents including a Security Analyst Agent, Email Investigator Agent, Detection Engineering Agent, and Incident Report Generation Agent.
  • Designed the SOC peer review process, external incident process, and led the annual cyber tabletop exercise for CoinDesk.

Drata, Inc

Lead Cloud Security Engineer, Security Operations Lead / Manager

April 2023 to March 2025

  • Earned 2 Leading performance evaluations in 18 months, placing in the top 10% of the company.
  • Delivered a Tines incident-response session revocation tool that drove a 95% reduction in mean time to respond and resolve.
  • Built the detection engineering function, on-call model, incident response process, cyber incident response playbook, and investigation workflows.
  • Led primary on-call operations, retrospectives, lessons learned, 5-whys, and post-mortems for 60 true-positive incidents from 2,000+ alerts across 10 tools, with 98% resolved within SLA.
  • Developed 20+ cyber runbooks and the SecOps SOP while driving automation with Tines, Terraform, AWS, Cloudflare, Okta Workflows, and Python.
  • Acted as SME for Cloudflare, Datadog, Obsidian, Panther, SentinelOne, CrowdStrike, KnowBe4, Wiz, Orca, and related security tooling.

The MITRE Corporation

Intermediate Cyber Operations Engineer

May 2020 to April 2023

  • Led development of a critical incident response playbook covering 300+ cyber use cases mapped to MITRE ATT&CK and the Lockheed Martin Kill Chain.
  • Performed trusted departmental hiring, interviewing 20+ candidates and reviewing thousands of cyber and engineering resumes.
  • Used Caldera for adversary emulation and designed SOC procedures for tuning, shift handoff, analyst triage, and incident response.
  • Deployed and supported ELK-based monitoring capabilities and executed cyber tabletop exercises for sponsors.
  • Served as intern coordinator and pod leader, mentoring 22 interns and managing intern workstreams.

CyFlare

Tier 2 SOC Analyst

September 2019 to March 2020

  • Worked as a detection engineer and handled ticket triage and escalation in an MSSP environment.
  • Designed a functional sensor diagram for AV and a sales demo environment using the Lockheed Martin Kill Chain.
  • Worked across SIEM and endpoint platforms including AlienVault, BDS, Syncurity, SentinelOne, and Sophos.

General Dynamics Mission Systems

Intern IT Systems Design Engineer

January 2019 to August 2019

  • Supported a national security customer environment with systems design, DISA STIG, SCAP, HBSS, ACAS, and McAfee Suite work.

Education

Formal foundation.

Rochester Institute of Technology

B.S. Computing Security, Rochester, NY

December 2020

Member of the National Honor Society for leadership, service, character, and scholarship.

Technical Skills

Experience-backed disciplines and tooling.

SIEM

Splunk, Google SecOps, Chronicle, ELK, Panther, AlienVault, BDS, and Syncurity.

EDR and Security Tooling

SentinelOne, CrowdStrike, Sophos, Proofpoint, KnowBe4, Obsidian, Orca, Wiz, Sysdig, Datadog, and Cloudflare.

SOAR, Automation, and Collaboration

Tines, Terraform, Slack, Atlassian Jira, Atlassian Confluence, incident.io, Okta Workflows, Google MCP for SecOps, Caldera, and McAfee Suite.

AI Tooling

Claude Code + Cowork, Gemini CLI, Gemini Enterprise, ChatGPT, and Codex.

Programming Languages

Python, Java, C, C++, and JavaScript.

Engineering and Systems

Git, GitLab, Docker, Wireshark, VS Code, JetBrains, Vim, MySQL, DISA STIG, SCAP, HBSS, and ACAS.

Cloud and Infrastructure

AWS, GCP, Azure, VMware, vSphere, Windows, macOS, Linux, RHEL, Ubuntu, and CentOS.

Operational Disciplines

Security Operations, Incident Response, Incident Command, Detection Engineering, SOC Leadership, On-Call Operations, Security Metrics, Adversary Emulation, Tabletop Exercises, Post-Incident Review, Cyber Hiring, Mentorship, and Security Program Development.

Selected Project

Hands-on offensive security experience.

Penetration test for a political organization under NDA

Generated rules of engagement, gathered OSINT, performed vulnerability scanning and exploitation, evaluated risk, assessed mitigations, and delivered remediation recommendations in a confidential report.

Founder Work

Building CyberPROF alongside hands-on security leadership.

CyberPROF

CEO and Founder

cyberprof.co

Fiverr Profile

  • Leads CyberPROF as a cybersecurity consulting and coaching brand serving both businesses and individual practitioners.
  • Built a community of 100+ cybersecurity professionals through coaching, mentorship, and practical career guidance.
  • Offers consulting support in areas such as vCISO guidance, technical advising, cyber policy drafting, and contracted cybersecurity projects.
  • Provides career-focused coaching for aspiring cybersecurity professionals, including resume development, interview preparation, project planning, and practical skill building.
  • Extends that work through Fiverr as a Level 2 seller with a 5.0 rating and 24 five-star reviews, reflecting repeat client engagement, strong communication, and practical instruction in cybersecurity fundamentals and career growth.
  • Uses CyberPROF to translate real-world security operations experience into advisory, educational, and client-facing cybersecurity outcomes.

Contact

Open to full-time cybersecurity opportunities.

Email rlg3686@rit.edu LinkedIn /in/-ryangoodman/