resume/2025/Head-of-SOC/Resume.md

# PHILLIP TARRANT

**Head of Security Operations | SOC Director**

Morrison, TN | (706) 294-6733 | ptarrant@gmail.com | [LinkedIn](https://www.linkedin.com/in/phillip-tarrant-cyber)

---

## PROFESSIONAL SUMMARY

Results-driven Security Operations leader with 20+ years in cybersecurity and proven expertise scaling SOC operations in high-growth MSSP environments. Successfully grew SOC client base by 225% while managing a team of 17 direct reports and improving operational margins from 18% to 52%. Hands-on leader combining strategic vision with deep technical expertise in SIEM, SOAR, DFIR, and threat detection. Track record of building operational structure through SOPs, playbooks, and automation that drove 47% automated ticket resolution at scale.

---

## CORE COMPETENCIES

| SOC Leadership & Operations | Technical Expertise |
|:---------------------------|:-------------------|
| Team Building & Development (17+ direct reports) | SIEM: Splunk, Sentinel, ELK, Stellar Cyber |
| SOC Scaling & Growth Strategy | SOAR: Swimlane, D3, Torq |
| Playbook & Workflow Development | EDR: SentinelOne, Defender, Darktrace |
| SOP Creation & Process Design | DFIR & Malware Analysis |
| KPI Development & Metrics Reporting | Threat Hunting & Detection Engineering |
| P&L Management & Profitability | Python, PowerShell, Automation |
| Vendor Management & Negotiations | Cloud Security: AWS, Azure |
| Executive Communication | NIST, PCI-DSS, HIPAA Compliance |

---

## PROFESSIONAL EXPERIENCE

### Senior Information Security Consultant
**Confidential** | Remote | January 2025 - Present

Contract consulting providing SOC leadership and cybersecurity expertise to multiple organizations.

- Served as interim SOC Director at ATS Cyber Security Services, restructuring SOC workflows and elevating team capabilities through targeted training programs
- Currently leading SOC operations for US Defense Space market supplier across multiple Microsoft tenants and international locations
- Managing full SOC lifecycle including alert triage, DFIR engagements, and vulnerability management
- Designed and implemented automation operations including SDLC processes and deployment pipelines
- Managed enterprise Vulnerability Management Program for major fintech client using Qualys, building custom reports and automation scripts

---

### Director of Automation
**Compuquip Cybersecurity** | Doral, FL | June 2024 - December 2024

Led Automation Team to transform SOC operational efficiency through intelligent automation.

- **Built automation infrastructure handling 3,500 tickets weekly with 47% closed without human intervention**
- Designed, programmed, and deployed AI-powered tools using custom prompts and logic engines for security automation
- Spearheaded new automation architecture using Python, AWS Lambda, and SOAR platforms
- Drove team development in automation workflows and modern SOAR technologies
- Created custom heuristics, filtering rulesets, and rule engines for automated alert triage

---

### SOC Director
**Compuquip Cybersecurity** | Doral, FL | March 2023 - June 2024

Directed Security Operations Center serving MSSP clients, overseeing all SOC, Red Team, and managed services operations.

- **Scaled SOC client base from 16 to 52 customers (225% growth) through service expansion**
- **Improved SOC profitability from 18% to 52% margin (80% in peak quarter), contributing to 15% annual net income growth**
- **Managed team of 17 direct reports** including SOC analysts, engineers, and specialists
- Part of executive leadership team with COO/CEO/CFO, participating in quarterly strategic planning
- Oversaw Red Team/Offensive Security operations and Managed Remediation Service projects
- Managed DFIR engagements, MDR services, proactive vulnerability scanning, patching, and penetration testing
- Developed and maintained situational awareness reports for APT and foreign adversary incidents
- Created threat trend analysis reports and operational metrics for executive visibility

---

### SOC Technical Manager
**Compuquip Cybersecurity** | Tampa, FL | January 2021 - March 2023

Managed SOC operations with focus on process development, team mentorship, and incident research.

- Authored comprehensive SOPs and training documentation establishing operational standards
- Led incident research activities and mentored SOC engineers on advanced investigation techniques
- Developed SOC playbooks and workflows standardizing response procedures
- Generated end-of-month operational reports for management and customer stakeholders
- Maintained threat intelligence and situational awareness reports for advanced persistent threats
- Created threat trend analysis reports and performance metrics

---

### Sr. Cyber Security Architect
**Travel Syndication Technology (TST)** | Alpharetta, GA | April 2020 - January 2021

Responsible for security architecture, compliance programs, and security operations strategy.

- Developed and maintained cloud security posture and protection controls
- Created custom automation tools for infrastructure attack simulation and detection design
- Led organization through PCI and NIST 800-series compliance audits
- Formulated and managed phishing awareness and developer security training programs
- Designed automated security verification and testing programs

---

### Senior Cyber Security Engineer
**Intercontinental Exchange** | Marietta, GA | March 2020 - April 2020

Architecture and Automation Team member focused on SOC tooling and data pipeline optimization.

- Designed security data flow architecture from endpoints through aggregation, parsing, and storage
- Developed custom tools automating SOC triage and response activities
- Built vulnerability and threat hunting dashboards for tracking and mitigation
- Incorporated security into CI/CD pipelines including cloud-based deployments

---

### Cyber Security Engineer
**Intercontinental Exchange** | Marietta, GA | August 2018 - March 2020

Incident Response and Digital Forensics Team lead investigator.

- Served as lead investigator on critical security incidents with thorough forensic investigations
- Created extensive documentation establishing IR team processes and procedures
- Led malware analysis operations in isolated sandbox environments
- Developed training programs including custom malware writing exercises for junior analysts
- Managed multi-server compromise investigations coordinating across three teams and time zones

---

### Technical Services Manager
**The National Wild Turkey Federation** | Edgefield, SC | October 2015 - August 2018

Managed IT team of 8 direct reports supporting 300+ staff members.

- Directed team of technicians and developers with full performance management responsibilities
- Managed security for entire web presence including network and application security
- Negotiated vendor contracts saving $50,000+ annually through in-house migrations
- Oversaw infrastructure expansion doubling server capacity

---

## CERTIFICATIONS

| Certification | Issuer |
|:-------------|:-------|
| **GWAPT** - Web Application Penetration Tester | GIAC |
| **GCFA** - Forensic Analyst | GIAC |
| **GCIH** - Incident Handler | GIAC |
| **Lethal Forensicator Coin** | SANS (Award for Digital Forensics Excellence) |

---

## EDUCATION

**Associate Degree in Network Administration** | Virginia College | 2014-2016 | GPA: 4.0

---

## KEY ACHIEVEMENTS

- **SOC Scaling**: Grew MSSP SOC from 16 to 52 clients while maintaining service excellence
- **Operational Excellence**: Improved SOC margins from 18% to 52% through process optimization
- **Automation Leadership**: Built systems processing 3,500 weekly tickets with 47% automated resolution
- **Team Development**: Successfully led and mentored teams up to 17 direct reports
- **Executive Partnership**: Collaborated with C-suite on strategic direction as part of leadership team
- **Enterprise Scale**: Managed operations for 50+ clients, 150,000+ assets, 1M+ users