Work Preference
Summary
Overview
Work History
Education
Skills
Certification
Timeline
Security Clearance
Polygraph
Generic
Jeffrey Shields
Open To Work

Jeffrey Shields

San Antonio,TX

Work Preference

Job Search Status

Open to work
Desired start date: Immediately

Desired Job Title

Cyber Threat Intelligence AnalystCybersecurity AnalystIntelligence AnalystCybersecurity EngineerCybersecurity Operator

Work Type

Full TimePart TimeContract Work

Location Preference

On-SiteRemoteHybrid
Location: San Antonio, TX
Open to relocation: No

Summary

Cyber Threat Intelligence analyst with 15+ years integrating cyber operations and all-source intelligence to produce actionable intelligence supporting defensive operations and executive decision-making. Expert in adversary TTP analysis, campaign assessment, and intelligence-to-operations integration, including development of IOCs and detection logic aligned to MITRE ATT&CK. Proven ability to support incident response, assess cyber threats, and deliver high-impact intelligence to technical teams and senior leadership.

Overview

1
1
Certificate
18
18
years of professional experience

Work History

Independent Study

Self
San Antonio, TX
01.2025 - Current
  • Executed adversary emulation threat hunting and malware analysis using MITRE ATT&CK techniques to identify and mitigate potential threats.
  • Developed YARA rules to detect malicious patterns, enhancing malware triage and analysis.
  • Utilized MISP for ingesting and analyzing open-source threat intelligence, correlating indicators with threat data.
  • Applied STIX/TAXII concepts to structure and visualize relationships among threat intelligence data.
  • Deployed honeypots and analyzed telemetry to reveal adversary behavior and detect emerging threats.
  • Leveraged AI-assisted tools to optimize analysis workflows through structured prompt techniques.

Wing Intelligence Superintendent

461st Air Control Wing
Robins AFB, GA
01.2018 - 08.2020
  • Produced multi-source intelligence assessments that informed senior leadership decision-making, optimizing strategic outcomes.
  • Directed intelligence production to enhance mission and operational planning through integration of cyber-derived reporting.
  • Supervised and developed intelligence teams, improving analytic rigor and production standards to elevate mission effectiveness.
  • Led integration of secure networks aligned with NIST RMF and NSA standards, improving access to intelligence systems.

Senior Intelligence Analyst / Fusion Cell Lead

Special Operations Command Africa (SOCAF)
Stuttgart, Germany
01.2015 - 01.2018
  • Led multi-source intelligence fusion integrating SIGINT, GEOINT, HUMINT, and cyber reporting to produce actionable intelligence assessments.
  • Produced intelligence products that enabled timely targeting decisions and effectively mitigated threats.
  • Conducted adversary and campaign analysis, producing threat assessments that directly informed operational planning and risk decisions.
  • Developed intelligence workflows and analytic processes that enhanced production quality and strengthened interagency collaboration.

Cyber Defense Analyst / Operations Superintendent

33rd Network Warfare Squadron – Air Force Cyber
Lackland AFB, TX
08.2010 - 01.2015
  • Analyzed adversary tactics and intrusion activity using MITRE ATT&CK frameworks, translating findings into actionable intelligence and detection strategies.
  • Produced and disseminated cyber threat intelligence throughout the intelligence lifecycle, enhancing detection, response, and continuous improvement of defensive operations.
  • Provided real-time intelligence support during active cyber incidents, delivering threat context, attribution assessments, and analytic insights to accelerate detection, response, and recovery.
  • Delivered recurring cyber threat intelligence briefings, highlighting trends and emerging adversary behaviors to inform proactive defense and risk mitigation.
  • Developed 185+ indicators of compromise (IOCs) and detection signatures, enabling operational deployment across enterprise detection systems.
  • Performed large-scale log and network traffic analysis of ~200,000 IDS/IPS alerts annually, identifying malicious activity, insider threats, and data exfiltration.
  • Led root cause investigation of the major data exfiltration incident (8.4GB), reconstructing the adversary timeline through packet analysis and log correlation.

Intelligence Support to Detainee Interogations

Joint Task Force
Balad, Iraq
06.2009 - 06.2010
  • Supported interrogations of 450 high-value individuals across 200 objectives.
  • Analyzed all-source intelligence to enhance interrogation efforts of captured enemy combatants.
  • Conducted precise analysis that facilitated capture and exploitation of 16 senior insurgents.
  • Developed innovative interrogation tactics to guide high-value target exploitation, delivering vital intelligence to commanders.

Intelligence Trainer

United States Air Force
RAF Lakenheath, United Kingdom
06.2008 - 06.2009
  • Revamped intelligence continuous training program, increasing tracking accuracy by 50% and test scores by 37%.
  • Oversaw 185-hour mission qualification program, training 20 new members and ensuring unit readiness.
  • Directed execution of largest air operations center exercise in Europe, managing 40 exercise injects to meet allied training objectives.

Education

Bachelor of Science - Business Administration – Cybersecurity

University of Texas At San Antonio
San Antonio, TX
12-2024

Associate of Applied Science - Intelligence Studies And Technology

Community College of The Air Force
Montgomery, AL
04-2011

Associate of Applied Science - Information Management

Community College of The Air Force
Montgomery, AL
04-2011

Skills

  • Cyber threat intelligence and analysis
  • Threat actor profiling
  • Adversary TTP analysis
  • Incident response
  • Threat hunting
  • Vulnerability assessment
  • Cyber operations and technical analysis
  • Malware analysis
  • Log and network analysis
  • Data fusion
  • Intelligence production and communication
  • Intelligence reporting
  • CTI generation
  • CTI and intelligence platforms
  • MISP, STIX/TAXII, Maltego, Palantir, Analyst Notebook tools
  • Security operations and detection tools (Snort, YARA, Sigma)
  • Network and security tools (Wireshark, Nmap, Metasploit, Burp Suite)
  • Systems and scripting (Windows, Linux, Active Directory, Python)
  • AI/LLM tools and prompt engineering
  • Workflow automation strategies
  • Analytic tradecraft
  • Executive briefings
  • Stakeholder engagement

Certification

  • CompTIA Security+, 01/01/25, IAT Level II
  • CySA+, 08/01/26, In Progress

Timeline

Independent Study

Self
01.2025 - Current

Wing Intelligence Superintendent

461st Air Control Wing
01.2018 - 08.2020

Senior Intelligence Analyst / Fusion Cell Lead

Special Operations Command Africa (SOCAF)
01.2015 - 01.2018

Cyber Defense Analyst / Operations Superintendent

33rd Network Warfare Squadron – Air Force Cyber
08.2010 - 01.2015

Intelligence Support to Detainee Interogations

Joint Task Force
06.2009 - 06.2010

Intelligence Trainer

United States Air Force
06.2008 - 06.2009

Bachelor of Science - Business Administration – Cybersecurity

University of Texas At San Antonio

Associate of Applied Science - Intelligence Studies And Technology

Community College of The Air Force

Associate of Applied Science - Information Management

Community College of The Air Force

Security Clearance

Top Secret / SCI, Inactive - Eligible for Revalidation

Polygraph

CI Polygraph, 06/01/16

Similar Profiles

CREATE PROFILE
Jeffrey Shields