Vice President Resume
SUMMARY:
- Highly skilled Penetration Tester and Security Engineer offering vast knowledge of network and web application security.
- OWASP Chapter Leader for Houston, TX
- Strong understanding of PCI - DSS 2.0/3.0, Confidential 800-53 Rev.4, OWASP Testing Guide v4, Penetration Testing Execution Standard (PTES), and OSSTMM 3.0
- Proficient in Python, PHP, and Ruby which I use to automate tasks to reduce human error and increase productivity.
- Expert in vulnerability scanning using various tools including IBM AppScan, Qualys, Nexpose, Nessus, Core Impact, and Acunetix.
- Network Security: Both Red and Blue Team Exposure
- Blue Team: Intrusion Detection & Analysis.
- Red Team: Advanced web application testing using the latest tools and methodologies.
- Mastered the art of producing high-quality, contextually relevant penetration reports and remediation plans.
- Former Confidential, honorably discharged after 8 years of service
- Worked with the news industry as an expert in field of cyber security, Target Breach - KTRH 1
TECHNICAL SKILLS, TOOLS, & METHODS:
Web Application Security: Expert on WAFs; Web Servers, Web Standards, Latest Web Technologies
Web Application Testing Skills: All current attack vectors documented in the OWASP Testing Guide v4.0
Web Pentesting Tools: A Web Browser & Burp Suite Pro (always), W3af; sqlmap; Nikto; OpenVAS; Mantra; SamuraiWTF (always ready)
Network Exploitation: NMAP; netcat; Metasploit/SET; Scapy; Nessus
Programming: PHP; Ruby on Rails; Python; Bash
Intrusion Detection: tcpdump; Berkeley Packet Filters; ngrep; Snort; Wireshark
Linux Distros: Fedora & Debian (Daily); Custom Built Kali Image
EXPERIENCE:
Vice President
Confidential
Responsibilities:
- Joined a team of world class security experts who conduct application security assessments/penetration tests of the our internal/external web, mobile, & web service applications leveraging both manual techniques as well as automated tools, in order to uncover and report security vulnerabilities that exist.
- Knowledgeable with business risks associated to common security vulnerabilities.
- Effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.
- Ability to work independently in a very large-scale, enterprise setting.
Sr. pentester & Security Engineer
Confidential
Responsibilities:
- Conducted assessment on the Confidential Corporation systems utilizing Confidential 800-53 Rev.4, OWASP Testing Guide v4, Penetration Testing Execution Standard (PTES), and OSSTMM 3.0
- Developed custom tools using PowerShell and Python to perform security checks in addition to operational tasks.
- Performed risk assessments to ensure corporate compliance
- Performed manual testing of web application security
- Developed and maintained our internal Red Team methodology
- Create written reports, detailing my assessment findings and recommendations
- Trained in-house developers on secure coding practices and making security part of their SDLC
Web Security Specialist
Confidential
Responsibilities:
- Performed penetration tests against our development WAFs while working closely with the development team, resulting in a successful security focused SDLC
- Security analysis and research.
- Managed a 24/7/365 state of the art Security Operations Center.
- Linux Administration of over 2000 appliances running various distributions including CentOS and OpenBSD.
- Precision tuning and configuration of WAFs
- Management of over 300 Web Application Firewalls.
- Use Python & Bash daily to automate administration, health checks, and data aggregation.
- Developed an internal, web-based eLearning platform from the ground up.
Network Security Analyst
Confidential
Responsibilities:
- Identified cyber-threats by reading, interpreting and analyzing network traffic in real-time.
- Configured and monitored intrusion detection systems.
- Monitored global NIDS, Firewall and log correlation tools for potential threats.
- Initiated escalation procedure to counteract potential threats and vulnerabilities.
- Provided Incident remediation and prevention documentation.
- Documented and conformed to processes related to security monitoring.
- Provided performance metrics as necessary.
- Provided customer service that exceeds our customer’s expectations.
- Implemented and managed Splunk infrastructure.
- Processed Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS)
- Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
- Operated in a 24x7 state-of-the-art Security Operations Center.
- Low-Level Packet Analysis.
- Tune Global NIDS, Firewalls, and Log Correlation Triggers.
- Incident Response Handling.
Penetration Tester
Confidential
Responsibilities:
- Found security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security.
- Provided crucial insights into the most pressing issues and suggests how to prioritize security resources.
- Conduct penetration tests using Linux based security distributions (Kali, BackTrack, Pentoo, BackBox, MyOwn)
Confidential
Responsibilities:
- Honorable Discharge
- Secret Security Clearance (inactive)
- Recipient of the Air Force Achievement Medal for restoring the internet, phone, and 911 services in New Orleans following Hurricane Katrina.
- Identify potential threats and manage resolution of security violations
- Enforce national, DoD and Air Force security policies and directives