Cyber security professional with over ten years of experience in Cybersecurity and Information Technology with two verified CVEs, CISSP, CCSP, GXPN and GPEN certifications, and a SANS published whitepaper. Highlights of professional experience include performing security assessments on a wide range of applications, implementing Prowler to audit a multi account AWS environment, automating over 250 tasks as a systems administrator, and implementing vulnerability management systems for two different organizations.
Senior Application Security Analyst – March 2023 – Present
- Perform security assessments for both custom developed and commercial applications.
- Designed and implemented organizational standards for Kubernetes.
- Led initiative to develop KPIs as part of the next step in the maturation process of the Application Security Team.
- Perform threat modelling and security architecture reviews on new and existing systems and integrations.
Cloud Security Engineer – August 2021 – March 2023
- Designed and implemented security controls for over 3000 resources in AWS, Azure, and Oracle Cloud.
- Developed over 25 incident response playbooks for multiple cloud platforms.
- Implemented Prowler for automated scans on 20+ AWS accounts to ensure adherence to CIS Standards.
- Led incident response efforts for cloud security incidents.
Application Security Analyst – November 2020 – August 2021
- Performed over 25 security assessments for both custom developed and commercial applications.
- Integrated SAST scanning (SonarQube) into DevOps CI/CD pipeline utilized by 15 development teams.
- Implemented a security assessment framework, resulting in a 20% reduction in assessment times.
- Analyzed industry security threats and developed strategies for detection and mitigation.
Systems Administrator – April 2015 – November 2020
- Maintained core banking systems to ensure 99.999% availability.
- Led implementation of Rapid7 InsightVM and InsightIDR for over 1,500 computing resources.
- Automated over 250 processes across the organization.
- Designed and led disaster recovery efforts for core banking system and ancillary connections.
Systems Operations Specialist – May 2014 – April 2015
- Redesigned over 50 operational processes to improve efficiency and reduce potential for errors.
- Acted as front-line support lead for Symitar core banking system.
- Assisted engineering team with infrastructure and hardware replacement projects.
Technical Support Specialist – September 2013 – May 2014
- Implemented GFI Cloud for over 500 servers and desktops.
- Supported over 100 employees with a wide range of technical questions.
- Migrated over 200 computers from Windows XP to Windows 7.
SANS Technology Institute: M.S. Information Security Engineering - November 2022
Western Governors University: M.S. Information Technology Management - July 2019
Western Governors University: B.S. Cybersecurity and Information Assurance - June 2018
- CVE-2021-38602 – PluXML 5.8.7 – Stored XSS
- CVE-2021-38603 – PluXML 5.8.7 – Stored XSS
GIAC: GCIA, GXPN, GPEN, GCIH, GDSA, GPCS, GSEC, GFACT, GSTRT, GCPM, SSAP
(ISC)2: CISSP, CCSP, SSCP
CompTIA: A+, Network+, Security+, Pentest+, Project+
CyberWarfare Labs: CCRTA
Rapid7: InsightIDR Certified Specialist, InsightVM Certified Administrator
AWS: Certified Cloud Practitioner
Microsoft: Security, Compliance, and Identity Fundamentals, Azure Fundamentals
- Windows: PowerShell, Batch Scripting, Registry, Group Policy, System Hardening
- Vulnerability Management: InsightVM, GFI Cloud, Qualys, Nessus, OpenVAS
- Offensive Security Tools: Metasploit, Burp Suite, Zaproxy, Nmap, WPScan, Nikto, Dirb, Gobuster, Dirsearch, SQLMap, Impacket, John, Hashcat
- Virtualization: ESXi, VMWare, Virtualbox, Docker, Amazon EC2, Kubernetes
- Additional Technical Skills: Automation, Incident Response, Active Directory, Threat Modelling, Security Architecture Review
- GIAC Advisory Board – 2020
- National Cyber League – Spring 2021 – 81/4180 Individual Game and 7/922 Team Game
- National Cyber League – Fall 2021 – 66/6480 Individual Game and 18/3910 Team Game
- SANS Whitepaper – Is Your Cloud Environment Secure? How Do You Know?