whoami

PROFESSIONAL SUMMARY

Cyber security professional with over ten years of experience in Cybersecurity and Information Technology with two verified CVEs, CISSP, CCSP, GXPN and GPEN certifications, and a SANS published whitepaper. Highlights of professional experience include performing security assessments on a wide range of applications, implementing Prowler to audit a multi account AWS environment, automating over 250 tasks as a systems administrator, and implementing vulnerability management systems for two different organizations.

EXPERIENCE

CREDIT ACCEPTANCE

Senior Application Security Analyst – March 2023 – Present

  • Perform security assessments for both custom developed and commercial applications.
  • Designed and implemented organizational standards for Kubernetes.
  • Led initiative to develop KPIs as part of the next step in the maturation process of the Application Security Team.
  • Perform threat modelling and security architecture reviews on new and existing systems and integrations.

Cloud Security Engineer – August 2021 – March 2023

  • Designed and implemented security controls for over 3000 resources in AWS, Azure, and Oracle Cloud.
  • Developed over 25 incident response playbooks for multiple cloud platforms.
  • Implemented Prowler for automated scans on 20+ AWS accounts to ensure adherence to CIS Standards.
  • Led incident response efforts for cloud security incidents.

Application Security Analyst – November 2020 – August 2021

  • Performed over 25 security assessments for both custom developed and commercial applications.
  • Integrated SAST scanning (SonarQube) into DevOps CI/CD pipeline utilized by 15 development teams.
  • Implemented a security assessment framework, resulting in a 20% reduction in assessment times.
  • Analyzed industry security threats and developed strategies for detection and mitigation.

MICHIGAN SCHOOLS AND GOVERNMENT CREDIT UNION

Systems Administrator – April 2015 – November 2020

  • Maintained core banking systems to ensure 99.999% availability.
  • Led implementation of Rapid7 InsightVM and InsightIDR for over 1,500 computing resources.
  • Automated over 250 processes across the organization.
  • Designed and led disaster recovery efforts for core banking system and ancillary connections.

Systems Operations Specialist – May 2014 – April 2015

  • Redesigned over 50 operational processes to improve efficiency and reduce potential for errors.
  • Acted as front-line support lead for Symitar core banking system.
  • Assisted engineering team with infrastructure and hardware replacement projects.

EXTRA CREDIT UNION

Technical Support Specialist – September 2013 – May 2014

  • Implemented GFI Cloud for over 500 servers and desktops.
  • Supported over 100 employees with a wide range of technical questions.
  • Migrated over 200 computers from Windows XP to Windows 7.

EDUCATION

SANS Technology Institute: M.S. Information Security Engineering - November 2022

Western Governors University: M.S. Information Technology Management - July 2019

Western Governors University: B.S. Cybersecurity and Information Assurance - June 2018

CVEs

  • CVE-2021-38602 – PluXML 5.8.7 – Stored XSS
  • CVE-2021-38603 – PluXML 5.8.7 – Stored XSS

CERTIFICATIONS

GIAC: GCIA, GXPN, GPEN, GCIH, GDSA, GPCS, GSEC, GFACT, GSTRT, GCPM, SSAP

(ISC)2: CISSP, CCSP, SSCP

CompTIA: A+, Network+, Security+, Pentest+, Project+

CNCF: CKS

PMI: CAPM

eLearnSecurity: eCPPTv2

CyberWarfare Labs: CCRTA

Rapid7: InsightIDR Certified Specialist, InsightVM Certified Administrator

AWS: Certified Cloud Practitioner

Microsoft: Security, Compliance, and Identity Fundamentals, Azure Fundamentals

TECHNICAL COMPETENCIES

  • Windows: PowerShell, Batch Scripting, Registry, Group Policy, System Hardening
  • Vulnerability Management: InsightVM, GFI Cloud, Qualys, Nessus, OpenVAS
  • Offensive Security Tools: Metasploit, Burp Suite, Zaproxy, Nmap, WPScan, Nikto, Dirb, Gobuster, Dirsearch, SQLMap, Impacket, John, Hashcat
  • Virtualization: ESXi, VMWare, Virtualbox, Docker, Amazon EC2, Kubernetes
  • Additional Technical Skills: Automation, Incident Response, Active Directory, Threat Modelling, Security Architecture Review

ACHIEVEMENTS AND PUBLICATIONS

  • GIAC Advisory Board – 2020
  • National Cyber League – Spring 2021 – 81/4180 Individual Game and 7/922 Team Game
  • National Cyber League – Fall 2021 – 66/6480 Individual Game and 18/3910 Team Game
  • SANS Whitepaper – Is Your Cloud Environment Secure? How Do You Know?