July 2021 - Present | Compuquip Cybersecurity
Sr. Offensive Security Engineer / Red Team Lead
- Tested Sentinelone against Atomic Red team and wrote custom alerts to catch attacks
- Developed Ansible playbooks to deploy custom SOAR platform, and perform regular system and application updates
- Wrote a slack bot to aid in SOC investigations to query for WHOIS, ASN, Shodan, InternetDB, Screenshot, CVE Search, and pull Greynoise data
- Performed penetration test, and vulnerability assessments of customer infrastructure
- Audited and tested Active Directory infrastructure for common exploits, weak password combinations, configuration issues, and accounts with over-provisioned permissions
- Automated generation of penetration test and vulnerability assessment reporting
- Hardened company external and internal infrastructure
- Modified a Gophish platform to remove built-in IOCs to perform phish testing on customers and employees
- Developed application to monitor Tor ransomware sites
- Developed Application to generate reports of SentinelOne agent health
- Served as a subject matter expert on SentinelOne agent deployment on Linux for a client with 33k+ endpoints
- Deployed and maintained password cracking systems to audit organizations password complexity using 100gb of collected password dumps
- Placed in DEFCON's password village for Crack Me If You Can competition (1st - 2021, 2nd - 2022)
May 2021 - July 2021 | ScienceLogic
Sr. Python Developer - Solutions
- Scripted local development setup for team
- Audited VMware vSphere test environments to make scalability improvements
- Setup various VMware vSphere test environments (e.g. vSAN, SRM) to fully test new monitoring automation
being written
March 2020 - May 2021 | Intercontinental Exchange / NYSE
Manager, Cybersecurity Automation - Information Security
- Automated tracking of randomized Red Team tests deployed across the enterprise to identify detection gaps
- Remotely on-boarded two new direct reports during a pandemic
- Created detections that align with MITRE ATT&CK framework
- Automated auditing of open issues to see if they needed to be re-evaluated based on updated CVE data
- Created a fully REST API to pull data on users, machines, IPs, domains, firewall rules, and incidents based on user- inputted search term
- Maintained server infrastructure that was core to the whole Information Security department as it tracked information on application compliance and ran over 170 reoccurring tasks
- Deployed and wrote custom integrations for augmented reality tool, Polarity, to increase collaboration and provide instantaneous data during an incident or daily workflow
February 2018 - March 2020 | Intercontinental Exchange / NYSE
Senior Cybersecurity Engineer - Information Security
- Mentored teammates with on-boarding, python scripting, malware analysis, and architecture of new products being built out
- Managed incidents from infection to containment to remediation
- Lead effort with a PoC to prove password complexity policies were too simplistic
- Wrote custom modules to consolidate open-services found via vulnerability scanners, Masscan, NMap, and Shodan to identify unauthorized services available to the internet and influenced policy creation to remediate problems found
- Wrote custom module to identify websites without hardened SSL/TLS and sites that answer only with http
- Wrote automated testing to make sure email security controls worked and to alert the user if they failed
- Data-mined and created custom management and c-level reports about the phish testing data to identify and alert users that needed further training
- Maintained, monitored, and tuned many IDS/IPS systems for email and web traffic
- Maintained, monitored, and tuned antivirus and memory protection policies to align with business needs and protection
- Monitored logs for anomalous events and initiate incident response processes to remediate issues
- Maintained, and used sandboxed environments to do static analysis and detonate malware
- Malware Analysis Crash Course by the Mandiant Flare team
October 2016 - February 2018 | Intercontinental Exchange / NYSE
Cybersecurity Engineer - Information Security
- Automated analysis of user reported phish emails to expedite triaging and, in some cases, process the report without human interaction which was estimated to over 2000 man-hours a year saved
- Wrote web-based utility to query 24+ APIs for everything from user information to domain/IP information to file hash reputation to quickly aid in investigations
- The Shellcode Lab by Threat Intelligence Pty Ltd
January 2016 - October 2016 | ACI Worldwide
Senior Systems Administrator - Corp IT
- Member of Architecture Council as the Systems Security Subject Matter Expert
- Utilized Security tools such as nmap in scripts to identify and auto-remediate vulnerabilities by shutting off insecure services or configuring insecure application configurations to be secure
- Subject matter expert on vulnerability remediation and mass automation for Unix, Linux, and Windows on operating systems and applications
- Wrote scripts to scan for SSH banners to establish baseline to find honeypots on the network
- Wrote scripts to automate internal Red Team's screenshotting of found vulnerabilities saving hundreds of man hours
- Managed remediation of penetration test results
- Regularly Audited Systems for Security threats and insecure configurations via scripts
- Lead and managed effort to remediate overall company-wide vulnerability reports
- Lead efforts to close many open audit items against various departments due to security concerns
- Wrote scripts to validate and remediate vulnerabilities and then presented the data in a web application dashboard to track progress
- Regularly Architected large solutions to enhance user-end experience
- Data mined Vulnerability reports to find patching gaps
November 2013 - January 2015 | ACI Worldwide
Unix Systems Administrator - Corp IT
- Lead programming and culture change effort to remediate over one million vulnerabilities in a year after switching to authenticated scans
- Wrote various scripts to fix audit issues and other scripts to automate long intensive processes to comply with policy
- Worked closely with the Security department to stay on top of patching, recently found exploits/vulnerabilities, and configuration issues
- Assisted end-users with performance issues, configuration needs, hardening of applications, and other day-to-day operations
- Monitored the datacenter with daily walks to look for hardware failures
June 2012 - November 2013 | EarthLink
Information Security Analyst - Enterprise Information Security
- Automated tedious functions of fraud and abuse work saving 3 hours a day
- Coordinated with infrastructure teams for vulnerability remediation as subject matter expert on system and application vulnerabilities found with scans and manual audits of systems
- Developed in-house applications to report and act on spam, phishing and other acceptable use policy violation trends based on POP logs, SMTP logs, and 3rd party intelligence
- Created a database to track trends of abuse such as dictionary attacks, directory harvesting, and recidivism
- Development automated processes to shutdown accounts with malicious/abusive activity
- Conducted analysis of trending threats and how to mitigate those risk
- Provided incident response for server compromises and other cases involving malicious intent
December 2010 - June 2012 | Morris Technology LLC
System Administrator - Development
- Maintained production Linux and Windows servers in a virtualized environment for web applications that hosted over 40 different news sites
- Wrote various scripts to automate labor intensive processes
- Interfaced with customers to resolve various daily operational issues
- Provided desktop support company wide
- Added new email (exchange) accounts that synced with Postini
- Added and organized users into Active directory
- Added/Updated DNS records to correspond with company needs
- Scaled application servers to adjust for the growing load
Summer 2009 | Briarwood Academy
Intern - IT Department
- Participated in the creation of Linux based file servers
- Used imaging servers to re-image an entire computer lab
- Updated desktop machines; RAM and Operating System
- Assisted in the architecture, creation, and migration of critical IT auxiliary services