Resume

Sign in

Security Information

Location:
Lenexa, Kansas, United States
Posted:
February 09, 2018

Contact this candidate

Alexander E. Kloster

913-***-****

ac4exz@r.postjobfree.com

Summary

Solution-focused security professional combining lean start-up, sales development, and broad-based technical background with substantial project management achievements. Recognized ability to coordinate and execute cross functional strategy-based information technology solutions within various environments.

Specialties:

• Securely Enabling All Things Cloud (Google Cloud Platform / Azure / Softlaye/ AWS)

• Identity and Access management (IAM)

• Application Performance Management (APM)

• DevSecOps

• Kubernetes

• Metrics Driven Productivity Improvement

• LogRhythm, Splunk, CheckPoint, Palo Alto IPS

• Qualys, Nexpose, Tenable, OpenVAS

Core Competencies:

Regulations: PCI, SOX, HIPAA, PCI-DSS, GLBA

Platforms: Windows (Server 2003, 2008R2, 2012R2,2016), VMware (ESXi, NSX, vSphere), UNIX (Solaris, HP-UX, AIX), Linux (Kali, Red Hat Enterprise Linux, CentOS, Gentoo, Suse)

Programming: Python, SQL, PowerShell, Bash

Technologies: Qualys, Qualys Guard Consultant, Nessus Professional, Nexpose, Metasploit, Burp Suite Pro, Nmap, Nitko, w3af, Websense Triton AP, BlueCoatSG, Tripwire, Snort, Sourcefire, Fire AMP, Wireshark, EnCase, FTK Imager, Proofpoint, Cylance PROTECT, Elasticsearch Logstash & Kibana

Networking: Juniper SRX, Juniper EX, Cisco ASA, Checkpoint Firewall (4.1SP2, NG, NGAI), 802.1q-in-q, STP, VPN, SSH, IPSEC, L2TP, PPTP, OSPF, MPLS, 802.11x

Encryption: PKI, PGP, X509 Certificates, Microsoft BitLocker Administration and Monitoring (MBAM), LUKS, Vera Crypt

Career History

Security Engineer

BreachMe Software Ltd

Shawnee, KS (12/2017 –Present)

Enterprise Information Security architect responsible for enterprise wide array of security.

Manual code review

WAF rule design and maintenance

SIEM rule design

IDS monitoring

Enterprise auditing device configurations (e.g. servers, firewalls, VPN)

Threat modeling (web application)

Web application design review

Security log monitoring and review

Incident response (endpoint and server)

Data Security Administrator

AMC

Leawood, KS (04/2016 –12/17)

Evangelist and architect responsible for enterprise wide patch management.

Created and led the Patch Management Center of Excellence.

Facilitated alignment and agreement for a remediation time-frame for vulnerabilities between business units

Developed business cases, presentations and assessments for C-Level executives.

Created and let the Vulnerability Assessment Team which conducted daily assessments on new vulnerabilities

Championed and led the security awareness enterprise phishing campaign.

Executed daily threat review, AMC SOX Reports, CCM Weekly FIM, PhoneFactor MFA usage, bypass and faud, Palo Alto Network Services Threat List, LogRhythm Alarm review, LogRhythm Case Creation, Incident Response Timelines, SIR/PIR Outage, Symantec Enterprise Protection Management Risk Logs, NetScaler usage, Quarterly Firewall Change Review, Security Except Review

Solutions and technologies leveraged:

Tanium, Rapid 7 Nexpose, Palo-Alto, Symantec Anti-Virus, Microsoft SCCM, Shavlik, F5, SCAP, STIG's, FireMon, Whitehat, Archer, Imperva, LogRhythm, and Altiris LogRhythm SIEM, CyberArk IAM & PAM, Rapid 7 Nexpose, Tripwire CCM, Palo Alto FW, Microsoft MFA

IT Security Manager,

Jack Cooper Transport

Kansas City, MO (10/2015 –04/2016)

I am the primary in-house resource for Jack Cooper’s IT security program. I lead the planning, development, and review of the Information Security Program Management Planning Activities. I drive policy and security program development as well as assessments and testing processes. On a daily basis, I ensure information systems are safeguarded by leveraging in-house resources and tools as well as managing 3rd party services.

Oversee the security awareness program for the education of personnel as to security requirements and procedures.

Write the review and evaluation of comments relative to external reports, profiles and assessments, and provide support to collect data and provide input to reports as directed.

Routinely perform technical security assessments, risk assessments and other testing of corporate systems.

Sr. Consultant, Security and Privacy,

RSM McGladrey LLP,

Kansas City, MO (05/2015-10/2015)

I conduct security reviews for financial institutions, and banking core systems. (Internal, external, wireless, WAN). I perform technical interviews with system owners to identify information security posture. I advise system owners on high priority security vulnerabilities and develop remediation roadmap and prioritize next steps.

Conduct social engineering campaigns (Telephone, Email, Walk-ins)

Strategic planning and formation of Incident Response Teams (Cyber, Physical)

Proactive security operations including procedures, policies, and training (Cyber, Physical)

Intelligence gathering, processing, and use (OSINT, SIGINT)

Security Operation Center deployment (Enterprise)

Vulnerability Scan Analyst,

FishNet Security

Leawood, KS (05/2012-05/2015)

I perform assessments of an organization's network security posture through the use of automated tools and manual techniques to identify and verify common network security vulnerabilities. I absorbed the Project Analyst role to give better feedback and response time to the clients. I create comprehensive assessment reports to meet the client need and goals. My position is very high visibility with routinely interfacing with customer personnel to gather information and investigate security controls.

Utilized commercial and open source vulnerability tools (Qualys, Rapid7 NeXpose, Core Impact, Nessus, nMap, etc )

Performing manual verification of vulnerabilities/pen (PCI ASV)

Responsible for understanding and being familiar with regulatory compliance requirements and standards (PCI, SOXX, HIPAA and others)

Weekly status reports) over 200+ clients and over half a million dollars of revenue

Provide support in the ongoing development of security assessment offerings

Primary point of contact on scoping projects to ensure on time and on budget

Upsell of service to client for best security posture based on current client needs

Correlated security events, escalated to Team Lead as necessary

Utilized Ethical Hacking procedures to ensure proper handling of false positives

Sr. LEAD Agent,

Leawood, KS (05/2012-05/2015)

I penetrate Fortune 1000 accounts and established relationships at the executive level, including the C-Suite.

Achieved performance metrics of 327% to goal with over 700,000 top line revenue in 2014

Performed Quality Assurance review for team calls, training new employees, writing talk tracks and executing campaigns

Integrated Salesforce.com CRM with data analytics software and trained staff on best practices

Education, Professional Training, and Accolades

Stephen F. Austin State University

Nacogdoches, TX (2007-2011)

Bachelor of Science, Political Science, Administrative Law

AMC

Nexpose Certified Administrator

RSA Threat Hunting

Advanced System Automating with PowerShell

Advanced Data Analytics

FishNet Security

CCSP (Expected 2018)

7Safe, Certified Security Testing Associate

Blue Coat, Certified Proxy Administrator

Blue Coat, Certified Proxy Professional

Juniper Networks Certified Associate - Junos (JNCIA-Junos)

Payment Card Industry – Data Security Standards, Scoping

Linux Security

Sales Support, Management Award 2014

Rock on Award – Innovation, 2014

Rock on Award – Teamwork, 2013

Rock on Award – Teamwork, 2012



Contact this candidate