Information Security Engineer

Location:

Allen, TX

Posted:

December 26, 2018

Contact this candidate

Resume:

Michael Angelo Vien

*** ******* ***** *****, ***** 75002

***********@***.***

469-***-****

Solutions-oriented IT Information Security Specialist with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives.

Proven capability to communicate complicated concepts to engineers and executives alike.

Confirmed ability to solve complex technical and business problems with elegant solutions.

Track record of increasing responsibility in secure network design, systems analysis and development, and full life cycle project management.

Demonstrated capacity to implement innovative security programs that drive awareness, decrease exposure, and strengthen organizations.

Hands-on experience leading all stages of system development efforts, including requirements definition, design, architecture, testing, and support.

Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams.

Adept at developing effective security policies and procedures, project documentation and milestones, and technical/business specifications.

Proven experience both working in and managing projects throughout the SDLC.

Professional Experience

MeasuredRisk Jan, 2015 – present

Co-Founder/Head of Cyber/CISO/Information Security Architect

MeasuredRisk is a natural extension of my career in cyber-security. The company is focused on providing best of class cyber-security training, consulting, incident response and threat intelligence.

Responsible for nearly all of the receivables for the company by bringing engagements and performing the cyber services including but not limited to penetration testing of internal, external, and wireless networks for various clients including ensuring compliance to a variety of regulatory requirements such as PCI-DSS.

Responsible for performing risk assessments, vulnerability assessment and penetration tests utilizing a variety of tools including SIPSCAN, SIPvicious,, Nexpose Vulnerability scanner, Nessus, Metasploit, Burpsuite, Kali and many others including custom tools and scripts

Responsible for architecting solutions and implementing a variety of commercial solutions such as Cisco IOS, Firewall, Routers, Switches, Checkpoint, F5 Big IP, Bluecoat Proxy, and other security and network appliances

Set Solutions July, 2014 – Jan, 2015

Senior Sales Engineer

Was brought on board to help build a professional services offering and performed several penetration tests and incident response engagements

Responsible for all penetration testing utilizing industry standard tools such as Nexpose, AppScan, Metasploit, etc.

Responsible for all Incident Response

Responsible for all malware reverse engineering

British Telecom Americas, Irving, TX July, 2010 – July,2014

Consultant in the Ethical Hacking Center of Excellence

Joined BT in order to ensure a broad range of practical experience consisting of all phases and types of ethical hacking assessments

Named the EHCOE’s Subject Matter Expert (SME) for Social Engineering (SE)

Developed methodologies to be used in all SE engagements including documentation of new findings

Perform all physical SE projects

As one of the only members of my team with prior reverse engineering experience, I have been responsible for performing the majority of thick-client assessments sent to our team

Asked to present at the annual BT Leader’s Conference in Miami during my first year aboard

Performed war-dialing for the first time since the late 1990’s on an assessment

Performed a multitude of assessments on environments requiring regulatory compliance such as SOX, GLBA, PCI-DSS, and others

BANK OF AMERICA, Addison, TX Aug, 2009 – July, 2010

Vice President/Information Security Engineer (Ethical Hacker)

Hired as a full-time employee due to exemplary work as a contractor to continue to provide ethical hacking services within the Enterprise Security Assessment Team

Key contributions:

Performed ethical hacking assessments against a variety of bank applications including the primary customer online portal

Increased the average number of security findings per application from 3-4 to 10-12

As the only member of my team with prior reverse engineering experience, I have been responsible for performing all thick-client assessments sent to our team

Developed training curriculum for IDA-Pro which is to be presented in the future to members of my team

Responsible for presenting technical presentations to all visiting bank dignitaries

As a financial institution PCI and GLBA compliance was always a part of any assessment performed

Received numerous official recognitions and awards from both upper management and peers

MAD SECURITY, Dallas, TX Feb, 2004 – Present

Founder

Created as a side project after finishing my work with Security University in order to continue to teach and provide information security related services.

Performed ethical hacking, risk assessments, and vulnerability assessments for a variety of corporations

Provided expert witness services for the plaintiff in a civil matter involving a business account holder and a medium-sized bank

EC-Council

Certified EC-Council Instructor (CEI)

Delivered the Certified Ethical Hacker (C EH) curriculum at the annual TakeDownCon conference in Las Vegas in 2011

Delivered the EC-Council Certified Security Analyst (E CSA) and Licensed Penetration Tester (L PT) curriculum at the annual Hacker Halted conference in Miami in 2011

Delivered the C ND curriculum at the annual Hacker Halted conference in Atlanta 2017

Presented at TakeDownCon in Huntsville, AL for the National Cyber Security Summit 2017

Delivered the C EH curriculum at the annual Hacker Halted conference in Atlanta 2018

Secure Ninja

Chief Hacking Officer

Developed curriculum for variety of security related training

Delivered C EH, E CSA, L PT, and C HFI curriculum provided by EC-Council to students with a variety of experience and backgrounds including various government agencies as well as public and private organizations

85% average student score on EC-Council certification exams

Bank of America

Ethical Hacker and Information Security Engineer

Developed processes for validation of HackerSafe security scanner findings

Perform ethical hacking (vulnerability assessments) on bank systems utilizing both automated scanners as well as manual procedures

Developed curriculum and trained fellow team members on security-related issues with a mind on CISSP requirements

MGM Mirage

Ethical Hacker and Data Security Analyst

Improved risk assessment and incident response processes for MGM Mirage corporate including the IT infrastructure for all MGM Mirage gaming/hotel properties

Improved the IDS detection, investigation, and response processes

Performed IDS and computer forensics investigations as needed

Performed Ethical Hacking functions against a variety of production servers and applications

ART Response Team

Project Manager

Improved business processes and aided in the creation of a dashboard

Worked with developers to ensure adherence to secure coding practices

Provided guidance with regards to secure practices for data storage and transfer including integration of disparate applications specifically inter-application communication

Hacker Academy

Ethical Hacking Curriculum Designer and Instructor

Developed curriculum for the Hacker Academy’s to prepare students for the C EH, E CSA, and L PT certifications

To-date 100% pass rate for students instructed on all 3rd party exams with an average 83% score

Developed and instructed curricula for several private organizations

MPOWER LABS, Austin, Texas Feb, 2006 – Sept, 2008

Chief Information Security Officer

Created and implemented information security policies, procedures, and infrastructure for a startup international venture capital firm and an associated technology incubator company with offices in US, Mexico, and Austria

Responsible for performing security and technology related due-diligence for potential portfolio companies

Responsible for responding to and investigation of security related incidents

Responsible for maintaining the on-going compliance to a variety of regulations in several countries

Key Contributions:

Designed and implemented PCI compliant technology infrastructure in order to provide a platform for a credit card issuing and processing

Utilized some open source as well as some commercial solutions such as F5 load balancers to ensure adherence to our own SLA’s

Authored and implemented Information Security Policy, Information Risk Management Framework and Backup polices and procedures

Authored the Incident Response, Disaster Recovery, and Business Continuity Plans

SECURITY UNIVERSITY, Stamford, CT May, 2003 – Feb, 2004

Information Security/Malware/Ethical Hacking Instructor

Responsible for instructing classes ranging in size from 20 to 100+ persons on a variety of subjects related to information security

Key Contributions:

Developed and taught several curricula on subjects such as corporate information security, VPN security, firewalls, network security, viruses/Trojan horses/worms and the defenses against them.

Increased attendance due to popularity of my courses and my teaching style.

WHOLESECURITY, Austin, Texas Jan, 2000 – Sept, 2006

Chief Information Security Scientist

Upon realizing that there existed a threat to end point computers that was not be addressed adequately by the existing solutions, I set out to create a tool that would allow me both identify and mitigate the risk of this threat.

Responsible for pricing, conducting, documenting, and final customer deliverables for contracted penetration testing (ethical hacking)

Key Contributions:

One of two original developers of Whole Security’s Confidence Online product which utilizes a behavior-based approach to detect and mitigate Trojan horses, key loggers, worms, and other eavesdropping software without requiring signatures.

Coded several pieces of malicious code for the purposes of research in a variety of programming languages including C/C++, VB, and ASM

Developed and taught several curricula on subjects such as corporate information security, VPN security, firewalls, network security, viruses/Trojan horses/worms and the defenses against them.

Developed and primary contributor to the research department where I was responsible for retrieving, analyzing, and occasionally developing malicious code for the purposes of improving the detection capabilities of our product line.

As part of the development effort of the products, was also responsible for the strengthening the security of the actual deliverable. This included reverse engineering our own product to ensure that it would not be trivially defeated.

Prior to release of our products, performed various penetration tests and other consulting functions to help provide revenue to continue development.

Interview and hired multiple employees in various functions including sales engineering, development, and internal IT staff.

Created and implemented company policies and procedures governing corporate security, email and Internet usage, access control, and incident response.

Provided pre-sales support for sales team in the field answering technical questions and educating customers to the risks against their endpoint systems and therefore to their enterprise.

Performed a variety of PR responsibilities that included presenting our solutions and the associated threats at conferences and events.

Following the acquisition of WholeSecurity by Symantec, I was kept on to continue to provide expertise on WholeSecurity products as well as the area of information security with the title of Senior Principal Software Engineer.

After a year in the previous role, I made a lateral move within Symantec to Consulting Services Technical Lead to continue to pursue professional and personal goals as an Information Security Professional.

SPRINT E-SOLUTIONS, Addison, Texas June, 1998 – Dec, 2000

Information Security Consultant

Provided comprehensive remote and onsite support for domestic and international customers

Key Contributions:

Developed and taught the Attack and Penetration (Ethical Hacking) Methodology used by consultants

Responsible for design and implementation of a variety of secure LAN/WAN and e-Commerce networks for a number of domestic and international corporations including Fortune 500 companies

Create several tools and utilities to perform penetration tests in multiple languages including C/C++, ASM, Perl and shell code.

Recognized for outstanding quality of customer service with personal commendations from clients

CITIZENS COMMUNICATIONS, Dallas, Texas May, 1996 – June, 1998

Information Security Manager

Began worked as contractor in the production department in which I was responsible for establishing and maintaining data connections to telecommunications companies via a variety of means including BBS, dial-up, SNA, and TCP/IP

Due to my repeated observations and reporting of various security vulnerabilities and problems, I was presented the opportunity to become a permanent employee with responsibilities including purview over all information security needs

Key Contributions:

Automated the collection of data via a variety of BBS and shell scripts as well as utilities I wrote in C/C++ and a variety of scripting languages.

As the corporation was without previous dedicated information security personnel, I was responsible for creating all security related policies and procedures.

Responsible for implementing all network security devices and procedures.

During the construction of new offices, I was a member of a panel to determine physical security needs as well as single-handedly developing all information security requirements.

OLSTEN PROFESSIONAL TECHNICAL SERVICES, Dallas, Texas Sept, 1995 – May, 1996

Developer, LAN/WAN Architect/Implementer/Administrator

As a contractor worked with a variety companies in a variety of roles

Key Contributions:

Routinely automated the tasks for which I was hired to perform manually by creating utilities or scripts in a variety of languages including Perl, WildCat scripting, shell code, VB, and C/C++.

Contracted as a developer and network administrator for Citizens’ Communication before being offered a full-time position as Information Security Manager due to my discoveries and discussion of security-related issues within the infrastructure

HUGHES NETWORKS SERVICES, Memphis, Tennessee Jan, 1992 – Sept, 1995

Computer/Software Consultant, Installation Engineer

Began as Installation Engineer responsible for the installation and troubleshooting of the Hughes GMH 2000 cellular switching and base-station equipment and was later responsible for training customers on and troubleshooting the software related to the switches.

Education and Credentials

Avionics Technician

Naval AV “A” School – Millington, Tennessee

Electrical Engineer

Naval “C” School – Millington, Tennessee

Professional Training and Certifications

CISSP – Certified Information Systems Security Professional

Certified Chief Privacy Officer – SMU/Cox

CEH – EC-Council Certified Ethical Hacker

ECSA – EC-Council Certified Security Analyst

CEI – Certified EC-Council Instructor

CCSA/CCSE – Check Point Certified Security Administrator/Engineer

Clubs/Affiliations

American Legion

Contact this candidate