MARK ANDREWS
gdroids< >gmail<dø*>com
a*
BIO
Mark is a software engineer with over 18 years of experience in a variety of disciplines that include
application security, penetration testing, network security, threat modeling, vulnerability discovery,
and application quality assurance (QA) analysis. He has worked for industry-leading security com-
panies, which include Raytheon, @Stake, Symantec Vulnerability Assessment Services, and Aventail
Corporation.
EMPLOYMENT HISTORY
Dagger Networks FL, 2013 - 2015
Sr. Engineer
• Program specific testing of security focused software
• One-off test automation scripts in Python
• Created scalable test automation framework using veewee, vagrant, puppet provisioning, and
Virtualbox on Ubuntu Linux
• OS X related testing, Xcode
• System testing
• Creation and delivery of customer documentation.
• Coordinated and Run program’s in-person, onsite, customer acceptance tests.
• Further details upon request and need.
Raytheon SI Government Solutions FL, 2009 - 2013
Cyber Engineer II
• Low-level application and OS testing
• Driver testing
• Embedded OS RE and VR
• Test automation in Python/VMware
• Mobile application testing
• Vulnerability Research
• Reverse Engineering
• Penetration Testing
• System testing
• Creation and delivery of customer documentation.
• Coordinate and run program’s in-person, onsite, customer acceptance tests.
• Further details upon request and need
• Developed an offline Anti-Virus Farm (AVF) idea project, which involved the creation of a
Python script that monitored a shared network folder where files were dropped. Multiple
machines running different flavors of anti-virus software consumed the dropped files. Each
machine responded with the scan results. A report was then generated from the aggregate
data for each dropped file. Signature updates for AV software were automated.
Russell Investments (Contract), WA 2008 - 2009
Quality Assurance / Automation Engineer
• Tested the functionality and security of the company’s many internal and external financial
management applications.
• Saved time on regression testing by suggesting automation. Used C# for SQL queries. Used
Selenium for the web interfaces.
aQuantive/Avenue A/Razorfish (Contract) WA, 2007 - 2008
Security Administrator
• Part of the security response team monitoring Internet traffic on the corporation’s websites,
which included testing firewall rules and participating in weekly Symantec anti-virus report
reviews to assess potential threats.
• Developed an internal asset website to catalog devices for Sarbanes Oxley compliance.
Symantec Corporation WA, 2004 - 2007
Senior Security Consultant
• Performed a wide array of full-site security assessments, which included the following organi-
zations: MySpace, Gates Foundation, Iron Mountain, multiple Coca Cola sites, C&K Auto,
Palm Inc. (Hewlett Packard), Ebay, Intuit, Quantum-Axeda, Shutterfly, Qwest, and Bank of
Butterfield.
• Identified the initial samples of cross-site scripting around the same time the Samy Worm
occurred demonstrating how important it is for organizations to act upon identified security
problems.
Mark Andrews Page 2
• Reverse engineered applications and protocols, performed code and report reviews, and vul-
nerability research.
• Create and deliver customer documentation.
• PCI certified
• Tools: Paros Proxy (ZAP), Qualys, nmap, netcat, Metasploit, BackTrack (Kali Linux).
Safeco Insurance (Contract) WA, 2004 - 2004
Automation Engineer / Quality Assurance Analyst
• Automated existing test suites for the company’s intranet and Internet agent web sites.
• Filed and fixed bugs
Premera Blue Cross (Contract) WA, 2002 - 2003
Senior Programmer Analyst
• Part of a large team hired to ensure organizational HIPAA compliance.
• Managed and configured the builds and testing of a large number of disparate, new, and legacy
applications in multiple build environments that were required to work together.
• Ported existing build environments to a more manageable design.
• Created unit test tools for development teams.
• Premera-certified in Mercator Integration Flow Designer.
Aventail Corporation WA, 1999 - 2001
Senior Software Quality Assurance Engineer
• Designed and implemented test suites for a large Secure Business to Business management
solution.
• Testing required detailed knowledge of many authentication and encryption methods.
• Joined a small team that developed a proprietary, layered, service-provider client sniffer (similar
to a network packet sniffer, but for a proprietary software application).
Sequel Technology WA, 1998 - 1999
Software Quality Assurance Engineer
• Designed and implemented test suites for a network-filtering product. Testing included au-
tomating SQL queries and web site interfaces.
• Designed and maintained the department’s internal web site.
Microsoft (Contract) WA, 1997 - 1998
Software Test Engineer
• Focused on testing the Remote Access Service (RAS) for NT4 and Windows 2000 (including
Point-to-Point Protocol [PPP], Point-to-Point Tunneling Protocol [PPTP], Layer 2 Tunneling
Protocol (L2TP), AppleTalk, etc.).
• Performed kernel-level debugging on the Network Driver Interface Specification (NDIS) wide
area network (WAN) driver.
• RAS Lab Manager responsible for lab maintenance, uptime, multiple hunt groups, 20+ servers.
CLEARANCE
Active
Details upon request and need.
PROFESSIONAL AFFILIATIONS and ACTIVITIES
WASC Threat Classification Review (1 yr.)
DefCon CTF
EDUCATION
BS Computer Science, California State University San Bernardino 1996