Dave Keller

San Francisco Bay Area • 408-***-**** • ad09xn@r.postjobfree.com

Dynamic cybersecurity professional, with 12+ years of providing cyber resiliency, strategy development, solution implementation, risk management, regulatory compliance, leadership and team management, and data security expertise. Successfully crafted and deployed cybersecurity solutions that align with business objectives, mitigate risks, and meet compliance requirements, using best practices for identity and access management, data loss prevention, endpoint security, and cloud security. I've partnered with clients across various industries and agencies to protect endpoints, mitigate risks, and provide cyber defense and response to Fortune 500 companies. Successfully improved threat landscapes, using cybersecurity solutions involving SIEM, SOAR, EDR, MDR, DLP, CASB, and many other security tools. Lastly, I'm a subject matter professional on several security control frameworks (i.e., NIST, ISO, COBIT, HIPAA, PCI-DSS, and Zero Trust).

Key Career Experiences

9/2023 – PRESENT

Senior Cybersecurity Consultant Contractor/Self-employed Healdsburg, CA

Actively pursuing cybersecurity contracts or full-time positions.

7/2022 – 8/2023

Manager – Cybersecurity Consulting / vCISO e360 Concord, CA

Modernized threat detection and response by coordinating security automation with CSIRT Teams and their security tools (i.e., SIEM, PVM, DLP, EDR, etc.). Conducted tabletop incident response exercise, helping identify vulnerabilities in client’s internal and external networks, testing instances of CrowdStrike Falcon, Palo Alto Networks, Microsoft Defender, and Trend Micro with SafeBreach. Spearheaded identifying Critical and High vulnerabilities across multiple diverse applications, contributing to a 70% enhancement in organizational security posture within six months. Developed, tested, and deployed incident response plans, automated vulnerability assignment to asset owners, and managed different instances of CrowdStrike, Mandiant Advantage, Microsoft Defender, and Tenable.sc and Tenable.io. Conducted third-party vendor risk assessments and reviewed SLAs, delivering organizational security posture reports that influenced C-suite decision-making processes for future projects.

2/2020 – 7/2022

Senior Cybersecurity Engineer – Cybersecurity Consulting KPMG LLC San Francisco, CA

Successfully found the password that caused one of the 2021 SolarWinds incidents through e-forensics efforts, including credential scanning with truffleHog and deep dive analysis of GitHub. Efficiently restructured Tenable.sc and Tenable.io instances, integrating them with ServiceNow Vulnerability Response, and reduced vulnerabilities by 75+%. Restructured security configurations for Windows, Mac, and Linux platforms, using CIS Controls and DISA STIG. Modernized security controls framework for large bank, using SWIFT Customer Security Controls Framework, to better secure their environment, know and limit access, and improve detection and response to potential incidents and threats. Created, tested, and successfully implemented security compliance rules for global call center activities, while advising on risk scenarios and how to defend against them.

2/2018 – 01/2020

IT Security Manager American AgCredit Santa Rosa, CA

Modernized comprehensive suite of 30+ security tools, providing security automation and policy restructuring to cloud security, SIEM, EDR, CASB, DLP, anti-virus, malware analysis, and anti-phishing tools, while reviewing and recommending cloud services, configurations, and security tools that enhance the threat landscape. Efficiently led CSIRT during tabletop exercises, while automating security processes and response, using ServiceNow, Secureworks, Red Cloak, Qualys, Carbon Black Protect and Defend, KnowBe4 PhishER, and Symantec Endpoint Protection. Partnered with IT and vendor risk management to enhance cybersecurity risk program strategy and projects, while reducing vulnerabilities by 65+%. Streamlined ServiceNow change management process for software approval procedure, while processing new software approval requests in <7 days. Orchestrated vulnerability management analysis, including zero-days, patch management, and collaborated with development teams to identify security efficiency for SDLC.

10/2017 – 02/2018

Senior Cybersecurity Engineer (Contractor) PwC Phoenix, AZ

Accomplished PAM decision between BeyondTrust and CyberArk, ensuring comprehensive assessment of business and technical requirements and thorough comparison to BeyondTrust’s vs. CyberArk’s capabilities and limitations. Developed comprehensive PAM Plan, encompassing design, construction of DEV, QA, PROD, and QR environments, seamless integration, and rigorous testing. Championed interviews with CISO, InfoSec Director and Teams to gather vital information to successfully implement a robust and resilient PAM strategy, ensuring client's alignment with cutting-edge practices and technologies.

07/2016 – 10/2017

Senior Cybersecurity Engineer (Contractor) PwC Phoenix, AZ

Effectively interviewed Information Security Directors and/or IT Managers to understand network design, dependencies, and scanning requirements, to develop comprehensive vulnerability management strategies. Successfully deployed and configured Tenable solutions (Nessus, Tenable.sc, Tenable.io, PVS, and LCE), teaching architectural dependencies, scanning policies, scan run times, and integration with ticketing (i.e., ServiceNow). Performed scan results and supervised management of custom dashboards, reports, and other Tenable SecurityCenter features so client was in alignment with product outputs.

***See LinkedIn for more career experience***

Technical Skills

Access Management: SailPoint, BeyondTrust, Microsoft Identity, CyberArk, and Okta.

Application Security: truffleHog, Microsoft Defender for Cloud Apps, Qualys WAS, and Carbon Black App Control.

Artificial Intelligence: ChatGPT and Google Bard.

Big Data Platforms: Splunk, Alteryx, Microsoft Azure, and Googe Cloud.

Clearances: U.S. DoD (Secret) Clearance – Expired July 2018.

Cloud Infrastructure: Azure, GCP, and AWS; GitHub.

Data Protection/DLP: CASB, SASE, Netskope Cloud, Forcepoint Security Manager, Microsoft Purview Information Protection, Microsoft Defender for Endpoint DLP, Microsoft 365 Compliance Center, Trellix, SkyHigh Security, Egnyte Protect, Symantec DLP, and RSA DLP.

DevSecOps: Java, Python, and XML; Scrum and Agile; Rational Performance Tester and Burpe Suite.

Endpoint Protection: CrowdStrike Falcon, SentinelOne, Tanium, Red Canary, Carbon Black Protect and Defense, Proofpoint Email Security and Protection, Avecto Defendpoint, Abnormal Security, Mimecast, Red Cloak, IBM BigFix, KnowBe4 PhishER, Metasploit, Symantec, Microsoft Defender, Trend Micro, Malwarebytes, BitLocker, and Zix-Protect.

Incident Response/Forensics: Mandiant Advantage, Secureworks, ManageEngine Log360, Check Point Incident Response, and OpenText EnCase.

Networking: Palo Alto Network Global Protect, Cisco Umbrella, Snort, Nmap, and Wireshark.

Operating Systems: Window desktop & servers, MacOS, RHEL, CentOS, and Ubuntu.

Patch Management: SCCM, Microsoft Intune, ManageEngine, and Automox

Programming & Querying: Java, Python, PowerShell, and SQL; Scrum and Agile.

Project Management: Jira, Smartsheet, and Microsoft Teams.

Security Frameworks: MITRE ATT&CK; ZTNA; NIST CSF (800-53, 800-171, and 1800 Series), ISO 27001, 27002, 27005, 27017, 27018, 22301; COBIT; PCI-DSS; SOC 1, 2 and 3; NERC-CIP; SWIFT; CIS Benchmarks, DISA STIG, and Microsoft Guidance.

SIEM/UEBA: Secureworks, CrowdStrike Falcon SIEM, Splunk SIEM, Sumo Logic, Exabeam SIEM, Azure Sentinel, Red Canary, BitSight, JupiterOne, and LogRhythm.

Threat Hunting and/or Intelligence: CrowdStrike Threat Intelligence and Hunting, Recorded Future, Check Point ThreatCloud AI, ManageEngine Log360; and CrowdStrike Falcon Overwatch, SentinelOne WatchTower, KnowBe4 PhishER, and Snort.

Ticketing: ServiceNow Vulnerability Response, Jira, and Smartsheet.

Virtualization: Cisco AnyConnect, Citrix Receiver, Oracle VM VirtualBox, VMware ESXi vSphere, and Hyper-V Win Server.

Vulnerability Management: Microsoft Defender, Tenable.sc, Tenable.io, Nessus Pro; Qualys VMDR; Kenna.VM or Cisco Vulnerability Management; IBM AppScan and BigFix; ManageEngine Vulnerability Manager Plus; Ivanti Neurons; and CrowdStrike Falcon Spotlight.

Certifications

CISSP – February 2024 (target)

GIAC Certified Incident Handler (GCIH) – August 2024 (target)

GIAC Security Operations Certified (GSOC) – November 2024 (target)

Education

MicroMasters in Cybersecurity – Rochester Institute of Technology (RIT)

Artificial Intelligence: Implications for Business Strategy – MIT Sloan Executive Education

Azure Fundamentals & Microsoft Defender for Business – Microsoft Learning

Splunk Zero to Power User – Udemy

Certified Incident Handler (ECIH) – Udemy

ServiceNow Fundamentals, Vulnerability Response Implementation, and Security Incident Response (SIR) Implementation – ServiceNow Learning

MG414 (Training for CISSP); SEC524 (Cloud Security and Risk Fundamentals); and SEC504 (Hacker Tools, Techniques, Exploits, and Incident Handling) – SANS Institute

Bachelor of Science in MIS and Marketing – California State University, Chico

Volunteering

Northern California Regional Intelligence Center (NCRIC) – Protecting San Francisco Bay Area communities through threat intelligence.

Marine Corps Cyber Auxiliary – Increasing Marine Corps cyberspace readiness through mentoring, teaching, and tabletop exercises.

InfraGard (San Francisco Chapter) – Partnership between private sector and FBI about current global and domestic threats in cyber.

Contact this candidate