Security Analyst Associate

Charles Waterhouse

**** ****** **, #***, ******, TX, 78745

phone: +1-281-***-**** email: ********************@*****.*** LinkedIn: https://www.linkedin.com/in/charleswaterhouse/ WORK EXPERIENCE

EDUCATION

LamarUniversity:3yearsstudy

Dual major in Biology and Chemistry. Junior year completed Sr Product Security Analyst with Synack

Feb 2022 - Present

This is a senior role to the Product Security Analyst role that included more external speaking engagements, additional responsibilities regarding financial impact analysis, risk analysis, advising sales and marketing on matters, and interacting more closely with Executive staff/board both internally and with our clients. I function as a trouble shooter when we are stuck and help sales and technical teams find ways to address client needs while meeting business needs. I also lead the Synack Missions Catalog and product, working on new additions to meet client needs while falling within technical capabilities that we have. External vendor relationships and channel partners also are things I deal with on a normal basis. Compared to the prior position, I have much more input into the business operations of both ourselves and our clients. In this position I have also briefed the entirety of our client facing employees to explain headless API testing as a product to technical and non-technical teams. I also was key in developing our human led API testing program for clients and insuring it’s financial success. Skills: See Product Security Analyst, understanding Executive and management roles along with their needs, sales techniques and training skills

Product Security Analyst with Synack

Aug 2021 - Feb 2022

In this role I worked closely with the product management and development team as a technical and operations advisor. I helped design and set up a leading product to test CVEs that helped scale around CVE-2021-44228 (Log4J) and cover over 2.2M IPs in a weekend for clients. I also improved the Synack Missions experience (my focus) for clients and researchers. I worked closely with client management and executive teams to understand our offerings and how to use them to increase security. I also started our first OSINT based product offerings. Skills: Communication, Team Building, Penetration Testing, Research, Risk Analysis, Cybersecurity, Product Development/Management, Agile, Scrum, JIRA Associate Security Analyst with Synack

Sep 2019 - Aug 2021

In this role I worked to review, verify and Triage submitted vulnerability reports on a variety of assessments including large enterprise and government clients. I worked extensively with NIST, OWASP (MSTG, WSTG, ASVS) and other methodologies. I personally reviewed over 1500 tests for OWASP and NIST with over 24k individual reports of testing. Skills: Team Building, Penetration Testing, Research, Network Security, Risk Management, Information Technology, Linux, Current tooling, Architecture for web and host infrastructure. Synack Red Team with Synack (1099 role)

Sep 2022 - Present as a Red Team Researcher

FlightAttendant/Translator/InternationalServiceManagerwithUnitedAirlines May 1998 - Feb 2020

Skills: Customer service, Emergency management, Regulatory compliance, Small Team Leadership, Problem Solving with no direct supervision, Speak 3 languages - English (native), German (tested at near native) and Spanish (low intermediate), In depth experience with many cultures and regions globally and travel to 52 countries

PROFILE

Soft Skills: I love a challenge - I dared myself to learn German in 12 months and passed a test with near native fluency. Public speaking is actually fun for me and a noted skill. I am known among my peers for being able to explain complex ideas and technologies to non-technical teams. I am a people person who interacts well with others. I am highly self motivated and love a challenge. Writing reports, working in and leading a team are all second nature. Finding novel solutions to a problem while also keeping regulations, business needs and best practices in mind is a core competency.

I have presented as a moderator for panel discussions and as a main speaker on many security topics. This includes being invited to speak at BSides Ahmedabad, and also on the floor at RSA 2022, Black Hat 2022, and many virtual presentations. This is in addition to writing several articles and blogs on security at scale.

I work well with all levels of executives and management and have done so with management and executives from Global 50 companies and large government agencies. Cross team coordination and managing groups is a skill I have background and training in also.

Hard Skills: Linux, Enterprise Security, Red Teaming, WiFi and Network security, Social Engineering,

Encryption and Data Validation Solutions, Network/Web Architecture, Network/Web security, MFA and other

Security Methods, Risk Assessment based on hard and soft metrics, Security Integration based on Business Analysis, Vulnerability Assessment, Penetration Testing (black and gray box, web/mobile/network (internal and external), APIs, Thick and Thin client systems), Social Engineering

(physical and remote), Physical Security Systems and Testing, Risk Assessment, Compliance Frameworks (NIST, OWASP, GDPR, SOC1/2/3, PCI-DSS, HIPAA, etc), product management, JIRA, Agile development cycle, basic Scrum Development, OSINT

Other: I enjoy CTF and Hack the Box on the side along with lock picking and playing guitar. I also have a photography blog on Instagram that has about 45K

followers. I have also been on the starting team of Synack Academy, a mentoring program to help underprivileged teens and adults from under served communities work into cyber roles from non-traditional backgrounds.

Certifications

Certified Ethical Hacker (CEH)

Python Certified Associate Programmer (PCAP)

Contact this candidate