It Security Penetration Testing
Resume:
Charles Lancaster, Jr.
************@*****.*** 901-***-**** Olive Branch, MS 38654
PROFESSIONAL SUMMARY
I am a certified cybersecurity professional with 11 years of experience in vulnerability assessment, penetration testing, digital forensic investigations, security software deployment, and researching and improving security posture. Expertise in identifying security weaknesses, conducting threat analysis, and implementing security measures to protect organizations from cyber threats. I also have an engineering background, deploying and administering security software on a global scale.
TECHNICAL SKILLS
● Vulnerability Assessment: OpenVAS, Rapid7
● Penetration Testing: Kali Linux, Burp Suite, Powershell, Metasploit
● Network Security: Darktrace, Nmap, Wireshark
● Security Frameworks: ISO 27001, OWASP Top 10, CIS Controls
● Endpoint/Server Security Tools: Carbon Black, Defender ATP, McAfee ePO
● Digital Forensics Tools: EnCase, WinHex, FTK, CAINE, OSForensics, Autopsy
● Programming & Scripting: Powershell, SQL, bash
● Compliance & Risk Management: SOC Audits, PCI-DSS, CIS-CAT Tool PROFESSIONAL EXPERIENCE
IT Security Threat and Vulnerability
Management Supervisor
Sedgwick June 2014 – Present
● Supervise team of colleagues specializing in vulnerability assessments and penetration testing to identify security risks.
● Utilize tools such as Burp Suite, Rapid7, Kali Linux, Powershell
● Utilize tools such as EnCase, FTK, Autopsy, WinHex, OSForensics, CAINE, Live Forensics, to conduct digital forensics investigations
● Saved company over $50K per year by conducting digital forensics investigations
● Review security policies and controls with auditors as needed for threat and vulnerability management requirements (PCI, SOC, ISO 27001, GDPR)
● Review and update security policies as needed
● On call member of the CSIRT Team
● Reviewed, planned, and deployed CIS Benchmarks to Windows 10 and 11 workstations
● Assisted developers with remediating vulnerability on websites Other roles held at Sedgwick include:
■ IT Security Engineering Advisor
● Planned, deployed,and administration of Carbon Black security tools (including database maintenance and server updates)
● Planned, deployed,and administration of DarkTrace network security
● Planned, deployed, and administration of Anti-virus tools
● Administration of Elastic SIEM
● Planned, deployed, and administration of encryption software
(McAfee, DDPE)
● CSIRT team member
● Creating reports and updating IT Security policies.
● Partnered with development team to remediate Security ScoreCard and BitSight vulnerabilities
● Performed digital forensics investigations and data recovery
■ IT Security Security Analyst
● Monitor emails and ticketing system reviewing items such as: privileged access requests (Windows/UNIX), phishing emails, compromised accounts, or any threats that may arise in the company
● Setup and configured ticketing system for IT Security requests
● Remediated potential or actual threats to workstations and servers
● CSIRT Team member
● Utilize various software on a daily basis for monitoring, whitelisting, banning, investigating, preventing, and remediating various events and software
● Utilize Kali-Linux when in depth analysis is needed for a suspicious or malicious event
● Creating reports and updating IT Security policies.
● Performed digital forensics investigations and data recovery
● Utilized CIS-CAT to assess and review CIS Benchmarks for deployment to Windows 10 and 11 OS
Support Personnel University of Memphis Center for Information Assurance
Fall 2013 – Summer 2014
● Completed various time sensitive tasks
● Installed and configured various operating systems on servers (Unix/Linux, Windows, OpenBSD, Debian)
● Administered digital forensic training labs using various toolkits: Autopsy, Encase v7, Helix, WinHex, and FTK
Certified Laptop Repair Tech Aerotek (Flextronics) Summer 2014
● Continued to increase the number of units repaired while maintaining good quality of repair
● Successfully acquired certifications (Prometrics) in all Apple Mobiles repaired at the depot.
Temporary Network
Administrator
University of Memphis Center
for Information Assurance
August 2012 - January 2013
● Developed a Java GUI (Eclipse, JavaBeans, Swing, J2EE & JavaFX) for a collaborative project done by University of Memphis/MIT
● Installed, configured, and maintained the server for a large scale research project (SVN, Linux, TortoiseSVN, Windows 7)
Substitute Teacher SCS Unified School District April 2011 - August 2013
● Taught in various classes and subjects when the regular teacher was absent, following the classroom plan of the regular teacher and creating a plan in the event the regular teacher did not provide one.
CERTIFICATIONS
● GIAC Certified Enterprise Defender (GCED) - Global Information Assurance Certification
(GIAC)
Issued Dec 2017
● Systems Security Certified Practitioner (SSCP) - (ISC)
Issued Jan 2019
● AccessData Certified Investigator - AccessData
Issued May 2020
● Certified Hacking Forensic Investigator (EC-Council)
Issued December 2022
EDUCATION
Memphis, TN University of Memphis
Fall 2010 – May 2015
● Seeking M.S. in Applied Computer Science with Specialty in CyberSecurity, July 2014.
● Graduate Coursework: Internet/Network Security; Computer Forensics; Cryptography and Data Security; Human Computer Interaction; Database Systems; Computational Theory; Organizational Leadership.
Holly Springs, MS Rust College Fall 2004–April 2009
● B.S. in Computer Science, April 2009.
● Undergraduate Coursework: Operating Systems; Databases; Programming Languages; Comp. Architecture; Computer Networks; Calculus I-III. Masters Projects
● CloudFIN: A Forensic Tool for Big Data at the CfIA (2014). Forensic-as-a-Service concept for acquiring, analyzing, and reporting “Big Data” evidence, utilizing Hadoop-Sleuthkit Framework and other components. Linux, GitHub, built Hadoop Cluster, HBase, Shell-Scripting, system configuration, Java, Imaging, Json
● Pattern Analysis System for Intrusion Detention (2013-2014). Interface for geographically visualizing occurrences of various types of intrusions on a specific server. HTML, PHP, MySQL, AJAX, JavaScript, JSON
● Pattern Analysis System for Identity Theft (2012-2013). Mapped based reporting system that enables users to report identity theft. HTML, PHP, MySQL, JavaScript Honors
● (2007-Present): Member of Alpha Kappa Mu National Honor Society (Rust College) Languages and Technologies
C++; C; Java; NET; SQL; JavaScript; HTML; CSS; AJAX; PHP; EnCase; Hadoop; Snort; Windows; Linux; MacOS;
Contact this candidate