Information Security Penetration Tester

Active TS/SCI Clearance

************@*****.*** My LinkedIn

Summary

Highly technical information security professional seeking to join a progressive organization’s technical team that can benefit from my 20+ years of in-depth security expertise to enhance the security posture for the mission. A successful penetration tester holding an OSCP certification with contributions to the security community including multiple published “Zero-Day” vulnerabilities. CVE-2016-9091 & CVE-2014-5383 and code on https://github.com/mvdevnull.

Technical Experience

Security:

Penetration Tools – Kali, Cobalt Strike, Blood Hound, DNS tunneling, MetaSploit, custom scripting, fuzzing, python preferred, forensics, Burp Suite - OWASP top 10, Nessus, cloudfox, “cloud”-cli, prowler, Azure Hound

Security Technology - Cisco, Palo Alto, Juniper, Redseal, Snort, Splunk, EDR

Source Code Security Review: Manual review Python, java, ruby, php, perl, shell, GO, C, C++, C#. Static and Dynamic code review – Fortify.

Work Experience

Cybersecurity and Infrastructure Security (CISA) Chantilly, VA

Redteam Teamlead (contractor with Arcfield) 03/20-04/25

●Led remote Red Team assessments on sensitive, highly segregated classified networks, enhancing technical security posture

●Engineered Zero-Day proof-of-concept DNS tunneling evasion techniques, leading to vendor security patch implementation

●Led cloud penetration testing across AWS, Azure, and GCP, providing actionable security recommendations for all cloud infrastructure

●Enhanced Red Team custom code and tools, developing a highly adaptable “fly-away” kit for rapid capability for client engagements

●Highly skilled with Linux OS and underlying applications - served as a leader and mentor for team members

Department of Homeland Security (DHS) Chantilly, VA

Sr Penetration Tester (contractor with Peraton) 10/15 - 03/20

●Team lead for highly visible BlueCoat vulnerability disclosure - CVE-2016-9091

●Contributed to open-source security projects, including Metasploit modules and ExploitDB.

●Responsible project lead for Security Assessment Review for COTS/GOTS and other technology - resulting in multiple Zero-Day vulnerabilities

●“goto” lead pen tester for complex systems and web applications including manual source code review (python, java, ruby, php, perl, GO, etc)

●Highly skilled in Linux OS and underlying web applications - served as a mentor for team members

Federal Bureau of Investigations (FBI) Washington, DC

Security Assessment Team - SME (contractor with HP) 8/11 – 10/15

●Utilized Cobalt Strike for Active Directory and Unix pivoting for live Redteam exercises resulting in c2 in multiple targets

●Responsible project lead for Penetration, Red, Blue and Vulnerability team exercises and final government deliverables

●Linux/Unix SME for multiple technical security assessments on classified systems

●Developed customized python scripts for analysis of raw data improving team accuracy and reporting efficiency

●Created assessment image –encrypted Linux OS, including kali linux and MS VMs

●Delivered quality web security testing- source code review, horizontal escalation, bypassing intended business logic, cross-domain assessments, customized several web application fuzzers

Transportation Security Administration (TSA) Arlington, VA

Security Risk Manager (contractor with CSC) 11/10 –8/11

●Developed a customized privileged access management application using LDAP, WMI, ADO, VBscript and various SharePoint features

●Responsible for security aspects of corporate ITIL certification

Senior Security Engineer (contractor with Unisys) 12/09 –11/10

●Provided security consulting for all requests for change, vulnerabilities & projects

●Active security member and presenter for Change Control Board

●Security POC for all Client AV/firewall & Mobility Security Projects

●Consulted with FISMA penetration, ISVM, POAM & compliance audits

●Architected, piloted and delivered client firewall to enterprise (+18,000 devices)

Aggreko, Inc: IT Dept. New Iberia, LA

Global Security Manager 9/00 – 9/09

●Established, advised and ensured global IT security policies for integrity of corporate technical environment (5 Data Centers, 150+ locations, 4000 Users)

●Provided scheduled and ad hoc compliance infrastructure audits and monitoring

●Designed, researched and led Global IT team to technology security standards and consolidation for strategic applications:

●Selected, reviewed, and tested security products and services to complement existing infrastructure

●Secured and developed our company’s first global technology core ERP system to 5 continents and 14 countries

●Interface for IT internal audit & security related activity including incident response & handling (SQL injection remediation)

●Managed IT global security budget and security policy

Security Consulting- Smart IT, LLC Aldie, VA

●Security Vulnerability & Penetration Testing 8/00 - present

●Web Design, Hosting and Maintenance

Education

Northeast Louisiana University - Additional credits toward MBA Degree

Northeast Louisiana University - BBA Degree, Finance (minor Accounting and Economics)

Certifications & Awards

Offensive Security Certified Professional (OSCP)

SpectreOps - Adversary Tactics - Red Team Operations

GIAC Certified Incident Handler (GCIH)

GIAC Security Leadership Certification (GSLC)

IAT 3 & IAM 3 certified for DoD Directive 8570

Available on Request

References

Employment prior to year 2000

Contact this candidate