Zero Trust Application Security

DERRICK SHOFNER

Hoschton, GA ***** (***) *** – **65 *********@*******.***

Derrick Shofner, MBA, MS, CCZT, CCSK LinkedIn

PROFESSIONAL SUMMARY

Experienced cybersecurity professional with a proven track record of securing applications, infrastructure, and cloud environments. Expertise in vulnerability assessment, penetration testing, privileged access management, and DevSecOps practices. Proficient in working with a range of tools and technologies to ensure data security, implement security controls, and enhance the organization’s security posture.

SKILLS

Security Tools: Burp Suite, ZAP, OWASP, Symantec DLP, Imperva, Nessus, Kali Linux, Splunk, SonarQube, Trustwave, Snyk, Checkmarx, CyberArk

Cloud & DevSecOps: AWS, Azure, GCP, Docker, Kubernetes, Jenkins, CI/CD, GitHub, GitLab, Terraform, Azure AD, IAM

Programming & Testing: Python, Node.js, Java, .NET, C#, SQL, Selenium, Opkey, Vulnerability Scanning

Security Methodologies: Application Security Testing (SAST, DAST, SCA, IAST), Zero Trust, Security Awareness, Security Governance, Risk Assessment

Certifications: Security+, CCSK, CCZT, Certified Application Security Practitioner (CAP), Illumio Zero Trust, SAFe Agile, SAFe Scrum Master, Oracle Cloud Infrastructure Associate, OneTrust Data Discovery & Governance Expert, Illumio Zero Trust PCE Administration, Zscaler Zero Trust Cyber Associate, Netskope Administrator Accreditation (Security Cloud Operation and Administration).

PROFESSIONAL EXPERIENCE

Senior Solution Consultant - Vulnerability Management, Netskope DLP, Cloud Security Deloitte

January 2023 – Present

Conducted vulnerability assessments and penetration testing using Nmap, Nessus, Trustwave, and Burp Suite, aligned with OWASP Top Ten and API security standards.

Implemented and managed security controls across multi-cloud environments including AWS, Azure, and GCP.

Supported container security (Docker, Kubernetes, OpenShift) and integrated security testing tools (SAST/DAST) into DevSecOps CI/CD pipelines using Jenkins, TeamCity, Veracode and Snyk.

Monitored system logs and network traffic using SIEM tools (Splunk, Trustwave, Nessus) and generated actionable security reports.

Enhanced endpoint protection and PII safeguards using Symantec and Netskope Endpoint Protection and Zero Trust segmentation with Illumio Core and Policy Compute Engine (PCE), demonstrating experience working with Illumio in a large enterprise environment and a strong understanding of Zero Trust Architecture concepts.

Facilitated cross-functional incident response planning and led cybersecurity awareness training focused on PII and email security hygiene.

Supported secure SDLC practices through threat modeling, code reviews, and integration of application security testing tools (Veracode, Checkmarx, ZAP, Snyk).

Have knowledge of Generative AI, use it to work with threat modeling, secure code reviews, Classify and track sensitive data, risk management and governance, log prompt activity, and work with pipelines for secure fine-tuning.

Ensure proper mitigation efforts are taken on any significant intelligence leads related to cross-channel fraud and risk issues.

Analyze datasets to identify patterns and possible trends and or anomalies using multiple tools.

Monitor and enforce security policies across SaaS, IaaS, and web traffic using Netskope Cloud Security Platform.

Define and refine Data Loss Prevention (DLP) policies to detect sensitive data exfiltration from applications.

Review and act on real-time alerts triggered by Netskope policies for risky activities, shadow IT, or malicious behavior.

Analyze application usage patterns to identify unsanctioned cloud services (using Netskope, shadow IT).

Respond to incidents flagged by Netskope Advanced Threat Protection (e.g., malware, C2 communications, cloud ransomware).

Tune Netskope policies for sanctioned cloud apps (e.g., M365, G Suite, Box, ServiceNow, Salesforce).

Coordinate Netskope with vulnerability management tools to align app risk context.

Integrate Netskope logs with SIEM/SOAR platforms for unified threat detection and response.

Application Security Engineer Atlanta Housing

December 2012 – December 2022

Conducted vulnerability assessments and penetration testing using tools such as Burp Suite, Nmap, Nessus, and Trustwave.

Supported security incident response, remediation of vulnerabilities, and network traffic monitoring using SIEM tools including Trustwave and Splunk.

Applied OWASP Top Ten standards in web application and API testing for critical security flaws.

Collaborated on Governance, Risk, and Compliance (GRC) policies with the Atlanta Housing Authority, ensuring adherence to industry security standards.

Implemented and managed endpoint protection using Symantec and enforced Zero Trust Architecture using Illumio to protect PII and enhance security posture.

Administered identity and access management solutions including Azure AD, MFA, ADFS migration, and privileged access controls using CyberArk.

Supported secure SDLC practices by working with development teams on secure coding, QA processes, and threat modeling.

EDUCATION

B.S. – Computer Information Systems Grambling State University, Grambling, LA

M.B.A. – Technology Management University of Phoenix, Atlanta Campus

Graduated: 2007 (GPA: 3.41)

MS – Information Assurance and Cybersecurity (Network Defense) Capella University

Graduated: 2023 (GPA: 4.0)

CLEARANCE

Secret Clearance

TRAINING/PREPARING (certifications)

FedRAMP knowledge; CrowdStrike: Cloud Specialist, Falcon Administrator, CCSP

Contact this candidate