Highly trained cybersecurity professional with extensive technical experience (10+ years), specializing in application security, automation/DevSecOps, penetration testing, offensive security engineering, cloud security, vulnerability management and applied mathematics. Background includes multiple industries - everything from federal to financial to non-profit and for organizations that range from startup to Fortune 150 Big Tech.
Career highlights include:
Highly experienced Application Security Engineer and trusted partner of software development teams everywhere. Full-scope application security program development and career practitioner in the art of AppSec web security assessments, penetration testing, code review and threat modeling.
Leverages scripting (mostly Python) to solve security scaling challenges, advance security maturity and achieve principles of DevSecOps.
Self-identified “offensive security engineer” with extensive experience performing network, mobile, cloud and web application penetration testing. Aspiring Red Teamer .
Built and led multiple organization-wide Vulnerability Management (VM) programs - everything from architecture to engineering to analysis & automation.
I even have a few years of Cloud Security and Cloud Architecture experience! (AWS)
- MS Cybersecurity, Johns Hopkins University (2020)
- BS Information Security, University of Mary Washington (2012)
OSCP | GXPN | CISSP | GREM | GRID | AWS Security | GAWN | eCPPT | CEH | GCPN | GWAPT | GSEC | GCIH | GMOB | GPYC | GPEN | GEVA | GSOC | AWS Architect | Sec+
- SANS Teaching Assistant (TA) & Course Facilitator / Moderator
- OWASP Member since 2016
- Companies: Booz Allen Hamilton, IMF, NIH, NRECA, nVisium, SAIC, Salesforce, SANS
- Application Security : DAST, SAST, SCA, Burp Suite Pro, AppScan, Veracode, Checkmarx, Fortify
- Threat Modeling : Microsoft Threat Modeling Tool, STRIDE, PASTA, DREAD
- Scripting, Automation & DevSecOps : Python, Java
- Penetration Testing : Kali, Metasploit, OSINT
- Red Teaming : Cobalt Strike, Empire
- Cloud Security + Architecture : AWS, CloudFormation
- Vulnerability Management : Tenable, Nessus, Qualys, Twistlock, Prisma Cloud
- Reverse Engineering : IDA Pro, Volatility
- Third-Party / Supply-Chain Security
- Privacy & Risk Management + Assessment : NIST, ISO 27001, GDPR, PCI
- Practical Security 101: A Functional Guide to Implementing CIS Controls in Resource-Constrained Environments, TechAdvantage 2021
- SANS Core NetWars (v7) Tournament Champion, SANS Offensive Operations West 2021
- SANS SEC575: Mobile Device Security and Ethical Hacking CTF Challenge Victor, SANS Tysons Corner Fall 2017
- SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques CTF Challenge Victor, SANS Northern VA Reston Spring 2018
- SANS ICS515: ICS Active Defense and Incident Response CTF Challenge Victor, SANS Columbia 2019
- SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking CTF Challenge Victor, SANS Pen Test HackFest 2019
Interested in working with me? Feel free to reach out!