Resume

Profile  

Skilled security assessment and infiltration expert with hands-on experience providing deliverables in penetration testing, secure development practices, and awareness training. Published work includes proof of concepts for vulnerabilities and deep dive explanation of technical attacks. Available for Penetration Testing and Technical Assessment roles, specializing in Application Security Consulting, and General Security Services consulting. Interested in being contacted about remote, and on-site positions with domestic and international travel in the US and UK. 

Experience

Senior Security Consultant – Trustwave Inc., Spider Labs – Remote — 2017

Spider Labs Security Consultants regularly solve interesting application security problems and perform security testing. Consultants provide recommendations for remediations, including guidance and advisory details. Responsibilities also include managing projects and deadlines, and helping others develop their great ideas.

  • Provide advanced penetration testing services including application, mobile, and network tests
  • Assist in development of phishing service offering and team methodology
  • Maintain guidance and documentation for tools and platforms
  • Administration and oversight of software licenses, hardware devices and other tools for phishing
  • Research and review latest tools and techniques for phishing team

Security Consultant – Trustwave Inc., Spider Labs – Remote — 2015 – 2017

Spider Labs Security Consultants regularly solve interesting application security problems and perform security testing. Consultants provide recommendations for remediations, including guidance and advisory details. Responsibilities also include managing projects and deadlines, and helping others develop their great ideas.

  • Provide manual and automated security testing using burp suite, cenzic hailstorm, and other tools
  • Develop and provide security training service offering
  • Provide embedded device security testing
  • Provide virtual environment security testing

Application Security Engineer – Blackline Inc – Los Angeles CA — 2013 – 2015

Acted as subject matter expert providing opinion on relevant topics. Expected to provide guidance, training to developers, and proof of concept exploits for products. Accomplishments include organization and development of application security program, acted as security architect for security related features. Learned to interface with Executive Management to get InfoSec goals accomplished.

  • Provide manual and automated application security testing and source code review
  • Develop and expand security review program
  • Provide expert advice on security topics to development, architecture, and product departments
  • Provide proof of concepts for vulnerabilities found in application.
  • Provide clients and internal assets with security reports and technical documentation
  • Assist in network security scanning, assessment, and incident response

Application security consultant – Fishnet security – Remote — 2012 – 2013

Provide application security consulting services for a range of clients in industries ranging from banking to retail. Write and publish professional reports for web application scans, penetration tests, code reviews, and training. Assist project managers with scoping and environment profiling for projects.

  • Provide manual and automated penetration tests with Burp Suite, AppScan, and other tools
  • Provide augmented manual code review with AppScan Source
  • Develop customized training material for use in training classes
  • Provide database security assessments
  • Establish and demonstrate strong application security testing skills

Education

ISC2 – CISSP – 2016
Corelan Team – Corelan Advanced – 2016
Corelan Team – Corelan Foundations – 2014
Mira Costa College – AA Computer Programming – 2010

Lectures and Events

Security 101 – Spider labs training program- 2015
Offensive Vendor Reviews – Toorcamp – 2014
So you hired a pen tester – North Bay Developer Conference – 2013

Community Involvement and Public Speaking

HushCon* DEFCON DerbyCon ToorCon*
ZeroNights RSA BlueHat Thotcon
B-Sides* SD2600* Plaid CTF Brucon

* speaker