Profile
Skilled security assessment and infiltration expert with hands-on experience providing deliverables in penetration testing, secure development practices, and awareness training. Published work includes proof of concepts for vulnerabilities and deep dive explanation of technical attacks. Available for Penetration Testing and Technical Assessment roles, specializing in Application Security Consulting, and General Security Services consulting. Interested in being contacted about remote, and on-site positions with domestic and international travel in the US and UK.
Experience
Senior Security Consultant – Trustwave Inc., Spider Labs – Remote — 2017
Spider Labs Security Consultants regularly solve interesting application security problems and perform security testing. Consultants provide recommendations for remediations, including guidance and advisory details. Responsibilities also include managing projects and deadlines, and helping others develop their great ideas.
- Provide advanced penetration testing services including application, mobile, and network tests
- Assist in development of phishing service offering and team methodology
- Maintain guidance and documentation for tools and platforms
- Administration and oversight of software licenses, hardware devices and other tools for phishing
- Research and review latest tools and techniques for phishing team
Security Consultant – Trustwave Inc., Spider Labs – Remote — 2015 – 2017
Spider Labs Security Consultants regularly solve interesting application security problems and perform security testing. Consultants provide recommendations for remediations, including guidance and advisory details. Responsibilities also include managing projects and deadlines, and helping others develop their great ideas.
- Provide manual and automated security testing using burp suite, cenzic hailstorm, and other tools
- Develop and provide security training service offering
- Provide embedded device security testing
- Provide virtual environment security testing
Application Security Engineer – Blackline Inc – Los Angeles CA — 2013 – 2015
Acted as subject matter expert providing opinion on relevant topics. Expected to provide guidance, training to developers, and proof of concept exploits for products. Accomplishments include organization and development of application security program, acted as security architect for security related features. Learned to interface with Executive Management to get InfoSec goals accomplished.
- Provide manual and automated application security testing and source code review
- Develop and expand security review program
- Provide expert advice on security topics to development, architecture, and product departments
- Provide proof of concepts for vulnerabilities found in application.
- Provide clients and internal assets with security reports and technical documentation
- Assist in network security scanning, assessment, and incident response
Application security consultant – Fishnet security – Remote — 2012 – 2013
Provide application security consulting services for a range of clients in industries ranging from banking to retail. Write and publish professional reports for web application scans, penetration tests, code reviews, and training. Assist project managers with scoping and environment profiling for projects.
- Provide manual and automated penetration tests with Burp Suite, AppScan, and other tools
- Provide augmented manual code review with AppScan Source
- Develop customized training material for use in training classes
- Provide database security assessments
- Establish and demonstrate strong application security testing skills
Education
ISC2 – CISSP – 2016
Corelan Team – Corelan Advanced – 2016
Corelan Team – Corelan Foundations – 2014
Mira Costa College – AA Computer Programming – 2010
Lectures and Events
Security 101 – Spider labs training program- 2015
Offensive Vendor Reviews – Toorcamp – 2014
So you hired a pen tester – North Bay Developer Conference – 2013
Community Involvement and Public Speaking
| HushCon* | DEFCON | DerbyCon | ToorCon* |
| ZeroNights | RSA | BlueHat | Thotcon |
| B-Sides* | SD2600* | Plaid CTF | Brucon |
* speaker
Carl Sue 