Experience

Assesses all first party published titles with online functionality across America, Europe, and Japan. Conducts security assessments on titles, internal and mobile applications, and backend infrastructure. Coordinates all assessment related activities including meetings, dates, data collection, escalation and outbriefs. Maintains good working relationships with studio producers, developers, and respective system administrators. Keeps up to date with latest PlayStation hacking tools and methodologies. Conducts vulnerability assessments, penetration tests, and architecture reviews. Manages vulnerability discovery for 9,000+ hosts. Coordinates vulnerability mitigation, remediation, and acceptance efforts through tickets within JIRA and WebRT trackers along with formal documents.

Created internal web presence through Sharepoint site, JIRA tracker, Confluence wiki, and DevTrack project. Centralized and pruned all existing information into filers, website, wiki, and project. Identified and maintained target list for internal and external assets. Deployed Tenable Security Center with assistance from Systems and Network engineering teams. Designed department brand and identity and created tailored instructional Security Center videos in conjunction with internal L&D team. Established thorough and well documented assessment methodology. Communicated processes through formal documents, presentations, websites, and wiki's. Identified systemic issues, formalized remediation actions, and raised issues to management regularly.

Lead team of 2-5 to perform penetration, vulnerability, and red team assessments, attacking a diverse range of international classified and unclassified hosts and operating systems. Emulation of current adversarial threats through commonly available tools and methodologies. Identification of vulnerabilities, weak security controls, and potential mitigations for the federal client. Evaluated configuration of target Linux, Unix, and Windows systems. Contributed in technical post-review report generation for federal, contractor staff, and management by contributing raw technical data summaries of specific items and providing in-depth analysis of all information gathered. Provided direction for future assessments.

Organized, restructured, and implemented more efficient team processes and methodologies. Defined terms within team and refocused efforts for better results. Created scoping metrics for site assessment selection.

Administers networks and Linux/Unix systems of penetration testing lab. Performs penetration testing in teams of 3-6, attacking a diverse range of classified and unclassified hosts and operating systems using such tools as Nessus, SAINT, Netsparker, Metasploit, and Nmap. Evaluates configuration of target Linux, Unix, and Windows systems. Assists in technical post-review report generation for federal and contractor staff and management by contributing raw technical data summaries of specific items and providing in-depth analysis of all information gathered. Creates and manages virtual attack platforms as a part of laptop image management. Directs software and hardware purchases for penetration testing team.

Presents technical demonstrations and briefings to U.S. congressmen, top-level DOE officials, and DOE security conference attendees. Completely reimplemented an existing BSD firewall and bridge with a streamlined ruleset syntax designed for maximal efficiency. Excised unnecessary equipment, consolidated hardware, and rewired the network and power for the entire internal lab. Redesigned RSA SecurID appliances system to bolster security. Consolidated hardware via hardware clustering and virtualized 90% of the lab by implementing VMWare ESXi.

Instructed class of 23 students in a high level network security course [Securing a Network NTS412] within an undergraduate program for a private university. Addressed student concerns and questions on daily basis. Provided in-depth technical feedback for all assignments and summarized justifications for grades. Temporarily assist in the instruction of a scripting for hackers course.

Measured, monitored student capabilities and adjusted course content accordingly. Developed ten out of fifteen weeks of interactive, scenario based, hands-on course material that takes a more holistic approach to network security (network diagram creation, packet capture analysis, network segmentation, windows and linux system hardening, security policy generation, Cisco IOS router and firewall configuration, IDS and IPS placement and configuration, wireless access point deployment, etc)

Interfaces with home users, small businesses, and large corporations on a regular basis to provide customer support and assistance in using their computers. Develops websites with technologies ranging from custom HTML and PHP to Flash and Wordpress skinning. Subcontracts side work to trusted professionals, and also negotiates contracting fees. Volunteers weekly to teach essential computer skills such as internet navigation, word processing and information security awareness to the elderly, underpriveleged, and other members of the public interested in learning more about computer use.

Provides technical instruction to clients on various topics which vary in complexity from simple computer usage to advanced penetration testing. Repairs and maintains physical computer hardware of desktops and laptops such as component upgrades and data recovery from failed and failing hard drives. Diagnoses and resolves technical issues remotely to provide immediate, efficient, and effective solutions.

Generated and maintained detailed software inventory in order to prevent misappropriation of company assets. Regularly interfaced with design and office staff to resolve general computer issues. Researched and drafted proposals to implement new technologies including Apple hardware such as storage area networks and other backup solutions. Helped to devise a method for indexing, archiving, and backing up a large and constantly-updated collection of photographs.

Updated, patched, and organized entire network. Deployed unified patch and remote management system for both OS X and Windows. Standardized workstation builds for more efficient management. Joined OS X machines to Active Directory via Open Directory allowing granular user restrictions for settings, backups, power savings plans, and other configuration features. Produced a migration plan for virtualization of core infrastructure with warm offsite backup.

Maintained website and content to meet the needs of the client, including hosting details and custom domain redirection. Increased website profitability and exposure with simple SEO. Advised on equipment purchases for internal servers, workstations, and software to ensure easier management and decreased maintenance and replacement costs. Provided on-call troubleshooting for various hardware and software issues via phone and internet.

Upgraded simple HTML website to dynamic JavaScript-based website in order to facilitate faster load times and easier content management. Developed complete Flash website with custom backend upload tool for easy site updating in order to provide a competitive edge against rival businesses.

Coordinates tasks and delegates responsibilities for other volunteers. Performs setup and tear-down of power/Ethernet cabling throughout entire conference. Registers, assists, and directs attendees to appropriate locations. Insures that the needs of all speakers are met so that they can best deliver their presentations. Enforces physical security in order to prevent unauthorized persons from gaining access to the conference. Acts with utmost professionalism and courtesy for the duration of the event. Organizes and displays inventory of Black Hat store.

Streamlined conference bag assembly line. Devised efficient methodology for tape-down of cabling. Introduced speakers to the audience. Black Hat USA volunteer since 2008; Black Hat DC volunteer since 2010.

Lead an initiative to increase company efficiency and communication by scheduling board meetings, and documented these meetings for future use and reference. Built and maintained a consistent corporate identity through logo, website, business cards, and letterheads. Provided analysis and advice on financial investments and prospective projects with a focus on viability and profit.