🪢 Mark Szewczul, Ms Cissp Email & Phone Number

Texas, United States

Temporary contract with Fortune 100 manufacturer.

Virtually There

• 12th NTX ISSA Cybersecurity Conference: “Threat Detection in Boundaryless Environments” panel 9/6/2024.
• CISO XC Conference: “Staying Compliant in Cloud Security with AI” panel 4/25/2024.
• CISO XC Conference: “Modernizing InfoSec: Staying in compliance with cloud & data security” panel 11/21/2023.
• Hexcon23: “Securing the Future: The Intersection of Security and AI” panel 11/20/2023.
• 11th NTX ISSA Cybersecurity Conference: “Practical Tips for Career Advancement” panel 11/15/2023.
• Mastering 5G Network Design, Implementation, and Operations Books, Gallery Quote, published June 2023.

San Francisco, California, United States

• Developed and led the application security strategy and program across the organization.
• Worked closely with development teams to integrate security practices into the SDLC, including threat modeling, secure coding practices, security testing, validation and vulnerability management.
• Led security assessments, code reviews, and penetration testing efforts to identify and mitigate security vulnerabilities in applications.
• Developed and maintained security policies, standards, and guidelines related to application security.
• Drove the selection and implementation of application security tools and technologies.
• Directed the implementation and maintenance of security controls to safeguard sensitive information and company assets.

• Leveraged MITRE frameworks and Cyber Threat Intelligence (CTI) to compile Attack/Adversary Playbook for Red/Blue Team operations for Product Security & Incident Response Teams (PSIRT).
• Ensured that Nokia’s portfolio is compliant with customer and regulatory security requirements.
• Established the wide governance on product security for Nokia systems, with one focus on API security.
• Serviced security requirements and security regulations for Telecom, Enterprise, and Government markets.
• Evolved the vulnerability management platform ‘VAMS’ for the Nokia product portfolio which allows the Nokia product lines to identify vulnerabilities in the product and ensures fast fixes/disclosure to customers.
• Identified and evangelized best practices for product security both externally and internally to Nokia and ensured that they are adopted as appropriate.

As SME on Scheme Committee, was key contributor to the industry's first, vendor agnostic, IoT Practitioner Certification for professionals, IoT Security Practitioner Certification, as well as the Artificial Intelligence Practitioner Certification, all released.https://certnexus.com/certification/

Dallas-Fort Worth Metroplex

• Mentored and Directed Security Analysts, Engineers and Architects.
• Led the Shift-Left strategy with Development and DevOps teams while composing enhanced SDLC Standard.
• Worked with Development and Operations on enhancing existing security posture of APIs.
• Designed security solutions that enforce security consistently across internally developed, commercial-off-the-shelf (COTS) and cloud-based applications and platforms (AWS, Azure) leveraging IAM, KMS, VPC.
• Performed security architecture reviews for secure, private, and compliant production datacenters (PCI, FedRAMP) leveraging Third-Party Risk Management tools (SCA, SAST, DAST, BitSight).
• Performed various Risk Assessments, Threat Modelling in order to advise for proper tradeoffs with business.

Dallas-Fort Worth Metroplex

• Used Application Security tools within LLVM compiler toolchain to obfuscate application code/bitcode within the Secure SDLC.
• Demonstrated advanced understanding modern security concepts: malware, cryptography, disassembly, reverse engineering and exploitation methodologies.
• Utilized VMs, Containers, Linux, Python, JavaScript, Java, JSON, XML, Network stacks to demonstrate various POCs, including CI-CD pipelines, eg. Jenkins.
• Leveraged pentest tools such as Frida, JADX, bytecode-viewer, IDA Pro, Hopper.
• Provided consistent, proactive, technical leadership and expertise to ensure the success of the implementation and integration.
• Trained customer’s software architects, developers and security engineers in Arxan’s technology and security best practices.

Dallas/Fort Worth Area

• Recommended key decision points for technology direction and contributed to comprehensive technical roadmaps for the vehicle ecosystem with the right balance of tradeoffs for security/privacy and customer experience.
• Converted business requirements into working solutions by creating Secure Application Development and Privacy Policies (PCI, GDPR, CCPA), DevSecOps, Threat Modeling ECUs, Root of Trust/Secure root Purple Team, CI-CD.
• Made recommendations on best-of-breed vendor solutions and tools for mobile, server, embedded and safety using common frameworks (NIST, OWASP, CSA, IEC 61508, ISO 26262, SOTA, PKI, IAM).
• Evaluated technology with trials and POCs for mobile/server workflow.
• Worked with development teams on implementation with agile improvements.
• Represented Toyota Vehicle Security at SAE J3061 Cybersecurity for Cyber-Physical Vehicle Systems.

The goal of the EC-Council Security of IoT Program is to create a certification toaddress the security aspects of the growing Internet of Things field.

Dallas/Fort Worth Area

• Owned technical portion of the sales cycle, using Burpsuite, Metasploit, FakeAP, MITM attacks, Wireshark.
• Articulated the value of our Mobile Threat Defense implementing User Behavior Analytics.
• Focused on IoT Security applications, research, and new product development for target markets.
• Responded to RFPs of prospects from Medical (HIPAA), Financial (PCI), Enterprise and FedRAMP markets.
• Delivered tailored Proof of Concept and workshops demonstrating live Device, Network and Application attacks to ensure the technical win.
• Stood up SSO instance of PingID IdP using SAML2 for sales engineer usage, as well as customer success.

Dallas/Fort Worth Area

• Consulted with customers to utilize Silabs solutions in secure all sectors of IoT-to-Cloud (GCP) applications: smart metering, medical devices (FDA), home automation, industrial control, asset management and.
• Modified actual SW for Ubuntu platforms at 2 large customers on x86 (porting from ARM) utilizing DevOps microservices: JSON, MQTT, MQTTfx to Cloud & MongoDB.
• Mastered vast knowledge while implementing WiFi, Ethernet, ZigBee, Thread, Bluetooth, sensors and proprietary RF/SDR connections, all with security design elements of bootloaders and operating systems.
• Modified source code for interaction with secure Smart Phone apps and cloud service connections to show full IoT to Cloud and back functionality.
• Encouraged customers to embrace SW troubleshooting and architectural discussions: pentesting (both internal and external), QA Testing (unit testing, corner-case), reviewing definitions of product requirements vs.

Dallas/Fort Worth Area

• Avidly promoted security-by-design M2M solutions (Long Range-LoRa, proprietary RF) at all accounts, generating revenue through enhanced product definition and Design Wins at medical, whitegoods, electric grid, oil &.
• Pentesting LoRa in field in Brazil, Mexico and Texas to show robustness over various distance/terrain/RF interference, jamming, pentesting, malformed frames, etc.
• Continually interfaced with customer marketing, presenting secure technical solutions, understanding existing architectures, proposing new architectures that connect to the cloud.
• Provided in-home lab penetration testing and on-site troubleshooting of secure solutions for customers in territory.