Michael Sheppard Email & Phone Number

Orlando, FL, US

Command Center Inc. is a Cybersecurity Threat Mitigation provider thatdelivers an Advanced Cyber Threat Detection and Response technology whichprovides outcome based cyber mitigations to Financial Services, Insurance,Hospital & Healthcare and Government organizations.

New York, NY, US

Embedded Application Security into the Chase Travel SDLC with capabilities including Threat Modeler, Codebashing, CheckMarx One, Contrast IAST, Burp Suite Enterprise, Aqua, Divvy Cloud and ServiceNow reducing risk to Chase Travel Platform assets 57%Designed, Developed and Maintained Chase Travel Cybersecurity KPI/KRI metrics dashboards & executive reports.

Louisville, Kentucky, US

Embedded application security into the Humana software development lifecycle using CheckMarx, Web Inspect, Contrast IAST, Snyk SCA, JFrog Xray, Burp Suite Enterprise and F-5 WAF.Managed and owned internally developed Humana Security API (SecAPI) and Quality API products leading product owners, engineers, etc. prioritizing value and delivering group sectors.

Baltimore, MD, US

• CareFirst BCBSManager, Information Security – Application & Data Security December 2018 – Present
• Create and execute CareFirst Information Security vision, strategy and tactical roadmap aligned with information security best practices and common data security controls in frameworks such as FISMA, HIPAA, and NIST.
• Implement & Operationalize automated SAST, DAST and IAST for E-Services & FEPDirect Jenkins CI Build & Deploy jobs using Fortify SCA, Web Inspect, Burp Suite and Contrast Assess.
• Implement & Operationalize Contrast Protect RASP for E-Services & FEPDirect in production.
• Implement & Operationalize Secure Coding IDE and Secure Code Training solution for developers using Synopsys Secure Assist IDE & Secure Code Warrior solutions.
• Implement & Operationalize Open Source Security governance using Sonatype, JFrog Xray and Contrast OSS.

Ann Arbor, MI, US

• Create and execute Domino’s Information Security vision, strategy and tactical roadmap aligned with information security best practices and common application security controls in frameworks such as FISMA, HIPAA.
• Implement & Operationalize automated SAST, DAST and IAST for E-Commerce (Dominos.com), Pulse POS, Pulse Next Gen POS Jenkins CI Build & Deploy jobs using Fortify SCA, Web Inspect, Burp Suite and Contrast Assess.
• Implement & Operationalize Contrast Protect RASP for Dominos.com in production.
• Implement & Operationalize Secure Coding IDE and Secure Code Training solution for developers using Synopsys Secure Assist IDE & Secure Code Warrior solutions.
• Implement & Operationalize Open Source Security governance using Sonatype, JFrog Xray and Contrast OSS.
• Implement automated, OAuth supported - Swagger-based, API Dynamic Application Security Testing for 300 RESTful Web Services in Jenkins CI/CD Pipelines.

San Ramon, California, US

Sirius is an IBM Security Business Partner specializing in the delivery of critical Application Security Risk Management Solutions for Software Development organizations, which significantly reduce business risk across the SDLC at the application layer for all business sectors.

IN

Delivery of Application and Software Security Services

Troy, Michigan, US

• Lead Americas, EMEA and APAC Application Development, QA, PMO, Risk, Infrastructure and Security teams with all Application Security Initiatives and projects.
• Provided Executive Summaries and Risk Advisement to Executive VP’s and CIO.
• Managed all 3rd Party Application Security Vendors (Trustwave, Veracode, IBM and Coalfire).
• Coordinated with Sr. Level Management to integrate Application Security into Risk, Development, Q/A, Infrastructure, Security and PMO organizational processes.
• Implemented and Integrated IBM AppScan Security Source for Analysis, Remediation, Developer and Automation into Continuous Build Integration for SAST. (Maven, TFS and Jenkins)
• Implemented IBM AppScan Enterprise ver 9.0.1 for DAST in Global Enterprise

Palo Alto, CA, US

• Perform HP FOD Standard and Premium Application Security Testing and Exploitation (UI and Web Services) on 100 Nestle and Genworth Financial web applications using HP Web Inspect, Burp Suite Pro, HP Fortify SCA 4.0 and.
• Environment: HP Web Inspect, Burp Suite Pro and HP Fortify SCA v 4.0

San Francisco, California, US

Application Security Penetration testing of critical banking center applications.

San Francisco, CA, US

• Lead all Application Security Testing and Exploitation (UI and Web Services) using AppScan Standard v 8.6, NTOSpider, Netsparker, SQLmap and Burp Suite Pro in Agile SDLC utilizing WAHH, OWASP Testing Guide and OSSTM.
• Working with Developers, QA Engineers, Project Managers and Business Owners to educate and implement industry best practices for remediating software security vulnerabilities.
• Creating and managing an Application Security Metrics Dashboard, using Sharepoint, Splunk, MongoDb, google charts and fusion charts.
• Environment: IBM App Scan Standard v8.6, Burp Suite Pro, NTOSpider and Netsparker

Foster City, California, US

• Lead all Application Security Testing and Exploitation (UI and Web Services) using AppScan Enterprise v 8.6 and Burp Suite in Agile SDLC utilizing WAHH, OWASP Testing Guide and OSSTM Methodology.
• Conduct Threat Modeling Analysis for V.me personal, business, developer, VDC, VPP and Visa.com
• Perform Manual Code Reviews using Firebug, Eclispe and CheckMarx
• Review, Analysis and Validation of AppScan Dynamic Security testing findings
• Provide security vulnerabilities (XSS, CSRF, SQLi, DDOS, etc.) remediation support to Java,.net, PHP and Ruby developers
• Review, Analysis and Validation of Veracode Static Code Analysis findings

Detroit, Michigan, US

• Lead all Application and Infrastructure Security Testing for Blue Cross Blue Shield of MI
• Lead, Manage, Plan, Support and Implement the Secure Coding Program with in BCBSM
• Manage and Assign security testing projects to Security Testing Team members
• Develop, Validate, Assemble, Submit and Quality Review all Security Testing Draft and Final Reports
• Manage Security Testers and Secure Coding Developers
• Create, Design and Implement all Security Test Plans for project and base Security Testing with in BCBSM

Served as GLBA Regulatory Compliance specialist for over 100 different credit unions including Health One Credit Union, River Rouge Credit Union, Meijer Credit Union, and Affinity Group Credit Union.