Dave Keller Email & Phone Number

California, United States

Crest & Compass is an online community platform that promotes businesses owned and/or operated by people of alumni organizations (i.e., fraternities, sororities, college, etc.). Website highlights business categories, destinations, mapped locations, and ability for businesses to promote their products and services. Will have categories and help users when.

Santa Rosa, CA, US

• Manage and monitor security controls, remote access security, and infrastructure security
• Implement policies and/or procedures and track compliance throughout Poppy Bank
• Work closely with internal IT, security vendors, and third-party MSP to remediate vulnerabilities
• Help coordinate audits and exams and track remediation efforts to conclusion
• Respond to security incidents and/or policy violations and research their causes
• Collaborate with IT to ensure product deployments comply with security policies and standards

• Design broad security programs to meet client objectives, that includes technology and services. Successfully define project roadmaps and execute security strategy aligned with business objectives, budgeting, and ROI.
• Data security manager, collaborating with senior staff to enhance and develop new designs and security strategies across GCP and Azure.
• Successfully patched 160,000+ endpoints with Trellix Endpoint DLP within 60 days, over multiple organizations, and locations, while managing incidents, policies, and tags.
• Achieved cloud security resiliency of 150,000+ users, within 90 days, monitoring and updating Skyhigh Security's Security Service Edge, CASB, and Secure Web Gateway,
• Resolved ServiceNow incident tickets, while improving SecOps Team’s routing and escalation processes, and led root-cause analysis by identifying opportunities for process improvement.

Concord, CA, US

• Modernized threat detection and response, coordinating security automation with IT Management, using Microsoft Defender Security Solutions, Azure, and CrowdStrike Falcon.
• Conducted tabletop incident response exercises, helping identify vulnerabilities within internal and external networks, testing instances of CrowdStrike Falcon, Palo Alto Networks, Microsoft Defender, and Trend Micro.
• Resolved Critical & High vulnerabilities across multiple applications, contributing to 80% improvement of security posture in <90 days.
• Developed and deployed incident response plans, automated vulnerability assignments, and managed different instances of CrowdStrike, Mandiant Advantage, Microsoft Defender, SentinelOne, and Tenable.sc and.

New York, NY, US

• Found password causing SolarWinds's 2021 security breach, using credential scanner truffleHog and deep dive analysis of GitHub data repository, while delivering reports to client executives.
• Restructured Tenable.sc and Tenable.io instances, integrating them with ServiceNow Vulnerability Response, reduced vulnerabilities by 80+%, while mentoring client engineers and fostering culture of continuous learning.
• Modernized security controls framework for large banks, using SWIFT CSCF, to better secure environments, know and limit access, and improve detection and response to threats.
• Created, evaluated, and implemented security compliance rules for global call center activities, advised on risk scenarios and defense strategies, and reduced risks of cyber-attacks by routinely conducting.
• Performed risk assessments, using risk rating methodologies, recommending mitigating controls and driving risk remediation, using security risk and control frameworks such as NIST SP 800-53, 800-30, ISO 27001, PCI-DSS.

Santa Rosa, CA, US

• Modernized comprehensive suite of 30+ security tools, providing security automation and policy restructuring to SIEM, EDR, CASB, DLP, anti-virus, malware analysis, and anti-phishing tools, while recommending cloud.
• Efficiently led CSIRT during tabletop exercises, while automating security processes and response, using ServiceNow VR, SecureWorks SIEM, Red Cloak, Qualys, Carbon Black Protect and Defend, Trellix DLP, KnowBe4.
• Partnered with IT and vendor risk management to enhance cybersecurity risk program strategy and projects, while reducing vulnerabilities by 80+%, including streamlining software approval procedure.
• Orchestrated vulnerability management analysis, including zero-days, patch management, and collaborated with development teams to identify security efficiency for SDLC, while coordinating internal cybersecurity.

GB

• Project with PwC Talent Exchange: BeyondTrust Privileged Access Management Architect (Contractor) with large healthcare client:
• Accomplished PAM decision between BeyondTrust and CyberArk, ensuring comprehensive assessment of business and technical requirements and thorough comparison to BeyondTrust’s vs. CyberArk’s capabilities and limitations.
• Developed comprehensive PAM Plan, encompassing design, construction of DEV, QA, PROD, and QR environments, seamless integration, and rigorous testing.
• Championed interviews with InfoSec Director and IT Management to successfully implement a robust and resilient PAM strategy, ensuring client's alignment with cutting-edge practices and technologies.

Columbia, MD, US

• Effectively interviewed Information Security Directors and/or IT Managers to understand network design, dependencies, and scanning requirements, to develop comprehensive vulnerability management strategies.
• Deployed and configured Tenable solutions (Nessus, Tenable.sc, Tenable.io, PVS, and LCE), teaching architectural dependencies, scanning policies, scan run times, and integration with ticketing (i.e., ServiceNow).
• Performed scan results and supervised management of custom dashboards, reports, and other Tenable SecurityCenter features so client was in alignment with product outputs.
• Automated vulnerability management at scale, using Python for several different clients in different industries.Client Industries: Energy, Healthcare, Financial Services, Government, and Telecommunications

Mclean, VA, US

• Achieved cyber security assessments, gap analysis, certification and accreditation, and information assurance for commercial and government clients.
• Efficiently managed installations and administration of DLP, SIEM, vulnerability management, endpoint security, and asset discovery tools for numerous clients.
• Developed SOWs and software vendor partnerships, while creating whitepapers and modernizing cyber products and solutions.
• Implemented multiple security frameworks related to FIPS 140 and 199; FISMA; HMG IA Standard No.1; ISO 27001: 2013; ISO 27002 and ISO 27005; NIST 800(Series); NIST 1800(Series); PCI DSS 3.0; SOC 1, 2 and 3; and STRIDE.

Dublin 2, IE

• Effectively implemented Carbon Black App Control for large entertainment client, using file integrity monitoring, full-featured device control, and memory/tamper protection.
• Fostered relationships with CISOs and representatives from Carbon Black, CapGemini, and FishNet Security to enhance security measures, prevent future breaches, and improve third-party software integration.
• Accomplished project deliverables, including charters and project plans, and business and technical requirements, while providing trend analysis on high-risk users and remediation.
• Conducted security maturity assessment, vulnerability management, and DLP improvement measures to improve the client's current security posture.

Armonk, New York, NY, US

• Performed ad hoc MS Office and SQL database development and support, while supporting DISA STIG software configurations, workstation deployments with secure configurations, and supporting data security and privacy.
• Coordinated 300+ consultants on the 8th largest IBM-based project, following ISO 2701-2, ITCS300, and ITCS104 standards, while streamlining on-boarding process and network access controls for remote consultants.
• Administered and tracked training for HIPAA, DS&P, APPSCAN, Open Source and client-related software, while managing network access, using Open Text, DaaS, Citrix, and Key FOB routes.
• Managed Access Enforcer and roles assigned to 70,000+ Navy ERP users, while administering SAP Security GRC.
• Used GRC, DISA, JEDS, and Citrix to provide security and access controls for SAP and supporting systems.

Micro Master'S Certificate, Cybersecurity

Certificate, Artificial Intelligence: Implications On Business Strategy

Servicenow Secops - Vulnerability Incident Response (Vir)

Servicenow Secops - Vulnerability Response

Mgt414: Sans Training For Cissp Certification

Sec524: Cloud Security And Risk Fundamentals

Defendpoint - Advanced Concepts For Gpo

Sec504: Hacker Tools, Techniques, Exploits, And Incident Handling

Identitynow Implementation Fundamentals

Post-Sales Boot Camp

Pre-Sales Boot Camp

Powerbroker Passwordsafe Training, Endpoint Security

Certificate Of Completion, Endpoint Security

Certificate Of Completion, Security Information And Event Management (Siem)

Bachelor'S Of Science, Business Information Systems: Option In Management Information Systems

Bachelor'S Of Science, Business Admin, With Option In Marketing

Education record