Derek Dunbar Email and Phone Number

Perform risk analyses and research to create new or improve existing documented procedure. Assess and improve InfoSec education initiatives. Communicate with tenant colleges, other MSU IT staff, and external vendors regarding service/product acquisition and risk assessment. Represent Information Security on various internal MSU IT projects. Perform penetration tests of new web-facing and internal network assets.• Founded the university's first "in-house" pentesting services, developing processes/procedures and provided testing for new web-facing/internal servers.• Designed coursework for the first Staff/Facutly-wide Cybersecurity Awareness course. Assisted in organizing accountability trees, reporting, feedback surveys, and outgoing public communications. • Assisted with the design and performance of tenant college security risk assessments, including coordinating vendor outreach for inventory tool acquisition.• Composed, maintained, and/or helped modernize multiple University cybersecurity policies. • Assisted in the oversight of penetration testing and submission of yearly PCI-DSS Compliance attestation. Primary coordinator of technical confirmation and worksheet completion for compensating controls, leading to a 40% reduction of necessary compensating controls for the first VOIP network PCI attestation and enabling over $200 million in revenue per year.

• Lead over 200 hours of lecture and demonstration-based instruction for five different cohorts, covering penetration testing, cloud security, Python programming, intrusion detection, and incident response.• Addressed student concerns, both during class and off-hours. Mentored students in class studies and career aspirations. Support grading, office hours, and small group lab activities.• As Adjunct Instructor for the ESCP course, led three-week "Introduction to Offensive Security" for multiple cohorts, teaching foundational pentesting philosophies and methodologies, note taking and record-keeping, basic reconnaissance/enumeration/exploitation/escalation techniques, and report writing/presentation.

Conducted Internal, External, and social engineering pentests for Plante Moran clients. Lead communications with clients for engagement commencement, command & control, network troubleshooting, and live final report presentation. Maintained datasecurity of all testing findings, screenshots, and documentation● Conducted 30+ pentests including phone phishing and in-person social engineering in addition toexternal/internal network testing● Composed CREST Certification application leading to organizational certification● Codified Internal/External pentest process to ensure consistent service for all clients

Gain exam-specific and practical penetration testing experience through live instruction, lab tutorials, and custom lab environments inspired by real-world situations. 18-week immersive training - focused heavily on in-class discussions and hands-on labs - designed not only to pass the OSCP but to create a deeper and more practical understanding of penetration testing. • Analyze corporate networks, web applications, and production systems to identify and exploit vulnerabilities.• Construct threat models to investigate persistent and emerging cybersecurity threats.• Understand the tools and technologies required to deliver a full penetration test of a network and application.• Comprehensive and professional reporting of penetration test results and remediation to executives and stakeholders.

Developed skill to harden Linux, Windows, and Cloud networked systems for organizations, instituting security controls and monitoring systems for intrusion. Conducted security audits, utilizing established industry frameworks, to keep organizations secure both internally and externally. • Assessed system vulnerabilities using industry standard tools such as Metasploit, Burp suite, and Nessus through Kali Linux-based penetration testing.• Monitored data in motion and associated logs using Wireshark, Splunk SIEM and Python 3-based data cleaning.• Utilized Threat Intelligence techniques to identify pertinent attacks and threat actors, utilizing personal research into emerging and existing threats• Successfully completed an internal/external vulnerability assessment of an operational organization, resulting in enumerating and verifying 44 serious network vulnerabilities.• Per the same engagement contract, conducted a social engineering campaign against over 120 employees, resulting in 25 hooks that would have - in the event of an actual attack - resulted in a critical system penetration.

Managed employees, served clients, and provided basic IT support remotely through four different software platforms. Devised solutions for complex customer situations. Provided daily communication and weekly video reports through multiple lines of leadership, ensuring understanding of project progress and receiving feedback.• Implemented training, accountability and cultivated team mindset that eliminated rampant absenteeism, reduced Market call abandonment rate by over 85% and increased average call revenue by 22%.• Key contributor to development in Best Buy Digital Sales initiative, providing multiple points of feedback implemented into the program company-wide.• Managed over 100 Digital Sales Advisors across four states, validating schedules and activity, coaching in sales skills and company protocols, and finding solutions for complex customer situations• Successfully managed onboarding and training of 20+ new advisors into the new Digital Sales platform.

Reinforced established company standards and values for a 12-employee team to better engage customers and drive profitability. Assisted Geek Squad Manager with associate coaching, training, and assessment, including overseeing maintenance and improvement of operational accuracy and efficiency. Oversaw inventory and security of client assets and devices.• Increased monthly service accuracy by 17% by increasing employees’ ability to communicate effectively and translate customer requests into technical service requirements. • Maintained record-low service wait times, despite staff turnover. • Trained junior associates ensuring understanding and retention of information, resulting in month-to-date and quarterly increases in customer memberships and overall satisfaction.

Provided friendly and accurate customer service to clients and external music program directors. Championed knowledge of logistics, services, and general information to answer inquiries of company executives, technical experts, and common customers alike. Analyzed supply and demand trends to facilitate statewide shipping of inventory to necessary local markets.• Received, tracked, and executed 10,000+ orders per year with the company fulfillment team.• Coordinated with warehouse staff, local/statewide sales contractors, and branch retail locations throughout Michigan to ensure proper distribution of over $5M USD in merchandise on an annual basis. • Personally fostered positive business relations with 40+ program directors throughout eastern and southeastern Michigan.

• Thousands of hours of both instructional and public presentation experience with all manner of group sizes; individuals, 50+ person units, and personally selected, trained and led cross-functional special teams.• High operational tempo, between 100–140 presentations per year.• Adapted to ever-changing staff requirements, acquiring new secondary skills and studying existing protocol and regulations to reliably fulfill new technical and administrative roles.• Completed six presentation tours with self-trained teams, performing interactive group discussions with 70+ high schools, colleges, and communities in eight states.• Multiple Secret Clearance-level executive presentations, including for Presidents of the United States and within facilities such as The Pentagon, Marine Corps Special Operations Command, and NCIS Headquarters. • Project designer and group instructor for eight major international presentations.• Assembled and trained teams for dozens of nationally televised engagements, including The Today Show, Macy’s Thanksgiving Day Parade, Tournament of Roses Parade, National Independence Day Celebration, and multiple Mardi Gras festivals.