Doug Morato

Doug Morato Email and Phone Number

GSE #307, CSSLP, CISSP, CCSK, SANS GIAC x8, 4x Microsoft, CompTIA x5, 3x EC-Council Certified @ Anamo Inc.
Doug Morato's Location
Boca Raton, Florida, United States, United States
Doug Morato's Contact Details
About Doug Morato

As cyber security professional, my career focus has been to secure applications and reduce organizational risk and threat landscape, by providing consultation and subject matter expert feedback on securing applications design and implementation.My area of knowledge spans through all phases of the SDLC, with active hands-on knowledge of threat modeling, secure design, static code analysis, penetration testing and continuous monitoring and security (defensive) operations.I have been able to collaborate with internal and external customers, ranging from Fortune 10 companies, government/Defense contractors, Big 4 accounting firms, multi-nationals as well as small and medium sized business. I was afforded the opportunity to work in the Healthcare, Financial Services, Tech Services and Consulting industries.I have broad experience providing secure architecture recommendations aligned with the Information Security Policies and industry best practices, performing threat modeling, conducting vulnerability assessments, web application, mobile application and network penetration tests, secure/static coding analysis, application security assessments, automating and embedding security in SDLC, fostering Security in DevOps work streams.Multilingual proficiency in English, Brazilian Portuguese and Spanish. I have achieve or currently hold the following certifications:Microsoft Certified Security Administrator Associate (MS-500)Microsoft Certified Azure Administrator Associate (AZ-103)Microsoft Certified Azure Security Engineer (AZ-500)Microsoft Certified Azure Fundamentals (AZ-900)CISSP (Certified Information Systems Security Professional) CSSLP (Certified Secure Software Lifecycle Professional) GPEN (GIAC Certified Penetration Tester) GCFA (GIAC Certified Forensic Analyst)GCIH (GIAC Certified Incident Handler) GSEC (GIAC Security Essentials Certification)GCIA (GIAC Certified Intrusion Analyst)GSTRT (GIAC Startegic Planning, Policy and Leadership)E|CSA (Ec-Council Certified Security Analyst)C|EH (Ec-Council Certified Ethical Hacker)C|HFI (Ec-Council Computer Hacking Forensic Investigator) CCSK (Certificate of Cloud Security Knowledge)SAFe Agilist (Leading SAFe Agilist Certification)

Doug Morato's Current Company Details
Anamo Inc.

Anamo Inc.

View
GSE #307, CSSLP, CISSP, CCSK, SANS GIAC x8, 4x Microsoft, CompTIA x5, 3x EC-Council Certified
Doug Morato Work Experience Details
  • Anamo Inc.
    Member Of The Board Of Advisors
    Anamo Inc. Jan 2023 - Present
    Las Vegas, Nv, Us
    View
  • Fortune 500 Companies
    Cyber Security Specialist
    Fortune 500 Companies Mar 2022 - Present
    Kapolei, Hi, Us
    View
  • Cybernetik
    Founder
    Cybernetik Mar 2018 - Present
  • Intersec Worldwide, Inc.
    Advisory Board Member
    Intersec Worldwide, Inc. Aug 2013 - Present
    Newport Beach, Ca, Us
    View
  • Trinity Health (Hq Michigan)
    S. Cyber Security Engineering
    Trinity Health (Hq Michigan) Jun 2017 - Feb 2020
    Livonia, Mi, Us
    View
  • Tradestation
    Director Of Application Security
    Tradestation Apr 2017 - Jun 2017
    Plantation, Fl, Us
    View
  • Pwc
    Sr. Manager, Security Architecture & Assurance
    Pwc Feb 2015 - Mar 2017
    Gb
    • Consulting with applications and business teams to provide initial / high level and detailed application architecture security recommendations.• Provide guidance to customers towards meeting all the information security requirements.• Drive implementation of security in SDLC, providing integrations for build automation, Sec DevOps• Gather requirements, evaluate, compare and provide SME advice on new Application Security related services or products• Collaborate, Review and ratify any proposed / updated technology standard.• Design, plan, implement and operate roll-out of HP Fortify On Demand (HP FOD) as replacement for on-premises HP Fortify.• Design, plan, implement and operate JIRA Service Desk ticking system for communication transparency and managing the high workload of the team. • Drive creation of internal Linux configuration standards aligned with NIST and CIS CAT standards.• Design, plan, implement and operate globally accessible instance of Atlassian JIRA, Confluence and Bamboo• Develop and maintain AppSec / Sec DevOps related integration scripts for Atlassian Bamboo, Jenkins, Microsoft TFS and VSTS, TeamCity.• Lead re-development of the global Application Security Assessment Portal, leveraged for standardizing vulnerabilities definitions and recommendations, methodology and reporting.• Design, plan, implement and maintain JFrog Artifactoy artifact repository.• Maintain, upgrade and operate Static Code Analysis (HP Fortify) and Penetration Testing infrastructure.• Lead and create Application Security internal and customer facing process and methodology documentation.• Collaborate in every DevOps work stream to streamline application security related tasks.• Assist applications to leverage in-house identify provider for AuthN/AuthZ, using SAML, OAUTH / OpenID, WS-Fed, LDAP• Administrative responsibilities regarding the CloudLock CASB solution.
    View
  • Hp Enterprise Security
    Senior Software Security Consultant
    Hp Enterprise Security Feb 2014 - Feb 2015
    Houston, Texas, Us
    Provide training on Secure Development Lifecycle. Deliver workshops about fundamentals of application security, secure application development and implementation of Software Security Assurance (SSA) methodologies.Work with customers to identify their needs on the implementation of Secure Development Policies, Metrics, Processes, Guidelines, Standards & Procedures.Implement HP Enterprise Security Products & Solutions including: • HP Fortify Static Code Analyzer (SCA); • HP Fortify Software Security Center (SSC); • HP Fortify Application View and Application Protection;• HP WebInspect & WebInspect Enterprise;• HP TippingPoint IPS;• HP TippingPoint NGFW; Educate and instruct HP customers on the use and implementation of the solutions offered by HP Enterprise Security Products.Perform Static Analysis utilizing HP Fortify SCA and Dynamic Analysis using HP WebInspect.
    View
  • Mastercard
    Penetration Tester - Contract
    Mastercard Aug 2013 - Jan 2014
    Purchase, Ny, Us
    • Perform multiple penetration tests of internal and external facing network assets, web applications, thick clients, mobile applications.• Work with Internal Security Assessors on definition of scope for vulnerability analysis, developing a penetration testing plan and conduction penetration tests to support IRoC and RoC.• Work with management and members of the team in mobile risk assessment and mobile platform testing.• Assist development teams to understand security issues and vulnerabilities reported and provided advicefor remediation plan.
    View
  • The Walt Disney Company
    Application Security Specialist - Contract
    The Walt Disney Company Sep 2012 - Aug 2013
    Burbank, Ca, Us
    • Perform multiple Static Code Analysis (SCA), using HP Fortify and HP Audit Workbench as a tool to assess security issues and vulnerabilities on source code of Java, .NET, Android and iOS applications• Implement automation of source code quality metrics tools such as FindBugs, PMD, CheckStyle, Sonar(javanalysissuite) in the build process, along with automation of the Static Code Analysis using HP Foritfy.• Assist Lead Developers, Tech Leads and modules teams to understand security issues andvulnerabilities and provided advice for remediation plan.• Work with Management and Leadership providing SME advice, risk assessment and analysis of impact.• Worked with Security & Compliance Architect to implement his vision for Secure SDLC for the programand also worked with Release Leads in order to assess and verify security posture of modules going intoproduction.• Exploratory and discovery research to track down all deployable artifacts, which lead to increasing thenumber of scanned projects by 2x and number of lines of code by 1.5x• Perform manual security penetration testing in applications that contained Web User Interfaces.• Perform security assessments and penetration tests of guest and cast facing mobile applications.• Assessments on overall security of Mobile Platform and security policies implemented by the company.
    View
  • Dbm Global Group
    Lead Consultant
    Dbm Global Group Jan 2009 - Jul 2013
    • Performed multiple vulnerability assessments and recommendations for remediation, web application penetration tests, network penetration tests, security audits and also implemented solutions, which helped our customer to achieve compliance and an acceptable level of security.• Performed secure code reviews, analysis , reporting and actively participated on SDLC and ALM process, acting as team lead and Subject Mater Expert for the development team, utilizing tools such as HP Foritfy SCA, HP WebInspect, HP Quality Center, HP Service Manager.• Responsible to develop and establish the security practice and compliance of an e-commerce company building their framework in-house, leveraging the cloud environment for their quick expansion, while protecting their IT assets.• Worked closely with dynamic teams, composed of network admins, firewall admins, developers, network architects, information security team, incident handlers and also the management level in several instances, providing clear and concise information, reports and directions regarding the security audits.• Evaluated, recommended and implemented complex systems, such as SIEMs, 2-Factor authentication, NACs, logging and correlation solutions such as Archsight, AlienVault, Firewalls and IDS solutions, automated code deployments (Continuous Integration), automatic scalability using cloud (On Amazon AWS and Rackspace), ERPs, CRMs, unified communications, active-directory, IT and development operations solutions for companies that needed expert advice regarding how to be more agile in their IT Operations.• Experience with performing and publishing web application and network security assessments.• Experience with mentoring, training and working with teams to better recognize security vulnerabilitiesand flaws.• Extensive experience performing manual network and application assessments and penetrationtests, stealth testing, and intrusion detection effectiveness testing.
    View
  • Data Sentry, Inc
    Trainer, Consultant
    Data Sentry, Inc Oct 2010 - Jul 2012
    Trainer and Consultant in the Information Security, Virtualization, Cloud Computing and Enterprise Management fields.Strategic logistics and operations management for our training sessions throughout the US and Canada.I also worked as Teaching Assistant through VMware's Partner Enablement initiatives.
  • Voxxus Itsp
    It & Security Consultant
    Voxxus Itsp May 2007 - Dec 2008
    During my time working for Voxxus, an IP telephony service provider, I performed VoIP hardware and software interoperability tests and recommendation. I installed, configured and maintained open-source IP-PBXs for customers and our corporate use, specially in the call center markets.I also acted as lead of customer support in order to turn around tense situations to a positive outcome bringing the problem solution;
  • Corporatec Soluções
    Founder & Lead Consultant
    Corporatec Soluções Jan 2004 - Jul 2007
    I founded Corporatec to enable our customers to communicate better and help them safeguard their assets.We performed vulnerability assessments, penetration testing, planning, coordination and implementation and deployment of security measures and solutions, helping them to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information, malicious software detection, analysis and removal;We also deployed and integrated VoIP, IP telephony and UCS solutions, open-source and proprietary, to our customers in to order to enable them to take full advantage of an uncomplicated and powerful communication systems.

Doug Morato Skills

Network Security Penetration Testing Information Security Firewalls Vulnerability Assessment Linux Virtualization Security Audits Ceh Open Source Ids Vmware Pci Dss Voip Ubuntu Computer Forensics Amazon Web Services Programming Metasploit Erp Spanish Active Directory Snort Python Asterisk Vmware Infrastructure Iptables Pfsense Postgresql Mysql Mercurial Debian Bash Windows Server Network Forensics Freebsd Openbsd Aws Amazon Web Services Vmware Esx Vcenter San Brazilian Portuguese Windows Server 2008 Vpn Openvpn Operations Management Git Chef

Doug Morato Education Details

  • Western Governors University
    Western Governors University
    Cybersecurity And Information Assurance
  • Unibta - Centro Universitário
    Unibta - Centro Universitário
    Computer Network Technology Technician
  • Universidade Estadual Do Oeste Do Paraná
    Universidade Estadual Do Oeste Do Paraná
    Electrical Engineering

Frequently Asked Questions about Doug Morato

What company does Doug Morato work for?

Doug Morato works for Anamo Inc.

What is Doug Morato's role at the current company?

Doug Morato's current role is GSE #307, CSSLP, CISSP, CCSK, SANS GIAC x8, 4x Microsoft, CompTIA x5, 3x EC-Council Certified.

What is Doug Morato's email address?

Doug Morato's email address is do****@****pwc.com

What is Doug Morato's direct phone number?

Doug Morato's direct phone number is +130592*****

What schools did Doug Morato attend?

Doug Morato attended Western Governors University, Unibta - Centro Universitário, Universidade Estadual Do Oeste Do Paraná.

What are some of Doug Morato's interests?

Doug Morato has interest in New Technology, Children, Information Security, Network Security, Network Technologies, Politics, Science And Technology, Erp, Crm, Web Application Security.

What skills is Doug Morato known for?

Doug Morato has skills like Network Security, Penetration Testing, Information Security, Firewalls, Vulnerability Assessment, Linux, Virtualization, Security Audits, Ceh, Open Source, Ids, Vmware.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.