Doug Morato Email & Phone Number

Las Vegas, NV, US

Kapolei, HI, US

Newport Beach, CA, US

Livonia, MI, US

Plantation, FL, US

GB

• Consulting with applications and business teams to provide initial / high level and detailed application architecture security recommendations.
• Provide guidance to customers towards meeting all the information security requirements.
• Drive implementation of security in SDLC, providing integrations for build automation, Sec DevOps
• Gather requirements, evaluate, compare and provide SME advice on new Application Security related services or products
• Collaborate, Review and ratify any proposed / updated technology standard.
• Design, plan, implement and operate roll-out of HP Fortify On Demand (HP FOD) as replacement for on-premises HP Fortify.

Houston, Texas, US

• Provide training on Secure Development Lifecycle. Deliver workshops about fundamentals of application security, secure application development and implementation of Software Security Assurance (SSA) methodologies.Work.
• HP Fortify Static Code Analyzer (SCA);
• HP Fortify Software Security Center (SSC);
• HP Fortify Application View and Application Protection;
• HP WebInspect & WebInspect Enterprise;
• HP TippingPoint IPS;

Purchase, NY, US

• Perform multiple penetration tests of internal and external facing network assets, web applications, thick clients, mobile applications.
• Work with Internal Security Assessors on definition of scope for vulnerability analysis, developing a penetration testing plan and conduction penetration tests to support IRoC and RoC.
• Work with management and members of the team in mobile risk assessment and mobile platform testing.
• Assist development teams to understand security issues and vulnerabilities reported and provided advicefor remediation plan.

Burbank, CA, US

• Perform multiple Static Code Analysis (SCA), using HP Fortify and HP Audit Workbench as a tool to assess security issues and vulnerabilities on source code of Java,.NET, Android and iOS applications
• Implement automation of source code quality metrics tools such as FindBugs, PMD, CheckStyle, Sonar(javanalysissuite) in the build process, along with automation of the Static Code Analysis using HP Foritfy.
• Assist Lead Developers, Tech Leads and modules teams to understand security issues andvulnerabilities and provided advice for remediation plan.
• Work with Management and Leadership providing SME advice, risk assessment and analysis of impact.
• Worked with Security & Compliance Architect to implement his vision for Secure SDLC for the programand also worked with Release Leads in order to assess and verify security posture of modules going intoproduction.
• Exploratory and discovery research to track down all deployable artifacts, which lead to increasing thenumber of scanned projects by 2x and number of lines of code by 1.5x

• Performed multiple vulnerability assessments and recommendations for remediation, web application penetration tests, network penetration tests, security audits and also implemented solutions, which helped our customer.
• Performed secure code reviews, analysis, reporting and actively participated on SDLC and ALM process, acting as team lead and Subject Mater Expert for the development team, utilizing tools such as HP Foritfy SCA, HP.
• Responsible to develop and establish the security practice and compliance of an e-commerce company building their framework in-house, leveraging the cloud environment for their quick expansion, while protecting their.
• Worked closely with dynamic teams, composed of network admins, firewall admins, developers, network architects, information security team, incident handlers and also the management level in several instances, providing.
• Evaluated, recommended and implemented complex systems, such as SIEMs, 2-Factor authentication, NACs, logging and correlation solutions such as Archsight, AlienVault, Firewalls and IDS solutions, automated code.
• Experience with performing and publishing web application and network security assessments.

Trainer and Consultant in the Information Security, Virtualization, Cloud Computing and Enterprise Management fields.Strategic logistics and operations management for our training sessions throughout the US and Canada.I also worked as Teaching Assistant through VMware's Partner Enablement initiatives.

During my time working for Voxxus, an IP telephony service provider, I performed VoIP hardware and software interoperability tests and recommendation. I installed, configured and maintained open-source IP-PBXs for customers and our corporate use, specially in the call center markets.I also acted as lead of customer support in order to turn around tense.

I founded Corporatec to enable our customers to communicate better and help them safeguard their assets.We performed vulnerability assessments, penetration testing, planning, coordination and implementation and deployment of security measures and solutions, helping them to regulate access to computer data files and prevent unauthorized modification.

Bachelor Of Science - Bs, Cybersecurity And Information Assurance

Computer Network Technology Technician

Electrical Engineering