Kevin Mitchell Email and Phone Number

Performs penetration test on vehicles and vehicle ECU’s. Test, assess, and validate security of next-generation connected vehicles, including the following: whole vehicle pen tests component-level pen tests (e. g., on-car gateway, autonomous driving, and infotainment), function-level pen tests (immobilization, and Over-The-Air updates), connected car eco-system pen tests (mobile apps, back end infrastructure, and power charging equipment). Provide recommendation to mitigate security risks and fix security vulnerabilities. Collaborate with 3rd party pen testing firms to carry security access tasks, and provide coordination and support. Provide security expertise to product engineering teams, and educate them best security practice and security techniques.

Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices.Develop and maintain security testing plans.Automate penetration and other security testing on networks, systems and applications.Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.Produce actionable, threat-based, reports on security testing results.Act as a source of direction, training, and guidance for less experienced staff.Mentor and coach other IT security staff to provide guidance and expertise in their growth.Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation.Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators.Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.Foster and maintain relationships with key stakeholders and business partners.

Perform Pentest on Web Applications, APIs & Mobile Applications using block-box testing tools, in-depth.penetration tests (using shell scripts and manual testing techniques), DAST & SAST scans.Perform internal and external pentest against systems to determine vulnerabilities and offer mitigationstrategies.Performed web application pentests.Performed vulnerability risk assessments.Conduct host/network/application penetration testing as a member of a technical teamPerform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live networkinfrastructure, services, Active Directory environments, and other systems/applications. Tested, identified and exploited trust, misconfigurations and vulnerabilities in live MS Active Directoryenvironments without getting detected by advanced commercial security solutions.Test the exploitation of security policies and access controls in restricted/secure environments (e.g.privilege escalation and A/V evasion).Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)Perform cybersecurity assessments, including code reviews, architecture review, and threat modeling.Successful coordination, management, and execution of 40 concurrent penetration tests projectsannually for the NAFTA region for including US, CA, MX, BR, AG. Performs 30+ regression penetrationtests annually using dynamic application security testing (DAST) tools.

Coordinated and track the Local Information Security Officer activities in the Americas region under the management of the VP CIO Americas and LISO (U.S/Canada, Brazil, Mexico, Argentina and Colombia) related to risk, compliance and security to ensure stability and escalation where areas of exposure existExecuted the role of the external follow-up coordinator (EFC) for CA-Findings within the IT department (trigger execution and report successful finalization; help as a consultant for extension requests; reported delays); Managed all audit tracking and follow up for the region of ITF Americas. Effectively communicated findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.Executed on-site assessments according to ITF regulations and standards (conduction of assessment, generation of report, consulting of adequate solutions, tracking of remediation activities, reporting of status to HQ).Coordinated Information Security Policy Compliance Checks (evaluation of results, supervision of corrective measures, drafting of Risk Acknowledgement Agreements, documentation in Planning IT).

Performed network penetration test, web and mobile application testing, source code reviews, threat analysis, and wireless network assessments for vehicle in the connected vehicle program.Performed penetration test on Embedded hardware, In Vehicle Automotive, Network, and Application testing, which included include black box, code reviews, and reverse engineeringExpertise in Automotive Networks (CAN, CAN-FD LIN, MOST) and automotive network exploitation (vehicle Spy, Cantact)Recognize and safely utilize attacker tools, tactics, and procedures. Develop scripts, tools, or methodologies to enhance FCA's penetration testing processesConducted Uconnect Infotainment Hardware reverse Engineering and memory extraction techniques (JTAG, Chip Off, Onboard).Responsible for performing Vulnerability Assessments and Penetration Testing for the following FCA projects:Mopar.comIn Vehicle Help (IVH)Moparownerconnect.comUcconect Access ApplicationHead Unit Variant applicationService Delivery Platform and Remote Operations

Responsible for the VMware virtualization platforms, including maintenance and administration. Responsible for the Maintenance EMC and Dell EqualLogic SAN infrastructure, including maintenance and administration. Discover, review, and influence new and evolving design, architecture, and standards for building and delivering unique services and solutions. Investigate, design, and implement best-in-industry, innovative technologies that will expand the infrastructure through robust, scalable, adrenaline-fueled solutions. Expert in service reliability and sustainability. Develop and execute designs for complex systems backed by excellence, confidence, and thorough engineering analysis. Develop, gather, and leverage metrics to manage the server fleet and complex computing systems to drive automation, improvement, and performance. Responsible for production system development from requirements to release, including detailed design, analysis, testing, and optimization.

Maintained and continuously improved the Comlink’s information systems. Ensured server performance and maintained applications on servers. Administered and maintained the operation of the local area network. Backed-up and restored files on servers; provided reliable backup procedures, and operation plans for network\server environment; and monitored daily backup activities. Installed, configured, troubleshot, and maintain server-based applications running on the network including MS Exchange and SQL Server. Monitored and managed corporate security devices and applications including Firewalls, Intruder Prevention Systems, Patch management Systems, Certificate Authority, Proxy Servers, Anti-Virus, Email Filters, Web Content Filters, Backup Devices and SSL Taps. In the event of network system or server malfunctions, diagnosed the problem and prepared then executed solutions with minimal interruption to basic service requirements. Assisted with server room and Network switches (Cisco Catalyst 2960), deployments, re-configurations, rewiring, and maintenance. Maintained confidentiality of information exposed to in the course of business supervisors and other employees.

Level 1 Information Technology Consultant for Royal Dutch Shell Global Service desk, (10,000+ users). Identifies, diagnoses, and resolves Level One problems for users of the mainframe, personal computer software and hardware, District network, the Internet and new computer technology in a call center environment; communicates solutions to end-users. Diagnoses and resolves end-user network or local printer problems, PC hardware problems and mainframe, e-mail, Internet, dial-in and local-area network access problems. Provides one-on-one end-user problem resolution over the phone for District approved Personal Computer (PC) software.

Performed information security risk assessments and served as an internal auditor for security issues. Implemented information security policies and procedures for the Unit. Designed, operated, and performed troubleshooting of a highly available network through the use of dynamic IGP and EGP routing protocols for Battalion HQ. Installed VSATs. Configured and maintained all routers, switches and firewalls using TCP/IP. Managed and provided technical review of completed personnel actions. Performed personnel accountability, organizational and systems control files procedures in Active Directory. Initiated, facilitated, and promoted activities to create information security awareness within the organization. Reviewed all system-related security plans throughout the organization's network, acting as a liaison to Information Systems. Monitored compliance with information security policies and procedures.

Sold and Cross Sold a full range of personal banking services based on thoughtful and thorough evaluation of individual client needs, (ex, Checking, Savings, Money Market, Business, and Ira accounts). Met and exceeded established Sales Goals by effectively developing customer relationships. Conducted Follow-ups on internal and external sales leads as well as utilized banking centers sales, and marketing promotions. Prevented identity theft, social engineering, and phishing attacks through informative customer support.