• Regularly outperforms annual metric expectations and leads the team in cases closed.• Develops the report writing style guide and quality assurance processes and guidelines as Technical Testing Quality Assurance Team Lead.• Edits the majority of the reports that are delivered to the client and trains others on how to improve their report writing.• Innovates new service offerings for the business by creating long-term security maturity model offerings that take place over multiple years based on the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) program.• Discovers new avenues to increase efficiencies across the team through the report writing and delivery process.• Engages with mission critical tests for clients that have experienced breach events.• Regularly communicates with team leads, management, and project managers to develop new processes and address long term challenges for the organization.• Leads kick off and close out calls with clients to cover methodology, processes, communication, and questions that the client develops over the course of the project.• Engages in penetration testing of client environments covering a diverse collection of industries.• Regularly trains new employees on tools, processes, and resources.• Mentors new penetration testers on hard and soft skills that are vital to the success of the project and their future career.• Assists with troubleshooting technical issues during tests as well as report and client communication issues that other team members encounter.• Provides guidance to clients on additional security-based activities and services that can help with improving their security posture holistically.• Assists clients in preparing meeting compliance by outlining which weaknesses and vulnerabilities should be prioritized.• Leads communication for projects from the initial scheduling to report delivery.

• Performed Amazon Web Services (AWS), Microsoft Azure, Web Application, API, Internal Network, and External Network Penetration Testing for all Production resources and services before product go live• Developed business justifications, outlined back-out strategies, and engaged in live Q&A Change Review Board meetings in order to gain approval with Operational, Networking, and Change Management leadership• Assisted in driving scheduling, communication, change control, testing, evidence storage, and remediation for environments requiring mandatory PCI-DSS and SWIFT compliance• Liaison and subject matter expert that facilitated communications between third party vendors, auditors, and internal resources• Generated detailed reports outlining the vulnerabilities, attack chains, full attack scenario descriptions, relevant screen captures, proof of concept code, and a clear description of why the product owner should be concerned with the results• Continually developed and improved the testing report format used internally by the team. Worked with Security Roots' Dradis team to import the template into Dradis Professional• Driver of the new tool acquisition and budgeting process• Implemented the practices of the OWASP Testing Methodology and checklist from the Web Security Testing Guide (WSTG) into our team's web application testing workflow and reporting template• Mentored team members on internal processes and soft skills• Diplomatically worked with Networking, Application, and Development teams on initial scoping, triage sessions to resolve issues, and remediation efforts to influence and encourage the Secure Development Lifecycle of Production assets• Administration and upkeep of internal Red Hat and Debian Linux resources• Administration of Risk & Vulnerability Lifecycle Management (VLM) activities managed in Archer/Jira and engaged in Qualys Network and Web Application scanning activities

• Routinely conducted network vulnerability assessments, penetration tests, and web application tests• Exploited numerous vulnerabilities, established command and control, and exfiltrated data• Generated detailed reports outlining the vulnerabilities that required action, attack chains, full attack scenario descriptions, relevant screen captures, and a clear description of why the client should be concerned with the results• Set expectations and timelines for service delivery with client stakeholders• Assisted in developing the testing report format used internally by the team• Mentored junior penetration testers and future prospective penetration testers on technical and soft skills• Advised clients on remediation and security best practices for improving their respective environment• Engaged with clients from the beginning to the end of the project, ensuring that their vulnerabilities were understood, and that they could begin the steps of remediation confidently

• Routinely conducted network vulnerability assessments and penetration tests• Exploited numerous vulnerabilities, established command and control, and exfiltrated data across varied networks in several industries, including Medical, Financial, Legal, and Manufacturing• Frequently performed social engineering activities in the form of phishing campaigns, USBdrops, pre-texting calls, and physical security assessments• Regularly performed firewall configuration audits, war dialing operations, and wireless assessments• Generated detailed reports outlining the vulnerabilities that required action, attack chains, full attack scenario descriptions, relevant screen captures, and a clear description of why the client should be concerned with the results• Mentored junior penetration testers and future prospective penetration testers on technical and soft skills• Advised clients on remediation and security best practices for improving their respective environment• Engaged with clients from the beginning to the end of the project, ensuring that their vulnerabilities were understood, and that they could begin the steps of remediation confidently• Presented findings to the client in-person, and presented the information in a format that was digestible and relatable to the client's industry.• Engaged in lunch and learn seminars to spread security awareness to other staff across different business functions• Visited local educational institutions to educate and encourage young people to join the information security industry• Interviewed with local news outlets to share knowledge about information security bestpractices, and scenarios that could impact the privacy and protection of the commonwealth• Developed a drone delivery penetration testing platform as a new service for clients

• Responsible for installing, configuring, maintaining, and upgrading client servers,workstations, networking appliances, firewalls, backup appliances, and printers for hundredsof clients across the Healthcare, Financial, Manufacturing, and Non-profit industries• Assisted security operations in responding to incidents generated from AlertLogic and Trend Micro monitoring tools• Deployed configuration changes to harden client environments based on data from intrusion detection systems, and from vulnerability scan results generated from Nessus and OpenVAS• Investigated and mitigated various types of spam email attempts• Configured and managed permissions for Active Directory profiles and Group Policy Objects(GPOs). Engaged in Identity and Access Management (IAM) configurations for internal clientsoftware solutions. • Assisted with client and internal information security policy writing and planning• Configured and managed virtual machine environments for clients • Advised clients on backup, security, and networking solutions for over 100 unique environments• Engaged in preventative maintenance of client IT infrastructure• Managed onsite and cloud based backup solutions on a daily basis using Backup Exec, ShadowProtect, Vaultlogix, and Veeam• Managed technical documentation and assets for client environments• Explained technical details to non-technical clients

• Reviewed, organized, and made security-focused suggestions on the organization’s Information Security, Enterprise Data Management, and Database Administration policies • Assisted in planning new security implementations to strengthen the company’s Defense-in-Depth• Scanned database servers with Tenable Security Center to reveal vulnerabilities, and researched how to create optimized scanning policies with a granular approach• Analyzed Administrator level accounts established on internal servers using Hyena, and produced reports to provide evidence of users with excessive privileges. Added value by making security-based suggestions for minimizing the amount of accounts and renaming discernibly titled assets• Assisted in organizing and planning a quarterly patching maintenance window for all the servers located at the data center. Followed up this transition by creating separate policies for technical points of contact and management, in addition to drafting an approval contract for Change Control to reference when the patch cycle reached production • Researched and presented options for securing legacy database servers using virtual patching technology and Web Application Firewalls (WAFs)

• Responsible for installing, configuring, maintaining, and upgrading client servers, workstations, networking appliances, firewalls, backup appliances, and printers for hundreds of clients across the Financial, Manufacturing, Medical, Legal, and Non-Profit industries• Regularly engaged in system hardening and vulnerability detection • Provided malware removal, and engaged the client through the explanation of how to proactively avoid malicious code • Employed the troubleshooting of software, hardware, and networking issues over the phone, on site, or via remote connectivity software (Logmein, Join.Me, Remote Desktop, PuTTY) • Performed initial site audits that addressed in depth details of client workstations, servers, IP addressing, and network equipment • Utilized Microsoft Visio to create network maps of client environments for internal documentation • Engaged in the proactive maintenance of client servers • Researched, presented, and installed hardware and software solutions for client environments• Built or ordered new computers for clients following requested specifications and research output. Followed up the process by establishing the new systems through updating & installing software requested by the client prior to on-site delivery• Managed cloud backup solution JungleDisk for contracted clients • Mentored new technician on internal processes and technical skills• Responsible for personal management of duties, configurations, client ticketing, reports, and communication through the ConnectWise CRM software suite• Explained technical features of technology in non-technical terms for the client • Wired a new office space using a spool of Cat6 cabling. Ensured accuracy of the new network using a cable tester and toner probe for all termination points