Michael Arnold

Michael Arnold Email and Phone Number

Independent Security Researcher @ Independent Consultant
Michael Arnold's Location
Burnaby, British Columbia, Canada, Canada
About Michael Arnold

-------• Web AppSec: Comprehensive security assessments of web applications, APIs and supporting infrastructure. Including, but not limited to: ◦ White/black/grey box penetration testing activities, (manual and automated) against the OWASP Top 10, ASVS, biz logic and env config. ◦ Testing RESTful, GraphQL, APIs etc. ◦ Familiarity with file formats such as ProtoBuf, JSON, XML, XML & YAML. ◦ Testing Authentication & Authorization using modern auth such as OAuth2.0, SAML, etc. ◦ Extensive use and exp with tools such as integrated browser devtools, Burp Suite Professional, Selenium, Visual Studio, EclipseIDE & cheffing up of custom burp exts as required. -------• Mobile AppSec: Security assessments of cross-platform mobile applications (Android & iOS), APIs, supporting network/cloud infrastructure and reverse engineering apps.-------• Thick AppSec: Security assessments of cross-platform thick/enterprise applications (Windows & Linux): ◦ Leveraging of transparent layer 3 network proxies for system wide, full protocol interception & analysis capabilities. ◦ Performing DBI augmented reverse engineering and debugging using Frida and other decompilation/debugging tools.-------• AppSec Engineering: Safeguarding games/apps from cyber attacks, encompassing both "shift-left" SDLC security integration & hands-on technical application pen-testing, Involving but not limited to: ◦ Extensive usage/familiarity with OOP languages C#/.Net Core/ASP.NET Core, Python, PHP, Java, JavaScript/Node.js & CodeQL. ◦ Threat Modeling/Risk Assessment: Analysis of large system design architecture, data flow and user interactions to assess attack vectors/vulns. ◦ Shift Left SDLC: Integrating security measures early in the SDLC. ◦ SAST/DAST Integration: CodeQL powered manual/auto white box source code review, DBI assisted AFL Fuzzing, traffic analysis etc.-------• Red Team Ops | Adversary Simulation: Engaged in RTO simulation of APT threats to emulate real-world cyber attacks; including: ◦ Design/exec of complex, multi-stage RTO engagements tailored to org envs. ◦ Employing a wide range of attack TTPs to simulate real-world attacker behaviors/methodologies. ◦ Adapting/evolving strategies based on the target env, defensive mechanisms, and emerging threats. ◦ Development of custom tools. ◦ Delivery of comprehensive and actionable reports.-------• CloudSec: Safeguarding cloud infrastructure from cyber attacks, including but not limited to Cloud: ◦ Risk Assessment. ◦ Identity and Access Management (IAM). ◦ Security Best Practices.

Michael Arnold's Current Company Details
Independent Consultant

Independent Consultant

View
Independent Security Researcher
Michael Arnold Work Experience Details
  • Independent Consultant
    Independent Security Researcher
    Independent Consultant Oct 2022 - Present
    London, Gb
    • Independent bug bounty research / sabbatical study period during temporary return to Scotland.
    View
  • Zynga
    Senior Application Security Engineer
    Zynga Sep 2021 - Oct 2022
    San Francisco, California, Us
    Technical security assessments including:• Penetration testing of cross-platform mobile applications (iOS/Android), thick client applications (desktop), web services, & Cloud front-end & back-end services.• Validation of internal, external and crowd-sourced application security vulnerabilities and articulation of issue/remediation steps to the relevant engineering teams.• Maintain and augment security engineering infrastructure services and custom tooling used by the application security team.• Reverse engineering of mobile application products and source code reviews (manual and SAST code audits).• Documentation of game architecture and performing threat modeling for white-box assessment activities.• Evaluation of product security and security architecture from an offensive and defensive mindset.• SME for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security.
    View
  • Mandiant
    Senior Security Consultant
    Mandiant Jul 2018 - Sep 2021
    Mountain View, California, Us
    Technical security assessments and ethical hacking engagements, including:• Penetration Testing• Red Teaming• Network Vulnerability Assessments• Web Application Security Assessments• Social Engineering• Audits• Software Vulnerability Research
    View
  • Herjavec Group
    Senior Technical Security Consultant
    Herjavec Group Apr 2017 - Jul 2018
    Kansas City, Mo, Us
    Technical security assessments and ethical hacking engagements, including:• Penetration Testing• Network Vulnerability Assessments• Web Application Security Assessments• Social Engineering• Firewall Rule Review• Network Security Architecture Review• Audits• Software Vulnerability Research
    View
  • Bc Clinical And Support Services Society (Bccss)
    It Infrastructure Specialist
    Bc Clinical And Support Services Society (Bccss) Dec 2016 - Mar 2017
    • Review requirements, architecture & design documentation to verify that servers are being provisioned in the correct network zones.• Implement firewall changes.• Troubleshoot firewall/network connectivity issues.• Perform vulnerability assessments and remediation.• Implement Active Directory & DNS changes as required.• Troubleshoot Active Directory and Kerberos related issues.
  • Health Shared Services Bc
    Senior Technical Analyst
    Health Shared Services Bc Nov 2012 - Dec 2015
    Burnaby, Bc, Ca
    • Performed non-automated, application security assessments on province wide web applications prior to being exposed externally.• Coordinated application/server migrations to a Tier 3 Data Center.• Identified application firewall requirements using specific network monitoring tools as well as manual/scripted data parsing.• Worked with Virtual, Networking, Security and Windows teams to ensure migrations and net new builds were met as per specification.
    View
  • The University Of British Columbia
    Desktop Support
    The University Of British Columbia Jul 2012 - Oct 2012
    Vancouver, British Columbia, Ca
    Break/fix desktop support, domain migration.
    View
  • Alzheimer Scotland
    It Technician | Systems Administrator
    Alzheimer Scotland Apr 2010 - Jun 2012
    Edinburgh, Scotland, Gb
    • Provided IT support for ~250 sites across Scotland.• Designed and implemented hub-spoke architecture and Active Directory consolidation/upgrade to 2008 single domain.
    View
  • Edinburgh Computer Services (Scotland) Ltd
    It Support Technician
    Edinburgh Computer Services (Scotland) Ltd Oct 2008 - Apr 2009
    Provided IT support and installations for numerous clients across the central belt.

Michael Arnold Education Details

  • Stevenson College, Edinburgh
    Stevenson College, Edinburgh
    Computer Software Engineering
  • Knox Academy, Haddington, East Lothian
    Knox Academy, Haddington, East Lothian
    Gcse

Frequently Asked Questions about Michael Arnold

What company does Michael Arnold work for?

Michael Arnold works for Independent Consultant

What is Michael Arnold's role at the current company?

Michael Arnold's current role is Independent Security Researcher.

What schools did Michael Arnold attend?

Michael Arnold attended Stevenson College, Edinburgh, Knox Academy, Haddington, East Lothian.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.