Michael Pinkerman Email & Phone Number

Columbus, Ohio, United States

• Providing regular reports and updates to senior management on the status of cloud security initiatives, including key metrics, risks, and performance indicators.
• Leading and managing a team of cloud security engineers, providing guidance, mentorship, and technical expertise to ensure the successful execution of projects.
• Overseeing the design, implementation, and maintenance of security controls and measures within several large and diverse cloud environments to safeguard against cyber threats and vulnerabilities.
• Serving as a subject matter expert and liaison for cloud security, penetration testing, Red Team, and software security matters, representing the organization in discussions with clients, partners, and regulatory bodies
• Design & creation of bespoke ‘security framework’ to be ‘universally applicable’ internally and relate to all known security standards externally; By which then said framework leveraged for conducting risk assessments.
• Overseeing initiatives within ‘Cloud Security’ such as SASE, NGFW, CASB, DLP, SWG, SD-WAN, ZTNA, and more.

United States

• First ‘Security-Specific’ Hire with the task of establishing Application Security initiative.
• Created Top-Down ‘Governance Hierarchy’ by which compliance obligations could ‘flow into’ policies, procedures, practices, standards, guidelines, and mandates.
• Leveraging novel security framework to assess & evaluate infrastructure, architecture, and all information assets (on prem and remote) in an informed gap assessment/analysis to compare against designed ‘secure baselines’
• Design & implementation of security solutions in a ‘Secure-By-Design/Default’ posture across on-prem, satellite sites, remote workers & assets, and cloud infrastructure that included:○ SD-WAN, Next-Gen/Layer7.
• Lead integration effort titled “Cross-Pollination” that sought to establish “Data-Driven & Cloud Focused” security implementation & integration that saw creation of SecDevOps as a separate entity.
• Lead ‘SecDevOps’ efforts of integrating InfoSec in every intersection of SDLC through creation of novel ‘frameworks’ that involved collaboration & communication of all ‘tech teams’ to ensure a collaborative and.

• Spearheaded the establishment of security-specific policies, procedures, and best practices, along with centralized documentation management.
• Implemented revisions to documentation methods, standards, and practices, while providing training to staff on critical concepts like data loss prevention and data classification & handling.
• Collaborated with development department heads to enforce software security standards, deliver security-focused learning and training initiatives, and develop accountability programs in alignment with industry.
• Consulted with operations and IT leaders to ensure consistent implementation and enforcement of security measures, including asset management, secure operations, continual monitoring, and deployment of next-generation.
• Led compliance efforts and enforced company policies, standards, and regulatory obligations, ensuring adherence to statutory, regulatory, and contractual requirements.
• Directed the establishment of an Application Security (AppSec) team, providing training to developers in software security and establishing secure Software Development Lifecycle (SDLC) processes. Implemented.

United States

• During this period, I held diverse roles and responsibilities, including:
• Penetration Tester: Conducted manual exploitation and penetration testing across various environments, from small-scale to enterprise-level networks, encompassing wireless, wired, web applications, and mobile platforms.
• Red Team Member/ Lead: Developed and executed attack scenarios based on threat intelligence and models, utilizing both off-the-shelf and custom tools and scripts for reconnaissance, exploitation, evasion, replication.
• Principal SOC Analyst/Lead Architect: Analyzed and correlated security events using custom and industry-standard log aggregation methods and SIEM solutions. Implemented automation to enhance efficiency in event.
• Sr. Security Engineer and Architect: Designed and deployed security awareness plans, policies, and educational initiatives, conducting company-wide security awareness assessments. Implemented risk management controls.
• Leveraged intelligence on adversarial capabilities, infrastructure, and tactics, techniques, and procedures (TTPs) to develop and deploy specialized solutions for operational indication and alerting purposes.

Dublin, Ohio

• Developed and authored InfoSec protocols for a newly established SOC team, which were subsequently adopted by the main team, Enterprise Security Division, and other operational divisions.
• Created security awareness and training materials for the proposed 'Security Liaison' program, facilitating the appointment of InfoSec-reporting personnel in every team, division, and department.
• Conducted Gap Analysis to assess security initiatives and standards implementation, ensuring a proactive "Security Baked-In; NOT Bolted-On" approach. Utilized MOSCOW analysis to prioritize outstanding compliance or.
• Designed a comprehensive roadmap involving Development, Operations/DevOps, IT, HR, and InfoSec efforts based on Gap Analysis findings.
• Authored assessments, reports, and analyses, collaborating with development teams on remediation timelines and subsequent threat acceptance.
• Deployed and designed security architecture in AWS, GCP, Azure, and on-premises environments, including virtualization and containerization security measures such as runtime security scanning and Zero Trust-based.

Yougstown Ohio

• Lead the design and implementation of secure architectures for web and mobile applications, ensuring compliance with industry standards and best practices.
• Conduct threat modeling exercises to identify potential security threats and vulnerabilities in application designs and propose mitigation strategies.
• Perform security code reviews and static analysis of application code to identify and remediate security vulnerabilities at an early stage of the development lifecycle.
• Develop and maintain secure coding guidelines, standards, and best practices for developers to follow during the development process.
• Collaborate with development teams to integrate security controls, such as authentication, authorization, encryption, and logging, into application designs and implementations.
• Conduct security assessments and penetration tests of applications to identify vulnerabilities and assess the effectiveness of security controls.

Columbus, Ohio Area

• Developed and maintained security controls and configurations for web application firewalls (WAFs), intrusion detection systems (IDS), and other security tools.
• Participated in incident response activities, conducting forensic investigations and analyzing security incidents to identify root causes and recommend preventive measures.
• Assisted in the design and implementation of security monitoring and logging solutions to detect and respond to security incidents in real-time.
• Led Identity and Access Management (IAM) initiatives, implementing password policies, multi-factor authentication (MFA), and role-based access (RBAC), while fostering a least-privilege mentality.
• Developed, designed, and deployed network-wide IDS/IPS solutions, utilizing both industry-standard and custom-coded solutions.
• Implemented security rules and protections, including Layer 3, 4, and 7 firewalls, access control lists, and comprehensive logging management solutions.

Bachelor Of Applied Science - Basc, Computer Science

Diploma, General

Associate Of Arts And Sciences - Aas, Cyber/Computer Forensics And Counterterrorism

Bachelor Of Technology - Btech, Computer And Information Sciences And Support Services, 3.9