Robert Conner Email & Phone Number

• As Senior Subject Matter Expert (SME) reproduced attack payloads using Burp Suite to demonstrate code vulnerabilities to development team. Worked with lead developers to triage and remediate critical & high issues.
• Instrumental in reducing # of High category vulnerabilities discovered across all application domains by 60%. Metrics captured from security reports provides evidence of reduction: Dec 18, 2017 reported (32 Highs).
• Developed a monthly actionable Enterprise Security Finding Report that summarized AppSec vulnerabilities to senior IRS executives. This report captured: actions needed to remediate AppSec flaws that keep reoccurring.
• Led the effort with IRS senior management and executives to mature the AppSec process using OWASP’ Software Application Maturity Model (SAMM). This methodology will create a security culture whereby business units can.
• Primary author of SOP guide for how dynamic application security scans are to be conducted across the IRS apps.
• Future plans include incorporating Burp Suite to totally address all the requirements documented in NIST SP 800-53 (Rev. 4) SA-11 and to further verify the security posture of customer’s web apps across 19 OWASP.

• TriTech (Chief Application Security Architect) 1/2016 – 9/2016Chief Application Security Architect charged with moving team toward a common vision of application security. Matured & restructured AppSec process into a.
• Developed control gates (i.e. Threat Analysis, S/W Attack Surface Analysis) to formalize manual code review process.
• Created new SAMM based AppSec practice areas (e.g. Metrics, Threat Modeling and Design Review: Risk-Based Security Test Plan).
• Developed customized attack scripts to Pentest web applications using Burp Suite & OWASP Zap Attack Proxy; these scripts verified the security status of customer’s web apps across 17 OWASP ASVS control categories.
• Used PenTest results to develop Risk Based Security Test Plan (i.e.ASVS playbook) so other team testers could reproduce and validate results captured from PenTest efforts.
• Used Burp Suite Fuzzing extensions to weaponize payloads to test exposure of client’s websites to Zero-Day SQL & XSS (code injection) and OS Command Injection attacks.

• EHR Clients (Confidential) - Cybersecurity Analyst 5/2010 – 10/2011 and 5/2013 - present
• Assisting several EHR vendors to get products certified under the Medicare and Medicaid EHR “Meaningful Use” Stage 1 and Stage 2 Program. Assisted EHR vendor while supporting “primary care provider” in the writing.
• Prepared cyber risk assessment and security gap analysis of internet facing applications; developed threat modeling rule engine to help developers “detect” potential vulnerabilities in their code; this activity also.
• Developed security profiles and trust boundaries to harden and secure application code from threats and vulnerabilities; Enhanced security of EHR vendor product suite by decomposing EHR application and developing.
• Conducted vulnerability assessments, threat modeling, and remediated high-risk vulnerabilities for HIPAA accreditation of EHR vendor products. Prepared remediation actionable reports and countermeasures to reduce.

• USDA (Dept. of Agriculture), Washington, DC - Senior Analyst 6/2005 – 09/2014
• Provided Subject Matter Expertise for Continuity of Operations Plan (COOP) for Dept. of Agriculture. Conduct a comprehensive Gap Analysis and Business Impact Analysis (BIA) of the existing COOP Plan to identify areas.
• Analyzed and mapped business processes and data flows, gap analysis, system conversions, customization and user acceptance testing to verify proper functioning of key components of various applications.
• Develop kickoff presentations, storyboards, modeled and document (“As-Is”) workflow and (“To-Be”) business processes.
• Develop UML diagrams to document Business process and workflows using MS Visio.

• Washington Metro Area Transit Authority (WMATA), DC - Cybersecurity Compliance 10/2011– 4/2013
• Provided leadership in security risk assessments, continuous monitoring and compliance strategy in supporting governance processes and initiatives.
• Worked as project lead to implement a PCI DSS (Payment Card Industry Digital Security Standard System) to secure cardholder data inside a secure environment. Used cybersecurity Capability Maturity Model (C2M2) to.
• Developed Concept-of-Operation plan to satisfy auditor’s request to expand the number of detection and prevention controls (i.e. NIST 800-53a control mechanisms) for protecting SCADA devices and CDE.
• Configured and ran vulnerability scans. Performed risk assessments and audited agency’s web applications for PC DSS compliance running on HTML, Asp.Net, J2EE, Oracle, Crystal Reports and SQL environment. Check for data.

• Baltimore County Government, Baltimore, MD - Business Analyst/Technical Project Manager 5/2008– 4/2010
• Led agile development effort to streamline business processes and replace disparate Microsoft Access databases with a centralized database view of information based on the property location within the Department of.
• Built a model of the existing DEPRM process (“As-Is”). Identified all business areas and data inputs/outputs required to implement the business process. Built a model of the proposed improved DEPRM business process.
• Led and performed JAD sessions to develop consensus on requirements between disparate business units and internal and external stakeholders impacted by process redesign.
• Developed functional and system requirements documents, screen mock-ups, use cases, requirements traceability matrix, data conversion and interface control documents. Documented, then consolidated and streamlined.

Whitby, Ontario, CA

• Synex, Inc., Multiple Locations in US (Clients: IBM, Air Force, US Army) Principal Architect 03/2000– 6/2005
• Coded C++ JavaScript modules used to connect for the Lotus Domino Workflow Engine (3.x, 4.x) to develop web application that automated access to case records & client tracking statistics retrieve data from a backend MS.
• Migrated web applications from WebSphere 5.x to 6.x. Installed Webspere Port 6.x, Websphere Application Server. Developed workflow scripts and setup replication schedules between multiple Domino servers. Performed.
• Provided technical management and guidance to develop and integrate IBM Web Portal/Lotus Domino knowledge solutions to multiple financial programs. Established collaboration link between 200+ members of the Air Force.
• Designed segmented networks to protect sensitive internal Windows database servers for Military District of Washington. Used “nmap”and “eEye’s Retina” to conduct Vulnerability Assessment and Penetration testing on.
• Constructed pilot system and developed implementation plan for migrating 50,000+ users of U.S. courts from Novell e-mail and assorted e-mail systems to Lotus Domino and Quickplace.

Master'S Degree Cybersecurity & Digital Forensics, Cybersecurity & Digital Forensics

Master'S Degree Cybersecurity & Digital Forensics, Cybersecurity & Digital Forensics