Highly trained cybersecurity professional with extensive technical experience (10+ years), specializing in application security, automation/DevSecOps, penetration testing, offensive security engineering, cloud security, vulnerability management and applied mathematics. Background includes multiple industries—everything from federal to financial to non-profit, and for organizations that range from startup to Fortune 150 Big Tech.

Career highlights include:

• Highly experienced Application Security Engineer and trusted partner of software development teams everywhere. Full-scope application security program development and career practitioner in the art of AppSec web security assessments, penetration testing, code review and threat modeling.

• Leverages scripting (mostly Python) to solve security scaling challenges, advance security maturity and practice principles of DevSecOps.

• Self-identified “offensive security engineer” with extensive experience performing network, mobile, cloud and web application penetration testing.

• Built and led multiple organization-wide Vulnerability Management (VM) programs—everything from architecture to engineering to analysis & automation.

• Experienced securing cloud environments and performing security assessments across the gamut of cloud service providers.

For more about me, check out the writeup on my professional/educational background and/or peruse my cybersecurity writing & research.

Education

• MS Cybersecurity, Johns Hopkins University (2020)
• BS Information Security, University of Mary Washington (2012)

Certifications

OSCP | GXPN | CISSP | GREM | GRID | AWS Security | GAWN | eCPPT | CEH | GCPN | GWAPT | GSEC | GCIA | GCIH | GMOB | GPYC | GPEN | GEVA | GSOC | GOSI | GWEB | GSLC | AWS Architect | Sec+

Verify these credentials on Credly and the GIAC Certified Professional portal.

Organizations

• SANS vTA / Teaching Assistant (SEC503, SEC504, ICS515, SEC588) & Course Facilitator / Moderator
• OWASP Member since 2016
• Companies: Booz Allen Hamilton, Dell, EY, IMF, NIH, NRECA, nVisium, SAIC, Salesforce, SANS, Science 37

Skills/Tools Summary

• Application Security : DAST, SAST, SCA, Burp Suite Pro, AppScan, Veracode, Checkmarx, Fortify
• Threat Modeling : Microsoft Threat Modeling Tool, STRIDE, PASTA
• Scripting, Automation & DevSecOps : Python, Java
• Penetration Testing : Kali, Metasploit, OSINT
• Red Teaming : Cobalt Strike, Empire
• Cloud Security + Architecture : AWS, CloudFormation
• Vulnerability Management : Tenable, Nessus, Qualys, Twistlock, Prisma Cloud
• Reverse Engineering : IDA Pro, Volatility
• Third-Party / Supply-Chain Security
• Privacy & Risk Management + Assessment : NIST, ISO 27001, GDPR, PCI

Other Accomplishments

• Check out The Shellsharks Podcast!
• Johns Hopkins Whiting School of Engineering Alumni Mentorship Program
• Practical Security 101: A Functional Guide to Implementing CIS Controls in Resource-Constrained Environments, TechAdvantage 2021
• SANS Core NetWars (v7) Tournament Champion, SANS Offensive Operations West 2021
• SANS SEC575: Mobile Device Security and Ethical Hacking CTF Challenge Victor, SANS Tysons Corner Fall 2017
• SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques CTF Challenge Victor, SANS Northern VA Reston Spring 2018
• SANS ICS515: ICS Active Defense and Incident Response CTF Challenge Victor, SANS Columbia 2019
• SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking CTF Challenge Victor, SANS Pen Test HackFest 2019
• SANS MGT512: Security Leadership Essentials for Managers CTF Challenge Victor, SANS Boston Summer 2022

Interested in working with me? Feel free to reach out!