3245 Goshen Road
Stanford KY 40484
p: 865 686 6827
Diversely skilled Information Systems Security Professional with close to two decades of progressive experience in network design, systems administration, infrastructure design, risk assessment, vulnerability assessment, penetration testing, and host/network security.
- System, network, and application vulnerability discovery and penetration testing.
- Programming/Scripting: C, C++, C#, Java, Bash, Perl, PHP, Python
Senior Security Consultant, TrustedSec
Stanford, KY — 07/2018 - Present
- Conduct variety of penetration tests for clients: Network Penetration, Web Application, Wireless, Social Engineering, Physical, Red Team, …
- Prepare and deliver high quality deliverables and presentations.
Senior Security Consultant, Rapid7
Stanford, KY — 08/2015 - 07/2018
- Conduct variety of penetration tests for clients across the globe.
- Prepare and deliver high quality deliverables and presentations to key stakeholders ranging from security analysts to the C-suite.
- Network Penetration Testing
- Web Application Penetration Testing
- Wireless Penetration Testing
- Social Engineering Assessments
- Developed curriculum and labs for a Network and Application Penetration Testing Course covering everything from initial reconnaissance to Post Exploitation and Reporting.
Senior Penetration Tester, Mantech International Corporation (Formerly: Knowledge Consulting Group)
Knoxville, TN — 02/2014 - 08/2015
- Conducted a wide variety of penetration tests, including social engineering, network, mobile, and wireless.
- Prepared and delivered quality reports that comprehensively and clearly explain risk, demonstrate findings, and offer tactical and strategic recommendations to clients
- Delivered debriefing presentations to key stakeholders
- Researched the latest exploit methodologies and transfer knowledge to other team-members
Co-Founder, Seeds of Epiphany
Knoxville, TN — 2012 - Present
- Designed and developed various web applications, desktop applications, scripts, and programming libraries that improve the day-to-day lives of security professionals.
Senior Research Engineer, Tenable Network Security
Knoxville, TN/Columbia, MD — 09/2012 - 02/2014
- Helped to keep track of all new publicized vulnerabilities and then develop "plugins" for the Nessus vulnerability scanner
- Accurately tested for the vulnerability by analyzing vendor-supplied security patches, manually configured vulnerable targets in a virtual environment, analyzed the system or application to reliably understand the impact of the vulnerability then developed a method to test for the vulnerability remotely.
Senior Security Analyst, Sword & Shield Enterprise Security, Inc.
Knoxville, TN — 05/2006 - 09/2012
- Maintained expertise in state-of-the-art security technologies and skills
- Performed security consulting and support for security technologies including firewalls, VPNs, intrusion detection/prevention systems, anti-virus systems, authentication systems and security architectures.
- Performed network vulnerability assessments penetration testing utilizing a combination of commercial, open source, and custom software packages.
Global Network Security Vulnerability Analyst, National Security Agency
Ft. Meade, MD — 05/1996 - 05/2006
Global Network Security Vulnerability Analyst with the Systems and Network Attack Center’s (SNAC) Operational Network Evaluations office
- Performed security testing and analysis on US Government operational networks from both internal and external threat perspectives.
- Researched vulnerabilities focusing on UNIX products and other applications used on DoD systems.
PRESENTING / SPEAKING
- SPF – Speed Phishing Framework
- APT2 – Automated Penetration Testing Toolkit
- Legion – Distributed computing environment that can be used for both academic and pen testing purposes.
- FullAutoOSINT - Automated OSINT Toolkit
- Metasploit Modules:
- BS in Computer Science and Mathematics, University of Kentucky, 1999
- All course work towards Masters Degree (missing Thesis) in Computer/Network Security, University of California at Davis, 2001
- Various National Cryptographic School Courses related to System/Network security and Auditing.
Available upon request.