I'm a security expert with over 18 years of security consulting experience. Some of my skills are listed below:
- Windows Security Expert – Both offensive and defensive techniques
- Performed Network pentesting, security code reviews and application risk assessments for customer facing applications at Fortune 100 companies.
- Lead and manage security consultants at U.S.Bank to improve security posture of applications, networks, and Mobile applications.
- Delivered several million dollars of security services and technology for clients in the financial, retail, healthcare, manufacturing, and utilities sectors.
- Performed Red team hacking for many Fortune 500 companies
- Introduced security risk assessments and threat modeling techniques into the organization.
- Acted as technical authority on security for numerous RFPs and during contract negotiations.
- Participated in many PCI Assessments for many small, large and multinational companies and performed gap analysis, consultation, and development of customized solutions.
- Audited applications written in multiple languages, including Java/JSP, VB.NET, ASP.NET, C#, C/C++, PHP.
- Web Penetration testing to prove Software Security Vulnerabilities with IBM AppScan, Burp Professional, Paros and Manual Fuzzing and Penetration Testing with AppScan and Firefox plug-ins.
- Trained, documented and advised application developers in regards to security risks, secure coding best practices, with practical remediation guidance provided to developers.
- Drove the adoption of security scanning tools for both development and production use. Tools utilized: Qualys and IBM Rational AppScan.
- Trained developers to write secure code using the OWASP software security testing guide.
- Found Software security vulnerabilities for clients including: SQL injection, XSS, Cross Site Request Forgery and multiple other vulnerabilities.
- Tested many networks and over a thousand Fortune 100 web applications for security issues; tested top company external and internal and penetrated into systems.
Offensive Security Certified Professional (OSCP)
Cisco Certified Network Associate (CCNA)
GIAC GSSP-JAVA Certification
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)