Director or VP of Security
Send a job offer directly to this candidate
I have homes in California, Wisconsin, and Illinois, but willing to relocate as well.
My objective is to find a role to expand my experience in security or industry.
RWX Labs · Full-time
Feb 2023 - Present · 2 mos
Exploit research, fund raising, budgeting, sales, performance management, compensation planning
Skills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse EngineeringSkills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse Engineering
Director of Cyber Offense Program
Databricks · Full-time
Feb 2020 - Feb 2023 · 3 yrs 1 mo
Helped build and run Cyber Offense Program across all three clouds (AWS, GCP, Azure) which consisted of:
We also supported certifications (HIPAA, PCI, ISO, Soc2) through our pentest team and audit evidence collection
Skills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration TestingSkills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration Testing
5 yrs 1 mo5 yrs 1 mo
Full-time
Jan 2015 - Jan 2020 · 5 yrs 1 mo
Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).
Skills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse EngineeringSkills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse Engineering
May 2015 - Jan 2017 · 1 yr 9 mos
Austin, Texas Area
Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners. These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers.
In addition to the subscriptions, the groups also deliver on tasks throughout the year. Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners.
These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers. In addition to the subscriptions, the groups also deliver on tasks throughout the year.
Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).
Skills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse EngineeringSkills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse Engineering
Sr. Director Research + Development
Aug 2013 - May 2015 · 1 yr 10 mos La Jolla
Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation.
Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation.
• Expanded Applied Research Team’s focus from 1 industry (smart meters) to 3 industries (adding smartphones from 2 major handset manufacturers, and medical devices from the largest medical device manufacturer in North America) in within 6 months.
• Directed the zero-day research team focused on delivery of nation state level vulnerability research for government organizations.
• Created a group to evaluate security technology. The group performs technical due diligence for potential security products and services M&A activities by Blackstone. The group is also responsible for identifying new security firms and vetting their technology for whether they would fit within the Accuvant VAR portfolio.
Skills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability Assessment
Sr. Security Engineer
Dec 2010 - Aug 2013 · 2 yrs 9 mos
My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification.
The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification.
The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.
Skills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse EngineeringSkills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse Engineering
Jan 2008 - Oct 2009 · 1 yr 10 mos
Skills: Auditing · IT Service Management · Staff Development · IT Risk Management · LeadershipSkills: Auditing · IT Service Management · Staff Development · IT Risk Management · Leadership
Dec 2007 - Aug 2009 · 1 yr 9 mos
Austin, Texas The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different.
IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits.
Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product.
Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different.
IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits.
Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product.
Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).
Skills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse EngineeringSkills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse Engineering
Sep 2006 - Sep 2007 · 1 yr 1 mo
Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.
Skills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability Assessment
Apr 2005 - Sep 2006 · 1 yr 6 mos
Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team. These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team.
These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.
Skills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration TestingSkills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration Testing
X-Force Research Engineer
ISS X-Force
Apr 2004 - Apr 2005 · 1 yr 1 mo
Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share.
During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution.
Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities.
Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share. During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution.
Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities. Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.
May 2002 - Apr 2004 · 2 yrs
-incident response team
-vulnerability assessment team
-security risk assessment team
Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.Created and managed: -incident response team -vulnerability assessment team -security risk assessment team Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.
Skills: Auditing · IT Service Management · Recruiting · Leadership · Vulnerability Assessment · Penetration Testing
Sr. Security & Safety Engineer
Apr 2001 - Oct 2001 · 7 mos
Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues.
Successfully performed security assessments on:
-check in kiosks (print a ticket to go anywhere for free)
-bypass bag scanning security system
-performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues.
Successfully performed security assessments on: -check in kiosks (print a ticket to go anywhere for free) -bypass bag scanning security system -performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.
Skills: Auditing · IT Service Management · Vulnerability ResearchSkills: Auditing · IT Service Management · Vulnerability Research
Sr. Financial Auditor
ERNST&YOUNG
Jun 1998 - Apr 2001 · 2 yrs 11 mos
Led teams of 2 to 8 on financial audits of Fortune 500 clients.
E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner.Led teams of 2 to 8 on financial audits of Fortune 500 clients. E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner.
Also led several IT Controls Audits
Skills: Auditing · IT Service Management · Team Leadership · IT Audit · Accounting
I have homes in California, Wisconsin, and Illinois, but willing to relocate as well.
My objective is to find a role to expand my experience in security or industry.
RWX Labs · Full-time
Feb 2023 - Present · 2 mos
Exploit research, fund raising, budgeting, sales, performance management, compensation planning
Skills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse EngineeringSkills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse Engineering
Director of Cyber Offense Program
Databricks · Full-time
Feb 2020 - Feb 2023 · 3 yrs 1 mo
Helped build and run Cyber Offense Program across all three clouds (AWS, GCP, Azure) which consisted of:
We also supported certifications (HIPAA, PCI, ISO, Soc2) through our pentest team and audit evidence collection
Skills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration TestingSkills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration Testing
5 yrs 1 mo5 yrs 1 mo
Full-time
Jan 2015 - Jan 2020 · 5 yrs 1 mo
Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).
Skills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse EngineeringSkills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse Engineering
May 2015 - Jan 2017 · 1 yr 9 mos
Austin, Texas Area
Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners. These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers.
In addition to the subscriptions, the groups also deliver on tasks throughout the year. Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners.
These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers. In addition to the subscriptions, the groups also deliver on tasks throughout the year.
Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).
Skills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse EngineeringSkills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse Engineering
Sr. Director Research + Development
Aug 2013 - May 2015 · 1 yr 10 mos La Jolla
Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation.
Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation.
• Expanded Applied Research Team’s focus from 1 industry (smart meters) to 3 industries (adding smartphones from 2 major handset manufacturers, and medical devices from the largest medical device manufacturer in North America) in within 6 months.
• Directed the zero-day research team focused on delivery of nation state level vulnerability research for government organizations.
• Created a group to evaluate security technology. The group performs technical due diligence for potential security products and services M&A activities by Blackstone. The group is also responsible for identifying new security firms and vetting their technology for whether they would fit within the Accuvant VAR portfolio.
Skills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability Assessment
Sr. Security Engineer
Dec 2010 - Aug 2013 · 2 yrs 9 mos
My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification.
The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification.
The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.
Skills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse EngineeringSkills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse Engineering
Jan 2008 - Oct 2009 · 1 yr 10 mos
Skills: Auditing · IT Service Management · Staff Development · IT Risk Management · LeadershipSkills: Auditing · IT Service Management · Staff Development · IT Risk Management · Leadership
Dec 2007 - Aug 2009 · 1 yr 9 mos
Austin, Texas The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different.
IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits.
Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product.
Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different.
IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits.
Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product.
Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).
Skills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse EngineeringSkills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse Engineering
Sep 2006 - Sep 2007 · 1 yr 1 mo
Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.
Skills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability Assessment
Apr 2005 - Sep 2006 · 1 yr 6 mos
Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team. These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team.
These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.
Skills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration TestingSkills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration Testing
X-Force Research Engineer
ISS X-Force
Apr 2004 - Apr 2005 · 1 yr 1 mo
Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share.
During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution.
Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities.
Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share. During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution.
Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities. Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.
May 2002 - Apr 2004 · 2 yrs
-incident response team
-vulnerability assessment team
-security risk assessment team
Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.Created and managed: -incident response team -vulnerability assessment team -security risk assessment team Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.
Skills: Auditing · IT Service Management · Recruiting · Leadership · Vulnerability Assessment · Penetration Testing
Sr. Security & Safety Engineer
Apr 2001 - Oct 2001 · 7 mos
Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues.
Successfully performed security assessments on:
-check in kiosks (print a ticket to go anywhere for free)
-bypass bag scanning security system
-performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues.
Successfully performed security assessments on: -check in kiosks (print a ticket to go anywhere for free) -bypass bag scanning security system -performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.
Skills: Auditing · IT Service Management · Vulnerability ResearchSkills: Auditing · IT Service Management · Vulnerability Research
Sr. Financial Auditor
ERNST&YOUNG
Jun 1998 - Apr 2001 · 2 yrs 11 mos
Led teams of 2 to 8 on financial audits of Fortune 500 clients.
E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner.Led teams of 2 to 8 on financial audits of Fortune 500 clients. E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner.
Also led several IT Controls Audits
Skills: Auditing · IT Service Management · Team Leadership · IT Audit · Accounting
University of Chicago: Masters's in Computer Science
University of Wisconsin: Bachelors in Accounting
