Schlagwörter
Skills
Projekthistorie
Developed course instruction. Developed pentesting labs for UMUC, labs for Yara Rules, and Wireshark. Built a lab network which simulates a DDOS attack in which the students are required to learn the attack and defend the systems. Advised the Cybersecurity program on advancements within the program to improve the educational experiences for students. Taught undergraduate classes in person and online on the subject of offensive security.
BDO Cyber Security (Munich, Germany) planned business plans for Offensive Security. Standardised Offensive Security documentation process. Defined Red Teaming, Different types of penetration testing engagements, and social engineering testing. Part of or managed testing engagements for various customers within many industries. Spoke with customer stakeholders about the findings and provided customers with recommendations for fixing the findings. Conducted retesting as needed by customers. Explained to both internal and externals about how testing engagements provide details about good and bad SOC habits. Developed a finding ID tracking system which mapped findings back to customers policies, documentations and guidelines.
Conducted white-box pentesting engagements against applications and networks. The assessments ranged from researching published vulnerabilities to looking for unknown vulnerabilities. Documented deficiencies identified during application, and network assessments. Explained to customers the issues
identified and how they can improve the security posture of their networks, and applications. Helped with the incident response after a customer incident. Spoke at the Daimler Global Security conference about Cyber-Killchain and how to use the model.
Reviewed system, tools, application and provided information on improvements. Responded to security events to include analysing data to understand the event, and provide steps to stop the kill chain of similar attacks. Explained to executive management the attacks and how to mitigate similar attacks. Reported all other work directly to the CISO. Conducted review of current topology, tools, and made plans to improve the security posture of the Bank. Improved the end-point (Server and Client systems) security by over 95% to improve the overall security posture of the network. Explained areas missing to higher management, and how to improve those missing aspects by using current tools or tools that were missing. Showed to other managers how current implemented applications can be abused and used for Social Engineering attacks, data extraction as well as other aspects. Made recommendations to separate internal or trusted email sources from unknown or non-trusted sources to reduce the impact of Social Engineering campaigns. Helped with the development and implementation of a better security training program which showed real world attack and how users can protect themselves. Implemented a Social Engineering attack plan and an after action training program for users. Developed a plan for Web Application scanning and implementation of a Web Application Firewall (WAF).