NAME

SYNOPSIS

DESCRIPTION

HISTORY

[  245.889201] sente: registered  [current]
    → Partner and Founder · Sente Security, LLC · Lisbon, PT
    ├─ fractional security and privacy executive leadership + consulting
    ├─ oversee business development, technical ops, sales, and hiring
    └─ client-facing exec across compliance, vuln mgmt, tooling, and audits

[  241.452198] marqeta: registered
    → Group PM, Security and Privacy · Marqeta
    ├─ PM owner for Product Security, Privacy Engineering, and IAM
    ├─ fast-paced agile delivery: automation, maintainability, ease of use
    ├─ partnered with engineering, legal/privacy, compliance, internal audit
    ├─ anticipated SOX, PCI-DSS, and GDPR requirements in the roadmap
    └─ consolidated intake + built automated metrics/KPI dashboards

[  222.009812] vineti: registered
    → VP, Security and Data Protection Officer · Vineti
    ├─ led infosec, product security, privacy engineering, and GRC
    ├─ implemented Vineti's first Secure SDLC process
    ├─ modernized endpoint protection along zero trust principles
    ├─ formal vendor security reviews; re-aligned risk to NIST 800-53 RMF
    └─ de facto face of security; engaged customer and partner leaders

[  147.651284] vmware: registered
    → Sr. Manager, Security Architecture · VMware, Inc. · Atlanta, GA
    ├─ product security/privacy architecture across all VMware LOBs
    ├─ led threat modeling for all VMware products and cloud services
    ├─ built a library of design patterns and security requirements
    ├─ trusted advisor and security/privacy SME to each LOB and partner
    └─ managed 10 globally-based Sr. Architects on long-term architectural
       challenges balancing security, innovation, and compliance

[  114.230901] controlscan: registered
    → Manager, Security Engineering Services · ControlScan, Inc. · Atlanta, GA
    ├─ led the penetration testing team: assignment, coaching, reviews, hiring
    ├─ performed network and application penetration testing
    ├─ developed new service offerings (risk assessments, social engineering)
    ├─ supported the sales lifecycle through technical scoping
    └─ built service collateral, reporting templates, and testing tools

[  106.445301] homedepot: registered
    → Lead Security Engineer (contract) · Home Depot · Atlanta, GA
    ├─ security testing, risk assessment, design reviews for the corporate SDLC
    ├─ vuln assessments + web app pen tests alongside enterprise architects
    ├─ drove implementation of enterprise-wide local vulnerability scanning
    └─ prepared reports for senior and executive-level decision makers

[  100.998102] immense: registered
    → Information Security Director · Immense Networks · Baton Rouge, LA
    ├─ SME for all internal projects and client engagements needing infosec
    ├─ configured and implemented the organization's first SIEM platform
    └─ produced the org's first DR Plan from an enterprise risk assessment

[   90.117098] secureworks: registered
    → Security & Risk Consultant · SecureWorks · Atlanta, GA
    ├─ risk assessment services to Fortune 100s, FIs, healthcare, retail
    ├─ 70% travel: social engineering, pen testing, risk assessments
    ├─ prescriptive remediation strategies delivered directly to clients
    └─ attained PCI-QSA; PCI gap + EI3PA assessments on Experian data

[   80.334572] pn_consulting: registered
    → Sr. Consultant, Infosec · Postlethwaite & Netterville · Baton Rouge, LA
    ├─ SAS 70 and SAS 94 audits, pen tests, and vulnerability assessments
    ├─ built and delivered end-user security training programs
    ├─ represented P&N at regional conferences
    └─ assistant PM on a major energy co. web application rollout

[   46.889201] tracesecurity: registered
    → Delivery Manager / Sr. Security Engineer · TraceSecurity, Inc.
    ├─ managed a team of engineers consulting to FIs and Fortune 50s
    ├─ mentored engineers, oversaw engagements and work products
    ├─ Delivery Manager Competency Lead
    └─ defined requirements for the first in-house project/time mgmt tool

[   41.102031] netshapers: registered
    → Security Support / QA Tech Lead · NetShapers, Inc.
    ├─ FreeBSD and network administration
    ├─ vuln assessment and scanning of production networks
    ├─ supported a fleet of raccoon-vpn tunnels in the field
    └─ PM for new engagements: requirements, progress, QA, follow-ups

[   18.412094] self_employed: registered
    → IT/Security Consultant · Baton Rouge, LA
    ├─ returned to LSU as a full-time student
    ├─ IT and security consulting for a local oil and gas exploration co.
    └─ led the DLU Linux Users Group — Gentoo desktops, iptables firewalls,
       war-driving with kismet, and other hacking activities

[    0.000001] espion: registered
    → Support Manager · Espion International
    ├─ oversaw all incoming support for the Interceptor anti-spam platform
    ├─ app + network troubleshooting for a fleet of 100+ FreeBSD appliances
    ├─ analyzed large email data sets to train the core anti-spam engine
    │  using spamassassin, amavisd, Postfix, and MySQL
    └─ built quality tests, build scripts, procedures, and shipping logistics

CERTIFICATIONS

CIPM

Certified Information Privacy Manager (IAPP). Valid.

CIPP/E

Certified Information Privacy Professional — Europe (IAPP). Valid.

CISSP

Certified Information Systems Security Professional (ISC2). Valid.

ITIL

ITIL Foundation Level (AXELOS). Valid.

GWAPT

GIAC Web Application Penetration Tester (SANS). Expired.

PUBLICATIONS

Feb 10, 2016

Threat Modeling the Minecraft Way — BSides Huntsville 2016, RSA 2016, BSides Nashville 2016

Your 10 year old is better at threat modeling than you! No, really. The secret is the addictive phenomenon known as Minecraft.

Aug 7, 2014

Password Security in the PCI DSS — PasswordsCon 14

We'll discuss the evolution of passwords and other authentication controls throughout the history of the PCI-DSS, as well as where they fall short of both conventional wisdom and practicality.

SEE ALSO

BUGS

AUTHOR