Experience

GoodRx

April 2019 - March 2020
Senior Security Engineer
  • • Built and maintained security logging solutions (SIEM).
  • • Partnered with diverse teams to design and implement security best practices.
  • • Performed security assessments against cloud-based infrastructure.
  • • Deployed and managed endpoint security along with network monitoring.
  • • Generated incident response playbooks and respond to incidents.

Mandiant | A FireEye Company

June 2016 - April 2019
Red Ream Consultant
  • • Conduct and manage offensive penetration (red team) security assessments.
  • • Create technical reports for clients providing strategic and technical recommendations.
  • • Provide guidance on incident response investigations through real world testing.
  • • Manage infrastructure for red team training courses.
  • • Interface with potential clients to deliver bids, statements of work, and a scope of services.
  • • Write custom scripts to aid in penetration and vulnerability assessments.
  • • Domestic and International Clients Include: Banking, Financial, Fortune 500, Hospitality, Legal, Medical, Public Utility, Retail, Shipping, Startups, State Department (Elections), Tech, and Telecommunications.

Clemson University | Information Security

June 2015 - May 2016
Lead Security Analyst
  • • Performed vulnerability scans, validated results, and assessed criticality using Nessus.
  • • Monitored and investigated potential malicious activity using Stealthwatch and Bro IDS tools.
  • • Malware investigations using Cisco SourceFire AMP.
  • • Analyzed correlation of system, intrusion detection, and network logs, with Splunk, to identify threats and investigate malicious activity.
  • • Wrote custom scripts to automate threat detection.
  • • Trained new analysts on security operations and monitoring methodologies.

Education

Clemson University

2012 - 2016
Bachelor of Science
Computer Science
  • CPSC 322 - Operating Systems
  • CPSC 330 - Computer Systems Organization
  • CPSC 424 - System Administration & Security
  • CPSC 362 - Distributed Computing
  • CPSC 462 - Database Management
  • CPSC 360 - Networks & Network Programming

Certifications

Advanced Red Teaming

Mandiant | 2016

Enterprise Incident Response

Mandiant | 2016

HPC Intro to Thor

LexisNexis | 2015

HPC Intro to ECL

LexisNexis | 2015

Skills

Offensive Security Tools
  • Burp
  • Cobalt Strike
  • FiercePhish
  • Metasploit
  • Nessus/Security Center
  • Nmap
  • Wireshark
  • Empire
Defensive Security Tools
  • Bro/Zeek IDS
  • Cisco SourceFire AMP
  • Elastic Search
  • Mandiant Redline
  • Splunk
  • StealthWatch
  • EDR (Crowdstrike)
Cloud
  • AWS
  • GCP
  • Digital Ocean
Operating Systems
  • Debian/Ubuntu
  • Fedora
  • OS X
  • Red Hat Linux/CentOS
  • Windows Server Suite
Web Servers
  • Apache
  • IIS
  • Nginx
Programming & Automation
  • Bash
  • C
  • Objective-C
  • HTML
  • Java
  • Python
  • Powershell
  • Terraform
  • Packer
Databases & Secrets Management
  • MSSQL
  • MySQL
  • Oracle
  • PostgreSQL
  • Vault (Hashicorp)
Networking
  • Cisco ASA
  • Palo Alto
  • FreeNAS
  • OpenVPN
  • pfSense
Cluster Computing
  • PBS
  • MPI
  • Hadoop
Version Control
  • Git
  • GitHub
  • GitLab
  • SVN
Virtualization
  • VMVsphere/ESXi
  • VirtualBox
  • Vagrant
Mail Severs
  • Microsoft Exchange
  • Postfix
  • SMTP
  • SPF

Field Experience

Projects
  • SIEM Deployment (Opendistro Elasticsearch)
  • BLESS SSH Access Management
  • Terraform Infrastructure
  • Android Development (Nice Catch Tiger)
  • Android Development (Notes App)
  • Local Concert Aggregator (ShowGo)
  • Memory Allocator
  • Cloud Robot Controller
  • File Recovery Tool
  • Capture The Flag Infrastructure
Penetration Assessment Types
  • Web Application
  • External Infrastructure
  • Internal Network
  • Red Team
  • Advanced Metering Infrastructure (ICS)
  • Mesh Network
  • Hardware
  • Firewall Review
  • Architecture Review
  • PCI Zone
  • Email Social Engineering
  • Phone Social Engineering
  • SWIFT (Banking) Network
Incident Response Investigations
  • S3 Bucket Breach
  • Database Analysis
  • Log Analysis
  • Linux System Compromise
  • Enterprise Breach