Spencer Provost

[email protected]

Experience

Amazon

March 2022 - Current

Infrastructure Security Engineer

Sure, Inc.

August 2020 - March 2022

Director of Infrastructure & Security

• Lead and supervise all Security, Infrastructure, and IT efforts.
• Assist in the planning, estimating, and prioritization of the IT, Infrastructure, and Security roadmaps.
• Design and plan hiring and onboarding pipelines, following the company’s standards.
• Build and maintain effective on-call rotations and incident response workflows, to meet the company’s SLAs and maintain uptime.
• Lead system security and vulnerability analyses.
• Lead risk assessments and build risk mitigation plans.
• Design and assist in an AWS organziation re-architecture to scale our AWS infrastructure to 30+ accounts.
• Rearchitect AWS account infrastructure; including VPC and subnet architecture, routing, security controls, and access management.
• Built and deploy corporate VPN solution.
• Managed corporate AV/EDR solution.
• Managed product infrastructure security moniroting solution.
• Perform 3rd party vendor evaluations.
• Coordinate external penetration tests by 3rd parties.
• Manage Sure's compliance and standards: SOC 2 Type 2 and PCI.
• Write Incident Response Playbooks.
• Created and maintain a Incident Response Plan.
• Built, deployed, and maintain a SIEM to ingest 50+ Gbs of logs daily.
• Implement security automations to continuously audit and monitor our environment and applications.
• Created and maintain IT Security policies: Acceptable Use, Password Protection, Clean Desk, Removable Media, PCI, Data Retention and Destruction, and Privileged Access.
• Deployed and manage WAF solution.

Blackline

May 2020 - August 2020

Information Security Engineer

• Managed security risk metric program to help identify key areas of risk throughout the company.
• Developed Kubernetes and container security tools and methods.
• Tuned LogRhythm SIEM.
• Improved internal security documentation including playbooks, processes and procedures.

GoodRx

April 2019 - March 2020

Senior Security Engineer

• Built and maintained security logging solutions (SIEM).
• Partnered with diverse teams to design and implement security best practices.
• Performed security assessments against cloud-based infrastructure.
• Deployed and managed endpoint security along with network monitoring.
• Generated incident response playbooks and respond to incidents.

Mandiant | A FireEye Company

June 2016 - April 2019

Red Ream Consultant

• Conducted and managed offensive penetration (red team) security assessments.
• Created technical reports for clients providing strategic and technical recommendations.
• Provided guidance on incident response investigations through real world testing.
• Managed infrastructure for red team training courses.
• Interfaced with potential clients to deliver bids, statements of work, and a scope of services.
• Wrote custom scripts to aid in penetration and vulnerability assessments.
• Domestic and International Clients Include: Banking, Financial, Fortune 500, Hospitality, Legal, Medical, Public Utility, Retail, Shipping, Startups, State Department (Elections), Tech, and Telecommunications.

Clemson University | Information Security

June 2015 - May 2016

Lead Security Analyst

• Performed vulnerability scans, validated results, and assessed criticality using Nessus.
• Monitored and investigated potential malicious activity using Stealthwatch and Bro IDS tools.
• Malware investigations using Cisco SourceFire AMP.
• Analyzed correlation of system, intrusion detection, and network logs, with Splunk, to identify threats and investigate malicious activity.
• Wrote custom scripts to automate threat detection.
• Trained new analysts on security operations and monitoring methodologies.

Education

Clemson University

2012 - 2016

Bachelor of Science

Computer Science

CPSC 322 - Operating Systems
CPSC 330 - Computer Systems Organization
CPSC 424 - System Administration & Security
CPSC 362 - Distributed Computing
CPSC 462 - Database Management
CPSC 360 - Networks & Network Programming

Certifications

Advanced Red Teaming

Mandiant | 2016

Enterprise Incident Response

Mandiant | 2016

HPC Intro to Thor

LexisNexis | 2015

HPC Intro to ECL

LexisNexis | 2015

Skills

Offensive Security Tools

Burp
Cobalt Strike
FiercePhish
Metasploit
Nessus/Security Center
Nmap
Wireshark
Empire

Defensive Security Tools

Bro/Zeek IDS
Cisco SourceFire AMP
Elastic Search/OpenSearch
Mandiant Redline
Splunk
StealthWatch
Crowdstrike
Threatstack
Signal Sciences
PerimeterX
TheHive
Cortex

Cloud Computing & Infrastructure

AWS
GCP
Digital Ocean
Fastly
CloudFlare
Kubernetes

Operating Systems

Debian
Fedora
MacOS
CentOS
Amazon Linux
Windows Server Suite
Containers/Docker

Web Servers

Nginx
Apache
IIS

Programming & Automation

Bash
C
Objective-C
HTML
Java
Javascript
Python
Powershell
Terraform
Packer

Databases & Secrets Management

MSSQL
MySQL
Oracle
PostgreSQL
Vault (Hashicorp)

Firewalls & Network Security

Cisco ASA
Palo Alto
OpenVPN
pfSense
Ubiquiti

Storage

FreeNAS
OpenMediaVault
MinIO

Cluster Computing

PBS
MPI
Hadoop

Version Control

Git
GitHub
GitLab
SVN
Gitea

Virtualization

VMVsphere/ESXi
VirtualBox
Vagrant
Proxmox
Ovirt
Hyper-V

Email Security & Technology

Google Workspace
Postmark
SendGrid
SMTP
SPF
DKIM
DMARC

Field Experience

Projects

SIEM Deployment (Opendistro Elasticsearch)
BLESS SSH Access Management
Terraform Infrastructure
Android Development (Nice Catch Tiger)
Android Development (Notes App)
Local Concert Aggregator (ShowGo)
Memory Allocator
Cloud Robot Controller
File Recovery Tool
Capture The Flag Infrastructure

Penetration Assessment Types

Web Application
External Infrastructure
Internal Network
Red Team
Advanced Metering Infrastructure (ICS)
Mesh Network
Hardware
Firewall Review
Architecture Review
PCI Zone
Email Social Engineering
Phone Social Engineering
SWIFT (Banking) Network

Incident Response Investigations

S3 Bucket Breach
Database Analysis
Log Analysis
Linux System Compromise
Enterprise Breach
Insider Threat