E-mail is on this site, somewhere...
More thorough resume available if directly contacted.
Career accomplishments, speaking engagements, awards, etc. This is where samples of my presentations can be found.
| Event | Description |
|---|---|
| 44con - OSINT Workshop and CTF | 44con OSINT CTF |
| Sunflowercon - Panelist | YouTube Video |
| SunflowerCon - OSINT Presentation | YouTube Video |
| Sunflower Con - 5 March 2022 | SunflowerCon Event Page |
| BHIS Talkin' Bout [infosec] News 1-31-2022 | YouTube |
| Wisconsin Technology Association - Human Side of Security - April 2021 | Event Page |
| Wisconsin Technology Association - Human Side of Security - April 2021 | Video |
| TraceLabs Global OSINT for Missing Persons - SENIOR JUDGE (Over 6 times) - March 2019 - Current | OSINT For Missing Persons (Video) |
| TraceLabs OSINT for Missing Persons - BSides Vancouver - JUDGE - March 2019 | OSINT For Missing Persons |
| TraceLabs Global OSINT for Missing Persons - PARTICIPANT - Feb 2019 | OSINT For Missing Persons |
| HIPAA Collaborative of Wisconsin 2018 Fall Conference | Hackers Doing Homework |
| DC414 Meetup July 2018 | Phishing Presentation |
| DC414 DEF CON Groups 2016 Contest | DG 'Year of the Hack' |
| DC414 DEF CON Groups 2016 Contest | DC414 'Year of the Hack' Update |
| Cyphercon 1.0 | The CYPHERCON PuzzleMaster Speaks |
| Eagle Scout | September 1995 |
| Eagle Scout Bronze Palm | January 1996 |
| Eagle Scout Gold Palm | September 1996 |
I have over thirteen years of experience in the Information Security field, with approximately six of those years as an Auditing, Validation, and Testing Analyst. Recent projects involve thorough OSINT and penetration testing of healthcare systems. I have been described as someone who "you can tell he lives and breathes security". I have spent several additional years in financial, manufacturing, military, banking, medical, and governmental security industries. I also hold a Master degree in Information System Security.
- Completed training and certification for Red Team: Gaining Access - Sept 2021
- Completed training and certification for Active Defense and Cyber Deception - April 2020
- Gained certification for Practical OSINT for Everyday Social Engineers - September 2019
- Acquired GCIH certification - January 2019
- Attended SANS504 Training - Sept 2018
- Progressing with my OSCP certification
- CompTIA Security+ – 08/2010
- M.S. Information Systems Security - Colorado Technical University - 12/2007
- B.S. Political Science - University of Wisconsin-Milwaukee – 12/2003
- Provided support and insight to defensive stance of organization.
- Worked within several tools that monitored connections and application allowlisting.
- Leveraging and tuning security stack to respond to incidents.
- Oversaw penetration testers and vulnerability management.
- Coordinated information security professionals to use open source intelligence techniques to help locate missing persons.
- Presented techniques and guidance to a global audience monthly.
- Verified incoming intelligence for missing persons cases.
- Created and delivered digestible reports to law enforcement contacts.
- Advanced from Judge Committee Lead, to Community Manager, to Director.
Global Product Security Vulnerability Mangement Tech Lead | Johnson Controls | Milwaukee, WI | 12/2018 – 7/2019
- Designed, implemented and managed software vulnerability analysis and remediation capabilities. Proactively managed risk across the product lifecycle.
- Interacted with various security architects and security champions from all lines of business within Johnson Controls products.
- Achieved GIAC Certified Incident Handler (GCIH) and served as a secondary incident response for Product Security incidents impacting any Johnson Controls Product or customer. Would take primary lead on incident handling when appropriate.
- Interacted with MITRE to serve as liaison to them for Johnson Controls' role as a CVE Numbering Authority (CNA). Responsible for critical input and guidance to the creation of Johnson Controls CVEs, and is part of MITRE's CNA CVE working group.
- Responsible for performing all aspects of penetration testing and technical security assessments on company web and internal applications.
- Executed network and application vulnerability assessments using scanners. Analyzed results to eliminate false positives. Leveraged prior and continuing experience using Burp Suite Pro, Acunetix, QualysWAS, Rapid7 InsightIDR and Tenable Nessus
- Responsible for conducting vulnerability scans and for preparing reports to stakeholders throughout company.
- Conducted analysis and determinations of potential phishing and virus e-mails, as submitted by employees as part of Brunswick’s PhishFry program.
- Ensured the creation of a secure computing environment through the implementation, and enforcement of security standards, procedures, guidelines, and policies.
- Executed penetration tests against network, web, and mobile assets. Leveraged prior and continuing experience using Kali Linux and Metasploit Framework.
- Responsible for conducting vulnerability scans and for preparing reports to stakeholders throughout Brunswick Corporation.
Vulnerability Threat Management and Incident Response | Walgreens Boots Alliance | Deerfield, IL | 11/2016 – 08/2017
- Responsible for performing all aspects of PCI- and HIPAA- compliant technical security assessments on various applications to include web, mobile, in house developed and off the shelf. Conducted penetration tests against Walgreens POS systems.
- Responsible for administering all procedures to ensure the safety of Information Technology assets and to protect administration of security for one or more IT functional areas across the enterprise.
- Leveraged prior and continuing experience using Tenable Nessus, and gained new experience with Qualys VM, and Rapid7 Nexpose.
- Conducted security validation of military networks and the creation of security concept of operations documents.
- Completed key deliverables needed for DIACAP certification, including ACAS Vulnerability Scans, Network Logical Diagrams, Hardware/Software Lists, eEye Retina Vulnerability Scans, and Test Plans
- Served as top-level admin to the Application Hosting Facility for NMCI
- Researched new issues and new deliverables, and contributed to development of automated tools
- Travelled to on-site Navy or Marine Corp sites to conduct eEye Retina Network Vulnerability Scans