Experience

• 

  TorchLight

  • United States
  • Computer and Network Security
  • 1 - 100 Employee

  • Executive Consultant and Principal Security Architect

    • Aug 2023 - Present

    Leading full-time project as acting vCISO for a government agency. Primarily improving information security and combating digital fraud for over one-hundred academic entities under the agency. Small team includes penetration testers and auditors to assist in verifying improvements and needs.

  • Principal Security Architect

    • Jan 2022 - Jul 2023

    Primarily part of a multi-year project in advisory services focused on combating digital fraud and improving information security across over a hundred organizations. Also leading a small team of penetration testers and auditors.

  • Principal Security Architect & Manager, Incident Response

    • Nov 2021 - Feb 2023

    Now a part of the security arm of Intrinium which was spun off and branded with a new name, Torchlight, still managing the same folks but now in charge of both security architecture and incident response (ransomware, rogue employee, threat hunting, etc.).

• 

  California Community Colleges

  • United States
  • Education Management
  • 100 - 200 Employee

  • Executive Consultant - CISO

    • Aug 2023 - Present

    Strategic planning and implementation oversight for improving information security and digital fraud prevention across system colleges. Leadership over team performing penetration testing, incident response, and other information security tasks.

  • Information Security Consultant

    • Jan 2022 - Jul 2023

    Supported executives in information security and combating digital fraud. Led team of penetration testers to assess more than 2/3rds of colleges in a single calendar year. Analyzed data for and assisted in strategic planning to resolve information security gaps and focus funding.

• 

  Intrinium

  • United States
  • IT Services and IT Consulting
  • 1 - 100 Employee

  • Manager, Incident Response and Forensics

    • Aug 2021 - Nov 2021

    Manage purple team activities including threat intelligence, incident response, computer forensics, red team actions, security architecture, and more. Tasked to grow this line of business from a handful of employees to infinity!

  • Security Architect

    • Jun 2019 - Aug 2021

    Architect and present comprehensive security solutions for midmarket and enterprise clients, lead red team technical testing engagements, managed security consulting department, support incident response engagements as a lead/researcher, provide advisory or consultative services at the executive level (vCIO, vCISO)

• 

  DXC Technology

  • United States
  • IT Services and IT Consulting
  • 700 & Above Employee

  • Team Lead, TVM Offensive Security

    • Jun 2018 - Jun 2019

    Manages US Threat and Vulnerability Management Offensive Security team that performs penetration testing and red team operations for various fortune 500 clients. Also performs such testing and assists employees with troublesome projects.

  • Sr. StrikeForce Operative

    • Jul 2015 - Jun 2018

    Performs penetration testing and related information security consulting services for clients. In essence, I break things, shatter hopes, and cause IT weeping and gnashing of teeth so that organizations will actually fix their security issues and protect their clients. ;)

• 

  Intrinium Networks / IT Security

  • United States
  • IT Services and IT Consulting
  • 1 - 100 Employee

  • Sr. Information Security Consultant

    • May 2013 - Jul 2015

    Perform penetration tests, vulnerability assessments, incident response, network forensics, and information security audits (Including QSA) for a variety of clients including financial, medical, governmental, educational and private entities.Provide internal tool development, training, leadership, and research for information security consultant staff.

  • Information Security Consultant

    • Jan 2012 - May 2013

    Perform penetration tests, vulnerability assessments, incident response, network forensics, and information security audits for a variety of clients including financial, medical, governmental, educational and private entities.

  • Business Intelligence/IT Consultant

    • Jan 2011 - Jan 2012

    Create and maintain medical data reports generated from a variety of disparate sources such as Centricity PM and AllScripts.Write and review policy documents for securing and managing information technology interactions with employees, customers and other onsite personnel for clients.Remotely support customers using a variety of software and hardware while presenting improvements customized to their business needs.

• 

  Self Employed

  • Contracted Sr. Software Engineer

    • Feb 2010 - Oct 2010

    Creation of iPhone and Android XMPP-based mobile chat programs.

• 

  Carnegie Mellon CyLab Japan

  • Teaching Assistant

    • Aug 2007 - Dec 2009

    Purpose To assist professors and graduate students of the Masters of Sciences in Information Technology - Information Security degree program. This is a part time position which is ending in December when the Carnegie Mellon CyLab Japan campus closes.Activities-Designing and building virtual machine environments for student use.-English language assistance.-Proofreading papers for journal submission.-Managing student concerns via communication with the professor or administration-Holding review and question/answer sessions with students.-Evaluating student performance.Reason for leaving: Campus closed for restructuring and combining with Hyogo University programs, all contract staff laid off.

• 

  Carnegie Mellon University

  • Research Fellow

    • Jan 2008 - Dec 2008

    Purpose Perform computer science research in relation to the privacy preserving machine learning algorithms subsection of iCAST project. Manage and assist visiting researchers at Carnegie Mellon CyLab Japan campus.Activities-Enhancing machine learning algorithms with privacy preservation capabilities.-Authoring, submitting, and presenting academic papers to conferences around the world.-Building and executing experiments to validate own and other researchers theories.-Proofreading both full-time and graduate student researcher journal papers for grammar, feasibility, and completeness.-Chairing weekly progress meetings.-Designing, purchasing and building an experiment server.Selected PublicationsBlosser, G. and Zhan, J. Maintaining K-Anonymity on Real-Time Data. Machine Learning and Cybernetics, 2007 International Conference on. 2007.Blosser, G. and Zhan, J. Privacy-Preserving Collaborative E-Voting. Lecture Notes in Computer Science, 5075. pp508-513. 2008.Park, H.A. and Lee, D.H. and Zhan, J. and Blosser, G. Efficient keyword index search over encrypted documents of groups. IEEE International Conference on Intelligence and Security Informatics, 2008. ISI 2008. pp225-229. 2008.Zhan, J. and Blosser, G. and Yang, C. and Singh, L. Privacy-Preserving Collaborative Social Networks. Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics. pp114-125. 2008.

• 

  Eastern Washington University

  • Software Engineering Database Administrator

    • Sep 2005 - Jul 2006

    Purpose Manage servers and databases associated with the software engineering section of the computer science program. Assist students with server usage and as a guest lecturer.Activities-Managing databases, software and security on the thirteen software engineering servers. Including: 2 Oracle servers, 2 -Microsoft SQL servers, 4 student project servers and 5 development systems.-Assist students and professors with database access and setup.-Installing and readying Oracle, Microsoft SQL, and MySQL database solutions on student project servers as needed.-Filling in on database lectures when the professors were unavailable.

• 

  Pentad Sytems

  • Software Engineer

    • Apr 2004 - Jul 2006

    System Architect Role-Purpose Interview clients and develop system architecture, design documents, and system specifications. Estimate time and labor costs needed to complete systems before passing on to management.Activities-Conducting meetings with clients and potential clients to determine their needs.-Writing design documentation and refining documents with clients and programmers.-Developing formal system specification documents with client and programmer input.-Estimating time and personnel needs for completing systems for management.-Building or requesting proof of concept prototypes to refine client needs.Research and Development Role-Purpose Research and experiment with new technologies for integration into existing system modules. Develop requested additions for clients by creating new or integrating existing solutions into systems.Examples-Building a universal database layer for interacting seamlessly with various database backends while preventing injection attacks and providing debugging information for programmers.-Developing a comprehensive security system to provide a simple way for clients to restrict or allow module access to employees.-Integrating existing technologies to allow for mass scanning of documents with barcodes and automatic linking to the appropriate records.

• 

  International Sales and Marketing

  • Network Administrator

    • Jan 2000 - Nov 2001

    Purpose Ensure the network, servers and end-host computers are secure and reliable for employees. Research, purchase, install, and maintain all components of the network.Activities-Securing the network with firewalls and anti-virus systems.-Managing virus outbreaks and patching security holes.-Designing web site.-Managing and programming Pick D3 databases

• 

  Kitsap County Fire District 7

  • Network Administrator

    • Aug 1998 - Jan 2000

    Purpose Ensure the network, servers and end-host computers are secure and reliable for employees. Research, purchase, install, and maintain all components of the network.Activities-Securing the network with firewalls and anti-virus systems.-Installing routers and connecting remote sites to network.-Managing virus outbreaks and patching security holes.-Building desktop and server systems from parts.-Designing internal web site.

• 

  Lockheed Martin

  • Software Engineer

    • Oct 1997 - Jul 1998

    As a part-time college intern, assist in solving computer problems for 8000+ employees. Work with acquisitions management in ordering computer systems for employee system upgrades or replacements.Activities-Solving computer problems over the phone and by remote desktop.-Updating acquisitions process, eventually lowering monthly computer order processing turnaround from three days to six hours.-Acting as computer purchasing manager when the manager was unavailable due to sickness or vacation.-Maintaining US Department of Energy security clearance.