Experience

Bridge Core
• United States
• IT Services and IT Consulting
• 1 - 100 Employee
• Cyber Security Consultant

  • Aug 2021 - Present


Jacobs

• Netherlands
• Retail Office Equipment
• 1 - 100 Employee

• Red Team Operator/Penetration Tester

  • Aug 2018 - Aug 2021

  Reston, Virginia Performed penetration tests against a diverse range of technologies and system architectures for Federal clients. Produced high impact findings with corresponding reporting to inform risk-based decision-making at the senior level. Simultaneously lead the vulnerability management assessment team, managing heavy workloads and strict timelines, and limited resources. • Performed penetration tests against a wide range of technologies, including Windows and Linux operating systems, Web… Show more Performed penetration tests against a diverse range of technologies and system architectures for Federal clients. Produced high impact findings with corresponding reporting to inform risk-based decision-making at the senior level. Simultaneously lead the vulnerability management assessment team, managing heavy workloads and strict timelines, and limited resources. • Performed penetration tests against a wide range of technologies, including Windows and Linux operating systems, Web Applications, Mobile Applications, etc. • Discovered a diverse range of findings during penetration tests and provided comprehensive and meaningful reporting • Discovered novel vulnerabilities during penetration tests against in-house as well as commercial web applications • Stood up penetration testing infrastructure on the Amazon Web Services (AWS) cloud platform • Authored and presented a brief on cyber deception based on personal research and experimentation. Contributed to fixing an issue with an open-source cyber deception platform (DejaVu) in the process (see https://github.com/bhdresh/Dejavu/issues/14) • Trained new employees how to accurately analyze vulnerability scans for completeness and compliance • Developed custom tool, which aggregates raw vulnerability scans from a wide range of platforms (Nessus, BurpSuite, AppDetective, Nexpose, etc.) into a compact, centralized database. The tool tracks closure of findings; documents false positives, accepted risks, and out of scope hosts; and produces customizable reports in the form of Excel spreadsheets. Use of this tool increased the efficiency of scan analysis by providing a centralized, historic view of vulnerability scan results, taking away the need for manual comparison of disparate scans. The tool became the de facto tool for vulnerability scan analysis and reporting. Show less



BNY Mellon

• United States
• Financial Services
• 700 & Above Employee

• Vice President / Information Risk Officer

  • May 2016 - Aug 2018

  Washington D.C. Metro Area Manage a team of 5 in the continuous monitoring program for Federal clients, including vulnerability management, Security Incident and Event Manager, anti-malware, and database activity monitoring. Lead the secure Software Development Life Cycle (SDLC) programs for Federal clients. Work with Federal CISO to ensure all risk-based goals are met, and system security controls are compliant with FISMA, NIST standards. Continuous Monitoring Program Manager ◦ Developed custom tool, which… Show more Manage a team of 5 in the continuous monitoring program for Federal clients, including vulnerability management, Security Incident and Event Manager, anti-malware, and database activity monitoring. Lead the secure Software Development Life Cycle (SDLC) programs for Federal clients. Work with Federal CISO to ensure all risk-based goals are met, and system security controls are compliant with FISMA, NIST standards. Continuous Monitoring Program Manager ◦ Developed custom tool, which automatically searches vendor sites and US-CERT for new patch releases, security advisories, and vulnerability notifications, and notifies security personnel and system administrators of findings. The tool was recognized by Senior Leaderships and adopted for use with other corporate client services. ◦ Identify and communicate risks involving complex technical issues to technical and non-technical audiences and to the senior leadership team ◦ Manage, and provide subject matter expertise in the procurement and implementation of various security tools/solutions ◦ Recognized by senior leadership for implementing processes and process improvements to improve security posture, metrics, and compliance ◦ Create and provide briefings to leadership on tools’ implementation status, vulnerability remediation status, and new initiatives ◦ Train employees in the use of complex security tools, such as SecurityCenter, DbProtect, and custom developed tool

• Vice President / Information Risk Officer (cont'd)

  • May 2016 - Aug 2018

  Washington D.C. Metro Area Application Security Testing Program Lead ◦ Provide security requirements for all types of security testing throughout the SDLC, including code analysis (static and dynamic), Web Application Testing, and penetration testing ◦ Analyze and provide recommended solutions on test results and lead remediation planning ◦ Create test plans for SDLC security testing and penetration testing to ensure proper scoping ◦ Coordinate across cross-functional teams to ensure timely and effective… Show more Application Security Testing Program Lead ◦ Provide security requirements for all types of security testing throughout the SDLC, including code analysis (static and dynamic), Web Application Testing, and penetration testing ◦ Analyze and provide recommended solutions on test results and lead remediation planning ◦ Create test plans for SDLC security testing and penetration testing to ensure proper scoping ◦ Coordinate across cross-functional teams to ensure timely and effective remediation of security findings and led project actions to closure ◦ Responsible for advising leadership to make risk-based decisions regarding vulnerability remediation Client Cybersecurity Relationship Manager ◦ Brief Federal CISO weekly on security/risk program status ◦ Designated lead security/risk representative to client Infrastructure, Business, and Application Development heads



Lunarline, Inc

• United States
• IT Services and IT Consulting
• 1 - 100 Employee

• Cybersecurity Consultant

  • Sep 2015 - May 2016

  Washington D.C. Metro Area Cybersecurity Consultant Key team member in consultant team contracted to identify gaps in clients’ cybersecurity programs and provide solutions define metrics and reporting mechanisms clients’ vulnerability management programs, and perform vulnerability scanning for clients and work with system administrative to remediate findings. Consultant, US Courts Administrative Office, Washington, DC September 2015-December 2015 ◦ Coordinated and performed vulnerability… Show more Cybersecurity Consultant Key team member in consultant team contracted to identify gaps in clients’ cybersecurity programs and provide solutions define metrics and reporting mechanisms clients’ vulnerability management programs, and perform vulnerability scanning for clients and work with system administrative to remediate findings. Consultant, US Courts Administrative Office, Washington, DC September 2015-December 2015 ◦ Coordinated and performed vulnerability scans against multiple Federal Courts’ servers and Web Applications ◦ Analyzed and resolved failed vulnerability scans ◦ Produced vulnerability scan reports for US Courts Administrative Office Executives and individual courts’ systems administrators Consultant, BNY Mellon, Washington, DC January 2016-May 2016 ◦ Ensured a clear path to Federal Risk Executive’s signing of our Authority to Operate (ATO) by working with system administrators to quickly remediate critical and high-risk POA&Ms ◦ Identified recurring failures in the vulnerability and patch management process and provided solutions ◦ Designed central tracking mechanism to easily manage the status of all vulnerability scan findings, which automatically fed into weekly dashboard reporting of metrics Show less



Greater Washington Community Kollel (Center for Jewish Education and Outreach)

• Educator

  • Aug 2011 - Jul 2015

  Teach 5 classes per week on Jewish Texts •Prepare structured and in depth presentations of the texts •Present ideas in a relevant, clear, and engaging way