| Candidate Information | | Title | Information Security Application | | Target Location | US-TX-Royse City | | Phone | Available with paid plan |
| | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateAladdin Elston Address: 117 Country Club Drive, Heath, Texas, 75032Phone PHONE NUMBER AVAILABLELinkedin: https://LINKEDIN LINK AVAILABLE Altimetrik - Head of Information SecurityAltimetrik is a data and digital engineering services company focused on delivering business outcomes with an agile, product-oriented approach. August Street Address - August 2024. Key Achievements: Created the Altimetrik Virtual CISO (vCISO) service, designed to make top-tier security analysts available to organizations for security expertise and guidance. Building information security programs that work with business objectives and show measurable improvements to security posture Serve the cybersecurity needs of the CIO teams through proactively anticipating risks, and proactively providing solutions to address challenges Responsible for creating assessment services, including Redteaming, Penetration Testing, Application Security Maturity, Mobile Application Security, VCISO Services, Security Training, ICS/SCADA/OT Security, Multi-cloud Security, and AI/ML/LLM Security. Consistently demonstrate a hands-on approach, proactive engagement, diligent and focused on delivering commitments aligned to cyber strategic, tactical and operational priorities, and bi-directionally with the lines of business and CIO teams Scaling Offensive Security (Offsec) Team with internal and external RedTeam and hacking simulations Created and launched Attack Surface Management, Application Security Maturity, Security Champions Program, ICS (Industrial Control System), PHI / PII Security Scanner, API Security Testing services, and Security Training Cybersecurity writer and Author of Behind the Mask of GhostSec: Vigilante Hackers on a Cyber Crusade Personal development, certified in the following during 2023 - CRTO - Certified RedTeam Operator, OSCP - Offensive Security Certified Professional, PNPT - Practical Network Penetration Tester Studying for the Offensive Security Certified Professional (OSCP) exam equipped me with practical skills in penetration testing and ethical hacking. Key areas include network exploitation, web application security, privilege escalation, buffer overflow exploits, wireless security, scripting, report writing, time management, ethical conduct, and cryptography. The OSCP certification is hands-on and emphasizes real-world simulation, requiring candidates to successfully compromise systems within a time constraint. The skills acquired are highly applicable to real-world cybersecurity challenges, reflecting a commitment to continuous learning and practical problem-solving. Responsible to the management team for the development of Altimetriks Information Security Program Facilitate the consolidation of disparate Security entities under a common Security Framework based upon NIST, OWASP, SOC2, HIPAA, HITRUST, and the CIS Controls. Deploy Cyber Security Threat tools and Security Governance, Risk and Compliance(SGRC) frameworks Manage the Global Cyber Security Team and security engineering resources located in multiple countries to provide Information Security support and incident response to support the business Discovery and remediation of critical-only vulnerabilities exercising an 80/20 approach to security, building out security maturity programs for global clients Information Security awareness training for 400+ employees (OWASP 10, Web Application Security, Security Analyst) Point of contact for internal and external audits Perform Open-Source Intelligence (OSINT) to gather intel on how to properly attack the network Leverage Active Directory exploitation skill sets to perform A/V and egress bypassing, lateral and vertical network movements, and ultimately compromise the exam Domain Controller Provide detailed and professionally written reports and perform report debriefs and customer presentation Offensive Security Practitioner with a focus on network, web, cloud, mobile, OT, SCADA, ICS and API security Manage a team of security professionals through hands-on leadership, partnership and insight Provide cyber context to business issues, and provide business and CIO perspective back to Cybersecurity Proactively manage and own the cybersecurity posture for the CIO teams and lines of business Represent each Cyber domain through deep understanding of cybersecurity, cyber risks, priorities and initiatives Identified opportunities and strategies for continuous cyber risk based improvement. Set risk management guidelines and partner with stakeholders to implement key risk initiatives Collaborate and influence throughout all levels including more experienced managers. Lead teams to achieve objectives Interface across first, second and third line, as well as potentially external agencies, regulatory bodies or industry forums Manage capacity of workload across team, developing and guiding a culture of talent development to meet business objectives and strategyUS Navy Veteran - Petty Officer Third ClassConstruction Mechanics repair and maintain heavy construction and automotive equipment including, buses, dump trucks, bulldozers, rollers, cranes, backhoes, pile drivers, and tactical vehicles. CMs also prepare detailed maintenance records and cost control data and acquire parts. Made Petty Officer third class in October 2016 - March 2023 Key Achievements: Leadership: Supervise junior personnel and lead small teams on projects Construction: Perform carpentry, masonry, plumbing, electrical work, and operate construction equipment Logistics: Manage tools, equipment, and supplies; conduct inventory checks Administration: Maintain records, prepare reports, and ensure safety compliance Mission Support: Participate in disaster recovery, humanitarian missions, and other operations Training: Improve skills through training, stay updated on techniques, and mentor junior personnel Collaboration: Work with other military branches and agencies; coordinate with officers and departments Readiness: Maintain deployment readiness, participate in drills, and be prepared for rapid deployment Apple - Senior Application Security ConsultantApple Inc. is an American multinational technology company headquartered in Cupertino, California, that designs, develops, and sells consumer electronics, computer software, and online services. April 2021 - August 2021 Key Achievements: Deep application security knowledge, penetration testing skills, secure coding practices, incident response, communication and collaboration, risk assessment, client engagement and mentorship Application & infrastructure hardening, secure defaults & driving prioritization by evangelizing SSDLC (Secure Software Development Lifecycle) automating compliance checks, working with security engineering, product security, vulnerability management and monitoring teams to build security touchpoints into the pipeline Threat Modeling, security design reviews & DevSecOps Static Application Security Testing according to the OWASP Top Ten and Apple hardening standards Securing cloud infrastructure & applications, analytical & investigation across global ecosystems Sony PlayStation Network - Senior Security Analyst, Security Governance, Risk & Compliance PlayStation Network (PSN) is a digital media entertainment service provided by Sony. San Francisco, September 2019 - February 2021 Key Achievements: Coordinating Security Governance, Risk, and Compliance programs in alignment with established security policies, standards, methodologies, and processes, while ensuring compliance with internal/external requirements Performing architecture review and risk assessments to identify, document, and track significant information security risks associated with all aspects of systems, data, and infrastructure, communicating posture to leadership Collaborate with cloud security teams in drafting security practices for cloud and container security Driving prioritization by evangelizing SSDLC (Secure Software Development Lifecycle) automating compliance checks, working with security engineering, product security, vulnerability management, and monitoring teams to build security touchpoints into the pipeline Consulting and influencing technical architecture and business leadership to include security requirements early in their design(shift left security) with a focus on reducing submissions of security risk exceptions Improved the third-party risk program by creating touch point risk review in all phases of the procurement process, architecture design, and implementation Support Product Security by onboarding and connecting teams to ProdSec resources, educating on security best practices leveraging previous ProdSec experienceIntuit - Senior Product Security - Red TeamIntuit, Senior Product Security, Mountain View, CA February 2016 - August 2019. Intuit is a leading provider of business and financial management solutions for small and mid-sized businesses, consumers and accounting professionals. Key Achievements: Product Security team leading security assessments, and architecture risk analysis across all business units Prolific technical blog writer evangelizing security improvements at Intuit, actively supporting security training and talent acquisition Performed Third Party & Acquisition Security Assessment (3PSA) - Ensured third parties meet compliance requirements Qualys Vulnerability Management - Onboarding teams to automated scanners, third party auditing, penetration test vendor management. Identified and remediated vulnerabilities in conjunction with Red Team and Blue Team Manual detection of vulnerabilities at Intuit (reported & remediated 5 critical vulnerabilities) Supported audits and review penetration test results for business units while building security into the SecDevOps. OWASP Chapter Leader, setup and host of OWASP Slack channel, meetings and supported RedTeam hackathon Vulnerabilities identified: Zone transfer, email spoofing, user enumeration, lack of network segmentation Cigital - Redteam Staff Security EngineerCigital, Security Consultant, London, England, July 2012 - June 2015. Cigital, Inc. is the worlds largest consulting firm specializing in software security and is the global leader in helping organizations design, build, and maintain secure software, Key Achievements: Redteam Security Assessments: I execute penetration tests on networks, applications, and infrastructure, using both automated tools and manual techniques Assessing clients' governance, risk, compliance, and security needs. Developing and implementing comprehensive governance frameworks with integrated security components. Conducting an architecture risk analysis to pinpoint vulnerabilities. Designing and executing security-focused risk management strategies. Advising on adherence to diverse security regulations and standards (e.g., GDPR, ISO 27001). Delivering training on security policies, procedures, and secure software development lifecycle (SDLC) practices. Assisting in the selection and deployment of security-focused GRC software. Monitoring and evaluating the effectiveness of security measures within GRC programs. Furthermore, I've collaborated extensively within the Security Architecture realm, notably: Conducting web application security and architecture reviews (ARA) at Morgan Stanley (UK/Asia). Facilitating seamless onboarding of security tooling across cross-functional teams. Spearheading enterprise-level internal and external network and web application penetration tests. Ensuring third-party compliance, particularly specializing in cloud security consultancy with a focus on Amazon Web Services and hybrid cloud entitlement investigations. Contributing to cybersecurity education by presenting "Introduction to Penetration Testing" at the University of Surrey. Leveraging IBM Rational AppScan Source Edition for web application security testing for diverse global clients. Orchestrating successful global 750 IP network infrastructure penetration tests, leading to new business opportunities. Contributing to enhanced security measures by discovering and reporting vulnerabilities to a major e-commerce store. The 3 Laws of Robots.txt:https://www.synopsys.com/blogs/software-security/robots-txt.html Nebulus - Red Team Penetration TesterNebulas Solutions Group is a leading IT Security specialist. Based in London it has focused on addressing the largest challenges facing organizations today; those of security, performance, and efficiency. As a Penetration Tester at Nebulas Security, I specialize in identifying and mitigating security vulnerabilities. Aug 2011 - Sep 2012 Key Achievements: Redteam Security Assessments: I execute penetration tests on networks, applications, and infrastructure, using both automated tools and manual techniques Attack Simulation and Risk Identification: I simulate real-world attack scenarios to help organizations understand their vulnerabilities and provide detailed reports with actionable recommendations for remediation Collaboration and Communication: I build strong relationships with clients and stakeholders, and communicate complex technical findings to both technical and non-technical audiences Continuous Learning and Innovation: I stay updated with the latest trends in cybersecurity and contribute to the development of cutting-edge security solutions Reporting and Documentation: I prepare comprehensive reports detailing the findings from penetration tests and contribute to the development of security documentation Mentorship and Knowledge Sharing: I guide junior penetration testers and participate in knowledge-sharing sessions. My mission at Nebulas Security is to empower organizations to proactively identify and mitigate security risks, safeguarding their data, assets, and reputation from potential cyber threats 5-8+ years leading/managing information security and privacy projects and teams Experience adopting and implementing risk management, cyber security, and compliance frameworks (e.g., ISO 27000-series, NIST-CSF, Swiss Data Protection Act, EU GDPR, GxP) Understands business requirements and applies security without adversely affecting the desired functionality. Extensive experience working within OT/IoT/ICS environments. Knowledge of any security standard, e.g., IEC 62443/ISA 99, NIST SP 800-82, NERC CIP. Manages and helps prioritize competing priorities while maintaining organized and detailed reporting of status and progress. Possesses broad knowledge of both information technology and computer security issues, requirements, trends, and industry practices. Maintains professional and technical skills/knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; and participates in professional societies. Possesses outstanding oral and written communication skills in English.Manager, Offensive Security Operator, Red Team(Remote) At Capital One, you'll be part of a big group of makers, breakers, doers and disruptors, who love to solve real problems and meet real customer needs. We want you to be curious and ask what if? Capital One started as an information strategy company that specialized in credit cards, and we have become one of the most impactful and disruptive players in the industry. Capital One Offensive Security reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment by conducting full-scope adversary simulation, Red Team operations. This position works closely with team members to plan, coordinate, execute and report on sophisticated Red Team operations, to identify cyber vulnerabilities and reduce the risk posture of enterprise systems. The successful candidate for this position will be part of an exciting and dynamic environment to build and deliver industry leading ethical hacking capabilities to continuously protect and defend Capital Ones brand, systems and data. Offensive Security is part of the Cyber Operations and Intelligence program and assists with identifying opportunities to enhance Capital Ones information security posture against a broad range of cyber threats, and develop strategies to most effectively address the threats. Responsibilities : Conduct sophisticated covert adversary simulation activities against Capital One to enable identification and mitigation of identified vulnerabilities Apply offensive tactics, techniques and procedures (TTPs) in order to effectively mimic the capabilities of relevant threat actors Provide subject matter expertise for cyber defenders, remediation teams and enterprise technology teams Build and maintain technical infrastructure to support Red Team activity Automate repetitive pre and post-exploitation activities as applicable Basic Qualifications : High School Diploma, GED, or equivalent certification At least 5 years of information security experience At least 3 years of experience performing covert red team operations At least 2 years of experience in malware development and EDR evasion Preferred Qualifications : 3+ years of experience in security testing of cloud environments 3+ years of experience in offensive security tool development 4+ years of experience with scripting and compiled languages One or more of the following certifications (OSCP, OSCE, GPEN, GXPN, CRTO) EDUCATION AND QUALIFICATIONSMIT Sloan School of Management 2024 (ongoing) Artificial Intelligence: Implications for Business Strategy NVIDIA 2024 - Exploring Adversarial Machine Learning & Adversarial Attacks and Defenses VetsInTech 2024 - Python and Python AdvancedZero Point Security 2023 (ongoing) - CRTO - Certified RedTeam Operator TCM Security 2023 - PNPT - Practical Network Penetration Tester Offensive Security - 2023 (ongoing) - OSCP - Offensive Security Certified Professional Antisyphon Training- 2022 - Breaching the Cloud - Multi-Cloud CRISC & CISM, San Francisco, California - 2024 - CRISC & CISM Certification planned for 2024 Amazon Web Services, San Francisco, California - 2018 - AWS Certified Solutions Architect Associate General Assembly, San Francisco, California - 2017 - Product Manager InfoSec Institute, San Francisco, California - 2015 - ISC2 Certified Information Systems Security Professional (CISSP) CPRIME, San Francisco, California - 2015 - Certified Scrum Master 7Safe Oxford, United Kingdom - 2012 - Web Application Hacking - Certified Security Testing Professional Koenig Solutions London, United Kingdom - 2010 - Certified Ethical Hacking (CEH) IT Works, Birmingham, United Kingdom - 2001 - Unix System Administration series Cape College, Cape Town, South Africa - 1998 - Business Management Open Source ToolsNmap, Metasploit Framework, Wireshark, Aircrack-ng, John the Ripper, Hydra, Burp Suite Community Edition, OWASP ZAP, Nikto, sqlmap, Hashcat, Social-Engineer Toolkit (SET), Mimikatz, Gobuster, Responder, Wifite, BeEF, Yersinia, Arachni, Fiddler, Dirbuster, Recon-ng, PowerSploit, Empire, BloodHound, Impacket, Radare2, Ghidra, Ettercap, OpenVAS, Maltego Community Edition. Commercial IAST ToolsBurp Suite Professional, Nessus, Acunetix, Core Impact, Cobalt Strike, Netsparker, Rapid7 Nexpose, QualysGuard, Immunity Canvas, Fortify WebInspect, Invicti, AppSpider, IBM Security AppScan, SAINT, Trustwave AppDetectivePRO, Veracode, BeyondTrust Retina, Checkmarx, WhiteHat Sentinel, AlienVault USM, Tenable.io, F-Secure Radar, CyberArk Red Team, CrowdStrike Falcon, Microsoft Defender ATP, Palo Alto Networks Cortex XCSOARProgramming Languages: Python, HTML, JavaScript, Bash, C/C++ (1998) Creative and flexible solutioning as you partner with engineering teams Expertise with Cloud vulnerability scanning solutions like Wiz, Prisma Cloud, Qualys, or Amazon Inspector is required. Hands-on technical and coding experience with developing, deploying, and integrating vulnerability scanning solutions with technologies such as Terraform, Github, Jira, Python and others, in context of a mid to large Enterprise Enterprise program management and reporting with experience setting OKRs and creating KRIs Expertise with Cloud Infrastructure in AWS is required, GCP and/or Azure is preferred Extensive knowledge of containerization, orchestration and cloud scale solutions Expertise with CICD within the SDLC process Expertise with Slack, Apple MacOS and GSuite is required. Familiarity with CVSS, EPSS, threat intelligence, and performing risk analysis Enthusiasm for automation, scalable and reproducible security practices Self-motivated and creative problem-solver able to work independently Proficiency in managing multiple competing priorities and use good judgment to establish order or priorities on the fly for themselves and their team. Ability to influence and expediently resolve issues and achieve organizational objectives The ability to design and operate controls that are easy to test and audit Experience working in financial services or financial technology desired Advanced degree in computer science, or related fields strongly preferred. Strong ability to work collaboratively across teams during high-stress situations. An understanding of standards such as ISO PHONE NUMBER AVAILABLE and the NIST Cybersecurity Framework desirable 8+ years of total experience in cybersecurity with at least 4+ years managing technical teams Certified Cloud Security Professional (CCSP) and familiarity with blockchain/web3 development is preferred. |
