Alex Wheeler

ALEX WHEELER’S RESUME

I have homes in California, Wisconsin, and Illinois, but willing to relocate as well.

My objective is to find a role to expand my experience in security or industry.

Chief Technology Officer

RWX Labs · Full-time

Feb 2023 - Present · 2 mos

USA · Hybrid

Exploit research, fund raising, budgeting, sales, performance management, compensation planning

Skills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse EngineeringSkills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse Engineering

Director of Cyber Offense Program

Databricks · Full-time

Feb 2020 - Feb 2023 · 3 yrs 1 mo

Remote

Helped build and run Cyber Offense Program across all three clouds (AWS, GCP, Azure) which consisted of:

- Pentest Program

- Red Team Program

- Vulnerability Response ProgramHelped build and run Cyber Offense Program across all three clouds (AWS, GCP, Azure) which consisted of: - Pentest Program - Red Team Program - Vulnerability Response Program

We also supported certifications (HIPAA, PCI, ISO, Soc2) through our pentest team and audit evidence collection

Skills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration TestingSkills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration Testing

Exodus Intelligence

5 yrs 1 mo5 yrs 1 mo

CTO

Full-time

Jan 2015 - Jan 2020 · 5 yrs 1 mo

Austin

Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).

Skills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse EngineeringSkills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse Engineering

Exodus Intelligence

Vice President of Research

May 2015 - Jan 2017 · 1 yr 9 mos

Austin, Texas Area

Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners. These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers. In addition to the subscriptions, the groups also deliver on tasks throughout the year. Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners. These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers. In addition to the subscriptions, the groups also deliver on tasks throughout the year. Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).

Skills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse EngineeringSkills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse Engineering

Sr. Director Research + Development

Accuvant (now Optiv)

Aug 2013 - May 2015 · 1 yr 10 mos

La Jolla

Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation. 

Highlights:

• Expanded Applied Research Team’s focus from 1 industry (smart meters) to 3 industries (adding smartphones from 2 major handset manufacturers, and medical devices from the largest medical device manufacturer in North America) in within 6 months. 

• Directed the zero-day research team focused on delivery of nation state level vulnerability research for government organizations.

• Created a group to evaluate security technology. The group performs technical due diligence for potential security products and services M&A activities by Blackstone. The group is also responsible for identifying new security firms and vetting their technology for whether they would fit within the Accuvant VAR portfolio. 

Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation. Highlights: • Expanded Applied Research Team’s focus from 1 industry (smart meters) to 3 industries (adding smartphones from 2 major handset manufacturers, and medical devices from the largest medical device manufacturer in North America) in within 6 months. • Directed the zero-day research team focused on delivery of nation state level vulnerability research for government organizations. • Created a group to evaluate security technology. The group performs technical due diligence for potential security products and services M&A activities by Blackstone. The group is also responsible for identifying new security firms and vetting their technology for whether they would fit within the Accuvant VAR portfolio. 

Skills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability Assessment

Sr. Security Engineer

Apple

Dec 2010 - Aug 2013 · 2 yrs 9 mos

Cupertino

My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification. The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification. The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.

Skills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse EngineeringSkills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse Engineering

Director R+D

Accuvant LABS

Jan 2008 - Oct 2009 · 1 yr 10 mos

Chicago

Skills: Auditing · IT Service Management · Staff Development · IT Risk Management · LeadershipSkills: Auditing · IT Service Management · Staff Development · IT Risk Management · Leadership

Manager Security Research

TippingPoint

Dec 2007 - Aug 2009 · 1 yr 9 mos

Austin, Texas

The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different. IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits.

Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product. Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different. IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits. Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product. Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).

Skills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse EngineeringSkills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse Engineering

Principal Research Scientist

ISS X Force

Sep 2006 - Sep 2007 · 1 yr 1 mo

Greater Atlanta Area

Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.

Skills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability Assessment

Sr Manager InfoSec

BCBS

Apr 2005 - Sep 2006 · 1 yr 6 mos

Chicago Illinois

Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team. These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team. These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.

Skills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration TestingSkills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration Testing

X-Force Research Engineer

ISS X-Force

Apr 2004 - Apr 2005 · 1 yr 1 mo

Greater Atlanta Area

Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share.

During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution. 

Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities.

Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share. During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution. Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities. Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.

Skills: AuditingSkills: Auditing

Information Security Team Lead

Allstate

May 2002 - Apr 2004 · 2 yrs

Greater Chicago Area

Created and managed:

-incident response team

-vulnerability assessment team

-security risk assessment team 

Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.Created and managed: -incident response team -vulnerability assessment team -security risk assessment team Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.

Skills: Auditing · IT Service Management · Recruiting · Leadership · Vulnerability Assessment · Penetration Testing

Sr. Security & Safety Engineer

United Airlines

Apr 2001 - Oct 2001 · 7 mos

Greater Chicago Area

Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues.

Successfully performed security assessments on:

-check in kiosks (print a ticket to go anywhere for free)

-bypass bag scanning security system

-performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues. Successfully performed security assessments on: -check in kiosks (print a ticket to go anywhere for free) -bypass bag scanning security system -performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.

Skills: Auditing · IT Service Management · Vulnerability ResearchSkills: Auditing · IT Service Management · Vulnerability Research

Sr. Financial Auditor

ERNST&YOUNG

Jun 1998 - Apr 2001 · 2 yrs 11 mos

Greater Chicago Area

Led teams of 2 to 8 on financial audits of Fortune 500 clients. 

E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner.Led teams of 2 to 8 on financial audits of Fortune 500 clients. E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner. 

Also led several IT Controls Audits

Skills: Auditing · IT Service Management · Team Leadership · IT Audit · Accounting

ALEX WHEELER’S RESUME

I have homes in California, Wisconsin, and Illinois, but willing to relocate as well.

My objective is to find a role to expand my experience in security or industry.

Chief Technology Officer

RWX Labs · Full-time

Feb 2023 - Present · 2 mos

USA · Hybrid

Exploit research, fund raising, budgeting, sales, performance management, compensation planning

Skills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse EngineeringSkills: Fundraising · Recruiting · Performance Management · Budgeting · Leadership · Reverse Engineering

Director of Cyber Offense Program

Databricks · Full-time

Feb 2020 - Feb 2023 · 3 yrs 1 mo

Remote

Helped build and run Cyber Offense Program across all three clouds (AWS, GCP, Azure) which consisted of:

- Pentest Program

- Red Team Program

- Vulnerability Response ProgramHelped build and run Cyber Offense Program across all three clouds (AWS, GCP, Azure) which consisted of: - Pentest Program - Red Team Program - Vulnerability Response Program

We also supported certifications (HIPAA, PCI, ISO, Soc2) through our pentest team and audit evidence collection

Skills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration TestingSkills: Hiring · Auditing · Recruiting · Staff Development · Budgeting · Vulnerability Research · Red Teaming · Leadership · Cloud Computing · Vulnerability Management · Penetration Testing

Exodus Intelligence

5 yrs 1 mo5 yrs 1 mo

CTO

Full-time

Jan 2015 - Jan 2020 · 5 yrs 1 mo

Austin

Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).Built and ran several product offerings and teams of world class talent. Last hands-on project: 100% reliable no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband pivoting to application processor and a novel persistence method (January 2020).

Skills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse EngineeringSkills: Planning Budgeting & Forecasting · Sales · Auditing · IT Service Management · Recruiting · Code Auditing · Performance Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Reverse Engineering

Exodus Intelligence

Vice President of Research

May 2015 - Jan 2017 · 1 yr 9 mos

Austin, Texas Area

Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners. These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers. In addition to the subscriptions, the groups also deliver on tasks throughout the year. Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).Built and ran a department of world class security research teams. These teams consisted of several pwn2own and pwnie winners. These teams deliver two subscription products and one service. The subscriptions are annual 0-day and n-day exploit feeds consisting of high profile targets such as mobile phones, web browsers, firewalls, routers, consumer & embedded operating systems, and popular enterprise servers. In addition to the subscriptions, the groups also deliver on tasks throughout the year. Last hands-on project I worked was a no-touch exploit against all Samsung mobile phones where the entry-point was heap overflow on the baseband (100% reliable).

Skills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse EngineeringSkills: Auditing · Staff Development · Performance Management · Budgeting · Threat Analysis · Threat Assessment · Vulnerability Research · Leadership · Reverse Engineering

Sr. Director Research + Development

Accuvant (now Optiv)

Aug 2013 - May 2015 · 1 yr 10 mos

La Jolla

Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation. 

Highlights:

• Expanded Applied Research Team’s focus from 1 industry (smart meters) to 3 industries (adding smartphones from 2 major handset manufacturers, and medical devices from the largest medical device manufacturer in North America) in within 6 months. 

• Directed the zero-day research team focused on delivery of nation state level vulnerability research for government organizations.

• Created a group to evaluate security technology. The group performs technical due diligence for potential security products and services M&A activities by Blackstone. The group is also responsible for identifying new security firms and vetting their technology for whether they would fit within the Accuvant VAR portfolio. 

Responsible for 3 teams under R+D: Applied Research, Vulnerability Research, and Product Evaluation. Highlights: • Expanded Applied Research Team’s focus from 1 industry (smart meters) to 3 industries (adding smartphones from 2 major handset manufacturers, and medical devices from the largest medical device manufacturer in North America) in within 6 months. • Directed the zero-day research team focused on delivery of nation state level vulnerability research for government organizations. • Created a group to evaluate security technology. The group performs technical due diligence for potential security products and services M&A activities by Blackstone. The group is also responsible for identifying new security firms and vetting their technology for whether they would fit within the Accuvant VAR portfolio. 

Skills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · IT Service Management · Staff Development · Code Auditing · Project Management · Budgeting · Project Planning · Vulnerability Research · Leadership · Vulnerability Assessment

Sr. Security Engineer

Apple

Dec 2010 - Aug 2013 · 2 yrs 9 mos

Cupertino

My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification. The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.My responsibilities ranged from security audit of third party acquired technology to directing security audits of various areas within the enterprise and its product lines. I was the key decision maker in the selection of many core technologies within Apple’s security requirements. Another key responsibility I held under this role was the automation of critical security functions around testing, implementation, and verification. The scope of these responsibilities ranged from pieces of product lines to technologies shared by many product lines.

Skills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse EngineeringSkills: Auditing · Code Auditing · Strategy · Vulnerability Research · Reverse Engineering

Director R+D

Accuvant LABS

Jan 2008 - Oct 2009 · 1 yr 10 mos

Chicago

Skills: Auditing · IT Service Management · Staff Development · IT Risk Management · LeadershipSkills: Auditing · IT Service Management · Staff Development · IT Risk Management · Leadership

Manager Security Research

TippingPoint

Dec 2007 - Aug 2009 · 1 yr 9 mos

Austin, Texas

The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different. IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits.

Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product. Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).The most important thing I learned and think everyone should know is there is a fundamental difference between IPS & IDS. IPS is concerned with passing traffic and will generally pass packets if there is uncertainty about their threat score. This is a performance based requirement that makes the fundamental design and architecture of IPS & IDS different. IDS has all the time in the world to determine the badness of a packet, IPS has to make a decision within the speed of light. Trying to apply an IPS architecture to an IDS function will result in misses. Attempting to apply a IDS architecture to an IPS function will result in a substantial amount of false positives and will degrade your gigabit perimeter throughput to megabits. Managed two teams responsible for taking various vulnerability input sources (external and internal) and ensuring protection is properly implemented in the IPS, with zero chance of false positives. Accountable for software design decisions as a member of the next generation product advisory board. It was in this capacity I realized efficacy was not the only or even primary deciding factor when evaluating whether a software or hardware component should be included in the next generation design of a product. Many other factors needed to be considered, such as, power consumption, portability (backward, forward, and laterally).

Skills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse EngineeringSkills: Auditing · Threat & Vulnerability Management · Cyber Defense · Staff Development · Threat Analysis · IT Risk Management · Leadership · Reverse Engineering

Principal Research Scientist

ISS X Force

Sep 2006 - Sep 2007 · 1 yr 1 mo

Greater Atlanta Area

Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.Reported directly to the CTO. Responsible for new product feasibility analysis, product prototyping, and original vulnerability research to actionable content into existing product lines.

Skills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability AssessmentSkills: Auditing · Exploit · Threat & Vulnerability Management · Staff Development · Vulnerability Research · Leadership · Vulnerability Assessment

Sr Manager InfoSec

BCBS

Apr 2005 - Sep 2006 · 1 yr 6 mos

Chicago Illinois

Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team. These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.Built from the ground up and managed Incident Response Team, Incident Monitoring Team, Vulnerability Advisory Team, and Vulnerability Assessment Team. These teams are still in place today and considered best-of-bread in the insurance industry. Each team has a formally documented process description and methodologies which are in place at all the BCBS states HCSC owns.

Skills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration TestingSkills: Auditing · IT Service Management · IDS · Staff Development · Red Teaming · IT Risk Management · Leadership · Vulnerability Assessment · Vulnerability Management · Penetration Testing

X-Force Research Engineer

ISS X-Force

Apr 2004 - Apr 2005 · 1 yr 1 mo

Greater Atlanta Area

Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share.

During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution. 

Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities.

Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.Identify and exploit major security issues in competitive products. Provide guidance to the engineering teams regarding how to implement effective protection for those 0-day and known CVE’s with wide market share. During my first year at ISS I found system remote vulnerabilities exploitable without any user interaction in almost every market leading security solution. Performed competitive analysis on market leading technology and provided our sales teams the information and tools for business development opportunities. Developed content for out of the country road shows to show case X-Force's unparalleled technical prowess.

Skills: AuditingSkills: Auditing

Information Security Team Lead

Allstate

May 2002 - Apr 2004 · 2 yrs

Greater Chicago Area

Created and managed:

-incident response team

-vulnerability assessment team

-security risk assessment team 

Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.Created and managed: -incident response team -vulnerability assessment team -security risk assessment team Selected incident monitoring vendor, set contract terms, and managed the relationship. Created and managed the relationship of our security vendors.

Skills: Auditing · IT Service Management · Recruiting · Leadership · Vulnerability Assessment · Penetration Testing

Sr. Security & Safety Engineer

United Airlines

Apr 2001 - Oct 2001 · 7 mos

Greater Chicago Area

Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues.

Successfully performed security assessments on:

-check in kiosks (print a ticket to go anywhere for free)

-bypass bag scanning security system

-performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.Created and managed the incident response team. Selected incident monitoring vendor. Created a Forensic Analysis Lab. Provided management with capabilities to quickly identify safety or security issues. Successfully performed security assessments on: -check in kiosks (print a ticket to go anywhere for free) -bypass bag scanning security system -performed numerous adjustments to deprecated mainframe code, where it would have taken months to get a contractor with the appropriate skills. This activity was extremely valuable when the no-fly list had to be expanded by orders of magnitude.

Skills: Auditing · IT Service Management · Vulnerability ResearchSkills: Auditing · IT Service Management · Vulnerability Research

Sr. Financial Auditor

ERNST&YOUNG

Jun 1998 - Apr 2001 · 2 yrs 11 mos

Greater Chicago Area

Led teams of 2 to 8 on financial audits of Fortune 500 clients. 

E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner.Led teams of 2 to 8 on financial audits of Fortune 500 clients. E&Y also paid for my undergraduate and master's degrees through scholarship programs with thousands of applicants and only one winner. 

Also led several IT Controls Audits

Skills: Auditing · IT Service Management · Team Leadership · IT Audit · Accounting

University of Chicago: Masters's in Computer Science

University of Wisconsin: Bachelors in Accounting