Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app
Work Background
UNFISr. Cyber Penetration Engineer
Sep. 2024Spokane, Washington, United Statesº Perform technical penetration testing of APIs, web applications, networks, cloud services, databases, directory services, and infrastructure.
º Strategic attack simulation by analyzing UNFI’s internal and external attack surface and crafting bespoke penetration strategies.
º Writing comprehensive reports outlining identified vulnerabilities, potential exploitation paths. Provide remediation guidance and recommendations from the assessments and support any security questions from network, system, and/or application owners.
º Assess UNFI’s software development and cloud infrastructure from a security perspective and help drive internal security standards.
Redbot Security Lead Penetration Tester & Chief Security Officer
Feb. 2022 - Sep. 2024Spokane, Washington, United StatesWorking for a boutique cybersecurity consulting organization operating in a start-up capacity. This unique role requires wearing multiple hats to congruently fulfill the operational roles of nine (9) key positions. Primary duties include active security testing or consulting, service offering oversight, development of new or custom services, and management of senior consultants. Secondary duties include daily involvement or oversight of sales, project management, IT management, Incident Response (IR), Intellectual Property (IP) development, and all security within the organization. • Lead Security Engineer (Consultant) • Perform pentesting, architecture reviews, vulnerability scanning, tabletop exercises, hardening reviews, and consulting for SMB to Fortune 100 companies in various industries supporting IT or OT networks, products, services, or applications (web and mobile). • Manage the security team’s methodology, training, research, and client escalations. • Maintain Red Team testing methodology and infrastructure. • Write custom code or obfuscating payloads to evade detection and maintain persistence. • Chief Security Officer • Responsible for all security aspects of Redbot Security. • Wrote and maintain security policies for compliance and data security. • Lead the strategy, planning, and implementation of information security and cybersecurity requirements. • Lead Risk Management and Incident Response actions to safeguard the company from potential threats. • Redesigned in-house documentation from the ground up, including implementing policies, standards, and penetration test reports. • Sales • Operate as a Subject Matter Expert (SME), leading or assisting sales calls of new or existing clients with scoping, consultation, and methodology explanation. • Directly responsible for yearly revenue growth through direct sales, establishment of multi-year contracts and partnerships with outside organizations, and RFP/RFO proposals.
Redbot SecurityPrincipal Security Engineer
Sep. 2021 - Feb. 2022Spokane, Washington, United States
CoalfireSenior Security Consultant
Apr. 2021 - Sep. 2021Spokane, Washington, United States• Execute penetration testing of Cloud Service Provider environments on many standalone and collaborative services clients use worldwide. Cloud Service Providers included Amazon AWS, Microsoft Azure, IBM Watson, Google Cloud, and Oracle contracts. • Member of the Coalfire Research and Development team developing new cloud-centric tools to automate testing.
CynergisTek, Inc.Senior Offensive Security Consultant, Red Team Services
Feb. 2020 - Apr. 2021Spokane, Washington, United States• Worked side-by-side with management as a team lead to revamp all security service offerings from the ground up, trained junior team members, and developed new services. • Performed network penetration testing, mobile application assessments, AWS architecture reviews, embedded systems security assessments (IoT), and thick client application reviews. • Raised the security service’s revenue from 25% to 42% of CynergisTek’s overall income in one year and maintained a 75% team-wide utilization through customer retention and new sales. • Developed CynergisTek’s Remote Pentest Appliance (RPA) to support onsite engagements, such as internal and wireless penetration testing from remote offsite locations. The RPA is an advanced RAT utility that securely establishes communications between the client and tester networks. • Initiated a team-focused mentorship program that transitioned into an accepted, company-wide practice between teams and a starting guide for each management level. • Discovered bugs in vendor applications and services and submitted them for CVEs. • Established new reporting guidance, formatting, and delivery procedures that reduced delivery of client-facing documents from 30+ days to less than five days. • Wrote training guides, checklists, methodologies, and tactical operating procedures for team consumption and client engagements.
WeaverSenior Penetration Tester
Oct. 2019 - Feb. 2020Austin, Texas AreaProvided penetration testing and other security consulting projects while simultaneously implementing new security offerings and revamping existing services. Constructing new internal policies, customized testing methodologies, remote penetration testing technologies, and social engineering campaigns. Working with marketing for brand management, customer-facing documents, and security-focused blog articles.
Comcast NBCUniversalSenior Security Engineer
Apr. 2019 - Sep. 2019Austin, Texas AreaContinued operations of doing bad things to good people in the name of security awareness!
Rapid7Manager of Penetration Testing
Jun. 2018 - Apr. 2019VirginiaLed a talented group of next generation cyber warriors through the technical and business riggers of being security consultants and performing penetration testing. Outside of my immediate team, I wore multiple hats, such as, leading Rapid7's IoT Center of Excellence, developing training material, working within regional, and national sales teams to close deals and offer effective; often customized, security engagements, conduct sales forecasting, and develop standards for testing for new services.
Rapid7Senior Security Consultant
Oct. 2016 - Jun. 2018Greater Boston AreaDeeply technical security testing with a focus on penetration testing for networks (wired and wireless), applications (mobile & web), code review, and IoT/Embedded systems. Also performed social engineering through phishing, vishing, and physical break-in, detailed report writing and presentations to C-level and board members. Spare time included research for tool development, scripting automation, new attack methodologies, discovery and ethical public disclosure of vulnerabilities, as well as writing blogs or whitepapers.
CDWTechnical Lead in Information Security
Feb. 2016 - Oct. 2016Reston, VAPrimary duties focused on the mentorship and program development for eight associate engineers. Other responsibilities were leading team members through the technical riggers of penetration testing and security consulting. Andrew also performed rapid and comprehensive security assessments for commercial organizations and cultivated strong business relationships with customers to drive internal business development.
CDWSenior Security Consultant
Sep. 2015 - Feb. 2016Reston. VA
Knowledge Consulting Group (Subcontractor for Rapid7)Senior Penetration Tester
May. 2014 - Aug. 2015Reston, VALed small teams or worked individually on over 50 highly technical security engagements in one year. Testing included one or more of the following: internal networks, external networks, wireless networks, social engineering, mobile applications, web application, and code review. Industries tested included: financial/investment, banking, state government, utilities, agriculture, mining, casino/gambling, gaming, university/academia, and medical.
US NavyCryptologic Technician
Jul. 2000 - Jun. 2014Worldwide Operations & Mission EngagementsLed worldwide, geographically dispersed, personnel through gathering intelligence information from various sensors, the intelligence community, and troops on the ground for risk assessments impacting long-term battle strategies, tactical target development, and highly sensitive coordinated strikes with SIGINT capabilities from ground, air, and space assets for DoD and intelligence agencies.
Experis ITPenetration Tester
Feb. 2014 - May. 2014Stafford, VirginiaPerformed security vulnerability assessment and penetration testing services for commercial and government clients involving a mixture of environments, including network, system and web applications.
Salient Federal SolutionsSenior Security Engineer
Jan. 2012 - Nov. 2013Fairfax, VASub-contracted as a Certification and Accreditation Testing (CAT) team member for the Office of the Director of National Intelligence (ODNI). Primary duties include review and hands-on penetration testing of security implementations of cross-domain solutions for various government agencies and programs within DoD. Led teams through security assessment & white-box testing of critical information systems to meet ICD 503 requirements as part of A&A process controlled against NIST 800-53. Also part of certifying team for the GovCloud initiative and received a meritorious unit citation from the Secretary of Defense.
CGICyber Security Engineer
Aug. 2011 - Jan. 2012Quantico, VAEngaged in penetration testing of USMC networks as part of an advance red team targeting network systems worldwide by utilizing state of the art methodologies, built customized malware, and collaborative information from all US military services and public domains of knowledge. Supported clandestine missions by use of highly aggressive social engineering phishing and spear phishing attacks.
Northrop Grumman Information SystemsComputer Security Specialist III
Sep. 2009 - Jan. 2012Springfield, VAPart of a small team conducting unannounced security inspections and penetration tests of cross-domain solutions, restricted desktop environments, and close-access breaches on behalf of US Army Red Team. Close-access support involved breaking physical security barriers during working hours and after dark, picking locks, entry bypass, social engineering, and using spy-related gadgetry as needed to exploit attack vectors against classified networks.
Alfred Mann FoundationNetwork Administrator
Jun. 2007 - Sep. 2009Santa Clarita, CAProvided daily network administration, security, and user management support for a non-profit biomedical research organization and it's five sister organizations on the Alfred E. Mann Foundation campus. Also supported daily maintenance and operations of LAN, WAN, and mobile communications supporting outlook, SharePoint, telephony, data backup and retention, desktop migrations (Linux & Windows), and more.
Pullman School District, No.267Computer & Network Technician
Mar. 2005 - Sep. 2007Pullman, WARoving helpdesk in support of eight sites for 3,000 faculty and students, as well as Active Directory administrator and group policy manager for multiple trust zones. Lead small intern groups through a rebuild of the entire system architecture from the ground up approach while keeping a live production environment running at a 99.9% utilization. Implemented dual-channel wireless cisco bridges with ether-bind technology to achieve a 108Mbp connection and create a fault tolerant network.
Intch is a Professional Networking App for the Future of WorkSee more people like Andrew on Intch
300k+ people
130+ countries
AI matching
Get Intch if you'd like to
164876 people
8
CEO @ AssetData
52
Frontend developer @ TresPagos
15
Business analysts @ National Flood Services
32595 people
20
IT Specialist @ AGTechremote
23
Information Technology Technician @ City of San Leandro
15
IOS Engineer @ Abbacore