Introduction

I am a passionate information security specialist, always looking for new challenges to tackle and grow from. Armed with the right tools, I can tackle any problem that comes my way. I excel in high stress environments, and am able to meet strict, short SLAs.

I am currently an employee at CenturyLink (formerly Level 3 Communications). I majored in Business Administration, with a focus in Computer Information Systems from Colorado State University. I have interests in Information Security, Database Administration, System Administration, Web Design, and anything computer related in general.

When not working hard for CenturyLink, I like to read a good book, go swimming, skiing, practice taking great photographs, play the latest game, or just hang out with friends. I love learning new things, especially if they are technology or science related.

You can view a more detailed work history below, or contact me via email.

Work Experience

Feburary 2018 - Present

Sr Information Security Engineer

CenturyLink


  • Lead an intitiatve to automate our infrastructure management using SaltStack. This project drastically cut down on time employees spent on managing servers.
  • Perform vulnerability management duties on our PCI environment, including but not limited to:
    • Daily scanning of various parts of the environment.
    • Reaching out to relevant stakeholders to ensure found vulnerabilities are patched in a timely manner
    • Lead an initiative to procure a new PCI ASV vendor to improve workflow and reduce cost.
  • Team subject matter expert for questions related to the former Level 3 network in regards to centralizing vulnerability scanning across the environment.
  • Perform pentration testing on web applications when senior engineers are overbooked. This is the part of the role I am most interested in, and hope to grow further into.
This is my current position at CenturyLink.

Feburary 2017 - Present

Security Operations Engineer

Level 3 Communications


  • Migrated firewall configurations between different platforms.
  • Worked closely with the Security Operations Center to train them in new responsibilities.
  • Managed enterprise firewall infrastructure in regards to policies and vpn configuration.
  • Enforce segmentation network policy for maintenance and creation of new firewall rules across the network
  • Responded to potential intrusion incidents using standard threat detection platforms.
  • Handled log management, backtracking user command input to determine outage causes using common Security Information and Event Management tools.
  • Continued to develop simple python based tools to speed up day to day tasks.

Feburary 2015 - January 2016

Security Technician II

Level 3 Communications


Worked in a high speed and diverse environment. These included:

  • Monitoring Splunk SIEM for device down, device health, Denial of Service (DDoS), and other alerts.
  • Mitigated DoS attacks using a combination of Arbor & Radware filtering, router ACLs, and null routing.
  • Modified and implemented Checkpoint and Fortigate firewall policies, in accordance with customer requests.
  • Troubleshot firewall issues related to ssl & ipsec vpn, policy issues, and general connectivity problems.
  • Automated common repetitive tasks using Python.
  • Answered phones to resolve issues regarding building access, system access, DoS attacks, and LEA requests.

In addition to these primary duties, I worked on various secondary projects as needed. These ranged from disabling unused firewall rules to clean up the system, document new processes.

January 2014 - January 2015

Technical Ops Associate

Level 3 Communications


Spent 3 months in Level 3's entry level training program. This two part experience involved a traditional classroom experience to teach the basics of networking, as well as an opportunity to shadow in multiple departments. I was permenantly kept by the second department I trained with, where I:

  • Generated 50 JUNOS configurations per week to support a single large customer
  • Created or modified ipsec tunnels on Fortigate firewalls
  • Navigated the Level 3 edge to search for and confirm various device's status.
  • Managed the Level 3 Customer portal, looking for broken connections between the portal's ability to monitor devices, and the devices themselves.

May 2013 - December 2013

Tutor

Colorado State University | School of Business


Provided walk in tutoring for students in any Computer Information Systems undergraduate course. Topics included but were not limited to:

  • Application Development (Java, Visual Basic)
  • Web Development (HTML, PHP, AJAX)
  • MSSQL Database Administration
  • Networking
  • Information Security

In addition to providing tutoring assistance, I would also sometimes be called on to provide technical support to students with computer issues, both on Windows and OS X.

Technical Skills

System Administration


I currently administer a single server running ESXi 5.5. I am running multiple VMs, using a diverse collection of linux, BSD, Solaris, and Windows operating systems for production services, including:

  • Checkpoint, Fortigate, pfSense, and Sophos firewalls
  • NAS
  • Website Hosting
  • Nextcloud Cloud Storage
  • Windows Server 2016
  • Minecraft Game Server

I also use this server to run my own private lab of various vulnerable virtual machines, which I use to practice cyber security techniques.
In the past, I have also administered a FreeBSD server, using jails to accomplish the task of process isolation, as well as a small httpd server run off a Raspberry Pi.

Networking


I possess strong networking fundamentals, including working knowledge of multiple router and firewall command lines. I've worked with Checkpoint, Fortigate, Juniper SRX, pfSense, and Sophos firewalls, using them to modify policies, as well as vpn and ipsec tunnels.

Cyber Security


Besides my networking security experience, I have practiced SQL injection, Cross Site Scripting attacks, Man in the Middle packet captures, and varoius other exploits that can be performed in a virtualized environment. I have also participated in multiple cyber security competitions, most of which are online CTFs.

Web Development


I have developed multiple websites, using a variety of technologies. I was the administrator for Corvette Spa, a car repair shop. They still use my Wordpress site to this day. I also developed Entwinement Production's website, although they are now out of business.

Education

2012 - 2013

Colorado State University | School of Business

BS in Computer Information Systems - 3.7 GPA

2016-2019

Security+ Certification


2018-2022

GIAC Penetration Tester