Cameron Pattberg
Details
Information Systems Management, Security
Brigham Young University - Marriott School of Management
2015 : 2018
Manage, maintain, and constantly improve the Endpoint Protection Solution. Identify systems lacking endpoint protection and work with various teams to refine the EDR solution so that all systems are protected with the EDR solution.
Initiate the process of implementing significant upgrades/changes that significantly improve the security posture of the company by improving prevention capabilities for commonly used exploits. Some of these initiatives have included : Enabling Credential Guard for workstations (and decreasing the amount of cached credentials), disabling cached credentials for servers, requiring SMB signing everywhere, and upgrading to current versions of SMB.
Assess and maintain the security measures for company network traffic. This includes identifying and addressing security gaps in firewall rules, URL filtering, IDS/IPS implementations, and employee role assignments. Lead an initiative that greatly simplifies firewall rules and URL filtering for enhanced understanding and performance.
Conduct all penetration test validation efforts. Work closely with developer, administrator, operations, and integration teams to advise the best course of action to address vulnerabilities in a manner that minimizes disruption while maximizing risk reduction.
Utilize the SIEM solution to facilitate and aid in incident investigations including using forensics skills to enhance the identification of the complete scope and impact of incidents. Create monitoring queries that generate alerts for behaviors that are abnormal and warrant further investigation.
2020 : Present
Progrexion
Information Security Engineer
Conducted a variety of assessments including web application, social engineering, external network, internal network, web services, API, data exfiltration, and mobile to assess the risks organizations have.
Executed Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks to access private information or make changes to another account. Manipulated insecure direct object references to verify the capability to access resources, confidential personally identifiable information, and financial information from an unauthorized role.
Conducted crafted attacks such as XML Injection (XXE), LDAP Injection, and SQL injection against endpoints and chained multiple vulnerabilities together to reset passwords for other user accounts. Identified timing attack methods that could be used to extract database contents based on a misconfiguration of a SCIM API.
Broke out of Citrix applications using operating system and application-specific features. Leveraged the environment to bypass restricted operating system functions to gain access to the underlying operating system and enable the ability to pivot to other hosts in the network.
Used a jailbroken device to identify personal information and sensitive documents accessible in the cache of the device. Identified improper access control implementations within applications where users could request information not relevant to their role.
Implemented and used BITSServer, DNS tunneling, ICMP tunneling, HTTPS, and upload to platforms such as Google Cloud Platform (GCP) to extract data from client networks (when approved and part of the assessment).
Setup and maintained infrastructure needed for social engineering campaigns. Crafted custom and cloned sites of company websites and benefits portals to harvest employee credentials.
Used common attack methods, such as Responder and Kerberoasting, to gain and escalate privileges within the network.
2018 : 2019
EY
Cyber Security Consultant - Penetration Tester
Maintained, supported, and improved the features and capabilities of the automation framework for the testing of software products.
Setup and managed authentication services for internal sites and services.
Maintained and developed an internal portal that manages requests to build and test products.
Conducted integrated testing of Self Service Password Reset with other internal products, directories, and databases.
Conducted Cross-Site Scripting attacks to verify XSS security flaws are fixed.
2016 : 2018
Micro Focus
Software Engineering Intern
Trained separate groups based on their needs and progress. Taught to the individuals needs to help build confidence, patience, teamwork skills, respect, discipline, and self-defense.
2015 : 2017
World Juntong Musul Federation
Martial Arts Instructor
Technical support for the department through my own initiative and improved processing by 300%.
Department beta-tester for Coligo.
Implemented changes that improved response time and request management.
Enhanced procedures that decreased the time to fulfill a request by 50%.
2014 : 2015
Brigham Young University
Library Aide | Technical Specialist
Skills
Active Directory, Bash, Bootstrap, Burp Suite, CCSP, CSS, Cybersecurity, Django, eDirectory, EDR, Ethical Hacking, GCFE, Git, GPEN, Groovy, HTML5, Java, kali linux, Linux, metasploit, Nmap, OWASP, Panorama, Penetration Testing, PostgreSQL, Powershell, Python, Security Information and Event Management (SIEM), Splunk Enterprise Security, SQL, Suse, VBA, Vulnerability Assessment, Web Development, Windows, Windows Server, C, ASP.NET MVC, Microsoft Word, Microsoft Excel, Selenium, Test Automation, nessus
About
I love the world of Cyber Security. It's thrilling to find vulnerabilities in systems or applications and to exploit them to further access or gain access to valuable information. I believe ethical hackers are needed to secure our information and systems before they are accessed by malicious actors.
I love knowing that the work I do can make companies more secure as they learn how to better stop and detect intrusions, as well as how to better secure systems and applications before the attacks hit them. It feels great to know that changes that are implemented due to ethical hacking efforts are actively preventing malicious actors from extorting companies via malware/ransomware or stealing and selling the personal information of users.
Security Tools: Metasploit, Nessus, Burp Suite, Nmap, Kali Linux
Scripting: PowerShell, Bash, Python, Batch
Web Technologies: JavaScript, jQuery, JSON, HTML, CSS, Django, Mako
Directory Services: Active Directory, eDirectory
Databases: PostgreSQL, SQL Server, Access
Operating Systems: Windows 10, Windows 7, Kali Linux, SUSE Linux, Ubuntu, Windows Server
Programming: Python, VBA, SQL, Java, C#, Groovy
Profile Photo
