Matt F.
Details
CyberSecurity
University of Central Missouri
2017 : 2019
System's Administration
Computer Systems Networking and Telecommunications
Longview Community College
2015 : 2017
Network Engineer and Architecture
Summit Tech
2015 : 2017
General
Raymore Peculiar High School
2013 : 2017
Securian Financial
Information Security Consultant
2021 : 2022
Rx Savings Solutions
Application Security Engineer
Conduct static/dynamic code analyses of .NET and Java applications using Fortify, WebInspect, and SonarQube
Work on improving the SSDLC by pushing security further left in the cycle by utilizing SonarQube and educating developers on proper best-practice standards
Conduct manual review of vulnerabilities identified in Java or .NET code by automated tools
Conduct Risk Assessments and create Risk Matrices for applications to ensure no risks are incurred by code/function changes
Create various Standard Operating Procedure documents including : WAF/firewall configuration, static/dynamic code scans, and vulnerability/risk assessments
Conduct Security Impact Analyses on applications to ensure no vulnerabilities are incurred by code/function changes
Examine Policy Exemption Waivers and determine recommendations for ISSPMs utilizing NIST 800-53/Department Regulations
2019 : 2021
SAIC
Cyber Security Analyst
Responsible for security operations across global offices on 3 continents
Automated OWASP ZAP scans via Jenkins and integrated it into CI/CD pipeline which resulted in over 1,000 security scans
Integrated OWASP Dependency Checking in the CI/CD pipeline to ensure the usage of secure services
Utilized the DREAD methodology to conduct Risk Assessments of potential threats to the organization/clients
Conducted Blue/Red Team exercises on websites and servers
Conducted Mobile Application security tests (Android + iOS)
Conducted network security scans via OpenVas/Qualys to confirm secure server deployments
Work directly with clients to define solutions for their business and technological needs
Established and managed communication channels between development, upper management, and the client
Interacted directly with developers to convey identified vulnerabilities and the appropriate remediation paths
Trained developers and system administrators on implementation of best practices and use of security tools to verify their implementation
Client list for security scans/testing includes : BoozAllen Hamilton, Honeywell, Ford, J.G. Wentworth, Electrolux, and United Rentals
2016 : 2019
VML
Application Security Analyst
Studied Network Administration
2015 : 2016
Summit Tech
Student
Skills
Amazon Web Services (AWS), Cloud Security, Information Security, Internet Protocol Suite (TCP/IP), Linux, Network Administration, Networking, Network Security, NIST, Security, Solution Architecture, Web Application Security
About
I have worked with web/application servers, mobile applications, and cloud infrastructure (primarily AWS and Terraform). I have implemented automated security scanning in multiple CI/CD pipelines (including Jenkins, GitHub, and BitBucket) while also establishing policies and procedures for web and mobile security testing, PCI/SOC 2/HIPAA compliance (whether it's reporting/logging/self-attestation certification), incident responses, risk/vulnerability assessments, secure architecture reviews, and data classification for sensitive systems.
I spent half of my career in a direct client-facing role and have had continued success communicating technical issues in layman’s terms to the Business to facilitate funding and resourcing needs while ensuring minimal impact to standard Business operations. I have founded one Application Security Department from the ground up and am looking to utilize my experience to help a company excel while remaining on the frontier of the evolving landscape of threats.
Profile Photo
