Paul Kern

In theory, theory and practice are the same. In practice, they're not.

Sioux Falls, SD, United States

Details

Experience: 2022 : Present

South Dakota State University

Chief Information Security Officer

2019 : 2022

South Dakota Board of Regents

Network and Security Director

2019 : 2019

Meta Payment Systems

Security Operations Center Manager

I perform a number of IS Security tasks, including the planning, deployment and maintenance of a number of enterprise IS security tools that are used by the members of the IS Security team. These tools utilize a variety of different host operating systems, so I must work in various flavors of Windows and Linux environments.

When I am not engineering security tools, I can sometimes be found performing automatic and manual vulnerability assessments of web applications and web services, workstations, servers, and network equipment. This work requires me to work with various teams in our organization to ensure that any vulnerabilities that are identified are promptly remediated.

Lastly, my job also entails a variety of blue team response duties, but as a third tier responder. When asked, I help support and mentor the first tier analysts as they respond to incidents, and I offer guidance when asked. When incidents are escalated to my level, I examine the attack vector and perform the proper analysis.

2015 : 2019

Meta Payment Systems

Security Analyst III

I worked with the system security officer maintaining, developing, and reviewing compliance with security plans, policies and procedures for the Board of Regents system. I also helped manage the regental system's LAN and WAN and was responsible for networking security. Additionally, I worked with the system security officer to oversee and maintain standard security implementations at all regental sites. We evaluated these implementations at each campus on a yearly basis, and we worked with outside QSA firms to verify that each site's security met the standards that have been established in the PCI-DSS.

Additional job functions included compiling security reports, analyzing and reporting breaches of security, firewall management, network equipment management, project planning and vendor/product evaluation. Other duties included vulnerability scanning, network penetration testing, web application penetration testing, wireless surveys, SIEM management, development of internal policy and procedure, risk assessment, presenting information internally as well as publicly, and event planning.

2012 : 2015

South Dakota Board of Regents (RIS)

Associate Security Officer

Company: South Dakota State University

About

I am passionate about information security. Does that sound weird? Some people are passionate about hunting or football, or maybe even the Godfather movie series. Me? I like InfoSec.

Now, this is not to say that I am a genius hacker, or that I have tons and tons of cool experiences that I can share with you. That would be an untrue statement, and I don't want to mislead. However, penetration testing, risk analysis, defense-in-depth... these are all things that I like to study and practice. Some people like to take trips to Jamaica in February. Me? I prefer SANS events. As for online entertainment, give me the webcasts from Security Weekly over WatchMojo.com any day.

What I'm saying - if I am saying anything at all - is that I am an eager consumer of all things related to information security. I can't learn enough, and I never seem to get bored with it. The biggest problem I have is that I don't have enough time to learn it all... to perfect every technique... to understand every exploit. That is the most exciting and yet most frustrating part of my career.