Rick Payne CISSP, RHCE
Details
Information Assurance and Cybersecurity
Capella University
2018 : 2020
Bachelor of Science (B.S.)
Engineering Technology - Information Systems Concentrations
Daytona State College
2008 : 2012
Associate of Arts (AA)
Daytona State College
2007 : 2012
Associate of Science (A.S.)
Computer Engineering
Daytona State College
2004 : 2007
RMS
Principal Information Security Engineer
Hands-on transformed the company’s image creation process by creating a global, multi-cloud,
heterogeneous, CICD Infrastructure / Security as Code solution.
o XXXX% production increase via infinitely scalable Azure DevOps build solution
▪ AzDO pipelines for Server 2012/2016/2019, CentOS 7/8, Ubuntu 18/20 across Azure,
VMware and AWS
o >90% acceleration in onboarding
o Matured service mgmt using GitHub
o Enabled self-service automation using GitHub triggers for
global build & distribution of >60 heterogeneous systems across 3 clouds in
<24h
o Enabled Environments as a Service using the TerraForm, Ansible, Packer (TAP) stack
o Facilitated cloud-native product onboarding
o Built and managed SLAs for >10 image/environment pipelines
o Created TerraForm AWS DR config
o Shifted secure config & vuln mgmt left
o Created Secure Application Mgmt framework
o Created a Blue / Green update process for Microk8s instances
o Fully abstracted secrets mgmt
o Reduced container size using multi-stage builds
o Optimized tri-cloud service spending
o Evaluated Snyk container CLI scanning & reporting, AWS ECR integration
o Optimized service code into build containers
o Built monthly operational framework
Expanded and matured the company’s vuln mgmt program by
o Building and operationalizing the people, process, and technology to create Patching as
a Service onboarding >5k heterogenous systems across 3 clouds
o Ensuring ISO 27001 compliance
o Strategically aligning patch delivery for >40 production environments saving ~240h/mo
o Creating a monthly operational framework to transition L3/L2 R&Rs to L1 teams
Cross-functional support & knowledge mgmt
o GitHub contributions : 287 – 30% commits, 16% PRs, 35% Issues, 19% Code review
o Cross-functional empowerment via 327p of runbooks with 359 sections, 70 wiki pages
o Topics include devsecops processes, EKS , EC2 containerization, Domain Controller CIS
Benchmark, Ansible pipelines, to Container Packet Captures and EC2 IR & Forensics
2019 :
RMS
Staff Security Engineer
Spearheaded the company’s foundational image creation process by
o Driving a 700% increase in production by transitioning manual builds to Infrastructure as Code using Azure DevOps + Packer pipelines for Azure 2012/2016, AWS 2016, Ubuntu18
o Reducing build times by 85%
o Creating reusable installation modules
o Enabling global distribution through Azure Shared Image Gallery (SIG), AWS Cross-region copy & account sharing, and VMware Content Library
o Building a container hardening pull/scan/review/promote process MVP through AzDO & Xray
Kickstarted the Vulnerability Management program by
o Creating a cross-functional monthly operational framework that defined the end-to-end process, down to keystroke-level procedures, for Security, Infra, and Cloud Ops
o Expanding BigFix coverage by 500% to Server 2008/2012/2016/2019, Ubuntu 18, CentOS 6/7, RHEL 6/7
o Automating BigFix agent installs and creating app deploy capabilities via Fixlets
o Implementing best practice optimizations
o Maturing vulnerability detection and remediation capabilities in Tenable
o Building an emergency patch mgmt. capability from a business-critical initiative that reduced vulnerabilities by 97.5%
o Initiating & centralizing the asset management initiative
Cross-functional support & knowledge management
o GitHub contributions : 113 – 94% commits, 4% PRs, 1% Issues, 1% Code review
o Cross-functional empowerment via 157p of runbooks with 215 sections, 44 wiki pages, and ongoing trainings sessions
o This content covered >200 unique topics from Azure DevOps agents/pipelines/jobs/stages/secrets, AWS AMIs/IAM/VPC/CloudTrail, Azure VMs, VMware vSphere templates, Docker, Microk8s, TerraForm, IBM QRadar, to Service Now tickets, GitHub coding practices and Jira case standards
o Disintegrated cross-functional roadblocks and boundaries by establishing key relationships with Cloud Operations, Infrastructure, SRE, and Dev teams
Led the company-wide endpoint security migration from Symantec to SentinelOne.
2018 : 2019
RMS
Senior Security Engineer
• Own and drive all aspects of Security, Privacy, and Operations for a FedRAMP Moderate (325 NIST 800-53r4 security controls) authorized SaaS hosted in AWS GovCloud
• Author and maintain a FedRAMP authorization package consisting of 20+ documents including Operations Management procedures, Contingency Plan, Risk Management Plan, Incident Response Plan
• Strategic relationship / partnership development with internal business partners, client product owners, client security ISSOs/SCAs/CISOs, security product vendors, Third-Party Assessment Organizations (3PAO), AWS
• Daily hands-on design, implement, review, manage, reverse engineer complex solutions traversing a wide range of technologies/skills : Infrastructure as Code, SSL certificates, git, VPN, Powershell, Bash, CMD, various AWS CLI and Console services, Windows task scheduling, cron scheduling, HIDS, AV, SIEM, Host-based firewall, Network ACLs, Security Groups, Routing Tables, 3-tier clustered app architecture
• Daily hands-on AWS core services : IAM, EC2, Auto Scaling, ELB, RDS, S3, EBS, Route 53, VPC, CloudWatch, CloudTrail
2015 : 2018
Avue Technologies Corporation
Chief Security Officer
• This position is the information security Subject Matter Expert (SME) for the company who was responsible for developing, implementing and monitoring a strategic, comprehensive DoD information security program to ISO 9000 and CMMI Level 3 standards that ensured complex simulation systems met DoD Information Assurance Certification and Accreditation Process (DIACAP) and DoD Risk Management Framework (RMF) requirements.
• Simultaneously managed 4 projects totaling over $150M, 3,500 computers, 5 operating systems, in 100+ locations globally to successful DoD Authorization to Operates (ATOs).
• Developed the concept and framework for the Security Maintenance Tool (SMT) to automate security deployments to 159 training simulators with 3780 Windows 7, RHEL 5, and Server 2008 computers.
• Created the System Security Engineering (SSE) department to 5 direct reports.
• Strategic proposal development, IMS planning, and cost estimation on projects averaging from 3600 – 14k+ man hours and ranging from 1-4 years in alignment with the SSE 2-year capacity plan.
• Propose, WBS, design, develop, automate, thoroughly document, implement, integrate, troubleshoot, verify, validate, train, maintain, and manage the security maintenance contract.
• Establish security strategies and roadmaps to align with business needs, programs, and opportunities.
• Establish the product vulnerability management plan using SCC, Tenable’s Security Center, and Nessus
2014 : 2015
Raydon Corporation
Information Security Architect
Skills
Agile Methodologies, Computer Hardware, DIACAP, DoD, Integration, Linux, Network Administration, Network Security, Program Management, Security, Security Technical Implementation Guides (STIGs), Software Documentation, Software Installation, System Administration, Systems Engineering, System Testing, Troubleshooting, Visio, Windows, Windows Server
About
I spent the last 16 years climbing the tech ladder from an Intern to a DevOps technician -> Security Analyst -> Architect -> CSO -> arriving in Silicon Valley, on promotion 11, as a cloud focused Principal Information Security Engineer. My foundation is standards-based and rooted in DevOps automation and Systems Security Engineering (SSE). This climb was facilitated through continuous educational activities including several college degrees(AA, AS, BS, MSc), professional certifications(CISSP, RHCE, RHCSA, AWS-CSA, Sec+), attending various conferences(Bsides, SANS) and workshops, and teaching cybersecurity at local schools(CyberPatriot) and colleges(CyberCamp). This background has molded a deeply technical, hands-on information security leader who can operate effectively in nearly every cybersecurity role. One who strives to maintain fluency in people, process, and technology in his daily routine by managing employee, internal business partner, and external client relationships, constantly improving and aligning business/security processes with the latest standards, and keeping the entire solution stack on the tech edge with a cloud and automation first mindset.
Security Speaks Podcast: https://www.buzzsprout.com/1312267/8296023-it-s-in-my-dna
DevSecOps Presentation - DevOps Exchange: https://github.com/rickpayne929/presentations/tree/master/dox
DevSecOps Presentation - ISC^2 Orlando Chapter: https://github.com/rickpayne929/presentations/tree/master/isc/2020
DevSecOps Presentation - BSides Orlando: https://github.com/rickpayne929/presentations/tree/master/bsides/2020
CyberCamp - Cloud Keynote, Container Keynote, Advanced Windows & Linux: https://github.com/rickpayne929/presentations/tree/master/cybercamp
7 year old Hack test - https://www.linkedin.com/pulse/how-hard-locally-hack-your-pc-laptop-so-easy-my-can-rick/
Profile Photo
