My Career

This is the short “resume” version. For the longer “story” version, see here: My Story

Surescripts (2019 – Present)

Senior Information Security Testing Analyst (March 2021 – Present)

My duties as a Senior include those below, and expanded in scope and responsibility to also include:

  • Leadership
    • Provide mentorship to non-Senior penetration tester
    • Penetration testing project management
    • Third-party penetration testing vendor interfacing
    • Act as subject matter expert during security incidents
    • Ownership of the Security Champions program
  • Product Security
    • Participate in code review of vulnerabilities reported in SAST platform
    • Advise on vulnerability remediation and best practices
    • Perform validation of remediated vulnerabilities
    • Increase product testing coverage through streamlined onboarding
  • Engineering
    • Improve XSOAR playbooks and Splunk alerting
    • Oversee migration to Google SecOps
    • Automate Jira workflows to increase productivity

Position Highlights:

  • Improved relations between Security and Development departments. This may be the highlight of my entire career. When I first came to Surescripts, there was tension between the Development and Security departments. We were seen as being the Department of No, and a source of additional work. Through my years of positive relationship building, developers now feel comfortable proactively reaching out with security questions. This has increased cooperation, reduced conflict, and overall improved the culture and security of the organization.
  • Technical resource for QHIN designation process. From September 2024 through March 2025 I acted as a key technical resource for achieving the Qualified Health Information Network designation from TEFCA. I oversaw the requirements to have a third-party penetration test and an internal vulnerability scan, as well as the remediation of key findings. I automated the generation of Jira work items for these to streamline the process between departments.
  • XSOAR and SecOps automation. I assisted our Incident Response team by fixing issues in our XSOAR deployment, and by designing a new Detection-as-Code workflow for managing our SecOps platform. I provided mentorship and technical expertise during the migration process.
  • Workflow and process improvement. Several processes were either undefined or in need of review. I formalized these in documentation and, where appropriate, created Jira workflows to reduce confusion and increase time to resolution. These included automation steps to gather and parse data, inform key stakeholders, and manage transitions between task statuses.

Information Security Testing Analyst (November 2019 – March 2021)

As a testing analyst (penetration tester) my duties primarily include performing penetration testing of web and API applications handling PHI in accordance with HIPAA requirements.

RedTeam Security (2018 – 2019)

Security Consultant (July 2018 – November 2019)

My primary focus was performing penetration testing across diverse client environments. This included web, API, internal network, external, wireless, social engineering, and physical testing. Original research, tool development, technical blog post writing, and pre-sales calls were performed as part of these duties.

In addition, I acted as a mix of developer, sysadmin, and operations internally by:

  • maintaining and automating our internal testing and interview environments
  • further developing our existing in-house reporting automation platform

Position Highlights:

  • Discovered three separate vulnerabilities in a single functionality. In one application’s RSS-based news feed functionality, I discovered persistent XSS, timing-based internal network discovery via SSRF, and XXE file exfiltration leading to SMB credential harvesting.
  • Invited for discussion with new owner post-exit. After my departure and the company’s acquisition, I was asked to lunch by the new owner to provide my insight and recommendations for the company. We discussed a paid consulting position to maintain the systems I developed, which I ultimately declined.

Nagios (2013 – 2018)

Operations Engineer (August 2017 – July 2018)

In my operation engineering role, my tasks primarily focused on business improvement such as:

  • Automating key processes for the Sales team
  • Hosting weekly “Lunch and Learn” training sessions across teams
  • Actively assisted in development and sales activities

I continued to serve as the security SME. In addition, I acted as the Support Lead, continuing to assist with escalated tickets and provide mentorship and leadership to the Support Team.

Position Highlights:

  • Automation of renewal reminder emails. I increased annual renewal revenue by approximately 8% by sending renewal reminder emails to customers 60 days before their licenses were set to expire.
  • Creation of https://www.nagios.com/find-a-partner/. I created a management backend and display frontend for listing official resellers. Previously this was a manual process which required the Sales team to edit HTML by hand.
  • Bug and feature backlog trimming. I lead a cross-functional effort to reduce a backlog of bug reports and feature requests from over 3,000 to under 500. This effort included myself, the lead developer, and a lead Sales technician reviewing each item over a period of a week.

Support Manager (February 2015 – August 2017)

While managing the Support Team, my duties included those below, plus:

  • Interview, hire, and train new employees
  • Create official training materials for staff and customers
  • Handle escalated customer support tickets
  • Improve internal processes and procedures
  • Conduct performance reviews and allocate bonuses
  • Create and review team performance metrics
  • Liaison with Development, Sales, and Marketing teams
  • Act as security SME, handling security@ email submissions

Position Highlights:

  • Automation of manual QA processes. I converted our manual, whiteboard-based QA process into a fully-automated end-to-end pipeline. Using Jenkins, Docker, Ansible, Testcafe, and custom scripts, I automated the entire process from VM provisioning, software deployment and configuration, baseline testing, functional testing, and UI testing.
  • Training of 20 interns during our internship program. I spent several weeks providing hands-on training and career coaching to 20 interns, focusing on technical skills and customer support. Many of these interns we would later hire on as full-time employees.
  • Creation of https://repo.nagios.com/. I created the site and automated the generation of both RPM and DEB packages for installation of our commercial software.
  • Acted as security SME. I was the point of contact for all emails to the security@ address, triaging and managing the validation and remediation of all reported vulnerabilities. In addition, I personally discovered and reported or fixed over a dozen vulnerabilities.

Support Technician (September 2013 – February 2015)

As a support technician, my day-to-day work consisted of:

  • Providing customer support across a variety of industry verticals
  • Reporting bugs and feature requests to developers
  • Documentation including
    • Support procedures
    • Troubleshooting
    • Performance tuning
  • Testing of new releases
  • Developing new monitoring plugins
  • Performing “Quickstarts” for prospective customers

Position Highlights:

  • Providing extended support for disaster scenario. A client called in near EOD stating that their primary datacenter had suffered a total loss in a fire. I stayed on the line with them for three hours to ensure that they had a fully functional monitoring setup in their failover environment.
  • Providing multi-lingual support for Spanish-speaking clients. Several clients either spoke Spanish exclusively or their English proficiency was low. My working proficiency in the Spanish language helped ensure they received proper support.

U.S. Internet (2012)

Systems Administrator (January 2012 – June 2012)

As a sysadmin, my day-to-day work consisted of handling tickets including:

  • Customer support escalations
  • System and workstation support
  • Datacenter hardware installation

Position Highlight: Handling the migration of 2,500+ configuration files from an obsolete monitoring platform to Nagios. Using custom Perl and Python scripts, I automated the configuration translation of configurations between the systems. I then manually configured the remaining items which were not directly mappable between systems, such as event handlers, notifications, and reports.

Education and Certifications

ISC2 Certified Information Systems Security Professional (CISSP) (2025)

I passed my CISSP exam in September and received formal acceptance in October.

GIAC Web Application Penetration Tester (2021, expired)

I passed my GIAC GWAPT exam in February 2021.

Century College (2009 – 2012)

Associates of Computer Forensics

Studies included filesystems, storage devices, data recovery, file identification, data collection, evidence handling, criminal law, system and network security, programming, and operating system fundamentals.

Extra-curriculars included volunteering in the free computer repair lab, and co-running the Hacking Club.

Miscellaneous

Freelance Work (2017 – Present)

I perform occasional penetration testing on nights and weekends as my schedule allows. This work is carefully selected by me and approved by my employer so as not to provide a conflict of interest.

DC612 Security Group (2016 – Present)

I run a security group called DC612, the DefCon Group local to the 612 area code. We cover a diverse range of topics in our monthly presentations and maintain an active Discord server.

Gray Duck DevOps, LLC (2017 – 2020)

In 2017, myself and a co-worker founded Gray Duck DevOps in order to provide automation consulting to the Twin Cities. The LLC was amicably dissolved in 2020 due to conflicting priorities with both parties.