Director, Information Risk Management | Security Operations |Incident Response | Threat Intel @
The Coca-Cola Company
Senior Director -Securtiy Engineering Application and Infrastructure Penetration testing @ Equifax
Valdosta State University
Information Security Research, Architecture, Engineering and Analysis. Research into emerging threats, technology and privacy issues. Infrastructure and Web Application Penetration & Vulnerabiltiy Testing. Information Security Engineering and Development SDLC, Operational Security, Intrusion Detection, Malware Analysis, Incident Response, Vulnerability Life Cycle Management, Architecture, Risk Management, Security in SDLC, Audit, Forensics. Extensive and successful work with many types of
Information Security Research, Architecture, Engineering and Analysis. Research into emerging threats, technology and privacy issues. Infrastructure and Web Application Penetration & Vulnerabiltiy Testing. Information Security Engineering and Development SDLC, Operational Security, Intrusion Detection, Malware Analysis, Incident Response, Vulnerability Life Cycle Management, Architecture, Risk Management, Security in SDLC, Audit, Forensics. Extensive and successful work with many types of Audits such as PCI, FCRA, FFIEC, SAS-70, SOX, GLBA and HIPPA
Specialties: Architecture, Design, Implementation and Testing Security Infrastructure and Application security.
Web Application and Infrastructure Penetration Testing. Vulnerabiilty testing. Resolution and Remedation of various threats through engineering better software, implementing solutions early in Secure SDLC, improving process, and communication. Extensive experience with various Intrusion Prevention/Intrusion Detection Systems. Incident Response and Incident Handling. Web Application Firewalls and reverse proxies. Malware Research, Reverse Engineering and Investigation. Biometric/Physical Security. Multiple SIEM tools and anomaly detection. Social Engineering methods and techniques. Public Key Infrastructure & Cryptography. Maintainging firm grasp of the infosec security community, tools and methodology and consistent study of new technology and techniques.
"If at any time you become comfortable with your risk posture, you are no longer a target, you are a victim."
Senior Director, Security Engineering, Architecture and Implementation @ Senior Security Engineering, Architecture, Implementation, Leadership, Security Research and Development. Web Application and Infrastructure, Penetration testing, Threat modeling and Attack Surface reduction. Vulnerability and Exploit analysis, Static and Binary Source Code Analysis. Embeding and Integrating security deeper into SDLC. Research into new technologies for testable and repeatable assesment methodology. Remediation. Management of resources and processes. Risk and product advisements. From October 2011 to Present (4 years 3 months) Confidential Security Enterprises @ Web Application, Infrastructure and Physical SecurityTesting. Privacy and other concerns. From November 2007 to April 2013 (5 years 6 months) Penetration Tester (Consultant) @ --Infrastructure and Web Application Penetration Testing utilizing various tools and methodologies
--Routinely Reported Researched and Tested new vulnerabilities and Exploits
--Discovered, Researched, Analyzed and Reported Vulnerabilities and Malware
--Made all Security Architecture and Security Engineering decisions without direction.
--Tested current Web Application Firewall solutions, Researched, Architected, Engineered, and
--Risk reviews for production projects and worked with various teams to find acceptable solutions to meet business and security needs.
--Provide leadership and management of other security analysts to assist in creation of a working process while destroying an antiquated, misused and bloated process that reduced productivity.
--Architect, and Implement security controls related to HomeDepot.com >$1B and HomeDecorators.com >$650M. From August 2011 to September 2011 (2 months) Senior Security Engineer @ Event and Attack Analysis and Detection using Intrusion Detection/Intrusion Prevention Systems/HIDS: Sourcefire, Snort, Cisco, Cisco Wireless IPS, Tripwire; SIEM: Qradar, Command Center, Incident Response/Incident Handling; Multple WAF Solutions, Database Firewalls, Security Architecture,Penetration Testing: Many tools, methodologies and processes, PKI; Biometrics/Physical Security; Many Appliance based and Unix and Windows Based Security platforms and products. From August 2005 to July 2011 (6 years) Security Engineer @ Engineer and monitor, multiple SIEM tools, multiple WAF solutions, IPS/IDS solutions, PKI, SecureID, review and approve Change Control. Monitoring and operational Security. From August 2004 to June 2005 (11 months) Application Administrator @ Production Oracle and SQL DBA, Application Development, Implementation and Administration of Business critical applications From January 2002 to August 2004 (2 years 8 months) Systems Administrator @ Security Issue resolution, Forensics, Patch Management, Anti-Virus tool Admin. Physical server builds, OS build, config. Managed many OS and server platforms WebLogic, WebSphere, IIS etc. From May 2000 to 2002 (2 years) Web Support III @ . From September 1998 to 2000 (2 years)
David Screws is skilled in: Penetration Testing, Information Security, Security Architecture Design, Intrusion Detection, Security, Computer Security, Security Engineering, Malware Analysis, Computer Forensics, Web Application Firewall, Incident Response, Security Operations, IPS, Vulnerability Management, Infrastructure
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension