Senior Security Engineer @ Blue Coat Systems acquired by Symantec
Senior Security Engineer @ Heartflow, Inc
I am an information security professional championing Internet and product security for over 13 years. An expert at analyzing complex systems and articulating security vulnerabilities, I am adept at escalation handling and product-defect remediation. I have extensive experience in technical writing, including: worldwide publication of security bulletins, high-impact customer correspondence, technical defect descriptions, and product design/test
I am an information security professional championing Internet and product security for over 13 years. An expert at analyzing complex systems and articulating security vulnerabilities, I am adept at escalation handling and product-defect remediation. I have extensive experience in technical writing, including: worldwide publication of security bulletins, high-impact customer correspondence, technical defect descriptions, and product design/test plans.
In my work, I have evaluated a wide variety of products and services for security vulnerabilities. I identify or anticipate customers’ needs and expectations, then collaborate to deliver the exceptional. My experience spans government, academia, and corporations; I am comfortable liaising with any organization. I exercise confidentiality and discretion to deliver results without sacrificing an organization’s image or credibility.
Understand Security – Thorough understanding of data security and integrity; I’m able to establish methods, tools, and processes to keep security enforced throughout the business.
Establish Protocols – I work collaboratively with other stakeholders to establish, verify, and improve protocols and procedures; I champion acceptance by all involved. I socialize ideas and create buy-ins.
Inspire Teams – I organize ad-hoc or dedicated teams and provide leadership to drive their mission. I prefer to provide hands-on support and incentivize top-notch performers. I mentor team members and recognize or reward top performers.
Create Visibility - With dashboards and personal involvement, I communicate key security vulnerabilities and issues to decision makers. I collaborate with any internal or external entities that have a stake in the outcome.
Deliver Results – I understand what is expected and develop context in which work must be carried out. I establish clear accountabilities throughout the organization and deliver outcomes.
Sr. Infrastructure Security Engineer @ Comprehensive vulnerability management and information security support for global production infrastructure. From September 2013 to Present (2 years 4 months) Sr. Information Security Analyst @ Provide information security operational support and threat intelligence for corporate infrastructure. From April 2013 to June 2013 (3 months) Sr. Program Manager - Product Security @ Drive product security vulnerability cases to resolution, advocate for secure design philosophies throughout the organization.
The VMware Security Response Center (VSRC) was tasked with tracking vulnerabilities across all product lines and versions, but the existing bug database only allowed bugs to be assigned to engineers; it was difficult for VSRC staff to track complex cases and receive status updates. Leveraging my past experience, I suggested that we create a new bug category for security response. We instituted this “tracking bug” system and saw a dramatic improvement in our ability to track which bugs were resolved as well as detecting gaps in fix coverage. This concept was accepted by the staff and later incorporated into our new vulnerability handling system. From October 2011 to April 2013 (1 year 7 months) Software Engineer @ Conducted product security testing for internal engineering and development organizations.
Cisco’s product security knowledge and testing tools are well developed, but this expertise is not evenly distributed. Many engineers are either unaware of security issues or lack an understanding of their impact on product quality and customer confidence. In response, I prepared a training course that addresses security testing concepts, describes the secure development lifecycle, and introduces Cisco’s product security testing tools. This course is based on previous offerings as well as my own information security background and includes several hands-on lab exercises. I presented this course to 50 engineers over a two-day period as part of the largest internal security training event in Cisco history. From February 2008 to August 2011 (3 years 7 months) PSIRT Incident Manager @ Drive product security vulnerability cases to resolution, including internal queries, customer vulnerability reports, and customer support escalation requests.
A brand-new product was about to ship with a security defect that was uncovered just days prior and would have seriously undermined customer confidence. Collaborated with management, executives, and engineering to triage issue, resolve defect, verify fix, and publish results. Within just seven days, managed the incident to resolution and public disclosure, obviating the need to alert over 15,000 customers as required, thus saving costly fallout and bad customer relations. From March 2005 to February 2008 (3 years) Member of the Technical Staff @ Provided vulnerability handling and liaison service to a worldwide constituency.
Designed and implemented a comprehensive overhaul of e-mail messaging (over 250,000 annually) system to modernize a critical business function. Managed the transition from a single-threaded system that was bogged down by human limitations to one where approximately 80% of messages were automatically triaged; freed up the triage staff to focus more time on taking calls, creating cases, and searching for public intelligence sources. System was deployed over several months, contained 6,000 lines of code, and is responsible for servicing over 2,600 daily requests. From 2000 to 2005 (5 years) Test Engineer @ Performed protocol and object accuracy testing of SNMP agents for compliance with established RFC standards; tested 100BaseTX (Fast Ethernet) products for IEEE standards compliance. Collaborated with major network equipment vendors and enhanced the value of their products by improving interoperability and providing independent audits. From 1996 to 2000 (4 years)
B.S., Computer Science @ University of New Hampshire From 1996 to 2000 Jeff CISSP is skilled in: Computer Security, Network Security, Vulnerability Assessment, Security Awareness, Vulnerability Management, EMT, First Responder, AED, Excel, Word, Entourage, Linux, Mac OS X, Lotus Notes, LotusScript
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension