Image of Tobias GCIH

Tobias GCIH

Sr. Penetration Tester Manager/ Incident Responder

Director, Penetration Testing Services at SecureIT

Leesburg, Virginia

Section title

Tobias GCIH's Email Addresses & Phone Numbers

Tobias GCIH's Work Experience

NeuStar, Inc.

Sr. Penetration Tester Manager/ Incident Responder

October 2013 to Present

Knowledge Consulting Group

Sr. Penetration Tester

April 2013 to October 2013

CollabNet, Inc.

Security Researcher

August 2013 to August 2013

Tobias GCIH's Education

SANS

Masters Information Security Engineering!

American Public University System

Information Security Computers

2007 to 2012

Western Governors University

Information Technology—Security Information Security

2011 to 2012

Tobias GCIH's Professional Skills Radar Chart

Based on our findings, Tobias GCIH is ...

Questioning
Expedient
Challenging

What's on Tobias GCIH's mind?

Based on our findings, Tobias GCIH is ...

47% Left Brained
53% Right Brained

Tobias GCIH's Estimated Salary Range

About Tobias GCIH's Current Company

NeuStar, Inc.

- Execute Penetration Tests against Big name services. - Manually assess Web Applications, Internal, and External networks - Advise as a technical Subject Matter Expert (SME) for all assessments - Create new attack techniques, training, documentation, scripts and tools for the team - Review customer security documentation to review control intention and execution shortfalls - Conduct Quarterly...

Frequently Asked Questions about Tobias GCIH

What company does Tobias GCIH work for?

Tobias GCIH works for NeuStar, Inc.


What is Tobias GCIH's role at NeuStar, Inc.?

Tobias GCIH is Sr. Penetration Tester Manager/ Incident Responder


What is Tobias GCIH's personal email address?

Tobias GCIH's personal email address is t****[email protected]


What is Tobias GCIH's business email address?

Tobias GCIH's business email addresses are not available


What is Tobias GCIH's Phone Number?

Tobias GCIH's phone (703) ***-*427


What industry does Tobias GCIH work in?

Tobias GCIH works in the Computer & Network Security industry.


About Tobias GCIH

📖 Summary

Tobias Mccurry is a Senior Penetration Tester Manager. He is a seasoned professional with systems and network administrator with extensive leading-edge IT knowledge and experience in delivering exceptional customer satisfaction and improving overall operations. He holds a Bachelor of Computer Science with a specialization in Information Systems Security from American Public University and holds numerous certifications, including GCIA, GXPN, GCFE, GWAPT, GCIH, GSNA, EMPAT(Mobile Application Penetration Tester), Security+, Project+, A+, and CIW Web Design Specialist. Always open to providing Penetration Testing/Security Consulting!Sr. Penetration Tester Manager/ Incident Responder @ - Execute Penetration Tests against Big name services. - Manually assess Web Applications, Internal, and External networks - Advise as a technical Subject Matter Expert (SME) for all assessments - Create new attack techniques, training, documentation, scripts and tools for the team - Review customer security documentation to review control intention and execution shortfalls - Conduct Quarterly Phishing Campaigns to test user awareness. - Manage Pentesting Portal Development, defining requirements, design, and testing. - Manage Risk management members to focus on key systems and ensure that priorities are assigned correctly. - Worked with internal development team to produce a java based tool to incorporate basic security testing into development lifecycle. - Gateway for all reports before customer delivery. - Mentor other team members to bridge communication and tradecraft to improve deliverable. - Test security control application and actual output verses desired output. - Validate subject to object based authentication and authorizations of business and mission systems. - Assess potential vulnerabilities and validated the presence within targets architecture. - Document qualitative risks associated with vulnerabilities discovered during assessment. - Produce Executive Summaries for Chief Suite (C-Suite) personnel. - Brief Chief Information Service Officer on status of on going penetration test. - Conduct briefings with business leadership to validate scope(s), objective(s) and desired results. - Depicted step-by-step exploitation of organization in a Security Posture and Analysis (SPA). - Findings scored by Damage, Reproducibility, Exploitability, Affected users, Discoverability (DREAD). - Produce a summary of findings and the affected locations, assets and or hosts. - Document Proofs of Concept that provided examples of exploitation. - Develop organizational specific mitigation plans for each finding. From October 2013 to Present (2 years 3 months) Sr. Penetration Tester @  Evaluated security posture of public and private sector organizations.  Completed manual Internal, External, Web Application, Social Engineering and Firewall Assessments.  Tested security control application and actual output verses desired output.  Validated subject to object based authentication and authorizations of business and mission systems.  Assessed potential vulnerabilities and validated the presence within targets architecture.  Documented qualitative risks associated with vulnerabilities discovered during assessment.  Produced Executive Summaries for Chief Suite (C-Suite) personnel.  Conducted briefings with business leadership to validate scope(s), objective(s) and desired results.  Depicted step-by-step exploitation of organization in a Security Posture and Analysis (SPA).  Findings scored by Damage, Reproducibility, Exploitability, Affected users, Discoverability (DREAD).  Produced a summary of findings and the affected locations, assets and or hosts.  Documented Proofs of Concept that provided examples of exploitation.  Developed organizational specific mitigation plans for each finding.  Utilized a variety of Penetration Testing and Vulnerability Analysis tools and methodologies.  Referenced findings with: – Open Web Application Security Project (OWASP) Top 10 Web Application Security Risks – OWASP Testing Guide (TG) identifiers – SysAdmin, Audit, Network, and Security (SANS) Top 25 Software Errors – Mitre Common Vulnerability and Exposures (CVE) trackers – Mitre Common Weaknesses Enumeration (CWE) designators – National Institute of Standards and Technology (NIST) Special Publications (SP) – Security Focus Bugtraq IDs (BID)  Vendor specific Knowledge Base (KB) and Security Bulletin (SB) identifiers From April 2013 to October 2013 (7 months) Security Researcher @ Discovered Zero-day in Collabnet software. Worked with Collabnet in a sandbox environment to recreate a working proof of concept. Helping lead to the development of an application-wide patch responsibility. https://ctf.open.collab.net/sf/go/artf7952 From August 2013 to August 2013 (1 month) Independant Security consultant @ Scanned, Identified, and reported on vulnerable computer systems within an organization. Demonstrated risk to clients of their company assets. Provided written reports that provided directions on how to mitigate risk to clients’ assets to ensure their ability to mitigate risk found during the assessment. Used tools like Nessus, metasploit, nmap, openvas, and other tools to provide an accurate picture to management on their current risk. Performed onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment. From January 2011 to June 2013 (2 years 6 months) Biloxi, Mississippi AreaNCOIC Digital Dashboard; Sharepoint administrator with SQL database @ Operated, maintained, troubleshoot, analyzed, and developed documentation for SharePoint site running custom web parts that keeps track of over 10,000 yearly Joint Expeditionary Tasking Airmen and their required training till they deployed. • Identified, mitigated, responded, evaluated, and proposed fix actions to possible and actual security incidents. • Obtained Certification and Accreditation (C&A) for this system using DoD Instruction 8500.2 under a Mandatory Access Control (MAC) III classification. • Identified key components and processes needed for the design of Secret Internet Protocol Router Network (SIPRNet) solution. • Consulted with management and supervisors, analyzed organizational business practices, processes, and procedures to identify those which can be improved or made more efficient through application of automated technology. Reviewed JET processes, consults with leadership and members to recommend areas of improvement in the form of information technology enhancement and/or product development and configuration. • Planned, designed, and developed overall functional systems requirements and specifications and implements new or modified systems. Participated in systems integration testing, analyzes results, modifies specifications, and resolves problems as they arise. • Developed and implements appropriate testing procedures for programs, systems, and software to ensure they satisfy and protect requirements. Tested deployed software and web parts to ensure they meet organizationally specific requirements. Worked with other applications developers to isolate and solve design problems during testing and implementation phases. Worked with developers to resolve issues or find alternate solutions. Consolidated the work of other specialists and prepares written reports of findings. • Investigated when problems occur; reviewed backup files and determined the fastest and best restoral method. From January 2011 to April 2013 (2 years 4 months) Online Mentor @ Review technical training data. Formulate questions that test understanding of provided training material. Meet deadlines to provide more avenues of knowledge comprehension. From 2012 to 2012 (less than a year) Cyber Systems Instructor - RF Systems @ Motivated, educated, trained, and developed young Airmen in preparation for transferring from being a student to being a valuable asset in the Air force. • Setup and designed a computerized testing lab that help test 4,000 student annually. • Preformed vulnerability assessment and established a patch management system. • Inventoried and identified missing Computer equipment, established a monthly room checkup to ensure no more items went missing. Saving the Air Force 4,000 in yearly replacement cost. • Developed training materials for new Airmen coming through the Cyber System course. • Identified and fixed all possible risk of the course not being able to start on time as projected. • Squadron Information Assurance Officer(IAO) • Setup and designed a computerized feedback survey that helped evaluate training provided to 1,000 students annually. • Co-Founded Augusta Linux User Group to help establish a knowledge base of common people sharing ideas and experiences for future endeavors. • Identified and fixed NAS Server vulnerabilities that put 8 Air Force Training courses at risk. • Led mobile training team to qualify Airmen with training needed to expertly do their jobs. From April 2006 to January 2011 (4 years 10 months) Computer Repair @ From 2006 to 2007 (1 year) Masters, Information Security Engineering! @ SANSInformation Security, Computers @ American Public University System From 2007 to 2012 Information Technology—Security, Information Security @ Western Governors University From 2011 to 2012 Electronics Enginnering, Electronics @ Florida State College at Jacksonville From 2002 to 2002 Electronics Engineering, Electronics @ Devry From 2000 to 2001 Frank H Peterson From 1996 to 2000 Tobias GCIH is skilled in: Incident Analysis, Pentesting, Database Administration, Database Management, VMware, Windows, Linux, Information Security Management, Wireless Security, Information Systems Development, Network Analysis, IT Audit, Security+, GCIH, GSNA


Tobias GCIH’s Personal Email Address, Business Email, and Phone Number

are curated by ContactOut on this page.

10x your recruitment & sales conversations

Contact over 200M professionals
instantly by email or phone. Reveal
personal & work email addresses, as
well as phone numbers accurately with
our ContactOut Chrome extension.

In a nutshell

Tobias GCIH's Personality Type

Introversion (I), Intuition (N), Thinking (T), Perceiving (P)

Average Tenure

1 year(s), 9 month(s)

Tobias GCIH's Willingness to Change Jobs

Unlikely

Likely

Open to opportunity?

There's 94% chance that Tobias GCIH is seeking for new opportunities

Engage candidates 10x faster

Enjoy unlimited access and discover candidates outside of LinkedIn

Trusted by 400K users from

76% of Fortune 500 companies

Microsoft Nestle PWC JP Morgan Merck Rackspace WarnerMedia Randstad Yelp Google

The most accurate data ever

CCPA Compliant
GDPA Aligned
150M Personal Emails
300M Work Emails
50M Direct Dials
200M Professional Profiles
30M Company Profiles

Hire Anyone, Anywhere
with ContactOut today

Making remote or global hires? We can help.

  • 50 contacts/month
  • Works on standard LinkedIn only
  • Work emails, personal emails, mobile numbers
* 1 user per company limit

No credit card required

Try ContactOut for Free