Jonathan is a curious security enthusiast, penetration tester, tinkerer, with over 20 years of technical experience. He has spent the last 9 years managing, securing, and breaking into network infrastructure, web applications, servers, and workstations.

Experience

LARESAdversarial Engineer

2023 — Now

NCC GroupSecurity Consultant

2022 — 2023

Terra Firma

Security Consultant at NCC

Five9Sr. Security Engineer

2018 — 2022

California, United States

Performs internal network and red team assessments against Active Directory & Azure AD infrastructure

Performs external network assessments against public, internet facing infrastructure

Led & Established Purple Team program, using ATT&CK framework, and Atomic Red Team as guidance, and a variety of tooling to accomplish desired efforts

Spearheaded Enterprise Deception initiatives using 3rd party service as well as organically designed methods within Active Directory infrastructure

Trains others on the team to teach them pentesting strategies and methodologies

Launched Web Application product Bug Bounty & Vulnerability Disclosure Program from the ground up

Collaborate with researchers and internal departments to facilitate vulnerability remediation, as well as Threat Modeling risks to ascertain true impact

privateCyber Security Consultant

2018 — 2018

remote

Technical consulting lead on multiple client engagements, across various industry verticals (medical, manufacturing, semiconductors)

Full technical scoping for each client to ensure target environment's hosts and applications were properly aligned with client objectives

Led complete build-out of tiered email phishing platform to facilitate social engineering campaigns against the client's employees

Internal and External vulnerability assessments, as well as penetration testing on Internal and External systems

Co-managed internal wireless assessment to provide baseline security perspectives and harden wireless infrastructure.

Conducted post-mortem briefings to facilitate client's understanding of risks and threats, and how to being vulnerability remediation in a prioritized approach

Chevron Federal Credit UnionInfoSec Engineer

2013 — 2018

Oakland

Introduced ATT&CK framework to assist in designing and implementing relevant Threat Detection content, aligned with TTP's, into SIEM configuration rules

Conducted network, system, and application vulnerability assessments using open source and commercial tools

Conducted quarterly phishing assessments to reduce "click rate", and drive Security Awareness efforts.

Participated in "Cyber Lunch & Learn" sessions at Chevron Corporate offices

Established, and assisted in maintaining visibility into security incident & alerting, network monitoring, capacity planning, and network security assessments using various commercial tooling

Led multi-datacenter firewall migration, followed by 6 month of security policy cleanup resulting in 65% overall reduction of rules

Introduced various Threat Prevention technologies: DNS Sinkhole, cloud-based malware sandboxing, Layer 7 Application/Content Inspection

Participated in ISC, FS-ISACA, & FBI-Infragard chapters

Education

University of South Alabama

Bachelor of Arts (B.A.)

John S. Shaw High

Experience+4

Education

Bachelor of Arts (B.A.)

Experience