TOP TECHNICAL SKILLS
NETWORK SECURITY
NETWORK ENGINEERING
SASE, SSE & SD-WAN
SECURITY OPERATIONS
COMPLIANCE
EXPERIENCE
FORTINET
Consulting Systems Engineer | July 2024 – Present
Manager, Systems Engineering | June 2022 – June 2024
EVOCATIVE (FORMERLY VPLS)
SOC Manager & Head of Managed Security Services | Jan 2022 – June 2022
Senior Security Engineer | July 2020 – Dec 2021
Solutions Engineer | Nov 2018 – July 2020
FORTINET
Technical Account Manager | Sep 2018 – Nov 2018
Technical Support Engineer III | Feb 2018 – Sep 2018
Technical Support Engineer II | Mar 2017 – Feb 2018
Technical Support Engineer I | Sep 2015 – Mar 2017
GENERAL MOTORS
Data Center Network Engineer | June 2014 – Aug 2015
Network Operations (NOC) Engineer II | June 2013 – May 2014
CERTIFICATIONS
ISC2
FORTINET
CISCO
SECURITY BLUE TEAM
Let's collaborate
If you’d like to discuss an idea or project you are working on, have a question related to cybersecurity, or just want to connect over common interests, please reach out to me and get the conversation started.
PROJECTS
PATENT APPLICATION (2023)
- Conceptualized and developed initial patent idea, including detailed design and functionality specifications, with co-worker
- Patent idea focused on the topic of data loss prevention (DLP)
- Worked with patent attorney to elevate initial draft to standards required by USPTO
- Filed patent application 18/525,623 with the USPTO
VULNERABILITY DISCOVERY #3 (2022)
- Discovered and responsibly disclosed a Fortinet FortiWeb WAF medium severity improper certificate validation vulnerability (CVSSv3 of 5.4)
- Mitigation required new product feature: Validate HTTPS Origin Server Certificates
- Since this was an internal report, no CVE or public acknowledgement
- Tracked under FG-IR-22-383
VULNERABILITY DISCOVERY #2 (2021)
- Discovered and responsibly disclosed a Fortinet FortiGate firewall medium severity improper certificate validation vulnerability that became CVE-2021-41019
- This vulnerability is a continuation of CVE-2019-5591, which is one of the top routinely exploited vulnerabilities of 2021 according to CISA
- Fortinet acknowledges me in their official advisory FG-IR-21-974
OPEN SOURCE DEVELOPMENT (2019)
- Contributed to the open source firewall project OPNsense, which started as a fork of pfSense
- Used Git and GitHub to code collaboratively using modern software development methodologies
- Contributions were mainly in PHP:
- New Feature: Support ECC Certificate Creation
- Bug Fix: OpenVPN wizard server cert check
- New Feature: Added logging toggle for firewall rules
- Issue Report: Remove SHA1 as an option when creating certificates
VULNERABILITY DISCOVERY #1 (2019)
- Discovered and responsibly disclosed Fortinet FortiGate firewall medium severity bypass vulnerability (CVSSv3 of 5.0)
- This vulnerability allows an attacker to bypass FortiGate’s DNS filter by using DNS over HTTPS (DoH)
- Credit for the disclosure received in Fortinet KB article FD45370
- Tracked under FG-IR-19-127
PATCHBOX (2016)
- PatchBox, endorsed by the National Psoriasis Foundation, was a subscription box service my co-founder and I created to provide monthly non-prescription relief for psoriasis
- My co-founder and I bootstrapped PatchBox and were responsible for all aspects of the business until ultimately selling it via online auction
- Although the website is now gone, our archived interview with the National Psoriasis Foundation can be read here
TECHNICAL INSTRUCTOR (2015)
- Hired by the now-defunct ITT Technical Institute as an Adjunct Instructor, I taught a software development course on social networking on Saturdays for one semester
- I gave lectures, facilitated labs, conducted discussions, and assigned and graded assignments
- Students’ final project was building and hosting a blog using the WordPress platform that was required to interact with various social network APIs
