Joe Bagdon
验证专家 in Engineering
安全专家和开发人员
Joe是一位经验丰富的安全和基础设施工程专业人士,具有执行应用程序和网络评估的经验, 编写和执行策略, providing defense for an enterprise environment, 管理基础设施. 他对信息安全、信息技术、信息战有深入的了解. Joe是一个有能力的Python程序员,增加了自动化和集成,减少了工作量.
Portfolio
Experience
Availability
首选的环境
Linux、Cloudflare、亚马逊网络服务(AWS)、应用程序安全、Python、MacOS、Docker
最神奇的...
...我所做的是为美国陆军创建和教授第一个大学生网络战争训练(UNWT)课程.S. Air Force.
工作经验
首席渗透测试员
Kompleye
- 获得公司FedRAMP和CMMC渗透测试认证/资质.
- Created and maintained the penetration testing program for Kompleye. 从头开始构建这个程序, provided direct input into the sales channel, 并且在技术上完成了所有任务.
- Performed testing for companies of all sizes, from startups to Fortune 500s and almost every industry.
首席工程师
AgileSecOps
- 对策略、过程、遵从性计划和技术实现做出贡献. CISO as a service provided guidance and direction related to security, 牢记关键的业务目标.
- 开发Python和PowerShell脚本,将其他威胁情报产品集成到特定平台,并获得了RESTful api的丰富经验.
- Played a key role in vulnerability scanning and management, as well as penetration testing of infrastructure, mobile, 以及web应用程序.
部分CISO
BoostLingo,有限责任公司
- Assisted in developing policies and procedures for SOC2 and ISO 27001 certifications.
- 审查应用程序的漏洞,并向开发人员提出关于最佳补救措施的建议.
- Provided security representation of the company to clients. 已填妥的保安问卷, answered other client security-related questions, 与销售人员沟通.
安全顾问|安全工程师
Hearst
- 领导一个由8名工程师组成的团队,帮助公司整体降低风险. Performed thorough technical remediation of vulnerabilities.
- Collaborated with business units to assist in identifying and reducing risk. 执行渗透测试和源代码分析,并培训开发人员使用安全工具.
- 应用AWS最佳实践来修复复杂的多租户环境中的漏洞.
- 部署了带有Terraform的Azure Sentinel,并配置了规则/警报,以帮助公司满足HITRUST需求.
首席信息安全官
Kit公司
- Built the overall information security program for the company.
- Achieved SOC2, Type 2 Certification, and HIPAA合规.
- Recreated and redeployed applications into ECS and Fargate using Terraform, 提供硬, 增加安全, elasticity, 可再生环境.
信息安全高级经理
Copart
- Rebuilt the security team to operate efficiently, with the ability to detect threats and maintain company compliances such as PCI, SOC2, ISO 27001, and Safe Harbor for over 180 locations worldwide.
- Led recertification of PCI environment by collecting evidence, 建议更改, 纠正问题.
- 领导内部风险管理计划,将安全风险的所有权与适当的业务所有者绑定,并向c级管理人员提供风险概述.
- Installed Sumo Logic as the central syslog service and acted as the project lead, 转换老化的syslog和SIEM系统.
- Architected and deployed the intrusion detection systems and file integrity monitoring, 包括hid灯, NIDS, and FIM.
资讯保安经理
Think Finance
- Oversaw the daily operations of information security, networking, and telephony teams.
- 编写和维护政策和程序,以确保符合PCI和公司标准.
- Built and configured a central logging system based on Elasticsearch and Kibana.
- Converted all systems from traditional antivirus to Bit9 application whitelisting.
- Built and installed a network-based intrusion detection system.
- 为所有Linux服务器合并了SaltStack配置管理,并编写了自动遵守Internet安全中心基准的配置.
安全官
集会的软件
- 与客户沟通,回答与安全相关的问题,协调客户的安全测试.
- Composed and enforced the security and privacy policies.
- Oversaw all aspects of an eCommerce site's PCI compliance.
- 获得SaaS产品的FISMA NIST 800-53适度合规性,并保持ISO 270001合规性, 欧盟安全港, and HIPAA.
- 在公司和生产环境中部署了基于软管的入侵检测系统和基于网络的入侵检测系统.
- 在安全和运营职能上直接与运营管理员协作.
- 对公司提供的SaaS应用程序执行漏洞和渗透测试.
- 在与开发人员沟通解决安全问题的同时,进行定期的应用程序审查.
- 为生产环境编写灾难恢复策略,并担任公司灾难恢复文档的主要贡献者.
全球信息安全工程师
Prologis
- 提供公司安全方面的支持、指导、工程和管理.
- Built and replaced an aging network-based intrusion detection system.
- 识别和管理位于公司全球基础设施内的几个僵尸网络和其他恶意感染系统的清理工作.
- 安装了中央日志记录和报告功能,以支持安全和基础设施管理员.
Lead System, Network, and Security Engineer
卷须网络
- 评估信息技术控制和测试应用技术的合规性, 开发项目, 数据中心运营, security, and information technology-related work processes.
- Developed and maintained the processes to include the security incident response, 漏洞评估及扫描, 补丁管理, 安全度量和报告, 安全事件管理, 个人资料保护, 和加密.
- 通过识别不合规的领域和识别操作弱点来评估风险和内部操作控制, 效率低下, and issues.
- Performed penetration testing and vulnerability scans by utilizing BackTrack, Metasploit, Nessus, 开膛手约翰, Nikto, Nexpose, Burp Suite, and w3af.
Security and Operations Center Linux Administrator
DigitalGlobe
- Provided the security and administration support for Linux RHEL 5, Windows (XP, 2003, 7, 2008), Solaris 10, 和IRIX系统.
- 排除和解决基础设施组件和公司构建的专用软件应用程序的问题.
- Wrote scripts and programs to automate the monitoring and administration processes.
Intelligence and 网络安全 Administrator
U.S. Air Force
- Managed a development project team for network security attacks.
- 担任第一个空军本科网络战争课程的认证讲师和开发人员.
- 指导学生防御黑客技术和使用恶意软件, 用Ruby使用Linux主机, Python, shell脚本.
- Performed penetration testing with open source software such as NMAP, Nessus, 和Metasploit, and other malicious code found on the internet consisting of C++, Python, shell脚本.
Experience
不可阻挡的拒绝服务
DevSecOps冠军
从零到兼容- SOC 2,类型2
我带头完成了大部分的工作,日常操作几乎没有中断. Everything from policies to technical implementations was accomplished within 30 days. The auditor provided the SOC 2, Type 1 certification a week later. 监测期间没有发生任何事故,我们如期获得了SOC 2, Type 2.
认证
AWS商业专业
亚马逊网络服务
AWS专业技术人员
亚马逊网络服务
面向大众的编程(Python)
Coursera
An Introduction to Interactive Programming in Python (Part 1)
Coursera
Certified Information Systems Security Professional
International Information Systems Security Certification Consortium (ISC)2
GIAC认证事件处理员(GCIH)
Sans研究所
GIAC安全要件(GSEC)
SANS研究所
Skills
库/ api
Python API
Tools
AWS IAM, AWS Fargate, GitHub, Sumo Logic, SaltStack, Virtualenv, VMware, Amazon Elastic Container Service (Amazon ECS), Ansible, Terraform, Zed攻击代理(ZAP), 亚马逊防火墙, VPN, Metasploit, 亚马逊监测, Puppet, Nessus
Languages
Python, Bash Script, Python 3, PHP
Platforms
亚马逊网络服务(AWS), Amazon EC2, Docker, Linux, MacOS, Windows, AWS ALB, Burp Suite, Web, WordPress, Kubernetes, Azure, CrowdStrike
Paradigms
HIPAA合规, 渗透测试, Management, DevSecOps, DevOps
行业专业知识
网络安全, 网络安全, 安全咨询
Storage
Amazon S3 (AWS S3), Google Cloud, 数据库安全, WP Engine
Frameworks
Flask, React Native
Other
事件响应, 事件管理, 信息安全, Cloudflare, SOC 2, 漏洞评估, IT Audits, PCI DSS, PCI遵从性, 团队的领导, 基于主机的入侵防御, 入侵检测系统(IDS), 团队管理, HITRUST认证, Web应用程序安全, ISO 27001, 脆弱性管理, 风险管理, 数据丢失预防(DLP), Policy, 灾难恢复计划(DRP), Compliance, Training, 威胁情报, SIEM, Web Security, 云安全, PCI, IT Security, 安全审计, Security, SaaS, 系统管理, 系统级芯片(SoC), 业务连续性 & 灾难恢复(BCDR), 安全体系结构, 安全分析, 内容分发网络(CDN), Consulting, OWASP, 技术招聘, Interviewing, Cloud, CISSP, 脆弱性识别, 杀毒软件, IDS/IPS, SecOps, 移动安全, Certified Information Systems Security Professional, Automated Security Controls Assessment (ASCA), 基础设施, Security Information and Event Management (SIEM), AWS IAM身份中心, 事件处理, GitHub的行为, Firewalls, 技术培训, 入侵防御系统(IPS), App 保护, 移动设备管理(MDM), 端点检测和响应(EDR), CISO, Web应用防火墙(WAF), 军事行动, Hacking, 道德黑客, CI / CD管道, Architecture, NIST, 单点登录(SSO), 静态应用安全测试(SAST), 动态应用程序安全测试 (DAST), Data Privacy, GDPR, 任务分析, APIs, 源代码审查, 身份验证, 云架构, 安全工程, 数据治理, 数据保护, IT治理, 微软365, AWS VPN, Hardware, Networking, Networks, DevOps工程师, Monitoring, Teamwork, Okta, Group Policy, 威胁建模, OWASP Top 10, FedRAMP, 社会工程
如何使用Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
分享你的需求
选择你的才能
开始你的无风险人才试验
对顶尖人才的需求很大.
Start hiring