Sean Jackson
Information Security Analyst
- Orem,
- Utah,
- United States of America
Member Since: 2014/05/30
Top Skills:
Tech Certifications:
Provide a quick, creative biography in 140 characters or less.
More bio
Activity
Points this month0
Total points62,356
Professional Background
Information Security Analyst
Alliance Information Security
June 2014 – Present
Penetration testing, code reviews, security consulting, incident response consulting, audit compliance consulting. Providing security solutions and managed security monitoring.
Web Developer / Security Consultant
ShunkyDave Productions
August 2006 – June 2014
--------------------------
---- Penetration Testing ----
--------------------------
Feb 2014 - present (June 2014)
Conducted successful penetration testing and code reviews on behalf of:
High Bit Security, LLC
Link Mountain, LLC
Server Scan, LLC
--------------------------
---- Security Consulting ----
--------------------------
-- Usana Health Sciences, Apr 2014 - present (June 2014)
Incident management
Conducted automated scans of network
Assisted with Disaster Recovery planning
Advised on security interests / issues
-- TechMediaNetwork (now called Purch), Nov 2013 - Apr 2014
Incident management
Stood up an OSSEC –HIDS.
Setup a centralized logging system, aggregating data from 60+ hosts using syslog-ng and Splunk for a GUI.
Installed and configured Tripwire Enterprise and Tripwire Log Central.
Hardened RHL and CentOS servers.
-- 5th East Hall, Aug 2013
Stood up a Cisco firewall.
Stood up a corporate network and a wireless network for guests.
--------------------------
---- Web Development ----
--------------------------
-- Velosum, 2007
Developed a site based on a designer's vision, implementing a customer login and beginnings of a database.
---- Penetration Testing ----
--------------------------
Feb 2014 - present (June 2014)
Conducted successful penetration testing and code reviews on behalf of:
High Bit Security, LLC
Link Mountain, LLC
Server Scan, LLC
--------------------------
---- Security Consulting ----
--------------------------
-- Usana Health Sciences, Apr 2014 - present (June 2014)
Incident management
Conducted automated scans of network
Assisted with Disaster Recovery planning
Advised on security interests / issues
-- TechMediaNetwork (now called Purch), Nov 2013 - Apr 2014
Incident management
Stood up an OSSEC –HIDS.
Setup a centralized logging system, aggregating data from 60+ hosts using syslog-ng and Splunk for a GUI.
Installed and configured Tripwire Enterprise and Tripwire Log Central.
Hardened RHL and CentOS servers.
-- 5th East Hall, Aug 2013
Stood up a Cisco firewall.
Stood up a corporate network and a wireless network for guests.
--------------------------
---- Web Development ----
--------------------------
-- Velosum, 2007
Developed a site based on a designer's vision, implementing a customer login and beginnings of a database.
Security Engineer (GRC/Audit)
DigiCert, Inc.
July 2011 – December 2013
Reviewed all logs and anomalous behavior reports multiple times daily.
Conducted internal audits on policy compliance, asset management, and company-wide departmental business continuity needs.
An integral part of the Incident Response Team as head of the Cyber Incident Response Team, and advisor on the Management Incident Response Team.
Was responsible for production and maintenance of security policies and controls: Information Security Policy, Business Continuity Management Plan, Data Classification Policy, Visitor Access Policy, and ePolicies (acceptable use).
Scanned all user-machines for vulnerabilities with Qualys and Acunetix.
Performed gap analysis/audit to assess compliance with ISO 27001, ISO 27002, ISO 22301, OWASP Top 10, NIST 800-53, and SANS Top 20.
Performed social background checks on all new hires (Facebook, Twitter, LinkedIn, & Maltego searches)
Evaluated, deployed, and used Faronics AntiEx, Faronics AntiVirus, Faronics DeepFreeze, Bit9, and Symantec Ghost for endpoint security and imaging.
Administrator of video surveillance system (using Axis software and cameras).
Prepared and conducted company-wide and small-group training on security topics (social engineering, policy compliance, conference reporting).
Scoped and coordinated annual and bi-annual pentests (from 3rd party agencies).
Prepared and compiled evidences for successful WebTrust, WebTrust 2.0, and EHNAC accreditations.
Responsible for all user machine patching, utilizing Secunia and WSUS for all Microsoft and 3rd party patches.
“Gamified” security awareness training through a quiz system tied to account logins.
Maintained the Risk Registry through a confluence wiki.
Created and ran crypto games/puzzles for fun.
Held a Certificate Authority Trusted Role as Internal Auditor.
Conducted internal audits on policy compliance, asset management, and company-wide departmental business continuity needs.
An integral part of the Incident Response Team as head of the Cyber Incident Response Team, and advisor on the Management Incident Response Team.
Was responsible for production and maintenance of security policies and controls: Information Security Policy, Business Continuity Management Plan, Data Classification Policy, Visitor Access Policy, and ePolicies (acceptable use).
Scanned all user-machines for vulnerabilities with Qualys and Acunetix.
Performed gap analysis/audit to assess compliance with ISO 27001, ISO 27002, ISO 22301, OWASP Top 10, NIST 800-53, and SANS Top 20.
Performed social background checks on all new hires (Facebook, Twitter, LinkedIn, & Maltego searches)
Evaluated, deployed, and used Faronics AntiEx, Faronics AntiVirus, Faronics DeepFreeze, Bit9, and Symantec Ghost for endpoint security and imaging.
Administrator of video surveillance system (using Axis software and cameras).
Prepared and conducted company-wide and small-group training on security topics (social engineering, policy compliance, conference reporting).
Scoped and coordinated annual and bi-annual pentests (from 3rd party agencies).
Prepared and compiled evidences for successful WebTrust, WebTrust 2.0, and EHNAC accreditations.
Responsible for all user machine patching, utilizing Secunia and WSUS for all Microsoft and 3rd party patches.
“Gamified” security awareness training through a quiz system tied to account logins.
Maintained the Risk Registry through a confluence wiki.
Created and ran crypto games/puzzles for fun.
Held a Certificate Authority Trusted Role as Internal Auditor.
Web Developer
DigiCert, Inc.
July 2010 – July 2011
Maintaining the internal support portal and client-facing website.
Composer
ShunkyDave Music
August 2006 – January 2011
Writing, arranging, orchestrating, conducting, performing, recording music.
Manager, PHP Development
Heritage Web Solutions
March 2007 – July 2010
Responsible for all PHP- / DB- driven projects. Manage all developers, hire, fire, discipline, project assignment. Report to VPs, owners. Have created management infrastructure with 3 Administrative Assistants, 5 Project Managers (ad hoc).
Manager
Eagle Mountain Funding, LLC
December 2005 – December 2009
Dealing mainly with privately-held mortgage notes, but not afraid of a fix&flip or foreclosure investment. We can help with your investment decisions and might even pool your money with ours for better investment opportunities for both of us!
Real Estate Coach
Professional Marketing International
March 2005 – July 2006
Coached 70-80 clients at a time in half-hour phone sessions. Taught investment techniques, real estate strategies, etc.
Sales/Marketing
Professional Marketing International
January 2002 – March 2005
Aggressive phone sales.
Quality Assurance Engineer
Candesa
January 2001 – December 2001
Responsible for configuring Microsoft IIS servers, patching, backups
Maintained Staging and Live production environments for client websites
Implemented change management processes
Head of Quality Assurance / Testing and Usability for two years
Responsible for all test plans, test execution, bug reporting / tracking
Maintained Staging and Live production environments for client websites
Implemented change management processes
Head of Quality Assurance / Testing and Usability for two years
Responsible for all test plans, test execution, bug reporting / tracking
Web Developer
Candesa
May 1999 – January 2001
Developed client sites in HTML, JavaScript
Education
Brigham Young University
Bachelor of Music
Composition
1996 – 2000
Utah Valley University
Associate of Arts
Music (surprise!)
1993 – 1996
Full Biography
I'm a security engineer. In past lives I've developed web sites (PHP,SQL). I write music, I play music (keys).
Languages
English
Native or Bilingual Proficiency
German
Full Professional Proficiency
Level Progress
-
Overall5
-
Security3
-
Network Security3
-
OS Security2
-
Vulnerabilities2
-
Network Management1
-
SSL / HTTPS1
-
Exchange1
-
Encryption1
-
Web Development1
-
Active Directory1
-
Web Browsers1
-
Windows Server 20081
-
Consulting1
-
Software Firewalls1
-
Anti-Spyware1
-
Network Analysis1
-
WordPress1
-
Cyber Security1
-
Network Architecture1
-
ASP.NET1
-
Facebook1
-
HTML1
-
Microsoft SQL Server 20081
-
MySQL Server1
-
Office Productivity1
-
Social Networking1
-
Tax / Financial Software1
-
Web Development Software1