SUMMARY:
Web Security Engineer with experience in information security auditing, browser security, web development, and web application security. Specializes in: Facilitating corporate security program by developing and utilizing networking and security tools. Process improvement and automation of security audit tasks. Programming and scripting experience with Python, PHP, C, C++, Bash, and SQL. Comfortable developing on and securing Windows and UNIX platforms. Strengths: Application Penetration Testing, Security Code Review, LAMP web development and scripting, Linux system administration, public and private-key cryptography, excellent written and verbal communication, ability to work well independently and in team environments, commitment to high-quality work.
OBJECTIVE:
Continue to advance within the corporate Web Security industry while broadening and deepening my technical skill set. Hold positions that allow me to utilize my knowledge of computer security and programming as well as my strong communication and interpersonal skills.
WORK EXPERIENCE:
SECURITY PROGRAM MANAGER
| Mozilla Corporation - Mountain View, CA | 12/2007 - Present |
Member of the Mozilla Security Group. Help manage the vulnerability remediation process for the Mozilla codebase including bug triage and milestone tracking. Develop prototypes for next-generation browser security features. Perform web application security assessments for the Mozilla web properties. Perform security code reviews of suspicious Firefox add-ons. Implemented security feeds monitoring system to alert the Security Group of any Mozilla-related disclosures and vulnerabilities.
INFORMATION SECURITY ENGINEER
| eBay, Inc. - San Jose, CA | 9/2005 - 12/2007 |
Member of the Information Security Testing and Monitoring Team. Responsible for host-and-application level security for eBay Marketplaces and corporate network. Run weekly and quarterly scans for internal security (ISO 17799) and regulatory (Sarbanes-Oxley) compliance. Developed a process and supporting web application to facilitate the vendor security program. Perform periodic penetration tests and code audits of the Marketplaces websites to assess application level vulnerabilities. Developed Active Content Framework prototype allowing site users to safely include HTML and JavaScript in eBay web pages. Created RSS feeds monitoring system to alert Security team of pertinent disclosures and new vulnerabilities. Developed application to support internal vulnerability management. Project Management of outsourced security engagements. Winner of Information Security contest to discover the most application layer vulnerabilities in the eBay platform.
WEB DEVELOPER
| Webconsuls - Newport Beach, CA | 7/2004 - 8/2005 |
Develop creative websites for new clients including original design and content. Manage existing websites to keep content current. Optimize web pages to maintain top rankings on major search engines. Stay abreast of latest Internet trends and technologies and incorporate them in Internet marketing strategies. Keep clients' CGI scripts and software packages updated and free of security vulnerabilities.
WEBMASTER / ALUMNI TRACKING
| Sunrise Recovery Ranch - Riverside, CA | 7/2002 - 6/2005 |
Maintenance of company website. Increase monthly traffic and conversions through linking and Search Engine Optimization. Built and maintained database of former clients' contact information and periodically made contact calls for updates.
TECHNICAL SKILLS:
Platforms: Linux (Ubuntu, Fedora Core, Gentoo), Windows 95/98/NT/2000/XP, Mac OS X
Languages: Python, PHP, C, C++, Bash, HTML/XHTML, JavaScript, CSS, XML, SQL, LaTeX
Software: Nessus, Nmap, Wireshark, Paros Proxy, Apache, Sendmail, MySQL, Subversion, Tcpdump, SSH, GnuPG/PGP, QualysGuard, Photoshop, GIMP, MBSA
EDUCATION:
B.S. in Information Systems, University of California, Riverside, June 2005. GPA: 3.49.
Coursework: Computer Security, Software Engineering, Data Structures and Algorithms, Operating Systems, Networks, Database Management Systems, UNIX System Administration, Computational Geometry, Automata and Formal Languages, Artificial Intelligence
CERTIFICATIONS / TRAINING:
| CISSP | 5/2007 - Present |
Awarded Certified Information Systems Security Professional by (ISC)2 in May 2007.
| SANS - Audit 507 | 10/2005 |
Completed six-day training course on Auditing Networks, Perimeters & Systems
AFFILIATIONS:
| The Association for Computing Machinery, U.C. Riverside | 10/2003 - Present |
Participated in programming contests and social activities with computer science and engineering students and faculty. Took part in fundraising to create ACM Lab, a computer lab and lounge for students.
INTERESTS:
Swimming, Water Polo, Golf, Science Fiction Novels, Web Development, Web Application Security, Linux, MythTV, Artificial Intelligence, Search Engine Optimization
WEBSITES:
Personal Website:
http://brandon.sternefamily.net - informational site contains articles on personal interests and code samples.
Psychotherapist Website:
http://www.terryneifinglcsw.com - professional site for psychotherapist lists services provided and frequently asked questions about therapy. Top search engine rankings for "East Bay Psychotherapy" and other geographically-based search terms.
Standards-Based Grading Site:
http://www.gradetracker.org - Simple, easy-to-use set of tools allows teachers to track and report on their standards-based assignments.