Brian D.
Education: University of Nebraska at Omaha
Experience:
* Correlate threat intelligence from a variety of free and paid/private sources
* Perform proof of concept tests on vulnerabilities in the environment to demonstrate weakness
* Work with the Incident Response / Blue Team to test their detection controls
* Configure, manage, and run the vulnerability management platform that scans the entire environment for vulnerabilities
* Run a monthly Patch and Vulnerability group meeting where we discuss our vulnerabilities, threats to the enterprise, and plan for remediation plans
* Utilize various tools such as Metasploit Pro to provide demonstrations to internal team members on how their resource could potentially be exploited and taken over to drive focused remediation efforts
2020 : Present
Mr. Cooper
Information Security Officer, Threat and Vulnerability Management
Responsible for designing and implementing NIST CSF based policies and standards. I work closely with the business, Information Technology and Information Security teams to help ensure that security and risk mitigation are part of various planning and decision-making processes.
2019 :
Mr. Cooper
Business Information Security Officer
Projects included building out a 10,000 sq. ft. PCI-DSS compliant ethernet and WiFi networks for a new concept dog spa, establishing a network security monitoring program and the design and installation of a cloud based security camera platform.
2018 : 2019
Independent Contractor
Network and Infrastructure Security Consultant
Acted as the central point of contact for information security related matters and championed cyber security throughout the organization. Primarily involved in the following activities :
* Vulnerability assessments, patching, and remediation
* Security awareness training and phishing testing
* Endpoint monitoring and incident response
* Third party vendor data privacy control reviews
* Assisted with security policy and procedures
* Reviewed login activity and high privilege service accounts for abnormalities
* Specialized end-user awareness training for sensitive departments and individuals
* Supported the infrastructure team with security related research requests
* Narrowly scoped penetration testing to validate vulnerability and patch remediation efforts
2017 : 2018
Homebridge Financial Services, Inc.
VP, Information Security
HomeBridge Financial Services acquired Prospect Mortgage in an asset acquisition in February 2017. A lot of what I did at HomeBridge, I was also doing at Prospect, with the addition of the items below.
* Drafted a new written Information Security program policy along with an acceptable use policy that was geared towards making the organization CIS 20 compliant with a goal to moving to NIST compliance.
* Worked with the identity access management group to define parameters for account abnormalities (aging, shared, needed to be de-provisioned, etc.) that would come up as exceptions that needed to be worked.
* Investigated and shut down an internal laptop theft ring.
* Audited the asset management process and made changes to stop excessive purchases and accurately track existing inventory.
* Designed, installed and managed the CCTV system.
* Monitored internal honeypot accounts and honey-person social media accounts for signs of abuse.
2016 : 2017
Prospect Mortgage, LLC
VP, Information Security Officer
Company: Mr. Cooper
Years of Experience: 15
One day as a kid I was handed a sheet of paper with a list of phone numbers on it. My friend told me that I could use the modem in my computer to dial-in to these services and connect with others. I was skeptical, but I went home to my Windows 3.1 desktop, fired up HyperTerminal and signed into my first BBS. That was the ignition switch for the passion in technology that I have today. I watched as BBS's turned into the walled gardens of Prodigy, Compuserve, AOL, Netcom, etc., and gave way to the internet as we know it today. Much has changed since then but the fundamental understanding of computer architecture, how different components work together, and how it can potentially be exploited, remains useful to this day.
The majority of my career was spent working with development teams on in-house software that ran the line(s) of business for the company and being the connection between the I.T. department and the rest of the company. I enjoyed working with stakeholders and end-users to improve software that thousands of users used to make it better, easier to use, and to provide decision makers the data and intelligence needed to run the business. Now, in Information Security, I work to protect the business by tireless searching for our weaknesses and working with various teams on remediation.