Profiles search

Brian D.

Information Security Officer, CTI and Vulnerability Management at Mr. Cooper
Dallas, TX, United States
Details

Education: University of Nebraska at Omaha

Experience: * Correlate threat intelligence from a variety of free and paid/private sources

* Perform proof of concept tests on vulnerabilities in the environment to demonstrate weakness

* Work with the Incident Response / Blue Team to test their detection controls

* Configure, manage, and run the vulnerability management platform that scans the entire environment for vulnerabilities

* Run a monthly Patch and Vulnerability group meeting where we discuss our vulnerabilities, threats to the enterprise, and plan for remediation plans

* Utilize various tools such as Metasploit Pro to provide demonstrations to internal team members on how their resource could potentially be exploited and taken over to drive focused remediation efforts

2020 : Present

Mr. Cooper

Information Security Officer, Threat and Vulnerability Management

Responsible for designing and implementing NIST CSF based policies and standards. I work closely with the business, Information Technology and Information Security teams to help ensure that security and risk mitigation are part of various planning and decision-making processes.

2019 :

Mr. Cooper

Business Information Security Officer

Projects included building out a 10,000 sq. ft. PCI-DSS compliant ethernet and WiFi networks for a new concept dog spa, establishing a network security monitoring program and the design and installation of a cloud based security camera platform.

2018 : 2019

Independent Contractor

Network and Infrastructure Security Consultant

Acted as the central point of contact for information security related matters and championed cyber security throughout the organization. Primarily involved in the following activities :

* Vulnerability assessments, patching, and remediation

* Security awareness training and phishing testing

* Endpoint monitoring and incident response

* Third party vendor data privacy control reviews

* Assisted with security policy and procedures

* Reviewed login activity and high privilege service accounts for abnormalities

* Specialized end-user awareness training for sensitive departments and individuals

* Supported the infrastructure team with security related research requests

* Narrowly scoped penetration testing to validate vulnerability and patch remediation efforts

2017 : 2018

Homebridge Financial Services, Inc.

VP, Information Security

HomeBridge Financial Services acquired Prospect Mortgage in an asset acquisition in February 2017. A lot of what I did at HomeBridge, I was also doing at Prospect, with the addition of the items below.

* Drafted a new written Information Security program policy along with an acceptable use policy that was geared towards making the organization CIS 20 compliant with a goal to moving to NIST compliance.

* Worked with the identity access management group to define parameters for account abnormalities (aging, shared, needed to be de-provisioned, etc.) that would come up as exceptions that needed to be worked.

* Investigated and shut down an internal laptop theft ring.

* Audited the asset management process and made changes to stop excessive purchases and accurately track existing inventory.

* Designed, installed and managed the CCTV system.

* Monitored internal honeypot accounts and honey-person social media accounts for signs of abuse.

2016 : 2017

Prospect Mortgage, LLC

VP, Information Security Officer

Company: Mr. Cooper

Years of Experience: 15

Skills Analysis, banking, business analysis, business continuity planning, Business Development, business process improvement, cloud computing, computer security, contract negotiation, cross-functional team leadership, disaster recovery, Incident Response, Information Security, information security management, information technology, it business management, it business strategy, it governance, it strategy, Leadership, Management, networking, network security, Process Improvement, program management, project management, sales, sdlc, security incident response, start-ups, strategic planning, team building, training, vendor management, customer service, crm, budgets, operations management, software documentation, forecasting, new business development, project planning, competitive analysis, microsoft office, integration, migration projects, process migration, server migration, firewalls
About I took apart my toys (to the dismay of my parents) to see how they worked. They always got put back together but it was a gamble whether or not it would function as it previously did.



One day as a kid I was handed a sheet of paper with a list of phone numbers on it. My friend told me that I could use the modem in my computer to dial-in to these services and connect with others. I was skeptical, but I went home to my Windows 3.1 desktop, fired up HyperTerminal and signed into my first BBS. That was the ignition switch for the passion in technology that I have today. I watched as BBS's turned into the walled gardens of Prodigy, Compuserve, AOL, Netcom, etc., and gave way to the internet as we know it today. Much has changed since then but the fundamental understanding of computer architecture, how different components work together, and how it can potentially be exploited, remains useful to this day.



The majority of my career was spent working with development teams on in-house software that ran the line(s) of business for the company and being the connection between the I.T. department and the rest of the company. I enjoyed working with stakeholders and end-users to improve software that thousands of users used to make it better, easier to use, and to provide decision makers the data and intelligence needed to run the business. Now, in Information Security, I work to protect the business by tireless searching for our weaknesses and working with various teams on remediation.