Profiles search

Robert Orr

Lead Information Security Engineer at Appian Corporation (full-time), Founder and Principal at Capital Security Services (part-time)
Ft. Washington, MD, United States
Details

Education: Graduate Certificate in Cybersecurity Engineering, with Honors



SANS Technology Institute

2019 : 2022

Postgraduate Certificate

Design Thinking for Strategic Innovation

Stanford University

2015 : 2016

Master of Science - MS

Computer Science

Georgia Institute of Technology

1996 : 2002

Bachelor of Arts with Honors

Physics

Oberlin College

1989 : 1991

Associate of Arts with High Honors

Physical Science

Long Beach City College

1986 : 1989

Experience: • Leading effort to implement Zero Trust security model across all Appian environments.

• Helped lead Security Engineering team in developing custom security detections, used by Security Operations team.

• Implementing Okta SSO system for access to department resources, including using Okta Identity Engine to integrate with CrowdStrike EDR to assess endpoint security posture.

• Working with department leadership to define strategic goals and roadmaps.

• Working with vendors and VARs to acquire and support various security-related products.

• Led maturation of software engineering practices on Security Engineering team.

• Created training program for onboarding recent hires onto Security Engineering team.

• Mentoring junior engineers.

• Attended various security conferences and events, e.g., SANS events, Security BSides, and OWASP events.

• Leader in Infosec Chapter learning group. Studied web app security (among other topics) using Kali Linux, DVWA, and various CTF platforms.

• Extensively involved in team recruiting.

2022 : Present

Appian Corporation

Lead Information Security Engineer

2023 :

Capital Security Services

Founder and Principal

• Led effort to implement Zero Trust security model across all Appian environments.

• Helped lead Security Engineering team in developing custom security detections, used by Security Operations team.

• Implemented Okta SSO system for access to department resources, including using Okta Identity Engine to integrate with CrowdStrike EDR to assess endpoint security posture.

• Designed and implemented high-availability HashiCorp Vault cluster for secrets and access management. Hardened deployment against vulnerabilities. Deployed on Amazon Web Services (AWS) platform, managed with Terraform.

• Using Vault, created system to use permissioned PKI certificates to enable secure SSH to sensitive endpoints. Used Terraform, Ansible, and Bash scripting.

• Created system to scan GitHub repositories for secrets (e.g., API keys, AWS credentials, passwords), and worked with code owners to remove found secrets. Used Groovy, Bash, Docker, and Jenkins.

• Remediated public data exposure in enterprise Google Calendars. Used Python and Google Cloud Platform (GCP) APIs.

• Managed AWS VPC resources with Terraform infrastructure-as-code (IaC).

• Loaned to Engineering department to work with teams in securely implementing Kubernetes-based cloud-native platform for Appian customers.

• Helped investigate security alerts using AlertLogic SIEM, ExtraHop, CrowdStrike, and AWS Security Hub and GuardDuty.

• Worked with department leadership to define strategic goals and roadmaps.

• Worked with vendors and VARs to acquire and support various security-related products.

• Led maturation of software engineering practices on Security Engineering team.

• Mentored junior engineers.

• Attended various security conferences and events, e.g., SANS events, Security BSides, and OWASP events.

• Leader in Infosec Chapter learning group. Studied web app security (among other topics) using Kali Linux, DVWA, and various CTF platforms.

• Extensively involved in team recruiting.

2018 : 2022

Appian Corporation

Senior Information Security Engineer

• Worked on enterprise-wide CI/CD infrastructure and DevOps systems.

• Designed scheme for automated storage and retrieval of secrets using Hashicorp Vault.

• Created system for automatically updating Docker containers used for automated testing with latest version of Firefox browser.

• Created department-wide Git hooks framework for code linting and auto-formatting.

• Wrote Ansible scripts for managing Mac mini build cluster.

• Maintained and modified department-wide Gradle CI build system.

• Streamlined Webpack configurations for JavaScript build system.

• Helped implement Android testing system using Google Cloud Platform Firebase framework.

• Used Grafana to track build metrics.

• Led squad Kanban standup meetings.

2017 : 2018

Appian Corporation

Software Engineer

DevOps and IT infrastructure consulting

2022 : 2023

Cogito Consulting LLC

Founder and Principal

Company: Appian Corporation

Years of Experience: 31

Spoken Language: English, German, Spanish

Skills Agile Methodologies, amazon web services (aws), Ansible, arcgis, build automation, c, C++, Cloud Computing, computer science, concurrent programming, Continuous Integration and Continuous Delivery (CI/CD), Counter Surveillance, Cybersecurity, Design Patterns, DevSecOps, distributed systems, Ethical Hacking, git, GitOps, Google Cloud Platform (GCP), Gradle, Hashicorp Vault, Information Security, Information Security Engineering, Intelligence Community, Internet Protocol Suite (TCP/IP), IT Operations, Java, javascript, jenkins, JSON, Kali Linux, Linux, multithreaded application development, Network Security, Okta Single Sign-On, Penetration Testing, python, shell scripting, software design, software development, Software Engineering, sql, Strategic Planning, Technical Surveillance Counter Measures (TSCM), Terraform, test driven development, user interface design, Vulnerability Assessment, Zero Trust Security Architecture, object oriented design, eclipse, XML, swing, ajax, tomcat, ant, subversion, paas, google app engine, Human Computer, user experience, Information, javafx, jfreechart, esri, Multithreaded, web development, servlets, html 5, jquery, spring, jsp development, parasoft c++test, checkstyle, findbugs, xunit, Agile Application, continuous integration, arduino, home automation, ts/sci clearance, human computer interaction, information visualization, agile application development, go, docker, kubernetes, cloud foundry, devops, scrum, jira, github, junit, node.js, express.js, react.js, mongodb, redis, xml schema definition (xsd), qt, intellij idea, appian
About Proven and multiply-certified security engineer, software engineer, and IT director with leadership experience, and over 25 years experience with many projects, languages, and technologies. Skills range across system design and implementation, strategic planning, security engineering, IT operations and planning, cloud computing, software design and programming, concurrent programming, devops, continuous integration and deployment, and user experience (UX) development and evaluation. Solid team contributor with project lead and project management experience.



• Certifications: GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), GIAC Security Essentials Certification (GSEC), Okta Certified Professional, HashiCorp Certified Vault Associate, HashiCorp Certified Terraform Associate, Sun Certified Java Programmer (SCJP)

• Languages: Python, Java, C++, C, Golang, shell scripting, JavaScript, Groovy, Ruby, SQL, XSD

• Cloud Services: Amazon Web Services (AWS) -- VPC, Route 53, Transit Gateway, EC2, IAM, Lambda, DynamoDB, S3, Glacier, ELB, SNS, SQS, ECR, ECS, CloudWatch, CloudTrail, Config, Systems Manager, GuardDuty, Detective, Inspector, Security Hub, Shield, WAF, Firewall Manager; Google Cloud Platform (GCP); DigitalOcean

• Technologies: Terraform, Ansible, Docker, Kubernetes, LMDB, JMS, Java threads, POSIX threads, Qt, PyQt, JavaFX, Swing, ESRI ArcObjects, ESRI ArcGIS, Microsoft COM, X-Midas, Linux, Unix

• Software Tools: Gradle, Jenkins, Git, Github, GitLab, SonarQube, Jira, Bugzilla, Trac, Ant, Checkstyle, FindBugs, Parasoft Cpptest, Cppcheck, JUnit, xUnit, IntelliJ IDEA, Eclipse, Visual Studio, VS Code

• Skills: Agile development (Kanban, Scrum), concurrent & multithreaded programming, design patterns, build & deployment automation, UI design & implementation, user experience (UX), information visualization, IoT and microcontroller programming & sensor interfacing