Robert Orr
Education:
Graduate Certificate in Cybersecurity Engineering, with Honors
SANS Technology Institute
2019 : 2022
Postgraduate Certificate
Design Thinking for Strategic Innovation
Stanford University
2015 : 2016
Master of Science - MS
Computer Science
Georgia Institute of Technology
1996 : 2002
Bachelor of Arts with Honors
Physics
Oberlin College
1989 : 1991
Associate of Arts with High Honors
Physical Science
Long Beach City College
1986 : 1989
Experience:
• Leading effort to implement Zero Trust security model across all Appian environments.
• Helped lead Security Engineering team in developing custom security detections, used by Security Operations team.
• Implementing Okta SSO system for access to department resources, including using Okta Identity Engine to integrate with CrowdStrike EDR to assess endpoint security posture.
• Working with department leadership to define strategic goals and roadmaps.
• Working with vendors and VARs to acquire and support various security-related products.
• Led maturation of software engineering practices on Security Engineering team.
• Created training program for onboarding recent hires onto Security Engineering team.
• Mentoring junior engineers.
• Attended various security conferences and events, e.g., SANS events, Security BSides, and OWASP events.
• Leader in Infosec Chapter learning group. Studied web app security (among other topics) using Kali Linux, DVWA, and various CTF platforms.
• Extensively involved in team recruiting.
2022 : Present
Appian Corporation
Lead Information Security Engineer
2023 :
Capital Security Services
Founder and Principal
• Led effort to implement Zero Trust security model across all Appian environments.
• Helped lead Security Engineering team in developing custom security detections, used by Security Operations team.
• Implemented Okta SSO system for access to department resources, including using Okta Identity Engine to integrate with CrowdStrike EDR to assess endpoint security posture.
• Designed and implemented high-availability HashiCorp Vault cluster for secrets and access management. Hardened deployment against vulnerabilities. Deployed on Amazon Web Services (AWS) platform, managed with Terraform.
• Using Vault, created system to use permissioned PKI certificates to enable secure SSH to sensitive endpoints. Used Terraform, Ansible, and Bash scripting.
• Created system to scan GitHub repositories for secrets (e.g., API keys, AWS credentials, passwords), and worked with code owners to remove found secrets. Used Groovy, Bash, Docker, and Jenkins.
• Remediated public data exposure in enterprise Google Calendars. Used Python and Google Cloud Platform (GCP) APIs.
• Managed AWS VPC resources with Terraform infrastructure-as-code (IaC).
• Loaned to Engineering department to work with teams in securely implementing Kubernetes-based cloud-native platform for Appian customers.
• Helped investigate security alerts using AlertLogic SIEM, ExtraHop, CrowdStrike, and AWS Security Hub and GuardDuty.
• Worked with department leadership to define strategic goals and roadmaps.
• Worked with vendors and VARs to acquire and support various security-related products.
• Led maturation of software engineering practices on Security Engineering team.
• Mentored junior engineers.
• Attended various security conferences and events, e.g., SANS events, Security BSides, and OWASP events.
• Leader in Infosec Chapter learning group. Studied web app security (among other topics) using Kali Linux, DVWA, and various CTF platforms.
• Extensively involved in team recruiting.
2018 : 2022
Appian Corporation
Senior Information Security Engineer
• Worked on enterprise-wide CI/CD infrastructure and DevOps systems.
• Designed scheme for automated storage and retrieval of secrets using Hashicorp Vault.
• Created system for automatically updating Docker containers used for automated testing with latest version of Firefox browser.
• Created department-wide Git hooks framework for code linting and auto-formatting.
• Wrote Ansible scripts for managing Mac mini build cluster.
• Maintained and modified department-wide Gradle CI build system.
• Streamlined Webpack configurations for JavaScript build system.
• Helped implement Android testing system using Google Cloud Platform Firebase framework.
• Used Grafana to track build metrics.
• Led squad Kanban standup meetings.
2017 : 2018
Appian Corporation
Software Engineer
DevOps and IT infrastructure consulting
2022 : 2023
Cogito Consulting LLC
Founder and Principal
Company: Appian Corporation
Years of Experience: 31
Spoken Language: English, German, Spanish
• Certifications: GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), GIAC Security Essentials Certification (GSEC), Okta Certified Professional, HashiCorp Certified Vault Associate, HashiCorp Certified Terraform Associate, Sun Certified Java Programmer (SCJP)
• Languages: Python, Java, C++, C, Golang, shell scripting, JavaScript, Groovy, Ruby, SQL, XSD
• Cloud Services: Amazon Web Services (AWS) -- VPC, Route 53, Transit Gateway, EC2, IAM, Lambda, DynamoDB, S3, Glacier, ELB, SNS, SQS, ECR, ECS, CloudWatch, CloudTrail, Config, Systems Manager, GuardDuty, Detective, Inspector, Security Hub, Shield, WAF, Firewall Manager; Google Cloud Platform (GCP); DigitalOcean
• Technologies: Terraform, Ansible, Docker, Kubernetes, LMDB, JMS, Java threads, POSIX threads, Qt, PyQt, JavaFX, Swing, ESRI ArcObjects, ESRI ArcGIS, Microsoft COM, X-Midas, Linux, Unix
• Software Tools: Gradle, Jenkins, Git, Github, GitLab, SonarQube, Jira, Bugzilla, Trac, Ant, Checkstyle, FindBugs, Parasoft Cpptest, Cppcheck, JUnit, xUnit, IntelliJ IDEA, Eclipse, Visual Studio, VS Code
• Skills: Agile development (Kanban, Scrum), concurrent & multithreaded programming, design patterns, build & deployment automation, UI design & implementation, user experience (UX), information visualization, IoT and microcontroller programming & sensor interfacing