Joseph Rach
验证专家 in Engineering
IT安全开发人员
Joseph是一名网络安全专业人士,他在保持技术网络安全领域的专业知识的同时,努力做到全面发展,并提供最佳的投资回报. 作为许多网络安全领域的大师,完全符合国防部(DoD) 8140和8570下所有类别和级别的IA工作人员的资格, he advocates team-based approaches and promotes knowledge-transferable, shared, and open-source-based methodologies whenever feasible.
Portfolio
Experience
Availability
首选的环境
Linux、Office 365、Amazon Web Services (AWS)、Firefox、Vi、Bash、pfSence、Suricata、Python、C语言
最神奇的...
...tool I've developed is a tool blending heuristics, fuzzy logic, 机器学习, and direct behavioral observation to discover IoT devices and systems.
工作经验
Product Security Officer, Cybersecurity Engineer, Consultant, President, Owner
红隼信息安全
- Performed as an accomplished and hands-on cybersecurity practitioner, leader, team builder, and problem solver related to ever-evolving 物联网(IoT).
- Accumulated a wide breadth and depth of experience, knowledge, and capabilities.
- 管理嵌入式系统、基础设施、web和移动应用程序安全评估.
- Developed a second complementary concentration in digital forensics, 恶意软件分析, 和调查.
- Strengthened systems development, governance, and lifecycle management.
- 设计、创建和管理实际和可持续的网络安全团队实践.
- Built and implemented new innovative cybersecurity capabilities.
- Led rapid development and zero-day bug discovery, an IoT specialty.
- Automated red-team, simulated malware, and toolsmith cybersecurity.
- Delivered exceptional quality at a competitive value.
网络安全指导
新泽西理工学院
- Led as the cybersecurity instructor for the 新泽西理工学院.
- Delivered various technology courses in a synchronous, virtual classroom environment as an adjunct instructor. My concentration and area of specialty are the cybersecurity offerings.
- Worked in offensive security ethical hacking, digital forensics incident response and threat hunting, 网络安全中的博弈论策略, Python的安全性, 网络基础设施及科技, 网络安全, 和CyWar网络竞技场.
Security Assessment Manager and Lead Penetration Tester
红隼信息安全
- Designed, managed, and conducted processes in secure systems development, governance, 并且管理生命周期开始并完成一个全球性的组织整合.
- Conducted and reported on security assurance review and testing. Generally performed and managed testing as a customized combination of white, gray, 并为黑盒测试提供实用性, 有效的商业价值.
- 测试和合并性能和可用性需求,同时遵循产品安全测试的负责任的披露原则.
信息安全 Mananger and Lead Penetration Tester
红隼信息安全
- Managed, led, and completed numerous security projects in security management, 渗透测试, security audit, 安全咨询服务.
- 协助几, often global, 组织与信息安全和信息保障计划的发展和成熟.
- 进行安全研发, invested in developing cybersecurity capabilities, and crafted cyber tools to enable my peers further.
Experience
Aplomado工具包
http://www.aplomadotoolkit.org定制Linux, 加载了在构建时验证正确操作和配置的工具. A new tool called Aplomado Hunter™ blends heuristics, fuzzy logic, 机器学习, 指导行为观察,发现和报告基于网络的物联网设备和系统.
Features
•数小时的免费在线教育材料.
•一个开放的博客供社区分享.
•永远开放,永远免费.
在由CERT主办的医疗保健网络安全研讨会上介绍嵌入式系统开发
提出了黑客攻击! 你的运气什么时候会用完? and Panelist | Dulles Regional Chamber of Commerce
杜勒斯地区商会是商业领袖合作设计的创新门户, develop, 并分享想法,使杜勒斯地区成为商业和社区发展的中心.
Techtalk |渗透测试蜂窝
Often security models of products generalize the mechanisms used for communications. This can cause designs to become reliant on assumed security features, 细胞也不能幸免.
渗透测试
http://www.kestrelinfosecurity.com/services.html产品安全评估
http://www.kestrelinfosecurity.com/services.html安全开发生命周期(SDLC)
http://www.kestrelinfosecurity.com/services.html智能互联电梯产品
责任
•进行风险评估,并为减轻潜在威胁和漏洞提供建议.
•开发并实施智能互联电梯产品的安全架构和设计模式.
•与跨职能团队紧密合作, 包括工程, 产品管理, 质量保证, to ensure security was embedded into all the stages of the development lifecycle.
•进行安全测试,验证产品安全措施的有效性.
•了解最新的安全威胁和趋势,并评估其对智能互联电梯产品的影响.
为其他团队成员提供有关安全最佳实践的指导和培训,并确保他们遵守安全政策和程序.
• Managed security incidents and responded to them in a timely and effective manner.
• Participated in security audits and compliance reviews.
Smart Connected Transportation Refrigeration
责任
•开发和实施连接到智能网络的运输制冷产品的安全措施.
•对运输制冷产品进行安全评估,以识别漏洞和潜在威胁.
•与跨职能团队合作, 包括开发人员, engineers, 项目经理, to ensure that security was integrated into the development and operations processes.
• Provided guidance and expertise on secure coding practices, 威胁建模, 安全的设计原则.
•确保公司运输制冷产品符合相关行业标准和法规, including NIST, ISO, IEC, and others.
• Maintained up-to-date knowledge of security technologies, trends, and practices.
工业机器监控
责任
•开发和维护我们的工业机器远程监控和GPS跟踪产品的安全架构.
•与开发团队合作,确保我们的产品通过设计和实施安全编码实践是安全的.
•定期进行渗透测试,以识别和解决我们产品中的任何漏洞.
•实施安全措施以保护客户数据,并确保其符合行业标准.
•掌握最新的安全威胁和趋势,并相应地调整我们的安全措施.
•与客户和合作伙伴合作,确保我们的产品与他们的安全措施无缝集成.
• Provided guidance and training to the development team on security best practices.
Education
Bachelor's Degree in Computer Science and Mathematics
特拉华大学-纽瓦克,DE,美国
Certifications
认证道德黑客(CEH)
Ec-Council
GIAC认证法医分析(GCFA)
SANS研究所
欧盟委员会认证安全分析师(ECSA)
Ec-Council
逆向工程恶意软件(GREM)
SANS研究所
Computer Hacking Forensics Investigator (CHFI)
EC-Council
Certified 信息安全 Manager (CISM)
信息系统 Audit and Control Association
GIAC数据安全法 & 调查(敏捷的)
SANS研究所
攻击性安全认证专家(欧安组织)
进攻的安全
信息系统 安全体系结构 Professional (CISSP-ISSAP)
International 信息系统 Security Certification Consortium (ISC)²
EC-Council Chief 信息安全 Officer Certification (CCISO)
EC-Council
Certified in Risk and 信息系统 Control (CRISC)
信息系统 Audit and Control Association
进攻的安全 Certified Professional (OSCP)
进攻的安全
注册资讯系统审核员(CISA)
信息系统 Audit and Control Association
认证资讯系统 Security Professional (CISSP)
(ISC)²
GIAC Gold Certified Intrusion Analyst (GCIA)
SANS研究所
Skills
Libraries/APIs
AES
Tools
VMware, psenence, Suricata, Snort, Keycloak
Languages
C, Python, Embedded C, Bash, Python 3, Embedded C++
Paradigms
敏捷软件开发, DevSecOps, DevOps, HIPAA合规, DDoS, 渗透测试, 应用程序开发, Agile
行业专业知识
Cybersecurity
Platforms
Amazon Web Services (AWS), Embedded Linux, Linux, Firefox, Mobile, AWS IoT
Other
Vi, 数字取证, 道德黑客, 安全分析, 法医调查, 安全体系结构, 风险管理, 认证道德黑客(CEH), Hacking, 风险评估, 信息安全, Forensics, IoT Security, 进攻的安全, 安全策略 & Procedures, 安全设计, Security, SSL, 传输层安全性(TLS), 漏洞评估, 嵌入式系统, 物联网(IoT), IT Security, ISO 27001, Analysis, Research & Investigation, Law, Architecture, 威胁建模, SOP发展, PMO发展, PKI, Cryptography, ARM Embedded, 嵌入式开发, NIST, PCI, 数据丢失预防(DLP), Office 365, SecOps, 恶意软件分析, 逆向工程, 安全管理, 安全审计, 恶意软件清除, Legal, 数据级安全, 入侵检测系统(IDS), 入侵防御系统(IPS), 基于主机的入侵防御, CISM, 信息系统, 资讯系统审核, Audits, Web应用程序安全, Web Security, CISSP, 认证资讯系统 Security Professional, 系统架构, IT系统架构, 软件系统架构开发, 软件开发生命周期(SDLC), 技术产品管理, 公众演讲, Cellular, Game Theory, App 保护, Development, Agile DevOps, Agile Delivery, 敏捷软件测试, Containers, Core, CAN Bus, RS-232, RS422, WiFi, Applications, 移动安全, Coding, Secure Coding, 注册资讯系统审核员(CISA), GIAC认证
如何使用Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
分享你的需求
选择你的才能
开始你的无风险人才试验
对顶尖人才的需求很大.
Start hiring