Professional Documents
Culture Documents
161SamGatesRd.
OgdenUT84404
8016957575
Email:
ltrappett@gmail.com
Twitter:
@lokutakathepcn3rd
Site:
thepcn3rd.blogspot.com
LinkedIn:
linkedin.com/in/infosecpassion
Experience
SilentBreakSecurity,PleasantGrove,UT
SeniorSecurityConsultant
4/2016toCurrent
HiredtoManageanAdaptiveEndpointMonitoringServiceforPotentialClients
CreatedanArchitecturetoManagetheAdaptiveEndpointMonitoringServicethroughPHP,MySQL,Python,JSON,Grok
Patterns,CentOS,Windows7/10,ElasticSearch,Logstash,Graylog,Filebeat,CbAPI,andGraylogAPI
UtilizedCarbonBlack(Cb)ResponderAdministratorTraining,CbResponderAdvancedAdministratorTraining,and
ResponderAdvancedAnalystSkillsTrainingastheyappliedtoEndpointMonitoringandtheArchitectureCreated
ImplementedmethodstoutilizetheCbAPItogatherinformationandsenditthroughFilebeattoaGraylogServerviaTLS
WentthroughandlearnedfromthecourseandmaterialofDarkSideOps:CustomPenetrationTestingcoursetaught
exclusivelybySilentBreakSecurity
GalileoProcessing,SaltLake,UT
SeniorSecurityEngineer
10/2015to4/2016
Automatedaverymanualprocesstoconductquarterlyvulnerabilityscanning.Iutilizedpythontocapturepackets,
conductnmapscans,createthroughtheNessusAPIscansforthesubnet,andverifyaccesscontrollistsweresetup
properlythroughtestingofthecurrentsubnetgoingtootherinternalsubnets.
ConducedtheannualPCIInternalPenetrationTestwhichledtoimprovingthesecuritypostureinSoftwareDevelopment,
EndpointManagementutilizingGPO,disablingNetBIOSandLLMNR,andawarenessofCurrentThreats
UtilizedPythonandtheNessusAPItogeneratereportsandprovidebettervisibilitywiththeinformationcollectedduring
theQuarterlyvulnerabilityscans,rescansandadhocscansthatwereconducted
Created/ModifiedprovidedThreatSTOPscriptstopullthreatintelligencefeeds,inputthemintoCiscoASAFirewalls,and
allowformonitoringoftheIPAddressesinthefeedsintheeventaclient'sIPaddresswaslisted
CreatedreportsinSplunktoidentifymalwarebeacons,interestingactivityinwebproxylogs,antivirus,andreportsto
meetPCIcompliance.AlsoreceivedtrainingandimplementedSplunkEnterpriseSecurity
WorkedwithWindowsServer2008/2012,Windows7,OracleLinux,OracleDB,VMWareESX/ESXi,multipleCisco
devicesASA/UCS/Nexus/ESA/WSA,FireEye,NetScoutandthethemonitoringoftheminaSplunkSIEM
LDSBusinessCollege,SaltLake,UT
AdjunctFacultyInformationTechnologyBasedonContract
1/2016to4/2016
TaughtIT220RiskAnalysis&Governancethisisanewclasstheyhaveaddedtothecurriculum.
AssistedindevelopingthecurriculumforIT220asamemberoftheAdvisoryCommitteeasLDSBusinessCollege
Courseisbasedonstudentslearningandunderstandingthetop20CriticalSecurityControls,KillChainAnalysis,Risk
Analysis,andthegovernancebasedoncompliancetoprivateandgovernmentcompliance(GLBA/PCIandothers)
BankofUtah,Ogden,UT
ITSecurityOfficer
3/2007to2/2009and11/2011to10/2015
CoordinatedandwasprojectleadforRiskAssessments,RiskManagementandMitigation,OversightofVendors/Service
Providers,BusinessContinuity,IncidentResponseasitappliestoGLBAandotherstateandfederalregulations
CreatedmoreefficientmethodstoconductandmaintainaBusinessImpactAnalysis,BusinessContinuityPlansand
Managingover750vendorsbybuildingacollaborativewebbasedapplicationinPHPwithaMySQLdatabase
SolvedcriticalandtimesensitiveprojectsinvolvingeDiscovery,networkforensics,incidentresponse,businesscontinuity
andmanyotherprojects
Identifiedmultiplevulnerabilitiesinwebapplications,storageofsensitiveinformation,andwindowsgrouppolicyWorked
closelywithITStaffandvendorstofixormitigatethem
WorkedwithWindowsServer2003/2008/2012,WindowsXP/Vista/7,Linux,AS/400,iSeries,VMWareESX/ESXi,many
Ciscodevices,mobiledevices,andthetheintegrationofthemintoaSIEM
WeberStateUniversity,Ogden,UT
AdjunctFacultyComputerScienceBasedonContract
5/2008to12/2015(7Semestersduringthistimeframe)
TaughtSpringof2013,2014,2015SecurityVulnerabilitiesandAttackPrevention(CS4740),Fallof2009andSummer
2008ComputerArchitectureforSecurityAssurance(CS3840),Summerof2009LinuxSystemAdministration,andFallof
2008AdvancedNetworking(CS3705)withemphasisonprotocolanalysis
CoordinatedandcommunicatedsuccessfullywithstudentstoaccomplishmanyprojectsusingVMWareESXi,WinHex,
WindowsServer2003/2008,Helix(LinuxForensicsDistro),Backtrack/Kali(LinuxNetworkAdministrationandSecurity
Distro),Wireshark,Metasploit,JohntheRipper,Pythonscripting)
IntheSpringof2013workedwithstudentstoconductasecurityassessmentofalocalcompanywheretheysuccessfully
wereabletodeliverawellwrittenreportoftheirfindingsandrecommendations
DemonstratedtostudentshowtoanalyzemajorprotocolsinclusiveofBGP,OSPF,SMTP,HTTP,FTP,SpanningTree,
SNMP,TerminalServices,andmanyothers
DemonstratedtostudentshowtoanalyzethebinaryofFAT12,FAT16,FAT32,NTFS,EXT2,andEXT3filesystems
ImagingManagement,Murray,UT
NetworkAdministrator11/2009to11/2011
ImplementedCisco2900seriesroutersandCisco5500firewallsatthreenewlocationsandupgradedtwolocations
ImplementedacompleterolloutofexternalandinternalmonitoringsystemsusingNagios,aninternalsyslogserver
utilizingSplunk,acomputerinventorysystemusingOCS,aCompelentSAN,andahelpdesksystembasedonosTicket
Maintainingnetworkconnectivity,windowsgrouppolicies,awindowssoftwareupdateserver,andKaspersky/Sophos
AntiVirusforover70serversand220workstations
ImplementedandwastheadminformaintaininganEmailSystembasedonZimbra(atthetimewasownedbyVMWare)
Createdmultiplebashscriptstoimplementadditionalfunctionstothehelpdesksystem,aphysiciansforum,backups
usingrsyncformultiplelinuxservers,mysqldatabasedumps,andavarietyofreportssentfrominformationgathered
Education
SANSGIACInformationSecurityProfessional#2620
WeberStateUniversity
BachelorsofScienceinComputerScienceemphasisinNetworkSecurityandAdministration
MinorinTelecommunicationsBusinessEducation
DegreeGPA:3.6(Graduatedwithcumlaudestatus)
GreatITSecurityBooksIHaveReadandRecommend
BlackHatPythonPythonProgrammingforHackersandPentestersbyJustinSeitz
ViolentPythonACookbookforHackers,ForensicAnalysts,PenetrationTesters,andSecurityEngineersbyTJOConner
CISSPAllinOneExamGuideSixthEditionbyShonHarris
SQLInjectionAttacksandDefensebyJustinClarke
GrayHatHackingTheEthicalHackersHandbookbyHarper,Harris,Ness,Eagle,Lenkey,Williams
AdvancedPenetrationTestingforHighlySecuredEnvironments:TheUltimateSecurityGuidebyLeeAllen
TheWebApplicationHackersHandbookSecondEditionbyDafyddStuttardandMarcusPinto
MetasploitThePenetrationTestersGuidebyDavidKennedy,JimOGorman,DevonKearns,andMatiAharoni
PracticalMalwareAnalysisThehandsOnGuidetoDissectingMaliciousSoftwarebyMichaelSikorskiandAndrewHonig
ThePracticeofNetworkSecurityMonitoringRichardBejtlich
CountdowntoZeroDayStuxnetandtheLaunchoftheWorldsFirstDigitalWeapon,KimZetter
SpamNation,ThisInsideStoryofOrganizedCybercrimeFromGlobalEpidemictoyourFrontDoor,BrianKrebs
TheArtofMemoryForensicsDetectingMalwareandThreatsinWindows,LinuxandMacMemory,Ligh,Case,Levy,Walters
Other
InvitedtoandattendedaUSCyberChallengeCyberCamphostedatSanJoseStateUniversityin2012,2013,2014
WorkedwithKarenEvans,NationalDirectoroftheUSCyberChallengeandcohostedtheabove2015campinUtah.
Activeparticipantinuscyberquests.orgsinceFebruary2012
ThreatspaceonlineCTFinAugustof2012Took1stPlace,announcementwaspostedviaTwitter
CurrentmemberoftheIndustryAdvisoryCommitteeforWeberStateUniversityComputerScienceDepartmentandLDS
BusinessCollegeInformationTechnologyDepartment