Harrison R

Security Engineering Manager

FloQast

Jan 2022 - Present • 4 yrs 5 mos

As a highly technical Security Engineering Manager, I effectively balanced leadership and hands-on technical expertise. I designed and conducted web application penetration testing classes, guiding teams to master security concepts. I remained deeply involved in challenging technical projects, offering insightful guidance and support to ensure successful outcomes. Spearheading the establishment of a public bug bounty program on platforms like HackerOne, I fostered collaboration with external security researchers, leading to proactive vulnerability discovery. Moreover, I maintained an effective security program, continuously adapting strategies to mitigate emerging threats and ensure the robustness of our organizational defenses.

Bug Bounty Researcher / Independent Contractor (Cyber Security)

Freelance

Dec 2020 - Jan 2022 • 1 yr 1 mo

I am a seasoned cyber security consultant with extensive experience working with Red Teams (offensive) and Blue Teams (defensive). I also have experience as a full-stack developer and a wealth of knowledge pertaining to web application security. This includes static code analysis (SAST), dynamic testing and fuzzing (DAST), and implementing security controls in production (WAF/RASP). I have worked with several organizations to integrate security seamlessly into their SDLC, including automation with a CI/CD pipeline. On the offensive side, I can perform thorough penetration tests using whitebox and blackbox methodologies centered around the MITRE ATT&CK framework. I can also conduct social engineering assessments with phishing emails, watering hole attacks, and vishing calls. On the defensive side, I can conduct vulnerability assessments, build internal cyber security policies, and implement security controls based on several prominent compliances (NIST, PCI-DSS, CIS Benchmarks, HIPAA, etc.) Finally, I can build full-stack web applications (Including mobile apps) in Python, JAVA, and/or MERN. When building web applications for clients, I always keep security in mind and ensure many of the most common vulnerabilities are never introduced to the application. I also perform a manual penetration test on all applications I build to ensure security is a major part of my SDLC.

Senior Security Solutions Engineer

Rapid7

Sep 2018 - Nov 2020 • 2 yrs 2 mos

Acted as a trusted advisor to clients as they worked to build various cyber security programs within their organization. Was the subject matter expert on attacker methodologies, as well as effective techniques to prevent these attacks. Worked to identify and remediate vulnerabilities, integrate cyber security as part of the SDLC, and validate vulnerabilities through penetration testing. Also worked as an educator to teach new engineers both web application and infrastructure penetration testing techniques. Finally, represented the company at several conferences and events to give speeches and educate the public on implementing modern security practices.