Examples of Executed Projects - Client Confidential

  • For a large housing corporation
    • Conducted an External Network and Web Application Vulnerability Scan and Penetration Test. Performed threat modeling to collect information relating to the network configuration.
    • Identified known vulnerabilities through the use of automated tools. Performed a vulnerability analysis to review security risks associated with the network(s) and possible means of exploitation.
    • Exploited discovered vulnerabilities and attempted to gain elevated/privileged access.
  • For a large healthcare provider
    • Executed a breach response after a large breach of ePHI.
    • Executed and successfully completed a risk analysis as per the Office of Civil Rights in accordance with HIPAA regulations.
    • Performed an extensive security assessment of medical devices.
    • Planned, scoped, and executed several large cloud security assessments - pre and post implementation.
    • Developed comprehensive third-party risk assessment program.
  • State Government Agency in WI
    • Conducted a red team exercise wherein we tested the defenses through a simulated attack.
  • Retail outlets – Multiple Clients
    • Performed Internal and wireless network penetration tests. Executed vulnerability identification and exploitation on several retailers' internal networks and store environments. We planned all tasks in coordination with the top management without informing the IT security and operations teams. The assessment followed the penetration testing execution standard (PTES). This assessment consisted of the following tasks: Intelligence Gathering, Vulnerability Analysis, Exploitation, Post Exploitation, and Reporting.
  • PCI-DSS Penetration tests and segmentation validation - Multiple Clients
    • PCI DSS Requirement 11.3.4, requires all organizations to perform segmentation testing at least annually if segmentation controls are utilized to isolate the cardholder data environment (CDE) from other network segments. The intent of this requirement is to verify that the segmentation controls/methods function effectively and as expected. Performed segmentation testing, and internal penetration testing to verify if users can gain unauthorized access to the system/data within the CDE (cardholder data environment).
  • For a global certification organization
    • Planned, scoped, and executed several detailed technology risk assessments.
    • Planned and executed monthly vulnerability assessments and penetration tests.
  • For a medium-sized healthcare provider
    • Performed an extensive security assessment of medical devices.
    • Performed detailed penetration tests and vulnerability assessments using industry standard tools.
    • Performed HIPAA assessments, third-party risk assessments, cloud security assessments, and fraud risk assessments.
    • Performed annual internal financial audit.
    • Performed PCI gap analyses and risk assessments.
    • Planned and executed phishing and spear phishing exercises.
  • For three large public consumer product companies
    • Planned and executed SOX IT testing and program management.
    • Performed fraud risk analysis and assessments.
    • Performed detailed penetration tests and vulnerability assessments using industry standard tools.
    • Performed detailed analysis of SOD and access privileges.
  • For a fin-tech startup
    • Performed several detailed security and privacy risk assessments.
    • Using NIST and HITRUST, developed and executed an annual risk assessment plan.
  • For a large condominium association
    • Executed a fraud risk assessment and assisted with internal audit of key controls.
  • For three large non-profit professional organizations
    • Created IT security and privacy policy frameworks and policies.
    • Performed detailed assessment of key IT controls.
    • Performed review and assessment of third-party risks.
    • Planned, scoped, and executed several large cloud security assessments - pre and post implementation.
    • Planned and executed comprehensive HIPAA risk assessments.