Resume

Resume in doc.
Resume in docx.
Resume in pdf.

Curtis Koenig
MS,CISSP

Sr. Security Program Manager Blog: https://spartiates.wordpress.com/ eMail: curtis.koenig@gmail.com
Software Security Management Twitter: http://twitter.com/curtisko References: http://linkedin.com/in/curtisko

Summary

Self-motivated, inventive technology leader with over 15 years of experience in software architecture, program management, security, project leadership and development/integration of complex software and systems. Proven ability to distill, communicate and resolve complex security scenarios to solve business problems while managing risks and organizational needs. Seasoned leader, looking to obtain a position that leverages my technical knowledge and business insight in steering diverse teams of IT professionals in architecting and delivering impactful business solutions.

  • System/Application Integration
  • Technical Security Design & Analysis
  • Data Flow Diagraming
  • Threat Modeling
  • Risk Management
  • Oral / Written Communication
  • Development Methodologies
  • Software Development
  • Systems Analysis & Design
  • Program / Project Management
  • Situational Leadership
  • Team Development
  • Coaching & Mentoring
  • Conflict Management
  • Negotiation Strategies

Technical Skills

Systems Architecture & Design Threat Modeling, Data Flow Diagraming, Requirements Analysis, System Context Diagraming, ITILv3 – Information Technology Infrastructure v3 Foundations, CISSP, MCSE, MCSA
Software Development C#,C++, Java, Visual Studio, .NET, Development Models (Agile SCRUM, Waterfall, Spiral, Iterative), HP WebInspect, IBM Rational AppScan, Fortify, OWASP ZAP, familiarity with Python, OWASP Top 10, Jira, Bugzilla
Project Management Microsoft Project, Microsoft Office Suite (Word, PowerPoint, Excel, Visio)
Security Process Risk Analysis/Management, Incident Analysis & Response, Threat Modeling
Conferences Attended Blackhat, DefCon, CanSecWest, DerbyCon, SkyDogCon, Louisville Infosec, Bsides Vancouver

Professional Experience

Information Security Engineer,5
Sr. Application Security Engineer
12/2014 – 10/2014
Wells Fargo
Louisville, KY

Design, develop and implement secure software best practices for the Wells Fargo Security Development Lifecycle (SDL) program. Identify emergent software security vulnerabilities and threats and design methods to identify those vulnerabilities and provide remediation alternatives. Lead the evaluation of new and existing application software security designs, and emerging software security technologies and systems. Serve as a technical Subject Matter Expert (SME) responsible for application security and software security best practices. Consult with line of business development groups on the implementation of Security Development Lifecycle best practices and tools. Lead the research, development and /or customization of software security tools and libraries. Manage and mentor offshore and contract resources assigned to project.

  • Led planning, development, and release of 2 versions of 2 custom software tools in a 6-month period on budget and ahead of schedule
  • Created and delivered enterprise wide training for computer based and in person sessions
  • Directed the evaluation and analysis of several vendor platforms for inclusion and extension of the SDL program
  • Spearheaded the usage of agile management techniques and tools for project management
Sr. Security Program Manager 02/2011 – 10/2014
Mozilla Louisville, KY / Mountain View, CA

Collaborate with engineering to identify potential features, architecture changes, and mitigating strategies to improve the security of Mozilla products. Manage and drive security bugs to resolution. Track external security reports, public security related sites and mailing lists for new information to improve process and identify future areas of security concern. Communicate with security researchers (security@mozilla) to investigate identified vulnerabilities. Creating and reviewing technical security documents for use by the organization. Lead the process of integrating risk based security actions into the software development lifecycle. Track new products and new product features to ensure they are reviewed. Manage internal and external testing schedules. Represent the Mozilla security team at conferences of various sizes and promote our community approach to security.

  • Created a process for managing and communicating security reviews and resultant information, resulting in a tripling of items reviewed.
  • Led the merger of security reviews under one process for Application Security, Web Applications, Web Sites and Infrastructure Security.
  • Co-Founder of Mozilla Winter of Security and mentor for student executed projects in Security Automation focusing on Threat Modeling.
  • Create and direct the Mozilla Security Champions to drive security knowledge and ownership more directly in development teams.
  • Own and drive vendor security reviews, privacy technical reviews as well as the security review lifecycle.
  • Redesigned bug triage and reduced unworked bug backlog by 90% for both internal and web security areas.
  • Drive community engagement to offer opportunities beyond bug bounty reporting to engage interested contributors in security tools, bug fixing and skill mentorship in the security space as well as Mozilla wide.
  • Coordinated vulnerability disclosure and analysis for the Mozilla team at CanSecWest as well as directing press inquiries

 

Technical Security Architect 10/2006 – 02/2011
Humana Louisville, KY

Spearhead and implement long term security strategy as relates to the Software Development Lifecycle and internal security operations and architecture. Create internal tools to support and improve software security reviews. Oversee and generate Architecture Models for software projects. Mentor and lead all security team members in their interactions with development and business contacts. Appraise and evaluate vendor supplied and contract software and technology for strategic importance. Investigate software security and network security Incident Response. Coordinate with corporate Enterprise Engineering team to address emerging threats and regulatory compliance. Create training and guidance for consumption by business and IT customers.

  • Maintained regulatory compliance with regards to software development and security practices while reviewing 150+ projects per year. Regulations: HIPPA, SOX,GLBA, HITECH, PCI, Privacy
  •  Created and delivered training to Enterprise Architects and developers on Secure Coding Principles with a satisfaction rating of 99%.
  •  Successfully created and implemented a program to integrate security development tasks into the development lifecycle for both Agile SCRUM and waterfall development models.
  • Drove the adoption of security scanning tools for both development and production use. Tools: HP WebInspect, IBM Rational AppScan.
Various 07/2000 – 10/2006
Microsoft

 

Spyware Analyst Redmond, WA

Analyzed, gathered and classified various malware samples for inclusion in weekly signature releases to over 2 million beta customers. Assisted in product design reviews and defect prioritization meetings with both an internal tools team and the public product team during the transition from purchased intellectual property to a final product release. Managed and maintained the internal process to identify signature defects in both a false positive and false negative capacity. Assisted as an internal beta tester of anti-malware products and general Windows security features. Researched and communicated emerging trends in malware spread and vulnerability exploit behavior.

  • Maintained a signature quality standard of three 9’s.
  • Co-authored the first internal objective analysis and criteria process for an anti-spyware classification standard to ensure analysis parity.
Security Support Engineer Redmond, WA

Lead Software Security Incident Response Process as on-call member from the support organization for issues of global impact to Microsoft and its customers. Distilled monthly security releases and guidance content with customer implementation details in focus for custom ratings and deployment guidance. Participated in company sponsored, online communities to engage customers outside of formal support pathways.

  • Chosen as one of six engineers to deliver security content to a worldwide audience for Windows XP Service Pack 1.
  • Tasked as the primary contact across all of the Services Division to address the growing spyware and adware issue with OEM partners.
  • Developed tools for use by the world wide support organization to reduce diagnostic error and system state gathering time.
Technical Support Engineer Redmond, WA / Las Colinas, TX

Functioned as the primary support contact for customer segments which varied from home users to enterprise customers on all Windows platforms. Created and delivered training programs for various Windows components for both internal and external use. Acted as the advocate for customers when reviewing product defects, functional changes and support documentation. Specialized in networking and high performance computing functions of Windows XP and Windows 2000 Operating Systems. Developed and communicated troubleshooting guides and content for consumption by internal engineers and outsource partners.

  • Appointed as Team Lead and mentor for the launch support team for Windows XP.
  • Created a custom issue tracking system that reduced customer contact times by 50%
  • Wrote and delivered a technical webcast that set an attendance record for Microsoft content delivery.
  • Maintained customer satisfaction levels in the top 25% of all Support Engineers.

Volunteer & Civic Activities

Chapter Leader 2012-Present
OWASP, Louisville Chapter Louisville, KY

Organize and direct the activities of the Louisville, KY Open Web Application Security Project (OWASP) board with regards to member outreach, event planning and finances. We currently service the Louisville Metro area including Southern Indiana and as far South as Frankfort, KY.

Course Director, National Youth Leadership Training 06/2012 – 07/2013
Boy Scouts of America, Lincoln Heritage Council Louisville, KY

Built and developed a team of 9 adult and 22 youth staff to deliver advanced leadership training to 64 youth from 4 states. Managed the budgeting and purchasing for all goods and services. Secured dates and facilities for staff development activities. Responsible for overseeing the health and safety for all as the week long course proceeded. Mentored youth staff on leadership and in understanding and executing their positions.

Board Member 2008-2012
OWASP, Louisville Chapter Louisville, KY

Served on the board Louisvillel OWASP chapter to assist in the operating tasks to conduct meetings and attract speakers. Give presentations to promote the chapter and on general application security topics.

Speaking Engagements

SkyDogCon 2011 The Neurobiology of Decision Making (Knowing Where One’s Towel is) https://youtu.be/sVc0pgMIXE4
GFIRST Bug Bounty Panel (representing Mozilla) Aug 19-24, 2012
SkyDogCon 2012 Insanely Great (Leading Change) https://youtu.be/XWV30HHX1vE
Louisville Infosec 2012 Grey Hats & Bug Bounties https://youtu.be/U57k1hXJll8
SkyDogCon 2013 Hacking Your Career https://youtu.be/mracupFIm5Q
Midwest Open Source Software Conference Security in the open http://www.mosscon.org/sessions/security-open
BSides Vancouver 2014 Workshop for “I am the Cavalry” http://iamthecavalry.org/
History of Defense https://youtu.be/iYNTNcHrYA8
Owasp Louisvlle Chapter Various unrecorded talks on SQL Injection, XSS detection and prevention and Security Program management
Mozilla (public broadcast talks) Leading Change https://air.mozilla.org/leading-change/
SkyDogCon 2014 Building Utopia https://youtu.be/BwaXLPYcoYw
SkyDogCon 2015 Everything you Know about Security is a Lie https://youtu.be/9pvyhBRkVmc

Education & Certifications

MS Master of Science – Information Systems University of Arizona 2000
BS Bachelor of Science – Microbiology University of Arizona 1997
CISSP Certified Information Systems Security Professional (50278) (ISC)2 2004
CompTIA Security+ CompTIA 2004
ITILv2 Information Technology Infrastructure Library v3 Foundation Office of Government Commerce 2006
MCSE Microsoft Certified Systems Engineer (Windows 2000) Microsoft 2004
MCSE, Security Microsoft Certified Systems Engineer, Security (Windows 2000) Microsoft 2004
MCSA Microsoft Certified System Administrator (Windows 2000) Microsoft 2004
MCSA, Security Microsoft Certified System Administrator, Security (Windows 2000) Microsoft 2004

Professional Memberships & Awards

  • Open Web Application Security Project (OWASP)– Founding Member & Executive Board, Louisville Chapter
  • Certified Information Systems Security Professional (CISSP) – Member Number 50278
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: