Tambra Horn CISSP CISA CEH

• Evaluate security technology, methodology, and tools to better software development life cycle
• Improve and support application security tool services including static analysis, dynamic testing, software composition analysis tools
• Support incident response and architecture review processes whenever application security expertise is needed
• Manage routine penetration testing services, including both expert consulting and managed services
• Provide manual penetration testing and standards gap analysis services to internal business and technology partners
• Support, improve, and maintain secure development standards and application security framework projects
• Support Vendor Management activities to ensure third party software and development meet security standards
• Integrate threat modeling practices into product development life cycle
• Collaborate alongside DevOps, QA, and Engineering to improve security of applications architected 100% on cloud (AWS) microservices-based environment.

• Application Security Subject Matter Expert - Passionate about meeting the development where they are to provide guidance towards “shifting left”.
• Conduct proof of concept for future SAST,DAST,and SCA solutions that align with software architectural changes and language coverage gaps.
• Approve application security related design review, scan results, and remediation for every software release.
• Interface with the Customer Success to discuss and track security feature enhancement requests from our global customers
• Calibrate flaw severity by performing a risk assessment (asset,exposure,etc)
• Define application security policy, best practices and standards
• Define Security Champions curriculum - annual secure code training requirements
• Track and present Application Security compliance related metrics to CISO and C-Suite executives

• Veracode - Performed SAST and DAST scans and secure code reviews.
• Support DevSecOps (CI/CD pipeline) integration.
• Create Python scripts using Veracode REST API module that automate repetitive workflow processes and pull metrics that measure application policy compliance.
• Burp Suite - Performed manual web application penetration testing focusing on OWASP Top 10.
• Performed Risk Assessment of third party software
• Successfully drove CISO approval of the Application Security Policy and Standard.
• Established Secure Code Champions training curriculum

• Web Application Security
• F5 LTM Administration - Configure, maintain, and troubleshoot VLAN creation, virtual server creation, pool creation (load balancer config) via GUI or TMSH (Proprietary F5 CLI) scripting. Execute corporate migrations and disaster recovery exercises.
  Security Services Operational Administration- Identify and escalate any anomalies found appropriately. (McAfee ePO, ForcePoint,IronPort)
• Qualys Administrator - Create and analyze vulnerability scans and reports on corporate network.
• ForcePoint (WebSense) - Perform, troubleshoot, and maintain Policy Exceptions, Categorical filtering, URL block and unblock requests. Perform web appliance swaps.

• B. SC. Computer Science, 1995, Prairie View A&M University