Timothy Lilly
Palm Harbor,FL
Summary
Dynamic security leader with extensive experience in information security, specializing in vulnerability management, offensive security and application security. Proven track record in driving regulatory compliance and risk mitigation initiatives. Adept at leading high-performing teams and fostering stakeholder relationships, ensuring robust threat assessments and penetration testing to enhance organizational security posture.
Overview
28
28
years of professional experience
1
1
Certification
Work History
Senior Vice President Attack Surface Management
Regions Bank
11.2021 - Current
- Spearhead the Attack Surface Management division, encompassing Application Security, Vulnerability Management, Red Team, Penetration Testing, and Bug Bounty programs.
- Drive security strategies and goals, focusing on robust training, mentoring, and career guidance to enhance team capabilities.
- Champion regulatory compliance efforts, overseeing successful federal exams and comprehensive internal audits to ensure stringent adherence to standards.
- Foster strong stakeholder relationships, securing end-to-end vulnerability remediation across all company levels.
- Lead strategic initiatives to mitigate risks, consistently interfacing with senior leadership to promote security hardening practices and reduce the organization’s attack surface.
- Direct advanced security testing and continuous assessment of potential threats and zero-day vulnerabilities, providing critical updates to executive teams to inform decision-making processes.
Director Offensive Security Team
FIS
05.2016 - 11.2021
- Managed a team of over 40 security professionals in executing high-stakes penetration testing and red team operations against critical systems, infrastructure, and applications.
- Implemented cutting-edge security practices, adhering to industry standards for automated and manual testing to identify and mitigate vulnerabilities.
- Key contributor to regulatory compliance initiatives, ensuring the team's operations aligned with federal security standards and successfully passed all audits.
- Collaborated closely with clients and internal management to fortify trust in our information security measures, adjusting strategies based on business risk assessments.
- Led departmental goals and monitored achievement, fostering a culture of continuous improvement and professional development within the team.
Cyber Protection Team Lead, Red Team
USSOCOM
10.2013 - 05.2016
- Conduct penetration testing and vulnerability assessments across USSOCOM networks.
- Utilize penetration testing TTP’s to provide Nation-State and Advanced Persistent Threat computer network exploitation and attack emulation during engagements.
- Coordinate and integrate current intelligence with cyberspace operations to enhance the security posture and capabilities of USSOCOM.
- Completed training specializing in penetration testing techniques and tools.
- Performed security assessment, vulnerability management and accreditation activities on IT systems and applications, including security audits, risk assessments, security planning, and system evaluations.
- Provide subject matter expertise for applying security technical implementation guides and other operational requirements and configuration guidelines to the McAfee enterprise policy orchestrator security suite.
- Develop automated reporting dashboards within the existing EPO system to provide near real-time reporting of computer system compliance information and maintain overall visibility for all connected assets.
Network Infrastructure and Security Technician
USCENTCOM
10.2012 - 10.2013
- Complete information security analysis, network analysis, and maintenance of the local and wide area networks.
- Provide support during network outages and information assurance operations.
- Plan projects to upgrade new and improved communication equipment, procedures and policies.
- Responsible for installation, administration, and testing of routers, switches, cabling, and other related network components and equipment.
Lead Operations Security Officer
Defense Intelligence Agency
11.2008 - 10.2012
- Developed Intelligence updates and threat condition reports to incorporate in operational planning and mission execution.
- Integrated the principles of deterrence and detection to effectively respond against potential threats to personnel, equipment, and cargo.
- Established and maintained close collaboration with supporting coalition partners and COCOMS.
- Supervised a team of 6 instructors, while working alongside government oversight.
- Ensuring all areas of training were in accordance with all policies.
- Delivered instruction in professional education courses, through various technological mediums.
- Worked with different directorates to ensure training complied with best practices and procedures pertaining to operations, technological applications, and strategies.
Training Supervisor
Naval Center for Security Forces
05.2007 - 11.2008
- Worked as a lead instructor for Naval Center of Security Forces, supervising 13 other instructors while ensuring all students receive training set forth by the United States Navy for the Military Police course and Sentry Reaction Force.
- Mentored 35 students during a 10-week program as class proctor.
Aviation maintenance controller and Marine Security Forces
United States Marine Corps
07.1997 - 07.2007
- Responsible for planning, directing, and controlling the performance and execution of Aviation Maintenance Department functions at the organizational and intermediate levels.
- Established department goals and developed plans to meet those goals.
- Acted as the direct supervisor for over 150 Marines and 80 million dollars in equipment.
- Trained and instructed Marines on both technical and tactical employment of various weapon systems and operational tactics.
- Cross-trained and taught foreign tactical units and forces involving force protection, security, and peacekeeping missions.
Education
Bachelor’s Degree - Business Administration and Technology Management
Saint Leo University
Skills
- Vulnerability management
- Red team exercises
- Application security
- Threat assessment
- Penetration testing
- Regulatory compliance
- Risk mitigation
- Incident response
Certification
- Certified Ethical Hacker (CEH)
- Certified Professional Penetration Tester (CPPT)
- Cisco Certified Network Associate (CCNA)
- GIAC Certified Incident Handler (GCIH)
- COMPTIA Security +
- Law Enforcement Officer - Federal Law Enforcement Training Center
Timeline
Senior Vice President Attack Surface Management
Regions Bank
11.2021 - Current
Director Offensive Security Team
FIS
05.2016 - 11.2021
Cyber Protection Team Lead, Red Team
USSOCOM
10.2013 - 05.2016
Network Infrastructure and Security Technician
USCENTCOM
10.2012 - 10.2013
Lead Operations Security Officer
Defense Intelligence Agency
11.2008 - 10.2012
Training Supervisor
Naval Center for Security Forces
05.2007 - 11.2008
Aviation maintenance controller and Marine Security Forces
United States Marine Corps
07.1997 - 07.2007
Bachelor’s Degree - Business Administration and Technology Management
Saint Leo University
Similar Profiles
Taylor FewellTaylor Fewell
Financial Relationship Consultant – Nexus at Regions BankFinancial Relationship Consultant – Nexus at Regions Bank
Jailene SolizJailene Soliz
Banker at Regions BankBanker at Regions Bank
JENNIFER SNYDERJENNIFER SNYDER
Modernization and Transformation Partner at Regions BankModernization and Transformation Partner at Regions Bank
Latreaka RankinLatreaka Rankin
Commercial Relationship Manager/VP at Regions BankCommercial Relationship Manager/VP at Regions Bank
CHAZ WOODCHAZ WOOD
Owner/Project Manager at Residential Recovery LLC/Holistic Homes LLCOwner/Project Manager at Residential Recovery LLC/Holistic Homes LLC