Jon Little
Los Angeles,CA
Summary
Innovative software security engineer with a proven track record in developing effective tools and inventions designed to automate engineering processes and enhance response strategies. Adept at analyzing criminal behaviors on the dark web, enabling quick prioritization of vulnerabilities and targeted solutions. Specializes in identifying weaknesses to bolster system defenses, contributing to improved security protocols. Career aspirations include advancing technological solutions for cybersecurity challenges.
Visionary Senior Principal known for high productivity and efficient task completion. Possess deep expertise in strategic planning, leadership development, and operational excellence. Excel in communication, problem-solving, and adaptability, ensuring seamless integration of initiatives and fostering strong team dynamics.
Overview
13
13
years of professional experience
Work History
Senior Principal Security Technologist
Medtronic
NorthRidge, CA
07.2024 - Current
- Audited networks and security systems to identify vulnerabilities.
- Provided technical support for the implementation of security solutions across multiple platforms.
- Developed and implemented security policies, standards, and procedures.
- Performed system maintenance by handling security verifications of systems and processes.
- Designed, implemented, and maintained security systems and controls.
- Performed regular system audits to identify any potential vulnerabilities or threats.
Senior Security Engineer
OpenComp
Los Angeles, CA
05.2022 - Current
- Responsible for the setup of a SOC2 security program which was able to get audited and certified in 7 months
- This included creating over 20 policies for compliance of the business
- Worked with leadership and board of directors on managing our security program and conducted two pen-tests with testers from around the world
- Established centralized logging and a SIEM including refactor of the cloud infra and controls for making Opencomp SOC2 certified
- Configured and managed all Security controls for SOC2
- Using burp pro to test for critical and high CVEs
- Automations for subdomains and attack surface monitoring
- First Security Hire
Senior Security Engineer
Cameo
Los Angeles
08.2020 - 05.2022
- Collaborated with various teams on fixing the HackerOne reports and security posture changes needed
- Built out SIEM in DataDog with 150+ alerts
- Configured threat intel and monitor and setup IR and Vulnerability management plans and policies
- Responsible for all things Security including internal audit and triage of all reports
- Hired a mid level engineer and built out an interview lab and app sec training with terraform testing for interviews
- Triaged bug bounty reports and 100s of HackerOne reports and maintained best in class responses within top 20% on entire platform
- First Security Hire
- Triaged 100s of HackerOne reports with dev teams and worked fixes
- Helped respond to hackers and streamlined an IR response plan and policy
- Brought Cameo from failing scores to 80-100% in all AWS accounts
Senior Security Engineer
Goat Group
Los Angeles
03.2020 - 08.2020
- Worked with various teams on fixing the HackerOne reports and security posture changes needed
- Triaged 100s of HackerOne reports with dev teams and worked fixes
- Enabled bucket level encryption for s3 and application configs
- Met with Fraud directory daily to help navigate over 10M in fraud prevention by user agent blocking of bot traffic
- First Security Hire
- Hands-on Security Engineering with python
Senior Security Engineer
FanDuel
Los Angeles
11.2019 - 02.2020
- Worked on a small team working to tune and make security at FanDuel Group a more matured program and ensured a passed audit
- Brought the App Sec program to 30% faster responses and better report validation over a period of 90 days
- Rebuilt static and created dynamic scanning for Fanduel.com
- Responsible for a HackerOne program, Sumo logic SIEM integrations as well as AWS/GCP security tooling
- Managed HackerOne Program
- Sumo logic SIEM integrations
- AWS / GCP Cloud / security tooling
- Audit recovery from a failed audit
Security Engineer
Ring/Amazon
Los Angeles
09.2017 - 11.2019
- Responsible for building out Sec Ops and Splunk architecture and monitored corporate and cloud security
- Developed and patented several patents and products at Ring
- Architected and deployed Quays scanners to 500,000 assets
- Deployed several custom security tools and contributed to the Github Edison junior repo
- Co-inventor of Ring Car Cam - Docket No.601891 (amount 20 other inventions)
- Developed distributed key security patterns for Amazon Subsidiaries
- Supported over 170 Amazon AWS accounts for Security Operations overview and correlation rule creation, with detection logic over each brand and threat model
Senior Security Analyst
UCLA (contract)
Los Angeles
02.2017 - 09.2017
- Rebuilt the vulnerability program and event monitoring
- Took them from 100+ infections to 0 in daily operational management
- Found redundant alerting and reduced overall ticket count by 62% in the first week of analysis
- Able to identify GAP’s in overall security program for windows events monitoring and contribute solutions for program GAP’s
- Lead a team of 3 in overall technical expertise and mentored junior engineers
- Lead the organization to consulting 30+ departments under one unified security group
Security Analyst
Keck of USC (contract)
Los Angeles
09.2016 - 12.2016
- Re-built the malware protection infrastructure at Keck of USC and brought the malware found inside the network from 170 infections across the network to 0 in a short period of time
- Produced highly effective changes and fixed some of the largest gaps in security of the infrastructure
- Rebuilt perimeter detection scans and identified many important oversights
- Wrote the policy for Health department audits and OCR audits which are all HIPAA
Security Analyst III
Panasonic Avionics
Lake Forest
12.2014 - 05.2016
- Lead a team of security analysts and designed and implemented a SOC including all security policies, frameworks and infrastructures in over 100+ sites of various sizes and locations around the world
- Deployed and configured LogRhythm SEIM, along with IPS tuning
- Helped them meet ISO 2700.1 and various frameworks
- Worked as a level III engineer for the Avionics division
- One of three beta testing engineers for Trend Micro, where we worked closely on new features of DDI (network malware tool)
- Reduced malware from 40,000 botnet hits on OpenDNS botnet to 7
- Directed and lead a team of security professionals around the world
- Protecting over 6,000 end points with 0 outbreaks
- Created policy and framework for SOC and Malware response and investigations
- Managed OpenDNS and developed botnet fishing technique
- Reduced malware from 40,000 botnet hits on OpenDNS to 7 botnet hits on OpenDNS
Security Operations Engineer
PennyMac
Moorpark
07.2013 - 11.2014
- Resolved security events and mitigated risks with solutions
- Provided assistance in preparing for security audits and making a security plan for the future
- Specialized in Security devices such as Qualy’s scans and Trend Micro Deep security and TripWire
- Helped to assist in correcting and maintaining the security posture
- Designed the SOC event monitoring system with procedures
- Lead and engineered the re-deployment of Trend Micro Deep Security
- Architected the process flow of security events and response
- Developed automation through power shell and bash
Security Analyst
Computer Services Inc.
Austin
02.2012 - 04.2013
- I was a security analyst for SOC with over 500+ customers worldwide
- I was an engineer who responded to tickets and SIEM findings during monitoring of the SOC
- Net forensics SIM
- One security event monitoring
- Web Application Security Scanners
- Promiscuous and inline IPS configuration and installation
Network Security Analyst
Cisco Systems
Austin
09.2011 - 12.2011
- CISCO IronPort Tier II Support
- Experience in complex cluster configuration
Education
Advanced Cyber Security Certificate -
Stanford University
01.2022
CISCO Networking Academy -
Amazon Cloud Practitioner -
LogRhythm Certified -
Splunk Fundamentals 1 -
CISCO IronPort Certified Security Professional -
Certified Microsoft – Windows XP – MCP -
Comptia - Security+ 2008 Edition -
01.2011
AWS Certified Practitioner -
01.2019
Skills
- Organizational development
- Strategic leadership
- Product management
- Innovation management
- Data Security Management
- Cybersecurity
- Technology integrations
Locations
- Los Angeles, CA
- Lake Forest, CA
- Moorpark, CA
- Austin, TX
Timeline
Senior Principal Security Technologist
Medtronic
07.2024 - Current
Senior Security Engineer
OpenComp
05.2022 - Current
Senior Security Engineer
Cameo
08.2020 - 05.2022
Senior Security Engineer
Goat Group
03.2020 - 08.2020
Senior Security Engineer
FanDuel
11.2019 - 02.2020
Security Engineer
Ring/Amazon
09.2017 - 11.2019
Senior Security Analyst
UCLA (contract)
02.2017 - 09.2017
Security Analyst
Keck of USC (contract)
09.2016 - 12.2016
Security Analyst III
Panasonic Avionics
12.2014 - 05.2016
Security Operations Engineer
PennyMac
07.2013 - 11.2014
Security Analyst
Computer Services Inc.
02.2012 - 04.2013
Network Security Analyst
Cisco Systems
09.2011 - 12.2011
Advanced Cyber Security Certificate -
Stanford University