Leroyal Stevenson
Fairburn,GA
Summary
Adaptable professional with 10+ years of IT Security experience (in both public and private sectors) and proven knowledge of leadership, problem-solving, and workflow prioritization. Aiming to leverage my abilities to successfully obtain a rewarding career at your company.
Overview
10
10
years of professional experience
1
1
Certification
Work History
External Penetration Tester
COGNIZANT INC.
11.2022 - Current
- Perform External Penetration Tests on Cognizant external endpoint
- Conduct vulnerability scanning regularly on external endpoints to monitor possible changes in the Cognizant attack surface
- Conducting testing for external clients of Cognizant
- Creating penetration testing reports
Lead Penetration Tester/Security Engineer
AMERICAN FAMILY INSURANCE
09.2020 - 11.2022
- Working as part of an appsec team to conduct penetration testing of web applications, network devices, cloud implementations, and APIs
- Reporting and providing mitigation solutions to internal and internal customers and partners of American Family
- Assisting with establishing TTPs and updating of processes and procedures
- Conducting PCI compliance assessments
- Conduct weekly presentations for purposes of "lessons learned" and technical learning sessions
Cyber Security Lead
DELOITTE DIGITAL
05.2020 - 09.2020
- Acted as a subject matter expert for product security matters
- Provided user-based training, regarding product vulnerabilities
- Assisted in mitigation of product vulnerabilities
- Created policies and procedures related to organizational security
Senior Security Engineer III/Penetration Tester
Honeywell Inc.
Atlanta, GA
03.2019 - 05.2020
- Penetration Testing Web Applications and network devices
- Aiding in recommendations for mitigation, to developers
- Assisting with the creation of team TTPs and guidelines
- Working with security architects to examine the attack surface of products
- Gathered cyber intelligence to identify vulnerabilities
- Discussed security solutions with information technology teams and management
- Identified new threat tactics, techniques and procedures used by cyber threat actors
Red Team Member / Penetration Tester
Equifax
Atlanta, GA
05.2018 - 12.2018
- Penetration testing of internal and external hosts
- Recommending security controls for vulnerable products
- Conducting phishing campaigns
- Documented penetration test findings
- Evaluated vulnerability assessments of local computing environments, networks, infrastructures and enclave boundaries
- Maintained up-to-date knowledge of hacking trends
- Updated corporate policies to improve cyber security
Senior Red Team Operator
IIT Corporation Services LTD
Norfolk, VA
11.2016 - 05.2018
- Tasked as a SME for penetration testing and vulnerability analysis and conducting adversarial assessment and against various technologies
- Updated TTPs, assist in revamping of policies and procedures, and giving expert opinion on each matter
- Conducted code review and vetting new solutions for Red Teams to use
- Identified new threat tactics, techniques and procedures used by cyber threat actors
- Communicated vulnerability information to key stakeholders and upper management
Product Penetration Tester
Hewlett Packard Enterprise Security
Houston, TX
02.2016 - 10.2016
- Create test cases of exploited products, in order to present to development teams
- Conduct (SCA) Static Code Analysis on products to highlight possible vulnerabilities in code, prior to penetration testing
- Conduct round-table discussions with product teams, in order to plan mitigation of discovered vulnerabilities in HPE products
- Wrote audit reports to communicate technical and procedural findings and recommended solutions
- Updated corporate policies to improve cyber security
Security Analyst
Metro Systems Inc. (Supporting Homeland Security)
Pensacola, FL
10.2015 - 02.2016
- Reviewing and triaging events in real time
- Investigating suspicious network events for possible system breaches or policy violations
- Conducting regular reports and demonstrating evidence to the team lead and the CISCO
- Configuring host-based tools (I.e
- Virus software, vulnerability management software, etc.) to properly detect and block possible attacks, as part of defense in depth
- Research of attack vectors, threat tactics, and attacker techniques in order to thwart possible attacks
- Continually test DMZ network to ensure that external threats cannot compromise it
Security/Network Administrator II
Bowhead Corporation (Supporting the US Army)
Fort Eustis, VA
08.2014 - 10.2015
- Utilize ACAS Vulnerability Scanner for the purpose of resolving network vulnerabilities and reporting them to the security team
- Patch and Update Systems, based on CVEs reported by Vulnerability Scanners
- Install and configured various host network and software applications, including Office apps, antivirus, and general applications
- Configure Active Directory OUs to reflect the necessary permissions and roles as needed for endusers
- Physical troubleshooting of laptops, desktops, printers, and servers
- Imaging hosts and utilizing (STIG) Security Technical Implementation Guides to harden network hosts/devices
Education
Bachelor Of Science (B.S.) In Information Cyber Security -
ITT Technical Institute
Norfolk, VA03.2015
Skills
- Kali Linux
- Web, REST API, & Cloud apps
- Burp Suite Pro
- Vulnerability Remediation
- Red Teaming / Adversary simulation
- Technical and Executive Reporting
- Python/Bash/Powershell
- OWASP / ASVS / WSTG
- OSINT
- Compliance Testing (PCI)
- Physical & Technical Social Engineering
- Powershell Empire
- Metasploit
- PowerView
- Phishing Campaigns (SET, PhishMe, GoPhish)
- Secret Clearance (expired Top Secret)
- Containers
- SonarQube
- Wireless Penetration Testing
- Network Penetration Testing
- Crackmapexec
- BloodHound
- MITRE ATT&CK
- Active Directory
- Establishing TTPs
- Report writing
- Vulnerability categorization and remediation
- Customer-facing Consulting
- Teamwork and Collaboration
- Continuous Improvement
- Policy & procedure creation
- Regulatory compliance
- Vulnerability Management
- SAFe Agile experience
- STRIDE Development model
- Organizational Skills
Certification
- Offensive Security Certified Professional, OS-101-012412, Offensive Security
- Certified Information Systems Security Professional, 543938, ISC2
- AWS Certified Cloud Practitioner, NBNS8ZE1WBQEQSCZ, Amazon Web Services
- Microsoft Certified Azure Fundamentals, I759-8779, Microsoft
- Certified Appsec Practitioner, 8436770, ISC2
Personal Information
Title: IT Security Consultant
Timeline
External Penetration Tester
COGNIZANT INC.
11.2022 - Current
Lead Penetration Tester/Security Engineer
AMERICAN FAMILY INSURANCE
09.2020 - 11.2022
Cyber Security Lead
DELOITTE DIGITAL
05.2020 - 09.2020
Senior Security Engineer III/Penetration Tester
Honeywell Inc.
03.2019 - 05.2020
Red Team Member / Penetration Tester
Equifax
05.2018 - 12.2018
Senior Red Team Operator
IIT Corporation Services LTD
11.2016 - 05.2018
Product Penetration Tester
Hewlett Packard Enterprise Security
02.2016 - 10.2016
Security Analyst
Metro Systems Inc. (Supporting Homeland Security)
10.2015 - 02.2016
Security/Network Administrator II
Bowhead Corporation (Supporting the US Army)
08.2014 - 10.2015
Bachelor Of Science (B.S.) In Information Cyber Security -
ITT Technical Institute
Similar Profiles
Srinithi JayabalanSrinithi Jayabalan
Business Analyst at Cognizant Inc.Business Analyst at Cognizant Inc.
Janardhanan PerumalsamyJanardhanan Perumalsamy
Sr. Executive Support at Cognizant technology Solutions, Cognizant Technology SolutionsSr. Executive Support at Cognizant technology Solutions, Cognizant Technology Solutions
Revathi KrishnamurthyRevathi Krishnamurthy
Associate at Cognizant Technology Solutions, CTSAssociate at Cognizant Technology Solutions, CTS
JOHNISHIA L. JONESJOHNISHIA L. JONES
Insurance Agency Owner at J.L. & Associates Insurance Agency, Inc.Insurance Agency Owner at J.L. & Associates Insurance Agency, Inc.
Cherelle ShabazzCherelle Shabazz
Customer Service Representative at TSICustomer Service Representative at TSI