Matt Bangert
Overland Park,KS
Summary
DEFCON 2022 Social Engineering Capture the Flag winner and black badge recipient.
Passionate OSCP certified information security professional. Experience in systems administration, network security, penetration testing, IOT testing, and adversary simulation.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Sr. Security Consultant
Cyderes
08.2022 - Current
- Conduct internal network, external network, social engineering, red team engagements, and physical security assessments
- Produce and present reports including assessment-based findings, outcomes, and remediation recommendations
- Manage priorities and tasks to achieve utilization targets
- Train and mentor junior team members
- Create a standardized Offensive Security notebook to assist in team collaboration
- Develop custom tooling to aid in red-team engagements and penetration tests
- Recommend improvements in security systems and procedures
Red Team Operator
IronNet Cybersecurity
07.2021 - 06.2022
- Develop and perform purple team engagements based on customer-relevant adversaries
- Plan, conduct, and create reports for external Red Team engagements for a variety of clients
- Assist the internal SOC in developing new detections around various TTPs
- Review reports with clients and provide remediation suggestions based on findings
Cyber Security Engineer II
Garmin
10.2020 - 07.2021
- Perform targeted security audits on internal and external assets
- Consult developers and management on best practices for various technologies
- Conduct advanced security testing on IoT and embedded devices
- Establish new testing standards for different protocols (BT, BLE, ANT+)
- Conduct Crown Jewel Assessments on critical internal infrastructure
Penetration Tester
H&R Block Inc.
11.2019 - 10.2020
- Designed and conducted Purple Team Exercises
- Conducted physical security assessments and desk audits
- Managed, implemented, and lead Bug Bounty program through HackerOne
- Performed web application tests using BurpSuite
- Implemented Cobalt Strike C2 infrastructure
- Conduct target phishing campaigns using GoPhish
- Assisted Incident Response team during live incidents
- Performed vulnerability validation
- Automated Mitre ATT&CK Framework TTP's to detect coverage as well as environmental drift
- Created Python and Bash scripts to monitor external network exposure
Information Security Specialist
UnitedLex Corporation
04.2019 - 11.2019
- Recommend improvements in security systems and procedures
- Conducted security audits to identify vulnerabilities using Nessus
- Assisted in implementing different security tools such as Palo Alto Traps
- Managed and ran security features in Office 365 including performing phishing exercises and password sprays
- Created tools in Powershell and Python to automate daily tasks
- Created and assisted in tuning Splunk Enterprise Security alerts and reports
- Act as senior analyst to UnitedLex SOC team
- Ensure new logs are added into Splunk ES
- Managed CounterACT to allow and deny different devices from network
- Delevoped different patching solutions to assist in creating a more secure environment
Information Security Analyst
UMB Financial Corp
04.2018 - 04.2019
- Reviewed violations of computer security procedures and developed mitigation plans
- Reviewed tickets from MSSP and determined best course of remediation
- Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access
- Created Splunk dashboards to assist in correlating anomalous activity
- Triaged different malicious email attachments with FireEye
- Assisted in patch management as a member of the Patch and Vulnerability Council
- Automated time-consuming tasks using Python
Network Security Analyst
UnitedLex Corporation
09.2016 - 02.2018
- Monitored various clients across different platforms such as HPE ArcSight, Securonix and CarbonBlack
- Analyzed network traffic with WireShark, ELSA, and SecurityOnion tools
- Used SNORT, BRO, and other feeds for increased visibility into client environments
- Created and maintained security tools using Python
- Responded to different emerging threats with client custom content
- Provided Tier 2 level support and training for new analysts
- Supplied clients with detailed summaries of malicious findings
- Triaged SIEM events and delivered write-up to clients containing recommendation for incident remediation
- Performed deep dive investigations on internal host machines using EPDR platforms
- Assisted with Snort rule creation
- Lead client monthly calls
Systems Administrator
Novation IQ
11.2015 - 09.2016
- Managed users in Active Directory
- Created Group Policy Objects for staff and public workstations
- Assisted in deploying and configuring Microsoft AX
- Managed IIS for intranet learning management systems
- Assisted in planning IT needs with in-building office expansion
- Configured and deployed McAfee ePolicy Orchestrator for certain user machines
- Provided technical support for employees in person and via phone
- Set up equipment for new employees
- Monitored network devices and servers such as file servers, domain controllers, DNS, DHCP, and media servers
- Managed users in Avigilon Access Control Manager
U-Verse Technician
AT&T
07.2014 - 07.2015
- Installed and repaired both home and business networks as an ISP
- Helped customers connect multiple devices together within their home
- Developed customer service strategies to increase customer satisfaction
- Provided maintenance and troubleshooting of all technologies in the location
- Installed routers and access points in locations per customer requests
- Managed ISP related responsibilities until point of demarcation in big business environments
Education
Malware Development
MalDev Academy
2023
Red Team Training
Mr.Un1k0d3r Offensive Security
06.2022
Adversary Simulation & Red Team Operations
Zero Point Security
2022
Red Team Operator - Malware Development
Sektor7
2022
Penetration Testing With Kali Linux
Offensive Security
2019
Certified Ethical Hacking
CompTIA
2016
Awards
DEFCON, 2022
Social Engineering Capture the Flag - First Place
Certification
Offensive Security Certified Professional - OSCP
Issued April 8th, 2019
OSCP certificate ID OS-101-29165
Security+
Issued April 2016
Timeline
Sr. Security Consultant
Cyderes
08.2022 - Current
Red Team Operator
IronNet Cybersecurity
07.2021 - 06.2022
Cyber Security Engineer II
Garmin
10.2020 - 07.2021
Penetration Tester
H&R Block Inc.
11.2019 - 10.2020
Information Security Specialist
UnitedLex Corporation
04.2019 - 11.2019
Information Security Analyst
UMB Financial Corp
04.2018 - 04.2019
Network Security Analyst
UnitedLex Corporation
09.2016 - 02.2018
Systems Administrator
Novation IQ
11.2015 - 09.2016
U-Verse Technician
AT&T
07.2014 - 07.2015
Malware Development
MalDev Academy
Red Team Training
Mr.Un1k0d3r Offensive Security
Adversary Simulation & Red Team Operations
Zero Point Security
Red Team Operator - Malware Development
Sektor7
Penetration Testing With Kali Linux
Offensive Security
Certified Ethical Hacking
CompTIA