Matthew Frost
Addison
Summary
Diligent Network Security Engineer with strong foundation in network security protocols and risk mitigation strategies. Demonstrated success in implementing robust security measures to protect sensitive data across complex infrastructures. Proven ability to analyze and resolve security breaches while continuously optimizing system performance.
Overview
19
19
years of professional experience
1
1
Certification
Work History
Network Security Engineer
Verizon
03.2022 - 06.2025
- Maintained robust security posture by regularly updating security policies and procedures.
- Designed secure network architectures, incorporating best practices and latest industry standards.
- Reduced cyber threats by conducting vulnerability assessments and recommending appropriate mitigation strategies.
- Assisted in the development of disaster recovery plans, minimizing downtime during unforeseen events or incidents.
- Optimized network performance through effective monitoring and troubleshooting of security devices.
PKI Security Architect
Citi Group
08.2021 - 08.2022
- Collaborate with Splunk and Ops team to Build a certificate inventory
- Analyze and identify all the data feeds that are needed for the certificate inventory.
- Collaborate with different teams to automate the certificate feed on a monthly basis.
- Analyze monthly Qualys scan with different cert feeds like (Venifi and MSPKI) and find out the why all the certs are not in Qualys scan. Work with Qualys team to include these scan. Ideally all Citi issued certs should be found by Qualys scan
- Identify other data source like (NetInfo and CSI) to feed into Splunk and work with Splunk team to get these feeds automated.
- Partner with Splunk to build out different reports needs for certificate management
- Generate reports for all certificate cross referencing with CSI and NetInfo
- Work with application owner to clean up non-compliant certificates.
- Help key management team in coming with training material for App managers and developers on certificate management
PKI, CA, HSM Architect
Bank Of America
03.2021 - 07.2021
- Administration, operation, upgrade and support of Certification Authorities (CA), Registration Authorities (RA), online responders, and Hardware Security Modules (HSM) of a Microsoft Windows-based enterprise Public Key Infrastructure (PKI).
- Ensure alignment with all PKI compliance and best practices.
- Implement, operate and maintain physical and virtual machines in production and disaster recovery locations.
- Interface with vendors that provide security/encryption related services
- Participate in defining and developing the strategic plan for PKI for the enterprise
- Lead the definition and implementation of POCs around PKI, KMS and other certificate related technologies
- Ensure 24/7 uptime of the PKI services
- Design, test, and implement changes/additions to HSMs in the PKI Infrastructure
- Responsible for all engineering aspects of the company s PKI including: Internally and externally hosted Certification Authorities (CAs) and Registration Authorities, The enterprise certificate management system
- Enterprise Code Signing Services, Consulting around cryptographic technologies, Hardware Security Module (HSM), NDES servers
- Working with onboarding anyone within the dev team to work within Venafi to complete project.
- Design and implement software systems in Windows that solve or automate the solving of complex networking and security problems. Requires a thorough understanding of Windows internals in order to meet very specific security and networking requirements.
- Apply expert-level knowledge of public key infrastructure (PKI) to design and develop solutions to customer problems.
- Apply a thorough understanding of the basics of IP networks and their workings (DNS, Security, IP Routing, HTTP, VPN, etc.)
PKI Architecture Program Manager
PCCI
02.2020 - 07.2020
- Putting together PnP for HITRUST cert
- Managed SLT sign-off meetings for PnP and evidence
- Working with international accreditation BDO
- Trained and prepared upper management for information security reviews
- Conducted risk management and oversaw program implementation.
- Implementation of PKI in environment
- Worked with Azure blueprinting and security tools.
- Planning and implementing a security framework within the guidelines for protecting computer systems
- Auditing of code using Azure tools
- Pen testing solutions in the environment.
- Managed projects related to security and risk mitigation/management and encryption at rest
Security Engineer
Cisco Systems, Inc.
10.2018 - 11.2019
- Working with advanced SaaS offerings including AWS, CWS, CDO, AMP, VPN, OKTA, Firewalls, Umbrella. integrations, and new client design and launches.
- Hands-on with hardware and VM versions of ASA, WSA, SMA, ESA, ISE, AnyConnect. Advanced troubleshooting and backtrace for bug reports.
- Troubleshooting of Network and Security using Splunk and other SIEM products
- Troubleshooting of certificate-based integrations across a wide variety of environments.
- Advanced Wireshark analysis and Web Proxy support and well as best practice solving for any out-of-band issues and 802.1.
- Python programming, Javascript, FreeBSD, Cisco Green Belt in security
- 15% increase in services renewal exceeding expectations.
- Worked as part of the monthly DR for natural disasters.
PKI Security Architect
Frost Design Consulting
08.2017 - 09.2018
- Technical consulting on 2018 version of cryptography and networking college textbook written by http://williamstallings.com/ (the book is now published and credited with my additions)
- Asked by Amazon to attend new classes for AWS certification. (completed & reviewed)
- Troubleshooting of CA, SSO, and cert issuance. Client Migrations and Legacy support.
- Defining standards and templates for Client (Windows systems XP - 10)
- Provide consulting services to capture/refine customer requirements and translate these into technical requirements.
- Develop technical solutions using existing best-practice solutions, templates, configurations and standards set by Customer
- Develop technical solutions to satisfy client requirements where standard Customer solutions do not exist/apply
- Create/contribute to technical documentation for proposed technical solutions.
- Document and communicate solutions and principles to a technical and non-technical audience
- Provide solution-level support to the design and implementation phases of assigned projects
- Review and validate deliverables produced by Design Engineers and Network Engineers
- Trained other team members on Thales, and SafeNet (HSM)
- Familiar with SC for IoT and automotive design.
- X509 certificates
- Monitoring Cisco Unified communications (SIP, MPLS)
- Wrote PnP and DR as well as Business Continuity for several clients. (Some clients can be released per NDA)
- Zscaler Integration.
Senior PKI Support Engineer
Entrust
08.2013 - 08.2017
- Provide daily direction and communication, to ensure customer expectations are established and maintained for our platinum clients escalating and engaging development if needed. Client retention was 98% year over year. Upgraded sales of over $100,000. Personally, responsible for bringing in/retention of over $550,000 to department per year.
- Built test boxes using Hyper-V and VMware to recreate problem cases and build POC infrastructures for clients prior to integrations.
- Explained and Implemented PKI structure and usage. This was for both RedHat/Linux and Microsoft environments as well as mixed.
- Troubleshooting and integration of Office 365 with products (reading of logs, checking connections, and configurations.)
- Troubleshooting and maintain FTPS and VPN, load-balanced, wireless, MDM, and 2FA/OKTA, Ping) connections within Palo Alto, Cisco, IBM, and Oracle-based hardware/software
- Supported IdentityGuard, HSM’s, Security Manager, Venafi and mobile apps to provide maintained client security, including email, encryption, and access protection
- Used SafeNet, Thales, and FireEye for HSM certificate generation
- Built and hosted data-centers in an AWS cloud environment
- X.509 standards, Java Keystore, Python, and OpenSSL
- Provided back-end support for SaaS Smart-grid(UK project), mobile security network product
- Evaluate documented resolutions and analyze trends for ways to prevent future problems.
- Detailed thousands of tech notes and client notes on PKI, TLS/SSL, PGP certs and Symantec mPKI.
- Lead for on-boarding State of Missouri, Kansas, and others for SaaS offerings.
- Lead for USAID’s worldwide smart card implementation, federal bridge integration, and performance.
- UK smart-grid project lead
- Key management, profiles, and algorithms for encryption
- Familiar with payment standards and best practices (PCI, SOC, ANSI)
- Troubleshooting, Monitoring, and Installation of Linux systems (Entrust products are built on this platform)
- Client portfolio included but not limited to: Xerox, USAID, canada.gov, Bank of Brazil, Interpol, Her Majesties Guard, DEA, County of LA
Tech Support Supervisor
Insphere Insurance Solutions
01.2006 - 01.2013
- Provide daily direction and communication leading a support team of 5 people to ensure that calls are answered, tickets are resolved, and customer satisfaction is maintained within SLA’s.
- Establish work procedures and processes that support the company and departmental standards and strategic directives
- Built DR, Sox, and HIPPA guidelines.
- Participate in the Incident management process by acting as a single point of contact for escalations and notifications regarding outages and customer-related issues.
- Evaluate documented resolutions and analyze trends for ways to prevent future problems.
- Create and maintain a high-quality work environment so that team members are motivated to perform that their highest level. Use appropriate judgment in upward communication regarding department or individual employee concerns.
- Troubleshooting and maintain Cisco VPN connections
- Provide input on employee development and implementation of staffing, training, scheduling and recognition programs.
- Provided software/hardware support to a mixed environment of Linux/Windows
- Troubleshooting product on Linux shell environment
- Ran testing on Azure vs. GApps platform to identify performance for the client base.
- Lead conversion of local Microsoft Office to O365.
- Interacts with internal/external IT teams to mitigate customer issues. Escalates and initiates problem resolution.
- Develops monthly metrics and project status for process improvement. Lowered ticket count by 500%
- Lead company into SaaS platform (GApps Cloud) for nationwide staff.
- Planned and lead team DR runs as well as tabletop backup tests.
- Build and refresh PCs for all areas of 1500+ workforce (200+ units per quarter), application troubleshooting, network integrity, hardware and software resolutions as necessary, Blackberry (BES and hardware), Air Card domestic and international support. Maintain 734 plus business-related programs, including installation, writing and set up of technical guides for end-users. Part of a two-man team chosen to support C titles with “Gold Support”. Awarded 4% bonus for “Top Performers” within the company (selected by department Directors).
Education
Associate of Science - Computer And Information Systems Security
New Mexico Junior College
Hobbs, NM05-2009
Skills
- Network security design
- Access control management
- Mobile device security
- Endpoint protection
- Vulnerability assessment
- Network security management
Accomplishments
- Achieved upgrading Verizon's HSM backbone through effectively helping with training of field techs.
- Documented and resolved AlgoID mismatching which led to proper testing with Comcast and Charter onboarding.
- Collaborated with team of 40 in the development of Wholesale processes for SIMOTA.
- Achieved testing of PKI by introducing Thales KMS for auto certificate issuance.
- Achieved [Result] through effectively helping with [Task].
Certification
- CCNA, Cisco - 2013-2015
- CCSA, Cisco - 2015-2017
Timeline
Network Security Engineer
Verizon
03.2022 - 06.2025
PKI Security Architect
Citi Group
08.2021 - 08.2022
PKI, CA, HSM Architect
Bank Of America
03.2021 - 07.2021
PKI Architecture Program Manager
PCCI
02.2020 - 07.2020
Security Engineer
Cisco Systems, Inc.
10.2018 - 11.2019
PKI Security Architect
Frost Design Consulting
08.2017 - 09.2018
Senior PKI Support Engineer
Entrust
08.2013 - 08.2017
Tech Support Supervisor
Insphere Insurance Solutions
01.2006 - 01.2013
Associate of Science - Computer And Information Systems Security
New Mexico Junior College
Similar Profiles
Mariana Carbajal SiegfriedMariana Carbajal Siegfried
Lead Customer Service Representative at VerizonLead Customer Service Representative at Verizon
Angela BurtonAngela Burton
Director, Business Sales at VerizonDirector, Business Sales at Verizon
MUBARIK KHANMUBARIK KHAN
Principal Security Engineer at VerizonPrincipal Security Engineer at Verizon
Harishitha KamireddyHarishitha Kamireddy
Engr II Software Development at VerizonEngr II Software Development at Verizon
Enrique SanchezEnrique Sanchez
Assistant Warehouse Manager at Startex Ind.Assistant Warehouse Manager at Startex Ind.