security engineer, software security engineer, cissp

8/3/2019 Security Engineer, Software Security Engineer, CISSP

1/12

Matthew J. Parsons, CISSP, MSM6075 Monte Vista Lane #1628Fort Worth, TX, 76132Blackberry: (315)-559-3588Email:mparsons1980 [at] gmail.comWeb: www.parsonsisconsulting.comBlog: http://www.parsonsisconsultingblog.comLinkedIn: http://www.linkedin.com/in/parsonsconsultingTwitter http://twitter.com/parsonsmattParsons on Passwords news Spot http://www.vimeo.com/8939668Open Ounce and Static Code Analysis http://www.vimeo.com/10207701

Matthew J. Parsons,MSM, CISSP, Application Security Engineer, Senior Security ConsultantSoftware Security/Application Code Review/ Senior Security Engineer/C.E.O/Owner/EthicalHacker.

SUMMARYCertified Information Systems Security Professional. (CISSP) 326814Pursuing CSSLP and Global Information Assurance Certification. GIAC for Java Programming SecurityEight years of professional experience in Security.

Six years experience in Software and Database Security.Eleven Years experience in Information Technology and Programming.Held a secret clearance.Honorable Discharge United States Air Force Reserves. www.af.milSelf employed, Parsons Software Security Consulting, LLC.Member of OWASP member number 73N4Q4M27PH. www.owasp.orgPursuing Certified Physical and Information Security Consultant http://www.securityrecruiter.com/converged_security_certifications.htmReferences below and available on request.CORP to CORP contracts only. Fully insured for four million dollars errors andomissions.Passed Drug Test and Background Check on June 1, 2010 and September 15, 2010.

EDUCATIONMasters of Science in Management, Colorado Technical University www.coloradotech.edu/ctu-onlineFocus in Information Security May 2006- August 2007 GPA: 3.94

Bachelor of Arts in Information Science, State University of New York at Oswegowww.oswego.eduFocus in Psychology and Human Computer Interaction August 2001-August 2004 GPA:3.25

Information Studies minor Entrepreneurship, Syracuse University www.syr.eduFocus in military studies, Information Science August 1998-May 2001 GPA: 3.93

PROFESSIONAL EXPERIENCEParson Software Security Consulting, LLC Fort Worth, TX www.parsonsisconsulting.comJune 2007-PresentSenior Information Security Consultant, Owner, CEO, CIO, CTO, Vice PresidentErrors and Omissions Insurance and General Liability Insurance for four milliondollars.Subject Matter Expert in Payment Card Industry, Data Security Standard compliance, Software and Database security, Enterprise Risk Management.Created awareness in the Java and .NET developed community by creating a biweek


2/12

ly newsletter for LinkedIn.Java security point of contact and senior security analyst for Aetna insuranceApplication Development Security Assessment Team . http://www.aetna.com/.NET security point of contact and senior security analyst for Aetna insuranceApplication Development Security Assessment Team. http://www.aetna.com/Web Penetration Tester for Aetna insurance Application Development Security Assessment Team. http://www.aetna.com/Worked and trained Raymond James http://www.raymondjames.com static code analysis projectWorked with Fishnet Security on Secure Coding project with Walmart. http://www.walmart.comFound keystore password on SAMS membership and Marketing Application.Senior Security Consultant for Fishnet Security. http://www.fishnetsecurity.com/Specialized in Java, J2EE and ASP.NET, PHP, Perl, Mainframe, C and C++ security.Member of Open Web Application Security Project(OWASP) www.owasp.orgFeatured Blogger for www.securityrecruiter.comFound Software security vulnerabilities for clients including: SQL injection, XSS, Cross Site Request Forgery and multiple other vulnerabilities.Blackbox Web Penetration test for http://www.lonestarvalet.comPCI compliance remediation for various clients in the Dallas Fort Worth Area.Submitted bugs for Google Chrome Project. http://code.google.com/p/chromium/issues bug number 37040 buffer overflow, 37042 No Validation, 37043 buffer over flo

w, 37044 Buffer Over flow.Scanned open source software to report software security vulnerabilities with Ounce Labs and full disclosure.Clients include: Verizon Telecommunications, Bank of America, Merrill Lynch Bank Suisse companies, Financial Institutions and South West Airlines.Implemented and became subject matter expert for Database Hard drive encryptionfor Harris County Toll Road Authority. https://www.hctra.org. http://www.nubridges.comTraining of offshore developers in India, Singapore, Peru, Italy, England, Switzerland and Hong Kong, Germany, Brazil at a Large Fortune 100 Financial Institution implementing and teaching Fortify Static Code Analysis tool enterprise wideat World Wide Bank.Subject Matter Expert for Contract Land Staff, Houston Texas. http://www.contra

ctlandstaff.com. Lead security web penetration test of main Right of Way Land application, completed manual and automated source code review. Developed Remediation plan of action.Scanning of source code for a large financial Institution using Fortify.Doing source code review with Fortify and Ounce Labs to find software securityvulnerabilities.Found Software security vulnerabilities in open source software including Second Life. www.secondlife.com/Website Administration and Development with Various clients.Worked with Martindale and Lexus Nexus helping lawyers get a web presence. www.martindale.com/Worked with Info Vision Consultants www.infovision.net.Worked with Genesis10 www.genesis10.com/

Partnered with Fortify Static Code Analysis Company. www.fortify.com.Partnered with Vera Code. www.veracode.comPartnered with Ounce Labs static analysis tool, Ounce Certified Partner, www.ouncelabs.com.Partnered with IBM. www.ibm.comCreated and developed basic static code analysis class for Ounce Labs. Ask forpresentation.User, Developer, Consultant and Administrator of Open Ounce http://www.o2-ounceopen.com/Actively writing a blog about software security. http://www.parsonsisconsulting


3/12

blog.comPartnered with Application Security Database Security Tool. http://www.appsecinc.com/PGP and software security consulting with various clients in the Dallas Fort Worth Area including Venray Technology.Training at Bank of America for bug of the month club.Programmer in C#,NET, VB.NET and Java for various freelance projectsParts and PC's web penetration assessment. http://www.parts-and-pcs.com/City of South Lake Network Security and physical security risk assessment audit. http://www.ci.southlake.tx.us/Performed Network Security Testing for clients using tools such as NMAP, NESSUSand NET Saint.Worked on testing Armorize Code Secure Software Security Computing Cloud Technologyo http://www.armorize.com/Web Penetration testing to prove Software Security Vulnerabilities with IBM Appscan, Burp Professional, Paros and Manual Fuzzing and Penetration Testing with AppScan and Firefox plug-ins.Partnered with IDEA consulting www.idea.com and Emerson www.emerson.com for manual and automated Web penetration testing using HP Web Inspect IBM Appscan and manual methods testing for SQL injection, Cross Site Scripting and Cross Site Request Forgery.Created reports from web penetration testing and offered remediation assistanceto developers to the following websites.

www.avocent.com, http://www.dixell.com/, https://agile92tst.avocent.com:443http://www.crmknurr.com.br:80, https://agile92tst.avocent.com:443, http://www.emersonclimate.eu/, http://www.hurst-motors.com. http://emersonkm.misgl.com/emersonkm/login.doManager of PHP security Sub group for Linkedin.Successfully, manually hacked internal website for Rent-a-center. http://www6.rentacenter.com.SCISoftware Security Review for Raymond James. http://www.raymondjames.com/.orgSponsor for Security B-Sides. http://www.securitybsides.com/BSidesAustinSubject Matter expert in Software Security for Password Strength, New York Times Storyo http://www.the33tv.com/news/kdaf-password-security-jim,0,3650695.storyo http://www.vimeo.com/8939668

Subject Matter expert in Software Security for Dallas station The 33 News for Conficker Worm outbreak.http://www.the33tv.com/pages/content_landing_page/?Conficker-Worm-Set-to-Strike=1&blockID=254636&feedID=460

Bank of America, www.bankofamerica.com Fort Worth, July 2009-January 2010Genesis 10, ContractorSpecialist Information Security Engineer for Enterprise Information Management Enterprise Security Assessment

Provided security code reviews using the Fortify Source Code Analysis Product and evaluated results for security vulnerabilities for eCommerce applications. Trained, documented and advised application developers for security risks, secure

coding best practices, with practical remediation guidance to developers.Created Custom Rules matrix.Started Malicious Code review program for offshore developers.Helped complete the Cyber Security Mandate of a 706 target applications. With team identified 1274 Critical/important issues. Closed 700 at year 's end prior to exploitation.Deployed early life cycle service source code scanning to 232 internet facing web applications. Completed 100 percent Bank developed internet apps for 2009.Reviewed Source code in .NET, PHP, Internet-Web, J2EE, Java, Java Script.Created documentation for bank on software security via private and public Wiki


4/12

pedia.Was scribe for Enterprise Security Management meetings.Reviewed peers ethical hacking assessments and offered feedback.Migrated from finding security problems to finding elegant and effective business security solutions for bank.Completed software security assessments of banking applications to meet bankingregulatory compliance and to start software security program early in the software security life cycle by on boarding different software development line of business groups from around the country and around the world in the Fortify Self Service scanning. To train developers to write secure code using the OWASP software security testing guide.Successfully onboarded and helped implement new software security program at Bank of America. Updated internal wiki and onboarded and trained developers how towrite secure code and use the Fortify Static Code Analysis tool and Fortify Manager. Trained Developers in India, England, Switerzland, Singapore and Hong Kongand on the West Coast, Central and East Coast of the United States from my remote office in Fort Worth, Texas.The bank ended up with thousands of developers trained in software security andthe Fortify Static code analysis tool including Fortify Manager. New processesand ideas were documented for the next generation of software security experts.Helped reduce the attack surface at the bank and limited the number of vulnerabilities, by finding software security bugs early in the development life cycle well before the application was in the public space.

Verizon Business/ Verizon Corporate, www.verizon.com Richardson, TX Oct 2007-April 2010Info Vision Consultants, ContractorSenior Internet Software Security Systems Engineer for Information Technology Application SecuritySecurity Source Code Java/.NET

Hired for strategic role in the development and maintenance of extremely complex network security/protection systems and architectures. Provided security solutions that required resolution of complex operational and integration issues associated with networks, data systems, and applications to successfully deploy secure technologies and to enhance existing technologies. Lead computer security incident response activities, conducting technical investigation of security-relate

d incidents and conduct post-incident digital forensics to identify causes and recommend future mitigation strategies.Served as the highest level of information security consultant to all internalclients and technical management in all areas of Verizon to ensure conformity with corporate information security standards.Comprehended large Enterprise Applications and Source code.Responsible for performing security code reviews and application risk assessments for customer facing applications at Verizon. Audited applications written inmultiple languages, including Java/JSP, VB.NET, ASP.NET, C#, C/C++, COBOL, PHP,and Classic ASP. Utilized OWASP and Ounce Labs formal methodology to conduct code reviews and risk assessments.Used internal documents at Verizon Business, ultra-edit, and static analysis tools like Ounce Labs and Open Ounce to supplement manual code reviews.

Worked closely with business units, vendors, and developers onshore and offshore to understand applications, analyze business processes, and identify areas ofrisk.Worked with management to access risk and certify all applications for PCI compliance.Responsible for the code review infrastructure at Verizon Business and administered all Windows and Linux servers regarding code review.Created custom scripts to take out certain security vulnerabilities.Used regular expressions to search for sensitive data, like credit card numbersand social security numbers.


5/12

Developed and documented a software security program.Found software security vulnerabilities in 200 million dollar annual revenue Verizon Core application.Applications scanned for PCI compliance, Minute Pass, IPM, E-payment, Voice Portal, IP manager, Single Sign On, Speech Services, Epoem.Completed Malicious Code Review for offshore developers.Developed and implemented malicious code review program for Verizon Business. Created Training for Malicious Code Review, created one hundred question test, for malicious code review training. Developed Power Point Slides that trained thousands of Security analysts to complete Malicious Code Review for Offshore Developers.Served as a key member of the Information Technology Application Security Review team and founding member of the code review team of three for all of Verizon Business and Verizon Telecommunications.Successfully audited, remediated and approved five Payment Card Industry applications for 2008 PCI compliance. https://www.pcisecuritystandards.orgAudited and reviewed 500K LOC of Perl and PHP for configuration management system and Verizon.Worked with a team to discuss vulnerabilities, trends and risks and protect Verizon software and information assets.Contributed to weekly team meetings by researching new vulnerabilities, security threats and attacks.Personally Audited and reviewed eight million lines of source code in Java, .NET, ASP, C#, Visual Basic, PHP, Perl, COBOL, C and C++.

Found and helped remediate Software Security Vulnerabilities including credit card numbers and social security numbers, SQL injection, Cross Site scripting, Stored Cross Site Scripting, Buffer Overflows, Improper use of Cryptography, Malicious code and various other vulnerabilities.Found Software Security vulnerabilities in twenty billion dollar Networx project (www.gsa.gov/networx) and potentially saved Verizon Business from millions ofdollars in fines for failed compliance and lose of contract.Networx is a 40 million LOC java application and consists of 170 projects. Directly responsible for the security and remediation of 85 projects. Had to build application without help from development staff. Found social security numbers, credit card information and other personal customer information using advanced searches in ultra-edit.Created, Deployed, Taught and Developed Software Security Program and Ounce Lab

s Training Program which consisted of live webinars, teleconferences, Power Point Presentations and multipage internal training documents.Worked as a liaison between Ounce Labs and Verizon Business addressing the needs of both parties.Lead Remediation efforts of several applications as subject matter expert and reduced the number of software security vulnerabilities in multiple applications.Provided ongoing security advice to developers taking all questions and eitheranswering the question or researching the question to provide the best answer for the developer and the company.Web Penetration testing of various vulnerabilities for confirmation. Manual andautomated methods for testing XSS, SQL injection and various other Web SecurityVulnerabilities listed by OWASP.Verizon ended up passing PCI compliance saving the company millions of dollars

of fines and brand name damage in 2007, 2008 and 2009.

Lockheed Martin Software Design and Integration/ Aeronautics Fort Worth, TX Feb2006-June 2007Lockheed Martin is a large multinational aerospace manufacturer and advanced technology company formed in 1995 by the merger of Lockheed with Martin Marietta. It is headquartered in Bethesda, Maryland, in the Washington Metropolitan Area. Lockheed Martin employs 140,000 people worldwide.Systems Integration Analyst, Enterprise Information SystemsSecure Coding and Database Auditing Point of Contact (POC) for Fort Worth, Aero


6/12

nautics Business Unit and Enterprise Information Systems SD&I Fort WorthMember of Elite Lockheed Martin Aeronautics, Network Operations Security Center(NOS) Active Secret Security ClearanceKept senior management informed of Information Security Risks, Vulnerabilitiesand Trends.Developed, Started and implemented Software Security Program.Performed Network Security Audits in Network Operations Command Center.Web Penetration testing to prove Software Security Vulnerabilities with Web Inspect, Burp and manual fuzzing and penetration testing.Security reviewed three million LOC in Java, C#, VB.NET, and ASP.Security Reviewed F-22 application Global Task Management System and certifiedapplication to meet customer requirements. http://en.wikipedia.org/wiki/F-22Certified and Reviewed mission critical code for the infrastructure of LockheedMartin.Developed and trained developers in software security best practices.Selected static code analysis tool for Lockheed Martin www.ouncelabs.com and www.fortify.com with 1.5 million dollar purchase.Mentor to Lockheed Martin Network Support Employee in Liverpool, NY.Certification and Accreditation of Various internal documents to Department ofDefense Policies including: DoD 8550.2.Security Engineer, Technical lead and Subject Matter Expert (SME) on multiple projects.CISSP Site coordinator to corporate wide CISSP class.Reviewed and found suspicious and malicious code internally and externally.

Programmed in Java and .NET development environments.Worked on International Espionage case working on code forensics.

Lockheed Martin Superior Technical Resources, Syracuse, NY Dec 2004-Feb 2006Desktop Support AnalystWorked as a System Support Analyst supporting 2300 end users on a team of threeas Windows Administrator.Completed 20-40 tickets a week through Incident Response and problem resolutionand customer support to clients with computer problems.Removed viruses and spyware on clients systems.Physically destroyed and degaussed hard drives with sensitive company information on them.Researched latest security threats, installed latest patches, installed softwar

e on clients ' computers.Built and deployed computers for clients working at Lockheed MartinPerformed Network Security Audits on Local Area Network.Worked with Microsoft Digital Rights Management on a client server environment.Network Administrator, Installing Catalysts and Network Troubleshooting.Helped plan and install Voice Over Internet Protocol System. (VOIP)Programmed in VB.NET and C#.NET to create scripts to automate tasks.Lead an asset reduction program that saved the company thousands of dollars induplicate PCs.

Verizon Wireless, Dewitt, NY Aug 2004-Dec 2004Customer Service Technician-Contract Solectron

Increased sales revenue in accessories and enhanced features.Incident response and problem resolution.Investigated internal fraud of fellow employee.Decreased work time on cell phones from four hours to 45 minutesChecked account status and activated User Account Management.

Career Services, NY Oswego, NY Sept 2003-Aug 2004Information Technology AdministratorAssisted staff with Information technology including Mac 's and PC 's site administrator.


7/12

Created and administered accounts for local users.Administrated and installed Virus Management software.Network Administrator.Researched Viruses and Security Patches.Installed latest security patches on PC 's.Programming.Instructed employees on the proper use of computing assets.Managed Career Services Database as Database Administrator.Protected Database and monitored e-mail list-server.

The Raven Pub, Oswego, NY June 2002-Aug 2004Head of Physical SecuritySupervised Security Personnel to ensure that proper security procedures were inplace.Identified patrons were of the age of 21.Physically removed any patrons that were in violation of the Establishments ' code of conduct.Established a relationship with local police department and called upon them inemergencies.

United States Air Force Reserves, Syracuse, NY Aug 2000-Oct 2001Active Secret Clearance May, 2001, E-3 Airman 1st class, Honorable DischargeDD-256.Studied in military science, leadership development training and professional t

raining activities.Acted as General Military Science Advisor.Studied the field of Information Science for Detachment at Syracuse University.

Eddies Big M Grocery Store Mexico, NY Oct 1996 June 2002Computer Receiving ClerkChecked in all store goods into grocery store through computer DOS systemStarted this career while in high school. Worked as a cashier, stock clerk andmeat department and during summers and weekends while in college. Worked 20-40 hours a week.

CERTIFICATIONS/TRAINING

Certified Information Systems Security Professional ID number: CISSP 326814 www.isc2.orgMember of Open Web Application Security Project, member number 73N4Q4M27PH, www.owasp.orgProject Management Certificate, 2007Information Systems Security Certificate, 2006,Information Systems Security Management Certificate, 2006,Information Systems Certification and Accreditation Certificate, November, 2006Active Secret Clearance since May, 2001 good through January, 2017,Cigital Software Security Series, http://www.cigital.com/services/training/courses, August 2009Foundations of Software Security Principles, TECH210039, August 2009Advanced Fortify Analysis Scanning, TECH230700, August 2009

Architecture Risk Analysis, TECH210041, September 2009Defensive Java Programming, TECH210040, August 2009Aspect Security Secure coding .NET course, March, 2007,Aspect Security Secure coding J2EE/Java course, May, 2007,http://www.aspectsecurity.com/training.htmOunce Labs Advanced Static Analysis Training, San Francisco, CA July 2009Software Security Summit, Baltimore, MD, June, 2006Attended Qualified Systems Engineering Training Class, July, 2006,Foreign Object Debris Training, September, 2006International Traffic and Arms, (ITAR) briefing, August, 2006,


8/12

Attended Network World Security Conference, Dallas, TX Fall, 2006,Attended IEEE, Metrocon, Arlington, TX Fall, 2006,Guest Speaker for Information Science Department at Oswego State University, November, 2005Guest Speaker at Fort Worth Java User Group on Software Security, February, 2007Guest Speaker at Fort Worth Web Design User Group on PCI compliance, August 2007Site Coordinator for Lockheed Martin CISSP corporate class, December, 2006- April, 2007Book Review for CISSP, Software Security, Building Security In, By Dr. Gary McGraw, November 2009Security Awareness and Software Development Training for Oswego State University, December, 2009Aetna Software Security and Design Classes 1-3Aetna Medicare Fraud and Abuse ClassAetna Business Conduct and Integrity ClassFishnet Security Technical Writing Class Monthly Series, 2010Fishnet Security Secure Application Development 1, October, 2010Fishnet Security Threat Modeling, October, 2010Fishnet Security Secure Code Review Methodology, October 2010Fishnet Security Application Security Methodology, October 2010Anthony Robbins Personal Power Two, 2009-2010, http://www.tonyrobbins.comSCIPP International's Secure Web-Application Development Awareness (SWADA) certificate programhttp://swada.mycrowdwisdom.com/diweb/catalog/cert/id/ef0189f5-ecbf-4247-a2af-b32

1009ed46f/view/1Pre-paid Legal Associate, Small Business and Group Certified Licensed for the state of Texas, 2008-2010http://www.prepaidlegal.com/index.html

AWARDS/HONORSAir Force ROTC Scholarship Aug 1999-May 2001Winner, Cadet of the Semester Dec 2000, Syracuse University Detachment 535Honorable Discharge United States Air Force Reserves, DD-256 Airman 1st class Oct. 2001T-38 incentive ride and Air Force ROTC internship at Sheppard Air Force Base, TexasDean 's list multiple semesters at both Universities

Achieved a 4.0 GPA Fall Semester 2000, Syracuse UniversityCommanding Officer of a 110 cadets, Marine Corps JROTC Mexico High School, Mexico, NY, Sept 1998- June 1999

TECHNICAL SKILLSComputer Operating Systems: UNIX, Linux, Ubuntu, Windows 95, 98, 2000, XP Windows 7, Vista, Server 2003, Mac OS 9, OS X, MS-DOS, Solaris 9, Solaris 10Software: Microsoft Office, Quick Books 2007, Microsoft Project, Microsoft Visio, Outlook, MARS Remedy, Microsoft Share Point, Windows Administrator Tools, Active Directory, Microsoft Exchange Server 2000, Directory Resource Administrator,VS 6, Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Fortify Static Analysis Tool, Ultra-edit, Serena Change Man Dimensions, Perforce, IBM Rational Developer, Eclipse, App Detective database scanning tool, Windows SQL Serv

er 2000, Internet Information Services, Ounce Labs Static analysis tool, SPI Dynamics Dev-inspect, HP Web Inspect, IBM AppScan, IBM App Scan Source, NTO Objectives, VMware, Web Scarab, Web Goat, Paros, 010 editor, X-way Forensics, Win-Hex,PGP, Microsoft Threat Modeling tool, Mozilla Firefox plug-ins including: Firebug, Web Developer, XSS ME, SQL inject ME, Hackbar, Switch Proxy, Tamper Data, LiveHTTP headers, User agent switcher, Js-view, Burp Suite, Ethereal, Nessus, Microsoft Baseline Security Analyzer, GRC-Shields UP!, Zone Alarm by Check Point, Ethereal, PGP Desktop Email, PGP Net share, PGP whole disk encryption, SMAC, telnet, putty, SSH, Net stumbler, Cisco wired and wireless Linksys routers, VPN, md5deep hash, Metasploit, Qaulsys, IDA Pro, Regex Buddy, Confluence, Wiki Markup. Fid


9/12

dler Web Proxy, Snagit editor. Net Sparker Pro, Burpe Suite Pro, SQL Map, ClearCase.

Languages: C, C++, C#, Visual Basic.NET, Java, J2EE, SQL, CLIPS, Perl, PHP, Prolog, XML, HTML, Java Script, SQL, COBOL, PythonGeneral Skills: PCI compliance remediation, security engineering, manual and static analysis tool code review, web penetration testing, fuzzing, network security fundamentals, NIST Network Security Tool Kit, HTTPrint, NMAP, Security Risk Assessments, Software Security Risk Assessments, knowledge of Orange Book (TCSEC)and Rainbow series, Security Policies and Procedures, Security Management, Security Engineering Capability Maturity Model (SSE-CMM), Defense Information SystemsAgency (DISA) publications, National Institute Standards and Technology (NIST)publications, DoD 8550.2, DITSCAP, Evaluation Assurance Levels (EAL) Common Criteria of Information Security Evaluations, Open Web Application Security Project.(OWASP). advanced searching, system analysis design, project management, leadership, time management, public speaking, knowledge of networking, accounting, strong written and verbal communication skills, customer service, consulting, software development life cycle (SDLC), knowledge of binary and hexadecimal number systems, sales, problem solving, computer building hardware and software, computerdeployment, break fix, trouble shooting. Architecture risk analysis, threat modeling, Cigital White Box Secure Assist, Armorize Code Secure, VeraCode, NuBridges, Samurai Web Testing Framework, OWASP Live CD, OWASP ESAPI.

ACTIVITIES

Member, ISC2 Certified Information Systems Security Professional, CISSP, 326814January 2009-PresentMember, IEEE Member #87051477 Aug -2006- 2007Member, OWASP, 73N4Q4M27PH www.owasp.org Aug-2009-PresentMember, Phi Kappa Phi Honor Fraternity Member #11272553 April 2003 2007Member, Information Systems Security Association Aug- 2006-PresentMember, Lockheed Martin Recreation Association Cycling Club Feb 2006-June 2006President, Oswego State Cycling Club Jan. 2004 Aug 2004Member, Theta Chi Fraternity, Syracuse University Alpha Chi chapter Mar 2001-Jan 2006Teaching Assistant, Systems Analysis and Design Syracuse University Aug 2000-Dec. 2000

Research Assistant, Institute for Sensory Research Syracuse University Aug 2000-May 2001Member, Onondaga Cycling Club May 2000-Jan 2006Member, Lockheed Martin Auto Club Aug 2006- June 2006Certified Level 1 Snowboard Instructor Feb 2003- June 2006Certified Life Guard Sept 2001- Sept 2003Certified CPR Sept 2001- Sept 2002NASTAR Alpine Snowboard Racer Dec 2004- Jan 2006Member, Fort Worth Java User Group March 2006-June 2006Men 's Christian Bible Study, Fort Worth, TX March 2009-PresentMember, Fort Worth Cycling Club http://www.fwbaclub.org/ January 2010-PresentMember, Fort Worth Golf Club http://www.fortworthgolf.org/ August 2010-PresentPartner, Daystar Christian Television Station http://www.daystar.com/ August 20

08-PresentMember, 24 hour Fitness www.24hourfitness.com/ Personal Training January 2010-PresentMember, Elk Castle Shooting Range, 9mm Glock 19 target shooting February 2011-Present

SAMPLE WORKhttp://www.vimeo.com/8939668http://www.vimeo.com/9069858http://www.vimeo.com/8056446


10/12

http://www.vimeo.com/8054415http://www.vimeo.com/8054415http://www.vimeo.com/7998595http://www.vimeo.com/7992560http://www.vimeo.com/7987114http://www.vimeo.com/7985052http://www.vimeo.com/7968877http://www.vimeo.com/8629442http://www.vimeo.com/8812145

RECOMMENDATIONSInternet Security Analyst

www.bankofamerica.com

I had the pleasure of working with Matthew Parsons while he was a consultant for Genesis10 at our client, Bank of America. Matthew performed as a Source Code Analyst on a six month assignment. He was an exceptional consultant. He always completed his work on time, was flexible, was a team player, communicated well with us and received great reviews from his reporting manager. Matthew representedus well and I would recommend him as a Security Consultant.

Regards ~Katie Culpepper

Matt is a man of character and integrity with strong Application Security skills instilled by his extensive work experience. I am confident that he is an ethical practitioner of his profession, an involved and informed leader in the AppSeccommunity, and a friend. I highly recommend Matt Parsons and wish him success in his future development. August 12, 2010Brandon RoseInformation Technology Recruiter, Apex Systems, Inc. (colleague)worked with youVerizon CommunicationsMatt is a dedicated and highly skilled Security Analyst - his technical skillsin the area of Source Code Reviews and deciphering insecure code, vulnerabilities and malicious code are some of the best in the nation. Matt is a team player and has proven himself in the area of teaching others in a highly technical area

- and retaining participants attention and interest. Matt is a valuable and integral member of my team. September 30, 2009George Turrentine, CISSP, CISM, Mgr - IT Security, Verizon Communicationsmanaged Matt at Verizon CommunicationsSenior Internet Security Engineer Contractor

Verizon BusinessOver the past 2 years I have worked closely with Matt. Through out our relationship, he has been very professional, willing to learn as well as taking on projects to learn. Our field is a very new field in the industry and the majority ofexperience comes from hands on work. I am very impressed with both his work ethics and his quest for knowledge. September 18, 2009Scot Cairns, CISSP, CSSLP, Application Security Analyst, Verizon

managed Matt indirectly at Verizon Business

Verizon BusinessMatt is the single most smart guy I have ever known in my entire life. He constantly strives to do what is right. While he often appears orthodox in his methods, he is actually as cowboy and as unorthodox as people can get. July 26, 2009William Copley, Senior Internet Software Systems Engineer II, Verizonworked directly with Matt at Verizon Business

Verizon Business


11/12

Matt is very detail oriented, intelligent, hard working, and customer oriented,which makes him my first choice for source code analysis projects. He is alwayslooking to educate himself on the latest security technologies and trends to stay on top of his field. A pleasure to know and work with him. March 30, 2009Markus Bohlander, CISSP, Director, Application Security, InfoVisionworked directly with Matt at Verizon Business

CEO, CIO, CTO, Security ConsultantParsons Software Security Consulting LLCI 've had the opportunity to work with Matt on several related projects. Matt knows his strengths and works hard to make his strengths stronger. He is wise enough to seek out advice and guidance when he encounters a subject that isn 't hisstrength. I recommend Matt for his professional integrity, his ability to deliver on his strengths and his willingness to seek out advice when he recognizes the need to tap into someone else 's strengths. November 5, 2009Jeff Snyder, President, SecurityRecruiter.com & J.A. Snyder & Associates, Inc.was with another company when working with Matt at Parsons Software Security Consulting LLC

CEO, CIO, CTO, Security ConsultantParsons Software Security Consulting LLC

Matt is a consummate professional and a pleasure to work with. He seeks to findthe appropriate solutions to his client's needs while still keeping your cost i

n mind. Matt adapts his problem solving approach to each client's unique business concerns. He also focuses on the quality of the solution rather than the quantity which assures your businesses the right product the first time. Above all else, Matt is trustworthy and will give you practical appraisals and solutions based on your business needs. July 20, 2007Top qualities: Great Results, Personable, High IntegrityNick Grimshawhired Matt as a IT Consultant in 2005, and hired Matt more than once

Security EngineerLockheed MartinMatt gave our security product a fair an extremely thorough examination last year. The level of expertise, maturity and rigor he brought to this action, upon w

hich the security standing of the greater Lockheed corporation depended, was very impressive indeed, especially for someone so young. I recommend him for increasingly demanding positions of trust in the future, whether as an employee or a service provider. December 26, 2007Andy Bochman, Director, Federal Markets, Ounce Labs, Inc.was a consultant or contractor to Matt at Lockheed Martin

Customer SupportSolectron Contractor for verizion WirelessMatthew was a dedicated employee concerned with assuring customers received thebest experience with Technical Services with Verizon Wireless. Matt consistently went above and beyond to assist these customers with their needs on an ongoingbasis. March 22, 2009

Brendon Scarano, Area Team Leader, Solectronmanaged Matt at Solectron Contractor for Verizon Wireless

StudentI would heartily endorse Mr. Matthew Parsons. I have known him for several years - as both a colleague in the Computer Security field and as one of my OUTSTANDING students at Colorado Technical University. Matt's attention to detail, thoroughness in his work (and assignments) and his integrity are just a few of the qualities that I feel make Matt an exemplary person, employee, and colleague. I would recommend Matt to anyone looking to find and hire top-notch talent - I know


12/12

that if I had an opening on a team - he would be one of the first people I'd call. Derek E. Isaacs May 1, 2010Derek Isaacs , Adjunct Professor , Colorado Technical Universitytaught Matt at Colorado Technical University

We have worked with Matthew Parsons for several years and find him to be honest,trustworthy, knowledgeable and reliable. His prices are fair and he is a most necessary asset in this day and time. We would recommend him to everyone.

Parts & PC 'sDanny SchiffnerCraig Newnam.

security engineer, software security engineer, cissp

Documents