Bryan Brake's Email Addresses & Phone Numbers

Co-Founder, Organizer @ SeaSec East SeaSec East is a networking forum for professionals in IT, information security, privacy and compliance. We foster an open environment where discussion is encouraged. Completely a 'FrieNDA'​ environment. Bounce ideas off of folks, collaborate on a project, have a 5-7 minute on a topic you're passionate about. The sky's the limit at...

Co-Founder, Organizer @ SeaSec East SeaSec East is a networking forum for professionals in IT, information security, privacy and compliance. We foster an open environment where discussion is encouraged. Completely a 'FrieNDA'​ environment. Bounce ideas off of folks, collaborate on a project, have a 5-7 minute on a topic you're passionate about. The sky's the limit at SeaSec East. Predominately located in the Redmond-Bellevue-Mercer Island area of Seattle, we meet on the Wednesday of each new month. Greater Seattle AreaCEO, Janitor, mailroom, and all things in between @ Cascadia Security and Consulting Started CascadiaSec as a long (read: LONG) term plan to do what every Infosec person wants to do... setup their own consultancy and eke out their niche in the infosec world. Also, this will make it easier for possible sponsorship opportunities for the Brakeing Down Security Podcast, as well as for being a sponsor of infosec conventions and events in the future. Ended the incorporation in 2017, as I found our podcast was not using it. From October 2015 to March 2017 (1 year 6 months) Greater Seattle AreaCapital of Austin ISSA Chapter Recording Secretary / Board Member @ Information Systems Security Association (ISSA) Maintaining chapter minutes, Presiding over meetings as timekeeper, ensuring constructive flow of communication from all members/attendees. Other duties are preparing the agenda for the board meetings, and monthly meetings, and to be the 1st point of contact for any and all changes made to the chapter by-laws. From December 2013 to February 2014 (3 months) Austin, Texas AreaPresident @ Infosec Education Foundation, a 501c3 charity Coordinating with potential sponsors for the Brakeing Down Security podcast. Furthering educational initiatives by organizing trainings, meetups, and conferences.Organizing the Infosec Campout, an Infosec and camping conference bringing security talks and outdoor camping together. (www.infoseccampout.com) Greater Seattle AreaProducer, Content Creator, Co-host @ Brakeing Down Security Podcast I create online Security training and content to enable new security professionals, or people seeking to understand security topics to gain a better understanding. Our podcast currently averages 500 downloads per day, and 18-20,000 downloads a month (as of January 2016)I also do the audio editing, which includes creation of music snippets, adding interviews and sound mixing to make sure the audio does not sound muted or is too loud.We interview people in Information Security, Privacy, and Compliance/Regulatory industry to help listeners gain an additional important viewpoint. This requires coordination with the person involved, engaging them using either face-to-face interaction, or using technology like Skype, Google Hangouts, or Conference phone bridges, and capturing that audio for use in later podcasts.Also, we are leveraging LibSyn as a service to enable creation of RSS feeds, iTunes integration, and posting of additional content, such as video tutorials, interesting news videos, and the like.As of (Apr 2017), we are averaging ~20,000 downloads of the podcast episodes per month, with each podcast having an initial download of ~2,000 - 2,500 downloads.We have also branched out, offering online classes for Python and other languages, as well as organized CTF events in an effort to educate people new to Infosec. We also run a regular book club, where we take a chapter each week and run through it, discussing the Chapter and our thoughts about it. WorldVuln Manager, Pentester, Audit/Compliance SME @ CrowdStrike conducted vendor security assessments for software and systems to be introduced to the enterprise environmentSetup of a vulnerability management program version to replace existing adhoc programThis required the creation of policies for handling vulnerabilities in the enterprise, coordinating incident response measures against newly found vulnerabilities in the media (such as BadLock, HeartBleed), and ensuring affected systems are patched in a timely manner.Created custom vulnerability scoring uitilizing the CVSS score as a base and modifying to fit the current environment.Took meetings with vendors to discuss implementation of new technology, and to work through security issues pertaining to installation, and operation of new systems.Using popular vulnerability scanners to detect vulnerabilities creating reports for management to show systems that were patch deficientcreating quarterly audit reports to satisfy SOC2 Type 2 requirementson the team that guided our company through 3 successful SOC2 audits and the CSA Star audittested JSON based APIs for security flaws for a popular security endpoint applicationmanual web application vulnerability testing using Burp, and FiddlerEngaged DevOps teams on proper patching and vulnerability managementChampioned a lite-weight 'half-baked' AWS image that sped up deployment of systems and reduced package loadoutscoordinated testing and development group to discuss proper methods of addressing vulnerabilities prior to deployment of a solutionconducted regular red team testing of network and environment, using the Kali Linux Distro and associated tools. From October 2014 to April 2018 (3 years 7 months) Greater Seattle AreaInformation Security Principle @ ACS, a Xerox company My company handles the payment card systems for US Treasury and 22 other states. We support services dealing with assistance (WIC, government assistance, child care allotments, child support, etc)My current position as InfoSec Principal is to maintain PCI compliance on several hundred servers, creating mitigation plans and policies to address PCI shortcomings, and managing issues that arise with various different parties (system architects, operations managers, change management) to ensure that parties responsible fix the issues that arise in a timely manner. We protect 6 Billion dollars USD worth of disbursements per monthReceived a 2 Spot Awards for creating a process to regularly review firewall ACLs to stay compliant with PCI-DSS, and another for swift addressing of the OpenSSL HeartBleed bugEstablishing FISMA compliance requirements that were required for a re-bid of a 1 Billion USD government contractInstalled Tripwire and Envision servers and agents hosts to ensure proper archival of system and audit logsMaintaining effective two-way communication with Compliance and Fraud Departments which allows us to address any issues that arise in a positive manner, and allows for creation of realistic mitigation plans, and notifications of necessary parties when handling any and all security incidentsManaging various projects of a security nature, such as instructing QA, Test, and Developers on the proper methods of protecting against XSS, CSRF, and other Web Application Security conceptsUsing various security tools (Burp Suite, Nmap, Kali Linux, etc) to actively attack internal networks and external websites to find vulnerabilities and mitigate them as they are foundConducting regular security vulnerability assessments utilizing Tenable's Nessus Security Scanner And CriticalWatch, both on the external web portals and also doing credentialled internal scans to locate and remove findings From August 2012 to October 2014 (2 years 3 months) Austin, Texas AreaPodcast Co-Host, Segment Producer, and Presenter @ Major Technicality.com Creating web content, in the form of screencast videos, displaying IT applications.Researching topics for 'week-in-review' segment, as well as assisting in promoting the weekly "MajorTechnicality" podcast to various social outlets. From November 2012 to May 2013 (7 months) Austin, Texas AreaInformation Security/Compliance Consultant @ CynergisTek, Inc. Provided hands-on consulting services to clients that offered enhanced levels of information securityConducted risk assessments and information security program assessments as mandated by HIPAA requirements. Interpreted HIPAA, HITECH, Meaningful Use and other requirements as they relate to a specific internal information system, and assisted with the implementation of these and other information security requirements.• Traveled on-site to do risk assessments for hospitals according to HIPAA/HITECH guidelines, the ISO 27002 standard.• Created specialized reports highlighting findings found during technical and non-technical evaluation of healthcare information systems. Non-technical evaluation required interviews of key personnel, as well as review of policies and procedures to ensure the client was conforming to HIPAA/HITECH guidelines.• Conducted physical security assessment of the facilities while on-site. This entailed checking security camera coverage, checking physical access points, evaluating the location of workstations and printers for possible tampering by outside sources, and assessing network security controls for possible breaches of sensitive information.• Scans were conducted utilizing the QualysGuard appliance on internal and external information system assets, and reports were created detailing the results of the vulnerability assessment to the client.• Held workshops with hospital administration (CIO, Legal, Compliance, etc) to go over the results of the assessments and to chart out a course of action to help them become more compliance with HIPAA/HITECH and Meaningful Use Stage 1 requirements.• Created nightly reports using Log Logic appliance that detailed various metrics for hospital clients (accounts created/deleted, number of failed logon due to certain conditions, etc) From December 2011 to June 2012 (7 months) Austin, Texas AreaSystems Integration Test Engineer @ HP Enterprise Services Coordinated with vendors to resolve testing issues and develop possible solutions. Worked against deadlines on several key multi-million dollar incentive projects for the US Navy global information networkCreated complex and detailed test plans during white box testingCollaborated in review of testing processes to eliminate inefficiencies using Lean Six Sigma methodologiesApplied certified test hardware to lab environment to mimic production environmentOversaw training of new personnel to enable faster and easier introduction to testing environmentImplemented applications built on Windows and Solaris 8, 9, 10, as well as RedHat Enterprise LinuxProvisioned storage area network (SAN) LUNs to create storage on various Windows and Unix servers utilizing the EMC Symmetrix DMX-3Setup service level agreements and statement of work agreements to provide customers with service after installation of software and hardware solutions From August 2006 to November 2009 (3 years 4 months) Greater San Diego AreaSenior Systems Adminstrator / Information System Security Assistant @ US Navy (Government) Supervised 4 person team to complete networking and setup of 20 unclassified and classified servers in the Weather Command operations center to support vital US Naval operations and exercisesPerformed maintenance on 20-25 Sun Solaris 7, 8, and 9 workstations and servers including networking, patching, and security vulnerability complianceManaged group of 6 technicians monitoring help desk functions and servicing user workstations. Created schedules for support based on operational necessity.Managed the Trusted Gateway System (TGS) and the Joint Operational Data Interchange (JODI) to pass unclassified data safely to classified networks for support of DOD assets worldwideMaintained proper network documentation in accordance with the Defense Information Security Agency (DISA), Including updating network diagrams, IAVA compliance, and physical security guidelinesSetup and maintained DHCP, DNS and NFS servers, as well as Web servers for sharing information to external customers, and Windows file servers for sharing of information to internal personnelCataloged and secured COMSEC equipment in accordance to physical and information security guidelinesConducted training with operations personnel on operation of various meteorological and IT systemsCreated risk assessments on information systems to highlight operational need, and used assessments to create plans for business continuity and disaster recoveryConducted security training to help new personnel understand proper storage and handling of secure media and materialsBriefed senior leadership on operational status and status of projects at weekly meetingsReplaced outdated protocols like FTP, Telnet, and RSH, with OpenSSH and SFTP to further secure networks and reduce attack vectors from the outside From January 2005 to August 2006 (1 year 8 months) Greater San Diego AreaInformation System Security Assistant @ U.S Navy Monitored Cray XMP supercomputers for completion of advanced weather forecast models using Hummingbird ExceedMaintained heterogeneous network of Windows and Linux clients at a remote base to provide timely meteorological data to the US Navy Fleet in the Indian Ocean.Managed training records for military and civilian personnel using in-house database systemBriefed senior leadership on weather phenomenon in areas of importance to Naval assetsPerformed maintenance and upgraded meteorological hardware to mitigate outagesSetup and maintained Symantec Enterprise Antivirus to ensure proper distribution of anti-virus updatesCreated meteorological observations that required timely transmission to a centralized database using web site upload interface From November 1997 to November 2004 (7 years 1 month) Worldwide assignmentsTechnical Project Manager @ Leviathan Security Group Update internal processes and development of an organizational change management process utilizing ProSci's "ADKAR" methodology that takes into account engagement from a change sponsor, communication management, understanding and overcoming the resistance to change in an environment.Updating documentation and reducing the amount of 'tribal knowledge' in the organization. This was done by an overhaul of old Mediawiki pages, deciding on the best way to highlight that knowledge, meeting with the knowledge keepers, chronicling the process or actions needed for successful repetition of the process, and auditing the existing pages on a periodic basis to maintain their veracity. Develop and communicate risk-based plans to drive project priorities using industry accepted risk assessment and threat analysis methodologies.Lead root cause analysis processes based on information about the client’s processes, technology, and maturity.Develop and present on remediation and mitigation plans to address systemic issues and root causes identified during and between projects.Mentor and guide project personnel as needed.Identify opportunities to leverage current and future capabilities to further support the clients business.Support proposal and service line development. Greater Seattle AreaInformation System Security Officer @ Ultra Electronics Advanced Tactical Systems Maintained Information Assurance Vulnerability Assessment (IAVA) scripts for several projects to ensure proper information security standards were followed.Managed classified computer systems according to NISPOM Chapter 8 Guidelines and policies set by the ISSM and FSOCreated Plan of Action and Milestone (POA&M) documents that initiated timelines to help customers understand when security vulnerabilities would be mitigatedMaintained accurate documentation to show changes between IAVA builds Interfaced with customers on changes being made to systems, and modified systems accordinglyUpdated SOPs and access control lists to ensure proper permissions were given to the proper personnelUsed virtualization technology to create multiple hosts to decrease testing time by 30% and decreased time between customer deliveries by 50%. From January 2010 to November 2011 (1 year 11 months) Austin, Texas Area