Broadly-experienced IT security professional, with expertise in networked/Internet and mobile ecosystems. Recent emphasis on: - Cloud security architecture and operations (infrastructure- and platform-as-a-service) - Web and mobile application security (vulnerability assessment and penetration testing, source code review) - Security architecture (logical, application, network) - Physical and virtualized IT infrastructure security assurance (network, OS & database tiers).

Director, Cloud Security @ Technical management role within the security team at HP Cloud, with responsibility for security across the Helion portfolio of OpenStack-based cloud products and services. Directing and participating in activities across security disciplines with an emphasis on the product / service security lifecycle. Working with product management and engineering teams across the business unit to ensure that security is adequately addressed through requirements definition, architecture design & review, threat analysis, and security testing. Presenting to and engaging with with customers as security SME in support of HP Helion sales teams. Leading and contributing to efforts to integrate security-specific automation and tooling into the Helion CI/CD pipeline. Wrote initial version of Bandit, a Python code security analysis tool, which we released as an open source OpenStack project. Continue to contribute as core team member. From November 2012 to Present (3 years 1 month) Senior Application Security Engineer & Team Lead @ Responsibilities included web and mobile application security testing, source code review (PHP, HTML / Javascript, ActionScript, Java, Python, Objective-C, others), architecture review, and tool development (Python, Javascript). Communicated security issues to management and developers, provided remediation guidance, and validated fixes. Built and open-sourced Hiccup, a Python framework that allows the Burp Suite web application security testing tool to be extended and customized. From May 2011 to November 2012 (1 year 7 months) Manager, Information Security Risk @ Lead and executed technical (penetration testing / vulnerability assessment) and non-technical (capability / maturity) risk assessments across corporate & mobile networks and product elements, teaming with business & IT counterparts. Worked consultatively across functions to investigate emerging security risks, define mitigation strategy and guidance, and develop / deliver risk-focused executive reporting. From October 2010 to May 2011 (8 months) Engagement Manager @ Held a client-facing consulting management role for an industry-leading computer security services firm, with responsibility for aspects of business development, engagement scoping / delivery, and client relationships. Managed and participated in various security assessment and compliance engagements, including physical security penetration testing, network/web/wireless penetration testing, and PCI DSS security assessments. From March 2010 to October 2010 (8 months) Manager / Senior Consultant / Consultant @ Assisted a range of local and global Deloitte clients in identifying and mitigating critical security issues within their business / technology environments, through provision of IT risk assessment and security testing services. Performed web application and network security assessments and identified a range of vulnerabilities for a variety of clients, with targets ranging from complete enterprise environments to specific technology elements such as e-commerce platforms, digital rights management solutions, and Internet banking applications. Delivered according to manager-level responsibilities for engagement scoping, planning, budgeting, day-to-day oversight of on-site and remote team, hands-on testing, and report preparation / presentation. Participated in sales process. From 2003 to March 2010 (7 years) System Administrator @ Performed operational and security-related system administration duties for UNIX-based (Linux, BSD, and Solaris) platforms. Managed web, mail, DNS, and database services with minimal downtime and high customer service / satisfaction levels. From 1999 to 2002 (3 years)

BSc / BCA, Computer Science / Information Systems @ Victoria University of Wellington From 1998 to 2001 Jamie Finnigan is skilled in: Application Security, Penetration Testing, Vulnerability Assessment, Code Review, Security Architecture..., Information Security, Network Security, Cloud Computing, Risk Management, Python, Mobile Security, CISSP, Linux, Security, Computer Security, Web Application Security, Security Policy, Vulnerability Management, Risk Assessment, Information Security..., Firewalls