A full-spectrum information security engineer with experience ranging from application penetration tests to IT governance risk assessments. • Certified Chief Information Security Officer (C|CISO) • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • PCI Qualified Security Assessor (QSA) • DoD Information Systems Security Officer (ISSO) • GIAC Certified Incident Handler (GCIH)[expired] • GIAC Security Leadership Certification (GSLC)[expired] • GIAC Certified Penetration Tester (GPEN)[expired] • GIAC S.T.A.R. in IP Packet Analysis • Cisco Certified Network Professional - Security (CCNP-S) • Cisco Certified Design Associate (CCDA) Graduate Level Certificates in Information Systems Security, Accreditation and Certification, Security and Project Management. Specialties: Security analysis and design, metrics development and management, network design and implementation, encryption technologies, cryptanalysis, information systems certification and accreditation, project management, penetration testing, operations management, PCI, FFIEC, and GLBA compliance and audit.

Manager, Information Security @ From November 2015 to Present (2 months) Director, National Cyber Security Risk Advisory Services @ Promoted from Senior Manager to Director in June, 2015. • Led audits, design/security reviews, and IT risk assessments for enterprise-level, Fortune 500 organizations. Specialized in rapidly gathering and testing system generated evidence from Cisco, Juniper, Windows, and Linux systems through shell scripting, batch files, and Python scripts. Developed Python scripts to assess Cisco IOS, Nexus, ASA, Check Point, and Juniper firewall configurations. Created a web application to gather 802.11 wireless data from Kismet, identify common security issues, and automatically generate an assessment report. Improved the bottom line for services through automation of firewall, network, wireless security, and user access control assessments. • Lead architect, developer, and administrator for the organization's web-based, client facing audit, evidence, and workpaper management system. Developed efficiencies in audit and assessment projects by centralizing data, improving project status visibility, and generating automated reporting and metrics. • Performed web application and network layer penetration tests. Identified and exploited system weaknesses in Microsoft, Linux, Cisco, DEC, and iSeries systems. Developed custom Metasploit plugins using Ruby for Microsoft SQL database evaluation, identification of valuable data sources, and privilege escalation through Windows operating system constructs. • Led the PCI vulnerability assessment program (ASV). Restructured the business model in to a recurring revenue system and overhauled the reporting software to integrate Python scripting, XSLT, FOP, and diverse XML data sources to rapidly generate PDF reports. Increased accuracy, profitability, and quality of the service while decreasing time to deliverable metrics. • Pursued and presented research based on the intersection of medicine, national infrastructure, and information security - linking patient mortality and security at DEFCON 22. From October 2009 to November 2015 (6 years 2 months) Phoenix, Arizona AreaPrincipal, Information Security @ * Provided timely cyber intelligence and threat analysis for one of the largest financial networks in the US (Top 50) * Developed/maintained the information security program for one of Inc. magazine's top 1000 fastest growing companies * Delivered vCISO style risk and compliance consulting for the financial services industry * Bridged the gap between the technical and compliance security landscapes From December 2008 to October 2009 (11 months) Senior Technical Consultant @ • Develop and deploy technical solutions which improve efficiency and operating costs for the financial industry. • Consultant bridging the gap between IT solutions and the regulatory field for financial services. • Accomplished project manager - leading security monitoring implementations for banks and credit unions. From October 2008 to December 2008 (3 months) Network Operations Center Manager @ • Directed a team of engineers to monitor, analyze, and solve security incidents and performance issues for the Financial Industry. • Developed policies, procedures, reporting mechanisms, and technical solutions to fit compliance needs of the financial industry. Helped HEIT achieve Cisco’s “Partner of the Year” award for Financial Services. • Catapulted HEIT to the next level as an MSP. Led HEIT to accreditation under the MSP Alliance and recognition as one of the few partners in Cisco's Managed Services Channel Program. One of MSP Mentor's Top 250 People in the managed services arena! • Manages Cisco’s Self-Defending Network from #1 Global Security Company. Implements, monitors, and manages Advanced Security Technologies: CS-MARS, ASA, IPS, CSA, and NAC. • Analyzed systems and reported on security and performance, providing recommendations for potential projects and communicating technical issues in business terms. From June 2007 to September 2008 (1 year 4 months) Space Professional Development Program Director @ • Developed Air Force Space Command-lauded Space Professional Development Program for FE Warren AFB, facilitating over 10,000 hours of professional development for space and missiles officers and over 1,000 hours of community service related to the AFSPC mission. • Planned and executed a two day Space Professional conference for AFSPC, reaching 115+ officers from 8 different bases and 20th AF. [http://www.afspc.af.mil/news/story.asp?storyID=123023553] • Wrote local operating instructions to codify professional development program and ensure continuity of a successful professional development program with associated policies, programs, and metrics. • Developed and delivered four lectures on computer security and cryptography for Air Force Academy mathematics and computer science department students and faculty. Discussed RSA, DES, and AES encryption algorithms and computer security fundamentals. From February 2006 to May 2007 (1 year 4 months) System Administrator / Software Developer @ • Administrator for an operationally essential web portal which managed schedules, training materials, training records, scores, and operator certification records for over 250 Minuteman III crew commanders at FE Warren AFB. • Developed an application which seamlessly integrated into existing training processes to ensure untrained combat crews did not perform alert duties after a critical upgrade to nuclear command, control, and communications facilities. • Oversaw a necessary upgrade to mission critical servers while maintaining availability of services. • Supervised software requirement development, outsourcing, and acceptance testing of web application to meet Operations Group needs. From December 2005 to May 2007 (1 year 6 months) Assistant Academic Affairs Staff Officer @ From 2003 to 2004 (1 year)

MS, Management of Information Systems Security @ Colorado Technical University From 2006 to 2007 BS, Mathematics and Computer Science @ United States Air Force Academy From 1999 to 2003 SANS Rocky Mountain Peter Hefley is skilled in: CISSP, Information Security, PCI DSS, Penetration Testing, Security, Computer Security, Information Security Management, Vulnerability Assessment, Network Security, Firewalls, SAS70, CISA, Security Audits, IT Audit, Business Continuity Planning