Alla Strothman
St. Louis
Summary
Accomplished, results-driven team member with ten years of experience in cybersecurity. Recognized as an innovative team member who thrives in a dynamic, matrixed environment and is energized by establishing cross-functional connections, working with top talent, and steering game-changing results. Thrives to balance multiple responsibilities within a fast-paced, professional team. Passionate Cyber Security Specialist is proficient in network monitoring security software installed and working to prevent cyber-attacks and vulnerability management. Specialized in programming and Digital Forensics to keep data secure online, vulnerability management/scanning, incident response, triaging, threat analysis, Penetration testing, Web application security testing, and code review. Fluent in Russian, Ukrainian, Hebrew, and English give any security team the ability to dig into events and intelligence from a multi-language capability many teams desire in today’s threat landscape.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Sr Cyber Security Consultant & Vulnerability Engineer
- Accomplished, results-driven team member with ten years of experience in information security management in technology and SaaS landscape, directing complex situations, and seven years in cybersecurity
- Recognized as an innovative team member who thrives in a dynamic, matrixed environment and is energized by establishing cross-functional connections, working with top talent, and steering game-changing results
- Thrives to balance multiple responsibilities within a fast-paced, professional team
- Passionate Cyber Security Specialist is proficient in network monitoring security software installed and working to prevent cyber-attacks and vulnerability management
- Specialized in programming and Digital Forensics to keep data secure online, vulnerability management/scanning, incident response, triaging, threat analysis, Penetration testing, Web application security testing, and code review
- Fluent in Russian, Ukrainian, Hebrew, and English give any security team the ability to dig into events and intelligence from a multi-language capability many teams desire in today’s threat landscape
- Information Security Management | Incident Management | Penetration Testing | Network Design | Security Audit | Application & Endpoint Security | Network Forensics | SIM, SEM, SIEM Implementation | Social Engineering | Log Management | Endpoint Management | Malware Threat Prevention |Web application testing
Sr. Security Remediation Engineer
Spectrum
07.2022 - Current
- Worked with clients to mitigate cyber risk and threats Identified opportunities for efficiencies in the work process and innovative approaches to completing the scope of work
- Participated in team problem-solving efforts and offered ideas to solve client issues Conducted relevant research and data analysis and created reports
- Maintained responsibility for the completion and accuracy of work products Actively expanding consulting skills and professional development through training courses, mentoring, and daily interaction with clients
- Served as a 'Subject Matter Expert', adding interpretive value to data presented or experienced insight into a functional process or issue created, maintained, and executed custom Tenable, Contrast, and Qualys audit content designed to validate that client systems are configured in accordance to design specifications
- Implemented risk management procedures, performed security threat assessments, managed user identities and access and oversaw compliance
- Identified, tested, and reported security weaknesses in systems and applications
- Overseen governance and compliance of vulnerability remediation subsidiary wide
- Supported security measures and operate software to protect information and systems and monitored computer networks for security issues
- Developed an understanding of security policies, regulatory compliance, and technical aptitude for complex technologies and strategies.
- Trained and mentored junior engineers, providing guidance and direction.
Sr. Cyber Security Consultant/Risk Management
Koniag
09.2021 - 07.2022
- Performed Web testing using tools such as AppScan, Webinspect, Apache, Burp Suite, fuzzes, etc
- Familiar with OWASP testing guidelines
- Performed manual testing, SQL injection, and parameter manipulation
- Developed PKI solutions to meet security and business requirements
- Performed security code reviews
- Rolled and updated McAfee Agent Performed vulnerability management, investigated, and resolved issues with security-delivered tools and services
- Worked with other Security Cloud Engineers to integrate security controls across hosts and virtual environments AWS and Azure
- Possess expert knowledge in cybersecurity standards including NIST 800-53 rev 5 and ISO/IEC 27001 ensure that cybersecurity infrastructure meets these established standards and oversees the initiative to ensure that the infrastructure remains in compliance as well as reporting and correcting any issues which may lead to non-compliance.
Sr.Security Engineer & Linguist
Speartip
05.2020 - 08.2021
- Spearheaded completion of all professional services projects supporting key clients with a team of 25
- Oversaw technical project delivery process with key contributors to manage project scope and identify product/functionality gaps; collaborated with internal product and technology teams to define necessary development to support solution delivery and align roadmap phases for future release schedules
- Conducted regular analysis of the performance of all facets to the relevant category teams and contributed to strategic planning based on that analysis
- Troubleshoot across departments to resolve any lingering quality or safety issues, tracked budgets and analyzes records
- Oversaw 125+ incident response projects, provided technical sales assistance to account teams, and acted as executive sponsor and escalation point for all professional services projects in the assigned territory, including incident response Red Team (Pen-Testing), and strategic services (Assessment Services)
- Collaborated with project team and consultant to assure quality and timely completion of project milestones
- Managed risk associated with regulatory requirements such as NERC CIP Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests Conducted hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Windows or
- Nix; conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities Leveraged internal and external resources to research threats, vulnerabilities, and intelligence on various attackers and attack infrastructure Performed information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
- Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or incidents building on methodologies as promulgated by NIST, ISO, etc
- To ensure useful, measurable, and repeatable methods applied to quantifying risk Selects, installs, and configures security testing platforms and tools or develops tools and procedures for penetration tests Provided regular risk briefings to senior management on findings and develop remediation approaches and recommendations to improve the cybersecurity posture
- Analyzed legacy PKI solutions for security gaps and develop new approaches/capabilities to mitigate them.
Sr.Cyber Security Engineer/ Vulnerability Management
Maryville University
09.2019 - 01.2020
- Supported the Cryptographic and Security Testing Laboratory (CSTL), performing various technical and consultative services including initial assessments of product cryptographic security, input to the development of a product's security design, and formal testing of the products against the National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-2 for cryptographic modules, McAffe antivirus, security auditing
- Monitored the ticket queue for new requests
- Captured new requests as tickets, and documented progress towards fulfillment in the ticket
- Drafted change control documentation and employ DOE-approved change management practices to authorize work activities
- Drafted, updated, and maintained system documentation
- Employed the System Development Lifecycle for all managed security systems
- Daily downloaded, tested, and installed virus definition files
- Daily monitored to ensure anti-virus/anti-malware protection is maintained
- Coordinated scanning file/folder exclusions with other application owners
- Resolved incidents related to anti-virus/anti-malware
- Coordinated with the Tier I & II support teams to reconcile computers with compliance issues or for assistance with temporary workarounds
- Planned and carried out projects for routine application or hardware upgrades
- Upon request, provided compliance reports from the EPO or other anti-virus consoles to management and customers
- Performed penetration testing using Burp Suite, Metasploit
- Managed breach mitigation and Endpoint protection services; spearheaded 25+ incident response projects, including various under Attorney-Client Privilege
- Managed and directed complex assessment projects, fostered significant partner and vendor relationships along with delivery capabilities, and improved business relationships with clients and partner technology companies
- Working experience with cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, random number generators, etc
- Experienced with various programming languages ( Python ) and development environments
- Performed security standard requirements and applied them to products
- Knowledgeable of common security-related protocols and their design (i.e
- SSH, IPsec, TLS, etc.)
- Experienced in building testing environments, performing testing, and reporting results (technical writing)
- Guided the company with industry best practices related to all aspects of PKI
- Strong problem-solving skills
- Strong multitasking and time management, team player
- Performed web application security testing and security code reviews
Sr. Cyber Security Engineer/ Penetration Tester
Barnes Jewish Hospital
09.2018 - 09.2019
- Created and operated virtual machines in different virtual environments such as VMware vSphere, Virtual Box, and/or others
- Demonstrated real-world experience performing grey and black box security assessments
- General understanding of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling, and open-source exfiltration techniques
- Used security assessment tools such as Nessus, Burp Suite, and others
- Supported penetration testing of web applications and APIs for susceptibility to SQL injections, Cross-Site Scripting, and other input attacks Supported and lead the technical evaluation of cloud-based applications and systems, assessing secure configurations and settings of PaaS, SaaS, and IaaS environments
- This may include the use of automated cloud assessment tools or industry best practices
- Supported and lead technical assessments of network infrastructure, servers, endpoints, and databases
- Performed pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews
- Conducted automated credentialed vulnerability scanning against databases using commercial and open-source scanning tools
- Assessed compliance posture against regulatory requirements mainly including NIST SP 800-53, and may include OWASP ASVS, and ISO 27001
- Conducted reviews of system configurations for identification of security weaknesses or misconfigurations
- Researched known vulnerabilities and manually validate scanner findings
- Documented security weaknesses, including steps to reproduce
- Analyzed security findings, including risk analysis and root cause analysis
- Researched and propose practical remediation
- Solid understanding of networking, TCP/IP, and application-level protocols such as HTTP/S.
Sr. Cyber Security Consultant
Charter
09.2017 - 09.2018
- Investigated cybersecurity incidents (breaches, infections, etc.) Participated in Incident Response protocols Reviewed cybersecurity escalations Reviewed reported phishing emails Reviewed SIEM alerts Daily review of EDR/AV alerts Performed Cybersecurity toolset deployment and maintenance Configured vulnerability assessments Performed PKI capability and integration across core security and IT capability
- Performed changes to firewalls and switches Developed knowledge articles and standard operation procedures Stayed up to date on cybersecurity trends, technology, and standards Provided technical security support during security incidents, including responding to escalated incidents, and Security Infrastructure services delivery Design and implement security measures for hardware, software, and network platforms
- Assess existing cybersecurity systems and protocols and design and implement upgrades to existing measures as well as implement new procedures.
Sr. Cyber Security Consultant/Research
GadellNet Consulting Services
08.2016 - 08.2017
- Conducted audits or surveys of security programs and provided assistance and consulting services to all departments
- Maintained firewalls, IDS/IPS, Email Security Appliances, and Web Security Appliances Remained conversant with the industry’s computer security technology and practices Enhanced cyber security awareness through end-user training and ongoing communications Developed, reviewed, and updated cyber security plans and procedures Performed vulnerability, risk, and threat analysis Ensured all changes to systems were performed in accordance with configuration controls
- Researched, documented, and implemented software application requirements, and specifications and worked with the system users to ensure effective use of applications
- Gathered statistics and wrote reports for discussion with management, team members, and end-users
- Maintained a safe working environment
- Demonstrates awareness and implementation of applicable environmental, safety and health (ES&H) requirements while also alerting coworkers of such requirements as needed
- Demonstrated ability to have a good relationship with co-workers, customers, and visitors
- Demonstrated a personal commitment to safety and quality
- Performed web application security testing and code review
Cyber Security Consultant
First Community Credit Union
05.2015 - 08.2016
- Monitored and investigate Relativity’s security architecture technology solutions i.e., SIEM, EDR, CISCO firewalls, Network monitoring, anti-malware, intrusion detection, etc
- For cyberattacks, TTP/Indicators of Compromise
- Gathered and reported security metrics
- Led/assisted in various projects: cybersecurity, forensic analysis, audits, risk assessments, penetration tests, etc
- Assisted in the maintenance of cybersecurity standards, policies/procedures, and documentation
- Monitored tech and cyber trends, news, and emerging threats and regularly updated the team with findings
- Participated in daily security matrix review Conducted vulnerability scan remediation Participated in incident investigation Performed security code review
Business Analyst
Credit One
06.2012 - 02.2014
- Analyzed key aspects of the business to evaluate factors driving results and summarized them into presentations
- Applied honed problem-solving skills to analyze and resolve issues impacting business operations and goal achievement
- Improved business direction by prioritizing customers and implementing changes based on collected feedback
- Led cross-functional teams to analyze and understand enterprise-wide operational impacts and opportunities of technology changes
- Derived conceptual designs from business objectives to deliver software and applications according to specifications for usability, performance, and functionality
- Evaluated business requirements, leveraging information to forecast costs relating to hardware, software and consulting.
Education
Bachelor’s Degree in Cybersecurity -
Maryville University
St. Louis, MOSkills
- Incident Response
- Red/Blue Teaming
- Vulnerability Analysis
- Cyber Law and Compliance
- Information Security Management
- Incident Management
- Penetration Testing
- Network Design
- Security Audit
- Application & Endpoint Security
- Network Forensics
- SIM, SEM, SIEM Implementation
- Social Engineering
- Log Management
- Endpoint Management
- Malware Threat Prevention
- Web application testing
- Technical Linguist
- Project Management
- Software as a Service (SaaS)
- Cisco
- Linux
- Unix
- IBM/ISS
- IDS/IPS Tipping Point
- ITIL
- ASTM
- PCI, NERC/CIP, HIPAA
- ISO-2
- MDR
- FDA
- GLBA Regulatory Compliance
- McAfee NSP, NSM Vulnerability Management
- Tanium
- NetSparker
- BurpSuite
- SIEM
- Splunk
- Tannable
- Zscaler
- CISCO firewalls
- Axiom
- Microsoft Active Directory
- Cisco AMP
- Cisco Umbrella
- Cisco SecuerX Orchestration
- Cisco Tetration
Certification
CEH Certified Ethical Hacker
Timeline
Sr. Security Remediation Engineer
Spectrum
07.2022 - Current
Sr. Cyber Security Consultant/Risk Management
Koniag
09.2021 - 07.2022
Sr.Security Engineer & Linguist
Speartip
05.2020 - 08.2021
Sr.Cyber Security Engineer/ Vulnerability Management
Maryville University
09.2019 - 01.2020
Sr. Cyber Security Engineer/ Penetration Tester
Barnes Jewish Hospital
09.2018 - 09.2019
Sr. Cyber Security Consultant
Charter
09.2017 - 09.2018
Sr. Cyber Security Consultant/Research
GadellNet Consulting Services
08.2016 - 08.2017
Cyber Security Consultant
First Community Credit Union
05.2015 - 08.2016
Business Analyst
Credit One
06.2012 - 02.2014
Sr Cyber Security Consultant & Vulnerability Engineer
Bachelor’s Degree in Cybersecurity -
Maryville University
Similar Profiles
Mohanad Abdel-RahmanMohanad Abdel-Rahman
Academic Peer Tutor at NAAcademic Peer Tutor at NA
Shlomo JaffeShlomo Jaffe
Highschool Math Tutor at NAHighschool Math Tutor at NA
CLÉLIA CROZE-LABBECLÉLIA CROZE-LABBE
Baby sitter at NABaby sitter at NA
Jaylen Tindale-SeymourJaylen Tindale-Seymour
Property Maintenance at NAProperty Maintenance at NA
Julia FullerJulia Fuller
Portfolio Manager- Health and Wellbeing at United Way of Greater St. LouisPortfolio Manager- Health and Wellbeing at United Way of Greater St. Louis