Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ryan Deckard

Alton

Summary

Senior Penetration Tester with proven track record conducting comprehensive cloud, web, system, and network penetration testing. Extensive experience assessing the security posture of organizations' cloud environments, including AWS and Azure, leveraging advanced techniques to identify vulnerabilities and develop targeted remediation strategies. Skilled in performing thorough application-layer assessments, network and server penetration tests, and executing robust red team engagements. Adept at collaborating with cross-functional teams to implement security controls, improve defensive measures, and drive organizational resilience against emerging threats. Demonstrated expertise in developing innovative methodologies, automating processes, and providing expert guidance to enhance overall security postures. Strong communication skills with a consistent record of delivering detailed reports, recommendations, and executive-level briefings.

Overview

17
17
years of professional experience
1
1
Certification

Work History

Senior Penetration Tester

UMB Bank
01.2021 - Current
  • Conducted comprehensive web application penetration testing on wide range of frameworks and technologies to include Angular, React, Java, .NET, deployed on various web server technologies such as IIS and Apache. Leveraged Burp Suite Professional and OWASP ZAP to meticulously assess the security of applications identifying vulnerabilities outlined in the OWASP Top 10. Adhered to OWASP Web Security Testing Guide to ensure consistent and systematic testing methodologies, resulting in the discovery of critical security flaws, including authentication and authorization issues, input validation vulnerabilities, SQL injection, and other advanced flaws that require a senior tester with a deep understand of applications and the has the capability to perform manual assessments that go beyond the capabilities of automated tools. Produced comprehensive reports highlighting identified vulnerabilities, risk assessments, and tailored recommendations specific to the web application frameworks and server technologies tested.
  • Designed and implemented robust organization tracking system utilizing already adopted tools such as Service Now to manage Internal and 3rd Party Penetration Testing findings, ensuring end-to-end tracking and resolution of security issues. This comprehensive system enabled seamless monitoring and remediation of identified vulnerabilities, ensuring all findings were addressed and mitigated. Tracking system is critical in maintaining compliance with audit requirements, providing reliable and auditable trail of security remediation activities. Implementation of this system significantly improved organization's ability to effectively manage and track security issues, fostering proactive and accountable approach to addressing vulnerabilities.
  • Worked directly with application teams to integrate dynamic testing tools to include Burp Suite Enterprise into CI/CD pipelines. Continually provides feedback to development teams to help them improve their coding practices and promote shift-left philosophy. This allows them to identify vulnerabilities earlier in development cycle increasing efficiency, productivity, and reduce organizations attack surface.
  • Demonstrated expertise system, network, and cloud penetration testing against corporate infrastructure, as well AWS and Azure environments. Executes engagements utilizing combination of automated and manual techniques, resulting in discovery and documentation of high-impact security vulnerabilities. Provides actionable recommendations for remediation, specifically tailored to cloud-based platforms.
  • Expertly exploited critical CVE vulnerabilities within organization's network appliances, revealing substantial security risks which prompted expedited patching, ensuring timely resolution and minimizing organization's exposure to unauthenticated administrative access to network appliances. Consistently recognized for providing clear and concise documentation of discovered vulnerabilities, enabling effective remediation actions to be taken promptly.
  • Strategically designed robust and adaptable roadmap for organization’s penetration testing engagements by conducting meticulous risk-based assessments, considering regulatory and compliance requirements (PCI DSS), and considering contractual obligations to clients. Collaborated with key stakeholders to prioritize testing activities based on criticality of systems, potential threats, and organization's overall security strategy.
  • Developed PowerShell tool that performs comprehensive audits of Active Directory user and service accounts, identifying use of weak/breached passwords. Resulted in 96% reduction of accounts utilizing known vulnerable password values which reduced organization’s attack surface.
  • As Purple Team Coordinator, responsible for adversary emulation using Scythe. Build comprehensive campaigns that mimic real-world threat scenarios. Leveraging threat intelligence and deep understanding of organization's infrastructure, custom-build campaigns to test and evaluate effectiveness of security systems and processes and people. Gather invaluable insights into potential vulnerabilities and weaknesses, enabling fine-tune processes and security systems to proactively address emerging threats and enhance organization's overall defensive posture.

Senior Security Engineer

US Bankcorp
08.2021 - 12.2021
  • Python Developer: Developed custom python library to generate Excel reports that captures current state of applications utilizing SSO. This report provides leadership snapshot of connections utilizing SAML/OAuth/OIDC. This report was used to identify potentially insecure configurations.
  • Automated manual processes for web security systems which streamlined process for updating OAuth Redirect URIs, adding Authentication URLS for Identity Provider connections, and updating various connection attributes such as MFA, Externally Blocked, and Data Stores. Created custom webhook to integrate GitLab with Microsoft Teams as part of department's effort to implement CI/CD pipeline.
  • Orchestrated integration of internal and external web applications with Single Sign-On (SSO) solutions, collaborating closely with application owners to comprehend their requirements and develop customized integrations utilizing SAML/OAuth/OIDC

Security Systems Engineer

UMB Financial Corp
02.2018 - 08.2021
  • Discovered critical external authentication vulnerability within API gateway that stemmed from improper validation of certificate authority used in certificate-based authentication service. Collaborated with development team to initiate comprehensive rewrite of authentication service, implementing robust measures to ensure proper validation of client certificates. Addressing this vulnerability enhanced overall security posture of system and significantly mitigated potential risks associated with external authentication for organizations core banking APIs.
  • Led successful construction of Card Data Environment deploying 12 Security Gateways as part of organization's PCI compliance project. Collaborated with multiple enterprise technology teams to orchestrate seamless configuration of essential components and deployment procedures. By effectively managing these critical aspects, ensured establishment of secure and compliant gateway, enabling organization to meet PCI requirements and safeguard sensitive cardholder data.
  • Leveraged advanced SIEM tools to include Splunk to proactively identify and investigate hundreds of potential Indicators of Compromise (IOCs), strengthening threat hunting capabilities within Security Operations Center (SOC).

Penetration Tester (Freelance)

Marquette University
02.2021 - 08.2021
  • Conducted comprehensive AWS cloud penetration testing, encompassing various components such as containers and Kubernetes, EC2 instances, IAM roles, and more. Leveraged specialized techniques and methodologies to identify potential vulnerabilities and security gaps within the cloud infrastructure. Executed rigorous testing scenarios to assess the security posture of AWS environments, ensuring the resilience of cloud-based systems.
  • Generated detailed reports outlining findings, recommendations, and actionable steps to enhance the security of AWS deployments. Demonstrated expertise in cloud security and penetration testing methodologies, highlighting a strong understanding of AWS-specific technologies and best practices.
  • Proposed strategies for mitigating risk. This includes gaining a deep understanding of the organization to provide custom solutions that considered the customer’s business requirements. Articulated security related issues to business stakeholders in a way that allowed them to make informed decisions regarding current risks and mitigation strategies.

Systems Engineer

Northrop Grumman
09.2017 - 02.2018
  • Information Security: Project team member for security assessment. Ensured compliance with DoD Risk Management Framework. Assisted with vulnerability scans and ensured system compliance with STIGs.
  • Systems Engineer: Installed and configured Red Hat Servers and Windows workstations in support of Army's Mission Command Training Program. Experienced with network configurations, DNS, BASH scripting, SQL, OpenSSH, Apache, Samba, NTP, SELinux.
  • Project Management: Lead 20 tasks on six different projects in support of upgrade of DoD Infrastructure at Fort Leavenworth's National Simulation Center. Expended 250 hours leading and directing projects.

Electronics Technician

US Navy
05.2008 - 08.2017
  • Implemented and maintained robust security measures for critical IT systems, including secure messaging systems, SATCOMs (Satellite Communications), and radar systems. Ensured confidentiality, integrity, and availability of sensitive information and communications, protecting against unauthorized access and potential cyber threats. Developed and enforced rigorous security protocols and procedures, contributing to overall operational readiness and security posture of naval units. Collaborated with cross-functional teams to conduct regular security audits, risk assessments, and vulnerability scans, proactively identifying and addressing potential vulnerabilities to safeguard mission-critical assets.
  • Managed team of 18 technicians which maintained Ground Electronics for Naval Air Station and warships in support of various squadrons and multi-service, multi-national transient aircraft. Systems supported include Tactical Air Navigation System, Doppler Weather RADAR, HF/VHF communications, and various information systems.
  • Project lead for modernization of Naval Air Station Sigonella's Doppler Weather RADAR. Worked with multiple vendors to coordinate design, procurement and installation of five Linux servers, new RT cabinet, Radome, and associated RF Cables. Coordinated modernization of NAS Sigonella's Tactical Air Navigation System. This project provided upgrade to solid state components for system that requires high availability.

Education

Graduate Certificate - Penetration Testing And Ethical Hacking

The SANS Technology Institute
Bethesda, MD
2023

Master of Science - Cybersecurity

Saint Leo University
Saint Leo, FL
2021

Bachelor of Science - Computer Networks and Cybersecurity

University of Maryland University College
Adelphi, Maryland
2016

Skills

  • Penetration Testing
  • Web Applications
  • OWASP
  • Burp Suite Pro/Enterprise
  • Service Now
  • Jira
  • Adversary Emulation
  • Incident Response
  • Threat Hunting
  • Red Teaming
  • Azure
  • AWS
  • Python
  • PowerShell

Certification

CISSP (2024)

GIAC Continuous Monitoring (GMON) 2023

GIAC Web Application Penetration Tester (GWAPT) 2022

GIAC Cloud Penetration Tester (GCPN) 2022

GIAC Penetration Tester (GPEN) 2022

GIAC Certified Incident Handler (GCIH) 2022

AWS Certified Cloud Practitioner 2021

CompTIA Security+ CE 2016

CompTIA Network+ CE 2017

CompTIA Linux + 2017


Timeline

Senior Security Engineer

US Bankcorp
08.2021 - 12.2021

Penetration Tester (Freelance)

Marquette University
02.2021 - 08.2021

Senior Penetration Tester

UMB Bank
01.2021 - Current

Security Systems Engineer

UMB Financial Corp
02.2018 - 08.2021

Systems Engineer

Northrop Grumman
09.2017 - 02.2018

Electronics Technician

US Navy
05.2008 - 08.2017

CISSP (2024)

GIAC Continuous Monitoring (GMON) 2023

GIAC Web Application Penetration Tester (GWAPT) 2022

GIAC Cloud Penetration Tester (GCPN) 2022

GIAC Penetration Tester (GPEN) 2022

GIAC Certified Incident Handler (GCIH) 2022

AWS Certified Cloud Practitioner 2021

CompTIA Security+ CE 2016

CompTIA Network+ CE 2017

CompTIA Linux + 2017


Graduate Certificate - Penetration Testing And Ethical Hacking

The SANS Technology Institute

Master of Science - Cybersecurity

Saint Leo University

Bachelor of Science - Computer Networks and Cybersecurity

University of Maryland University College

Similar Profiles

  • Jackson Lange

    Jackson LangeJackson Lange

    Client Service Administrator - Institutional Banking (Alternative Investments) at UMB BankClient Service Administrator - Institutional Banking (Alternative Investments) at UMB Bank

    View Profile
  • Dustin D. Lewis

    Dustin D. LewisDustin D. Lewis

    Assistant Vice-President, CRE Portfolio Manager at UMB BankAssistant Vice-President, CRE Portfolio Manager at UMB Bank

    View Profile
  • John Tafolla

    John TafollaJohn Tafolla

    Vice President/Operations Manager, Banking Finance at UMB BankVice President/Operations Manager, Banking Finance at UMB Bank

    View Profile
Ryan Deckard