HOME ABOUT PORTFOLIO CONTACT
WELCOME 216.73.216.240

ABOUT ME

I'M A NERD

A little about me: I have many interests. I love spending time with my family, friends, and pups. I enjoy physical fitness and playing guitar. I also like trying different craft beers. I always enjoy a good cookout and cooking different foods. Additionally, I enjoy building things and have a passion for technology, especially cybersecurity, engineering, cloud computing, automation, and development.

Some of my favorites:

PORTFOLIO
Me

Tim Scanlin

Cybersecurity Engineer

Maryland, US

tim@timothyscanlinjr.com

Please Email for #

Education

2014
University of Maryland University College

Bachelors of Science in Computer Networks and Security (GPA: 3.946)

2012
College of Southern Maryland

Associates of Applied Science in Information Systems Security (GPA: 3.569)

Certifications

2021
Certified Information System Security Professional (CISSP) (907583)

2019
Splunk Core Certified Power User (Cert-286147)

Skills

Secure Network Architecture & Design

100%

Secure Application Development & Design

100%

Secure System Design & Integration

100%

Vulnerability Assessment

100%

Penetration Testing

100%

Security Analyst

100%

Splunk Architecture, Engineering, & Development

100%

Cloud Architecture, Design, and Security

100%

Programming & Scripting Languages

Python

Bash

Powershell

Splunk Processing Language (SPL)

HTML

CSS


Tools

  • Splunk
  • Tenable
  • Axonius
  • Swimlane
  • GitLab
  • Ansible
  • Teraform
  • Docker
  • Lambda
  • Teleport
  • Fortify Scan Central DAST
  • Crowdstrike
  • Burp Suite
  • Metasploit
  • Cobalt Strike
  • Kali Linux (included tools)
  • Nmap
  • Masscan
  • Aracni
  • AWS (IAM, EBS, EC2, RDS, Security Groups, VPC, VPC NACLs, many more)



Work Experience

Lead Security Engineer (IT Specialist (INFOSEC)) GS 14 / United States Government
Jan 2020 - Present

  • Developed custom Splunk Applications and Technology Add-Ons to seamlessly integrate with various applications and provide robust monitoring and reporting for the Government and other Government Components.
  • Coordinated, Managed, and implemented the migration of the Cyber Security Directorate’s (CSD) security tools / applications to AWS.
  • Developed STIG hardened AMIs in support of secure operating system deployments in the Government AWS Cloud infrastructure.
  • Developed, Managed, and Automated secure application deployments in support of improving application scalability.
  • Developed and Managed custom code/programs/scripts in support of further automation and integration with various applications (Python, Bash, Ansible, PowerShell)
  • Simplified processes through automation using Splunk, Ansible, and AWS native methodologies.
  • Deployed and Secured multiple applications, databases, etc.. in support of Security Operations.
  • Continue to provide recommendations and knowledge based on security best practices and emerging security technologies.
  • Assisted with the evaluation and remediation of Security tool and implementation gaps to ensure the security of Governemnt systems.
  • Developed and Manage standard operating procedures, including system and architecture diagrams for secure system deployments.
  • Supported the Government in their Zero Trust initiative as the subject matter expert to meet and exceed the requirements outlined in OMB M-22-09

Vulnerability Assessment & Penetration Testing Lead (IT Specialist (INFOSEC) GS 13 / GS 14 Supervisory Detail) / United States Government
September 2017 – January 2020

  • Detailed vulnerability assessment team (VAT) lead managing a team of three (3) federal employees and six (6) contractors, in support of Government penetration testing, vulnerability assessment and Federal Information Security Modernization Act (FISMA) reporting.
  • Penetration testing lead; Developed, managed, and maintained penetration testing for the U.S. Government based on:
    • NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
    • NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
    • NIST SP 800-53A Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
    • PCI DSS 3.2
  • And Industry best practices:
    • Open Web Application Security Project (OWASP)
    • Open Source Security Testing Methodology Manual (OSSTMM)
    • Penetration Testing Execution Standard (PTES)
  • Organized and executed various penetration tests, including but not limited to, the penetration testing of Amazon Web Services (AWS), Web Applications, Networks, Network Devices and Operating Systems.
  • Developed Penetration Testing Knowledgebase and standard operating procedures (SOP) to assist new penetration testers.
  • Created AWS penetration testing documentation and document templates in support of AWS and cloud penetration testing.
  • Completed log gap analysis and testing of the Government intrusion detection systems (IDS) and logging mechanisms, in support of the Government Security Operations Center (SOC)
  • Developed and maintained penetration testing processes and workflows, including associated diagrams.
  • Assisted the Government CTI team with Open Source Intelligence (OSINT) and reporting for OSINT activities, in effort to enhance Government penetration testing.
  • Created various python scripts to assist during penetration testing.
  • Created Splunk Dashboards to assist with Monthly FISMA reporting and scoring, vulnerability management, configuration management, and gather system information across the Government infrastructure (eg. Operating Systems (OS), OS build version, installed RAM, application search, and more).
  • Supported Government during A-123 audits for vulnerability scanning, analysis, and remediation.
  • Trained vulnerability assessment analyst, information system security officers (ISSO), and other Government and component employees, to improve their security knowledge as a vulnerability analyst, ISSOs, and engineers.
  • Used previous knowledge in system administration to assist in the remediation of vulnerabilities found during penetration tests, and vulnerability and configuration scans, while offering alternative remedial actions to accommodate system and\or environmental constraints.
  • Created python scripts to assist VAT analyst during their analysis and other daily tasks.
  • Diagnosed issues with the vulnerability scanning of databases, operating systems, and web applications.
  • Created and modified Nessus audit files to improve scanning accuracy, efficiency, and improve Government FISMA configuration management and reporting.
  • Trained and assisted Government ISSOs and Engineers in support of operating system hardening and configuration management, in accordance to Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)
  • Developed standard operating procedures (SOP) for AWS vulnerability scanning and scanning requirements.
  • Organized and lead the Government Vulnerability Assessment Team Tenable Splunk Integration project for the ingestion of Tenable SecurityCenter data into Splunk to improve the Governments vulnerability assessment and reporting capabilities.
  • Created excel document templates to assist vulnerability assessment analyst in calculating vulnerability and configuration metrics.

Vulnerability Analyst & Penetration Tester / Defense Point Security
December 2016 – September 2017

  • Developed, managed, and conducted various penetration tests throughout the enterprise.
  • Developed and maintained penetration testing processes and workflows, including associated diagrams.
  • Developed Penetration Testing command cheat sheets and document templates to assists new penetration testers.
  • Used previous knowledge in system administration to assist in the remediation of vulnerabilities found during the penetration testing, and offered alternative remedial actions to accommodate system constraints.
  • Developed Nessus audit files to accurately audit system(s) common controls throughout the Government infrastructure.
  • Developed various scripts to assist the vulnerability assessment analyst with data analysis.
  • Created, Implemented, and Analyzed various Nessus scans and scan policies for Monthly FISMA scanning, and penetration testing.
  • Created document templates to assist vulnerability assessment analyst in calculating vulnerability metrics.
  • Developed various scripts to assist the vulnerability assessment team with identifying various web application security controls.
  • Assisted SOC analyst in analyzing log data from various penetration tests to further improve detection of exploits and attacks.
  • Assisted SOC Engineers in visibility testing and detection throughout the Government network infrastructure.

Security Analyst / Defense Point Security
June 2016 – December 2016

  • Assisted in the monitoring and securing of network infrastructure.
  • Skilled in tools, such as Splunk, NetWittness, Symantec Endpoint Protection Manager (SEPM), Bluecoat, Tanium, Sourcefire, Wireshark, Python, and Powershell.
  • Developed content to better serve the Government SOC in identifying new emerging threats, and created PowerShell scripts to quickly identify users and hosts throughout the environment.
  • Assisted in malware analysis, and remains proactive in identifying new phishing and other malicious domains to improve the Governemnt security posture.
  • Used previous system administration knowledge and experience to assist the Government in improving the security of their active directory infrastructure, while also identifying false positives and weaknesses throughout the Government Windows environment.
  • Provided Gap Analysis of the Governemnt infrastructure to help improve the visibility of PowerShell, and other activity throughout the Government infrastructure.
  • Analyzed network, application, and other system activity to develop reports to better correlate the events throughout the infrastructure.


CONTACT

Have a Question? Or want to reach out?

Shoot me an email or lets connect via Social Media! Links Below!