Romeo Lorenzo

Hello World!
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed fermentum iaculis odio, vulputate volutpat ligula lobortis ac. Curabitur at ipsum semper, condimentum leo nec, commodo sapien. Fusce risus tortor, maximus ac orci et, auctor lobortis sem. Phasellus in sapien nunc. Proin sit amet justo eget augue semper fringilla. Proin vel erat tortor. Donec rhoncus ante eu metus vestibulum, quis condimentum enim aliquam.

Proin ut dui erat. Cras vestibulum nibh id porta consequat. Pellentesque eget turpis sit amet augue accumsan fermentum a vel ex. Fusce pharetra lorem nulla, vitae laoreet purus blandit ac. Donec ultricies ut urna vitae lobortis. Etiam feugiat eros massa, in pretium justo mattis scelerisque. Nullam nec finibus mi. Nullam at faucibus lorem.

I am currently enrolled in the Advanced Web Attack and Exploitation course at Offensive Security. Feel free to come drop in thecyberlab.com where I journaling my experiences to the Offensive Security Web Expert (OSWE) certification.

 


Experience

Sr Mobile Security Engineer, Medical Device

Insulet Corporation

  • Daily responsibilities revolve around Pre-Market Product Security.
  • Provide assistance to Post-Market Security group when needed.
  • Work in a hybrid remote and at-the-office-as-needed environment.
  • Work on multiple projects in parallel.
  • Evolving the Application Security program.
  • Ensures that the software development lifecycle (SDLC) follows security best practices.
  • Responsible for adhering to secure coding principles.
  • Testing application(s) against security risks/parameters before release.
  • Capture network and Bluetooth pcaps for analysis.
  • Analyze HTTP headers, POST, GET with ZAP, mitmproxy, and Burp Suite.
  • Root and Jailbreak mobile devices.
  • Dynamic Analysis, hooking with Frida and Objection.
  • Circumvent existing controls and develop POC exploits.
  • Develop scripts to automate security testing.
  • Ethical Hacking | Enjoy breaking things and work with the teams to get them fixed!

February 2022 - October 2022

Application Security Analyst, Medical Device

Insulet Corporation

  • Daily responsibilities revolve around Post-Market Product Security
  • Collaborate with engineers, developers, and leadership to address security risks in a Secure Development Lifecycle (SDLC) environment.
  • Participated in response team to 510K submission.
  • Cloud, Mobile, & IoT - SAST testing.
  • Threat modeling with engineering teams to identify potential security issues.
  • Performs application security assessments, vulnerability scanning, and remediation testing of product and services.
  • Documents and reports testing and remediation activities in accordance with the company's standard operation procedures and compliance requirements.
  • Develop POC exploits.
  • Break things and analyze!

May 2020 - February 2022

Security Analyst

Sony Interactive Entertainment - Playstation

  • Perform intrusion analysis using SIEM technology, packet captures, reports, data visualization, log analysis and pattern analysis.
  • Test and verify HackerOne submissions for possible OWASP vulnerabilities.
  • Splunk Certified User + Certified Power User
  • Automated SOC processes in Python improving efficiency on time consuming log analysis and notification.
  • Support File Integrity Monitoring (FIM) in AWS environment for PCI compliance.
  • Maintain EC2 / S3 security posture with Evident.io and RedLock.
  • Threat hunting in corporate and cloud environment.
  • Malware analysis.
  • Detect, escalate, and assist in remediation of critical information security incidents.
  • Document and communicate findings, escalate critical incidents, and interact with customers
  • Improve and challenge existing processes and procedures in a very agile and fast moving information security environment.
  • Push weekly IPS/IDS Filters.
  • Corporate communication monitoring (Skype, Slack, etc)
  • Maintains knowledge of information security policies and goals
  • Keeps current on the current IT threat landscape and upcoming trends in security

October 2017 - May 2020

Systems Administrator

National University | Center for Innovation in Learning

  • Evaluated and processed Affiliate’s 90,000+ student/faculty records for user record integrity in Blackboard and Kaltura.
  • System integration of 3rd party vendors products with online Learning Management System.
  • Work with vendors to troubleshoot system integration issues.
  • Familiar with Family Educational Rights and Privacy Act (FERPA).
  • Work independently with very little supervision.
  • Work in team environment.
  • Develop custom software solutions with available API in Python, SQL / NoSQL databases, and HTML/CSS/Javascript
  • Maintain Kaltura’s Media Server (KMC) and Mediaspace.
  • Provide out of the ordinary technical support for the University and Affiliates with the use of third party APIs or other necessary technology.
  • Work with Nginx, Apache and other web technologies

March 2014 - October 2017

Software Developer

National University

  • Saved online Faculty community from going off-line due to 3rd party vendor going out of business and instantiating new AWS-EC2 environment.
  • Saved the Online Faculty Community from going off-line due to third party vendor going out of business by migrating instant to own EC2 in AWS.
  • Maintain Drupal environment in AWS
  • Drupal 6 Administrator and develop Drupal API + Custom Views
  • Work independently with very little supervision.
  • Setup and configured Wordpress micro-sites for various faculty and departments.
  • Maintain Lamp Stack for microsites.

November 2012 - March 2014

Lead of Instructional Media & Library Systems

National Univeristy | Spectrum

  • Provide troubleshooting, assistance and remedy for library systems and technology; computer hardware/software, audio/ visual, network, and cloud SAAS.
  • Work in team environment between di erent departments.
  • Work with vendors for software solutions.
  • Manage iShare and Multimedia le server.
  • Maintain IIS Web and Ezproxy Server.
  • Liason between Library and NU IT department • Point of con- tact for third-party vendors

January 2010 - November 2012

Multimedia Designer

National Univeristy | Spectrum

  • Promoted to Lead of Library Systems
  • Develop interactive instructional media with Flash + Action- script 3.0.
  • Develop Library HTML/CSS website.
  • Develop Library Quiz with PHP and MySQL. • Develop video content for Instruction.

June 2006 - December 2009

Adjunct Instructor

National University | School of Arts

  • Game Development with Actionscript
  • Game Development with Unity 3D | C#

November 2008 - November 2009

Desktop Analyst

Harte-Hanks

My primary function was to provide desktop support to both business and call center buildings in a Microsoft and Novell networking environment.

  • Configure PC to be deployed to workstation
  • Troubleshoot PC issues at end user's workstation.

April 2005 - June 2006

Flash Developer (Intern)

Booz Allen Hamilton

Short term internship to develop interactive online training with Adobe Flash

February 2006 - May 2006

Systems Analyst

Ionis Pharmaceuticals

My primary role was to maintain computer systems that are attached to Lab equipment.

  • Documenting the hardware and software settings for those systems to maintain FDA Hardware and Software validation.
  • Maintain computer systems attached to lab equipment. • Document change controls for SOX compliance.

August 2004 - March 2005

Informatics Technician

Ionis Pharmaceuticals

My primary role was to provide desktop support between 6 dif- ferent buildings.

  • Worked with a small team to support a mixed Mac, PC, and Linux platform environment as well as a mixed Windows and Novell networking environment.
  • Deploy new workstations
  • Perform system tape backups and rotate archive with o -site storage.

April 2001 - August 2004

Customer Engineer

Fujitsu Business of America

My primary function was to provide remote or in-house technical support for FSBA's English and Japanese clients in a Microsoft and Novell environment.

  • Travel to off-site client location to troubleshoot workstation or server issues
  • Travel to deploy Firewall, Server, or workstation to remote locations.
  • Install and configure Japanese version of Windows XP, NT.

August 1999 - September 2000

Education

Cyber Security and Information Assurance, Ethical Hacking and Penetration Testing

National University
Master of Science
2016 - 2017

Documentary Filmmaking

Digital Media Academy
Certificate
2012 - 2012

Multimedia Arts

National University
Bachelor of Arts
2003 - 2006

Network Engineering and Management

Computer Learning Center
Diploma
1997 - 1999

Awards & Certifications

GIAC Web Application Penetration Tester

GIAC
Issued: March 2021 | Expire: March 2025

AWS Certified Cloud Practioner

Amazon Web Services (AWS)
Issued: September 2019 | Expire: September 2022

Splunk Certified Power User

Splunk
Issued: August 2018 | Expire: August 2021

Splunk Certified User

Splunk
Issued: December 2017 | Expire: December 2020

Security+

CompTIA
Issued: June 2017 | Expire: June 2020