Alexander Thines

Summary

Web Application penetration tester with a desire to assist companies defend their websites against malicious attackers. Experienced in both defensive and offensive techniques with over 5 years of experience in the cyber security industry.

Experience

Prescient Security - Senior Security Consultant (Penetration Tester) ----- Start Date: March 2022 - Present (Remote)

• Preformed reverse engineering against EXE, IPA, and APK flies for a range of moblie and thick client tests.
• Assisted team with learning along with developed internal training for attack techniques against mobile binary files along with thick client applications.
• Developed scripts in Python and GoLang to create and organize client specific reports. These programs reduced report generation time from 1 hour to 5 seconds per report.
• Preformed web application testing for ATMs, APIs, Mobile applications (both Android and Apple devices), and regular web applications.
• Used OWASP Top 10 checklist to ensure accurate results along with developing other testing frameworks for different applications. These checklists ensured that tests were more through while allowing testers to be more efficient with their time.
• Developed automation scripts to export Jira data into daily emails to provide upper management with commonly requested information on a daily basis.
• Developed testing tools to speed up common findings in customer environment. This ranges from python scripts reaching out to sites for header information to creating custom burp extensions with client specific findings.
• Led a team of over 10 testers to consistently deliver tests while also training juniors on the team to be able to be more independent with testing and report writing.
• Created tool to assist in transposing vulnerability scans from Nmap and Nessus to custom company reports.

Freelance - Bug Bounty Hunter ----- Start Date: February 2021 - Present (Remote)

• Used open and closed bug bounty programs to create specialized tools to not only assist in attacking targets on bug bounty platforms, but also for use against similar targets in closed corporate settings
• Developed scripts in Python and GoLang preform automated scanning and testing to allow easier enumeration of targets while being able to track state changes of pages and domains.
• Preformed testing against Android, IoT devices, and other web applications.
• Testing preformed against a variety of wireless communication methods.
• Assisted other bug bounty hunters with finding vulnerabilities

Cyber Defense Labs - Jr Offensive Security Specialist (Penetration Tester) ----- Start Date: March 2021 - April 2022 (Dallas, TX)

• Developed scripts in Python and GoLang to help fellow penetration testers to reduce time for conducting reconnaissance from 90 seconds (on average) to 20 seconds (on average) allowing my team to be more effective in testing and reporting.
• Preformed black box web application testing for large external web infrastructures.
• Followed OWASP Top 10 guidelines to throughness of testing while also ensuring accurate results with auditable results.
• Continued education to keep up to date on current threats and emerging tactics used against companies.
• Successfully preformed various social engineering techniques against target companies to test the client's training.
• Preformed mobile android device testing to ensure applications were not leaking proprietary information.
• Created tool to assist in transposing vulnerability scans from Nmap and Nessus to custom company reports.

Masergy - Penetration Tester ----- Start Date: December 2020 - March 2021 (Plano, TX)

• Assisted in performing reconnaissance, phishing, and other tasks for penetration tests.
• Performed vulnerability scans and analyzed the output of the scan results from Saint and Qualys.
• Successfully preformed vishing against clients.
• Trained for ASV (Approved Scanning Vendors) from PCI DSS for Masergy.
• Assisted in implementing new vulnerability management software to assist in managing multiple engagements with varying requirements and scan requests.
• Have worked with team to set up scope for assessments along with testing times that suited the client's business needs and requirements.

Masergy - Level 2 Senior Network Security Analyst ----- March 2018 - March 2021 (Plano, TX)

• Worked as shift lead along with Point of Contact for any security event on over-night shift for international clients.
• Provided troubleshooting and client specific assistance to other analysts and clients.
• Worked with clients on numerous incidents and have explained complex activities to technical and non-technical users.
• Have explained to clients and other analysts how an attack can follow the MITRE ATT&CK framework along with explaining the potential relevance of the framework.
• Assisted clients with audit and other tight deadline requirements to meet required deadlines.
• Performed audits on internal systems to ensure they meet various required standards including PCI DSS, HIPPA, and other varying standards.
• Worked on advanced projects that helped improve the SOC with metrics tracking, automation of information gathering for incidents, automation of data insertion and extraction from various programs utilizing various APIs including Google API, proprietary systems, Virus-Total, and Slack.
• Developed scripts in Javascript, Python, Perl, and GoLang to:
  • Analysts preform tasks more efficiently monitor and research events happening on proprietary systems.
  • Report custom management defined KPIs to management team.
  • Reduce response time of alerts for system issues from 10 minutes to within 1 minute of email being received by team.
  • Created highly customizable reports for clients and team using varying technologies not typically available.
  • Integrated internal SIEM with more advanced detection tools to provide greater insight of alerts.

Certifications Acquired

• Certified Information System Security Professional (CISSP)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Penetration Tester (GPEN)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• GIAC Certified Incident Handler (GCIH)
• Offensive Security Wireless Professional (OSWP)
• eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
• eLearnSecurity Junior Penetration Tester (eJPT)
• Cisco CCENT (Cisco Certified Entry Networking Technician)
• CompTia A+
• CompTia Network+
• CompTia Security+
• CompTia CySA+
• CompTia PenTest+
• Remote Pilot Certificate (For UAV Drone Operating)
• NSE 1-3 (Fortinet Network Security Expert)
• EC-Council Certified Ethical Hacker (CEH)

Programming Languages

• Python
• Javascript
• GoLang
• Bash

Skills and Abilities

• Demonstrated ability to deescalate conflicts with coworkers and clients
• Proficient in utilizing various computer applications for data entry, including Microsoft Word and Excel.
• Demonstrated strong aptitude for multitasking, effectively handling multiple tasks simultaneously.
• Exhibits excellent leadership skills, guiding teams towards successful outcomes.
• Proven track record of efficient organizational skills
• Exceptional logical and reasoning abilities, proficient in identifying strengths, weaknesses, and alternative solutions to problems.
• Exceptional time management skills, ensuring efficient allocation of resources and meeting deadlines.
• Deep understanding of teaching and training methodologies, including evaluating training effectiveness.
• Remarkable communication skills, adept at conveying information effectively to others.
• Extensive knowledge of philosophical systems, religions, and their influence on human culture.
• Skilled at comprehending written sentences and paragraphs in work-related documents.
• Demonstrated ability to analyze alternative solutions, conclusions, or approaches to problems using logic and reasoning.
• Proven ability to explain highly technical information to non-technical users while keeping the user aware of it's importance.