Jon Rose

Current

Sr. Security Consultant at Trustwave

Past

Senior Security Consultant at Cigital, Inc
Senior Security Associate at Stach and Liu
Senior Security Consultant at Ernst & Young, LLP

Information Security Engineer at TWM Associates

see less...

1 more...

Education

James Madison University

Connections

198 connections

Industry

Computer & Network Security

Websites

Jon Rose’s Experience

Sr. Security Consultant

Trustwave

(Computer & Network Security industry)

June 2008 — Present (1 year 7 months)

Network and Application penetration testing, code review, and security research and development. Performed security training for a wide variety of clients.
Senior Security Consultant

Cigital, Inc

(Privately Held; Computer Software industry)

2007 — June 2008 (1 year )

Developed and taught security classes, including Java Secure Development, .Net Secure Development, and Fortify training. Worked as a Security Architect helping integrate security into the SDLC process for a large Financial Regulatory Agency. Performed security code reviews for client's applications using Fortify.
Senior Security Associate

Stach and Liu

(Privately Held; 1-10 employees; Computer & Network Security industry)

June 2006 — May 2007 (1 year )

Responsible for conducting application security engagements and practice development. Managed and performed application security assessments, accountable for project scoping, budget, resources, quality control, and scheduling. Performed source code audits of critical customer applications developed in .Net, Java and Cold Fusion. Provided detailed findings, recommendations, and remediation steps to client executive management, development teams, and system administrators. Also conducted network penetration testing, IT policy review, IT security remediation support, and security training.

Continued to expand interest and skills in performing business development, marketing and assisting in the overall business strategy. Worked as a member of the bid and proposal process as well as identifying and developing strategic partnerships within the information security community. Identified, recommended, and implemented improvements to existing processes, methodologies, and services.
Senior Security Consultant

Ernst & Young, LLP

(Partnership; Accounting industry)

February 2004 — June 2006 (2 years 5 months)

Responsible for managing and performing application penetration testing and source code reviews, Internet, Intranet and wireless attack and penetration assessments for a large number of customers. Engagement manager for a major client within the ASC, responsible for all activities from scoping to assessment and reporting. Conducted source code audits for applications written in C#, C++, Java/J2EE, Cold Fusion, and VBScript to identify security issues. Responsible for producing reports that documented vulnerabilities, business impact and recommendations for clients. Provided executive briefings and presentations on findings and recommendations.

Performed protocol and network communication analysis, host security audits, network device configuration audits, and security architecture reviews. Developed various specialized hacking tools and techniques to solve technical problems on a case-by-case basis written in Perl, shell script, C, C# and other programming languages.
Information Security Engineer

TWM Associates

(Computer & Network Security industry)

May 2000 — February 2004 (3 years 10 months)

Provided security evaluation services to a large number of commercial and government agencies. Provide technical leadership on projects involving computer systems, networks, and application risk assessments. Lead engineer for penetration testing and proficient in running a large number of security tools and analyzing the results.

Supported certification and accreditation efforts as part of DITSCAP, conducting risk assessments of technical and non-technical components of a customer's information technology infrastructures. This support consisted of evaluating systems such as Windows NT, Windows 2000, and UNIX (Solaris, HP-UX, SCO, Linux), and network devices such as Routers (Cisco), Firewalls (Checkpoint Firewall-1, Cisco PIX, IPCHAINS, IPTABLES), Intrusion Detection Systems (Snort, NFR), switches (Cisco), etc.