Version
Do not edit anything

How To
Do not edit anything

Introduction
Do not edit anything

Career Goals
Fill out areas in current role, short term 1-3 years, long term 3-10 years

Education
Fill out areas for will you persue further academic education, and cost (these can be estimates)

Skills
Do not edit anything, we will go over this.

Goal Outline
Fill out areas under What do you want to do, color code the area corresponding to what you want to do by the date you want to complete it.

Additional Resources
Do not edit anything

I’ve been engageed with the community for some time now. One of the greatest blights facing technologists today is Ransomware.

What is ransomware? “Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion.” - Wikipedia

Ransomware has been around since the mid to late 90s but really didn’t start becoming a serious problem until the mid to late 2010s. Threat actor and hacker groups use a combination of tools and social engineering to gain access to a network and its sensitive data. Usually data is exfiltrated from the network as a copy and then a crypto-locking software infects all the files and systems on the victim network.

So what have I personally seen and dealt with?

Outside of your run of the mill hackathons, virus infections, malware deployments, skimming etc. I’ve run into 3 catastrophic ransomware infections. I’ll provide some detail (not the organizations name, or industry) and my role for that particular incident.

1) Small business of less than 10 employees with a small office network infected with ransomware which took out their VMs, all of their files and exfiltrated client/payment lists. My role for this incident was as a consultant assisting their MSP consultants with review, remediation and recovery. I was able to work remotely with the MSP consultants to shutdown, clean up, patch all systems on the network. The organizations VMs were encrypted which had their data, they did have a local back up of their data which was plugged in at the time and encrypted as well. They had offline backups which were outdated and not verified. I was able to use some data recovery tools and recover the VM files. From there I was able to mount the volumes and recover the data. The VMs were rebuilt and their current data was subsequently uploaded to the new servers. The ransom was not paid for this incident and what ever the threat actors were able to get, they ultimately had.

2) Med to large buisness with offices across the US suffered a similar incident. Their entire network was taken down due to poorly managed infrastructure that allowed threat actors to remotely access the network, monitor the network and systems. Eventually the threat actors deployed ransomware which encrypted all systems, and backups. My role was as an outside consultant to recommend infrastructure and security best practices while helping them maintain a level of sanity. This was a very short stint and they were able to rebuild the majority of their systems and recover some but not all of their data without paying the ransom.

3) Large global organization with a failed ransomware deployment into their corporate headquarters. The network, firewall and remote capabilities were completely taken offline for several days. While the ransomware deployment was unsuccessful the organization suffered a breach, which lead to a lost of IP and sensitive data. This incident was caused by an unpatched firewall, being publically exposed. Threat actors ran a script on the firewall, gained access to all of the provisioned accounts on the firewall which were also local network administrator and active directory administrator accounts. This allowed the threat actors to have unteathered access to the network, exfiltrate data and attempt to deploy ransomware. Luckily a newly introduced endpoint protection solution prevented the infections, and alerted the technology department to the incident. They shutdown their network, systems, brought in multiple consultants to review and verify. The only thing they wanted proof on was how the threat actors gained access to the network. They assumed the firewall and took it offline. I was called in and asked to replicate the attack based on the minimal information I had about the firewall and network. I was given an IP address to the firewall which was now sandboxed, and was able to run a Proof of Concept exploit which took less than 10 minutes. I extracted all usernames and passwords from the firewall. I provided a write-up, and was done.

Conclusion

While these incidents were catastrophic for the organizations and caused significant downtime which resulted in a loss of profits ALL of them could have been avoided. Proper security hygiene of logging, monitoring, patching and replacement of EoL legacy machines could have saved these orgs from this loss.

I’ll be honest I’ve said these things and have even impressed myself.

“If we find what we’d consider less than best practice we should see those as opportunities to improve, not failures.” - Brad Voris, on LinkedIn

“I you don’t take your own company’s cyber security seriously, someone else will.” - Brad Voris, on LinkedIn article https://www.linkedin.com/pulse/you-dont-take-your-own-companys-cyber-security-seriously-brad-voris/

“When we talk about innovation, no one innovates if they’ve worked at the same company for 20 years or more” - Brad Voris, on Discord

“Of course there is a disconnect. There is a lot of misconception, deception, ignorance and misalignment on information / cyber security roles and skills. That is not only from individuals trying to enter the field, that includes organizations, colleges, universities, professors, teachers and certifications bodies etc… Each one of these has an expectation based on what they sell or have been told. There is no “proper path”. Everyone’s journey in any field is unique. Its based on their skills, education, experience…. I mentor 30+ individuals a year and each one of them has unique skills, education and experience. Each individual has their own journey to get to the role they want, I only hope I can help them achieve their goals.” - Brad Voris, LinkedIn Context on the disconnect between candidates and entry level roles

“My shit always works sometimes.” - Brad Voris in life.

“If you run from everything that could possibly harm you, you’ll never know what could have made you stronger.” - Brad Voris Facebook (May 17th, 2016) & LinkedIn (May 17th, 2022)

“Masculinity is not toxic. Bad behavior is.” Facebook Jan 17 2019

“The greatest gift anyone can give you is their time.” Facebook May 2 2023

In 2015 I had started working contract for United Airlines and an Infrastructure Project Engineer. I spent the majority of my role designing architecture for airports, aircraft, lounges and ecommerce websites for United. This was a fun gig as I got to work with a lot of great people who cared alot about the secure design of its infrastructure. While working on an IoT project I met with Boris Previn. Boris was a Principle Security Architect for UA. Boris and I had a good relationship and after some discussions about designing some segmented networks for the IoT project, Boris said I was very knowledgable about security. He had suggested I look into getting a security certification like the CISSP. This would help me get a better understanding of security and how it has applied to all the work I have done. I didn’t have a lot of confidence in “security” even though at the time, I didn’t realize that nearly every infrastructure project I worked on was a security project. I always had best practices in mind when it came to design and security was included. I spoke with my wife about it and decided to take the plunge.

In March of 2016 I decided to start investing in my future. I bought the official study guide for the CISSP, I also looked around for some classes that I could take to augment my studies. I found a CISSP 40 hour course that was in a couple of months. The course was about $4500, it would require me to miss work for a week. At the time this was a tough call since I was a contractor. If I missed work I didn’t get paid for it. So I decided to take the course.

CISSP book and class

I hammered the CISSP official study guide. I spent two to four hours a night reading, taking notes and reviewing questions. I finished the guide a few days before my class started. The class I took was hosted at Etec by Tom Nguyen. This was a 40 hour class, with a couple of pre-tests. I was pretty apprehensive coming into the class but Tom was very clear and knowledgable about the exam. Coming out of the class I was very confident, I had about one week of study time before the exam. I ran the gambit on all of my notes and reviewed the study guide.

Exam Day…

Monday morning, Exam Day…. I was no longer all that confident. I’d spent $4500 on a class, $120 on a couple of books, $600 for an exam and missed a week and a day of work. I got up, had breakfast, drank my coffee, and cleared my mind. I drove down to the exam site which was not far from home. I was really nervous. I had no idea if I’d pass or fail. I sat down for my exam, took a deep breath and started. I finished the exam in about an hour. I was surprised at how quickly I went through the questions and scenarios. When I hit that final submit button my upper lip was sweating and I felt naucious.

I PASSSED!

I got my results and I had passed the CISSP! I was so stoked. I knew this would be a turning point in my career and life. The hard part wasn’t over yet. I still needed to get my experience vetted by another security professional. I spoke with Tom at ETC who put me in touch with David Morgan. David was already a CISSP and was a Director of Security in Austin. I filled out my vetting paperwork and sent it to David for review. David vetted my experience, and contacted me with the good news. Once the paperwork was submitted I had to wait for the final approval from ISC2. This took about 3-4 weeks.

CISSP meant drinking from a firehose

I got confirmation in June from ISC2 that I was a CISSP. My confidence level soared and I was so happy to know that with the 15 years of IT experience I was now a security professional. The moment I updated my LinkedIn profile, I was hammered by recruiters looking to fill any and every kind of security role.

I can say that I am eternally grateful for Boris, Tom, David and my wife for supporting me on my journey to become a security professional. If it wasn’t for their support I might still be working IT roles I was never satisfied with.

I am currently working on a bunch of personal projects. If you have interest in collaborating on some of these please reachout via Discord or LinkedIn

PowerShell to Python conversions of older projects.

My name is Brad Voris and I am a Security Professional who is passionate about technology and scripting. I’ve been in IT/IS/Cybersecurity since 1999. I have have the following certifications: ISC2 CISSP ,ISACA CISM ,CSA CCSK ,Comptia Network+ ,MS MCP ,MS MTA ,VMware VCA-DCV ,Fortinet NSE1 ,Fortinet NSE2 ,Palo Alto ACE ,DHS & CISA 100W - OPSEC ,CyberArk - Trustee, MS AZ-900

I started my Information Technology career in 1999. While working at BestBuy as a computer salesman I was asked by a customer to assist with finding appropriate memory for his Winbook. The support technician wasn’t particularly helpful for him so I took it upon myself to find out what the speed and size memory was needed. After a few minutes of verification I was able to provide him with the memory that he needed for his laptop. He mentioned that he worked for a survey company that was looking to hire a computer technician and if I was interested I should apply. We exchanged information and a week later I went in for an interview. I met with Dean Errington who after a discussion hired me for the role. This was my first computer related role fresh out of the military with minimal support experience. I was very fortunate to have made a good impression.

My Career

Pre-IT Career

U.S. Army 1997-1998 - 32Y/94P MLRS Repairer

CompUSA 1999 - Sales

BestBuy 1999 - Sales

Jones & Carter, Inc. Computer Technician 1999 - 2007

Jones & Carter - a full-service civil engineering firm

I started working for J&C in September of 1999. First started out working on a mass of desktops. These were all DOS and Windows 95/98 machines. Repairs would be anything hardware or software related. Some days I’d replace failed power supplies, or solder a new AT keyboard port to a motherboard. I would spend my free time reading books on A+ and Network+. As the time went on we hired an additional tech and I took on more duties. My role as a computer technician working strictly on desktops soon changed to working on servers and networking equipment. This meant preparing Compaq Servers for deployment, installing patches, running backups, adding user accounts to Novell Netware 5.0, Windows NT 4.0 and Microsoft Mail. From the network side it was deploying new 3COM switches and removing the older HP and Intel 500 series switches. Eventually building VLANs and setting up QoS (it was very new). J&C was going through a massive amount of growth. We opened an office in Austin, aquired an engineering firm in The Woodlands and expanded our Dallas and Houston offices. Technology grew rapidly and I adapted. Taking on printer, plotter and firewall support. We migrated from Windows 95/98 to Windows ME and Windows 2000 Pro. We migrated from Novell Netware 5.0 to 5.5 and eventually off of Novell to WIndows File Servers. We migrated from Novell NDS to Microsoft Active Directory in Windows 2000 STD and then to Windows 2003. We Migrated from Microsoft Mail to Exchange 5.5 then to Exchange 2000 and then to 2003. We implemented new firewalls which were BorderWare, then to Fortinet. As we continued to expand our technology expanded and became a full Microsoft Shop. Eventually all desktops were migrated to Windows XP and I managed the day to day operations for desktops, servers,m and the network. This was a great job to cut my teeth and learn. While I enjoyed working for Dean I needed to bolster my skills and do more. In October of 2004 I got married and we went on our honeymoon. While not spending time with my wife I was studying for the Network+ exam. The Week After my aniversarry I took and passed the Network+.

• Employee management - interviews, mentoring, training, hiring • Support and manage 10+ Windows NT 4.0 - 2003 and Novell Netware 5.5 server environment • Support Exchange 5.5 - 2003 • Support Citrix Metaframe XP/Presentation 1.x-3.x Server thin clients and published applications • Support Borderware, Watchguard, and Fortinet firewalls. • Support tape backup systems Veritas, Brightstor and Arcserve • Train employees in the Information Technology department. • Create company policies and procedures governing corporate security, email and Internet usage, access control, and incident response. • Diagnose and repaired issues with printers (HP Laserjet, DesignJet plotters) • Website and Intranet development (HTML/PHP/CSS/JAVASCRIPT/Dreamweaver) • PDA support/installation (Pocket PC 2003, Mobile 5, Palm OS)

Lab Corp 2007

Lab Corp - operates one of the largest clinical laboratory networks in the world, with a United States network of 36 primary laboratories.

I don’t have this role on my resume or LinkedIn.

Metro Networks 2007

Metro Networks - broadcasting outsourcing company based in Houston, Texas

I don’t have this role on my resume or LinkedIn.

Solarent 2007

Solarent - was a managed service provider

I don’t have this role on my resume or LinkedIn.

DePelchin Children’s Center 2007 - 2009

DePelchin Children’s Center - nonprofit provider of children’s mental health, prevention and early intervention, and child welfare services

I took a role with the assistance of Solarent at DePelchin Children’s Center. This role was an IT Manager role where I managed the help desk, call center and data center for DePelchin. We had 2 senior technicians, and 3 technicians in the call center. I had a great team, who were really efficient and capable. While there we installed new firewalls, new file servers and database servers. I deployed and configured all new Cisco switches. I deployed an IDS and a honeypot for greater network visibility. This was a really good role and I learned a lot about managing people and resources.

• Manage help desk and server support personnel (interviews, hiring, mentoring, timesheets, conflict resolution, training, etc.) • SLA and vendor support contract administration • Server engineering & administration (Win 2k3, Red Hat Enterprise, Dell 2XXX Series servers, • Compaq/HP Proliant servers) • Network engineering & administration (Cisco switches, Fortigate, Watchguard firewalls.) • Nagios network monitoring • SQL Database administration

Serimax 2009 - 2010

Serimax - was an international pipeline welding company

I took an IT Manager role for the North and South American regions for Serimax. After taking this role the oil and gas industry was hit with a severe downtown which negatively impacted my role. I was the sole support person for North and South America. This meant supporting 500+ resources across numerous counteries.

• America regions • Departmental budgeting • Project Management • SOX Compliance • Help Desk / Service Desk Management • SLA and vendor support contract administration • MPLS/network administration (Cisco Pix/ASA firewalls, dell switches) • Windows 2003 server administration (Dell servers) • Active Directory, DNS, DHCP, IIS, File Sharing • Lotus Domino email server administration

Internet Medical Clinics 2010

Internet Medical Clinics - Chain of medical clinics

I don’t have this role on my resume or LinkedIn.

Cherry Demolition 2010 - 2014

Cherry Demolition - demolition, aggregate, and crushed concrete manufacturer

I took a role as a system engineer / IT manager for Cherry Demolition. Cherry was on a growth boom and required a lot of work. Essentially a mom and pop shop using retail grade equipment and having chronic network failures and system failures. I rebuilt their entire network from cheap 8-16 port switches, to multiple 48 and 24 port switches with fiber at their headquarters and 48 port switches at their branch locations. I deployed Fortinet firewalls at all locations, a forti-analyzer and fortimanager at their HQ. I migrated their Windows 2003 SMB server to Windows 2008 R2 file servers and a Windows 2010 Exchange Server. Those servers were on an old Compaq Proliant 1600 series server, which I upgraded to a bunch of Dell rack mounted servers and a Dell SAN. I deployed about half the servers in Hyper-V for ease of management. I also installed a couple of brand new full Dell racks. I deployed Ubuntu and Nagios resource monitoring. I deployed numerous DVR’s and IP cameras. I ran numerous projects for migrating phone systems from Iwatsu to Shoretel, MPLS migration, database migrations, department budgeting and vendor management.

Build and maintain Windows 2008 R2 servers for multiple locations (Active Directory, DNS, DHCP File Sharing, IIS) • Employee management - interviews, mentoring, training, hiring, termination, conflict resolution • Help Desk / Service Desk management • Support and maintain Microsoft Exchange 2010 Email server • Powershell Scripting • Fedora & Ubuntu Linux Server support and maintenance • Hyper-V server virtualization, installation, configuration, and maintenance • Maintain desktop, laptops, Blackberry, & Android cell phones for 200+ staff members. • Implement / manage MPLS/VPN network across 10 locations • Project/Department Management (planning, budgeting, implementation) • Gigabit Network migration (Dell 4xxx series switches and fiber) • Network & Security Monitoring With Nagios • Exchange 2003 to 2010 migration • Firewall migration SonicWalls to Fortigate with FortiAnalyizer • Implement Shortel VoIP phone systems at 12 locations • Manage Iwatsu phone systems • WSUS - Microsoft patch deployment • Department Budgeting • Data Center Experience – Capacity Planning, Designing, Rack diagrams, Electrical Power, HVAC • SLA and vendor support contract administration

Fort Bend Independent School District 2014 - 2015

Ft. Bend ISD - An independent school district in Sugar Land Texas

I took a role with FT Bend ISD as a Senior Systems Engineer II. In this role I managed multiple VMware servers, SANs, HP Blade and Chassis, Active Directory, DNS, DHCP, DFS, IIS, and helped manage their MS Exchange 2003 environment. I helped design and deploy additional server clusters and storage. I helped to support and manage Windows Server 2000 - 2012 R2.

• Support and maintain Microsoft Windows 2000 - 2012 R2 Enterprise server • Project Management • FERPA Compliance • Training • SLA • Active Directory, DNS, DHCP, DFS, IIS • Powershell Scripting and Reporting • MS Exchange 2003 support and maintenance • VMWare 5.0 – 5.5 installation, configuration, maintenance, template builds, P2V • Cisco UCS Blade and Chassis platform • HP EVA, MSA, 3Par SAN StoreServ Storage • HP C7xxx Blade & Chassis platform • HP DL Series Servers • Dell Servers • ITIL • Disaster Recovery Planning • Solar Winds, SCOM - System and Network Monitoring • WSUS - Microsoft patch deployment • Technical Writing • Data Center experience – Capacity Planing, Designing, Rack diagrams, Electrical Power, HVAC

CVR Energy 2015

CVR Energy - Oil refinig company

I took a role at CVR Energy and completely revamped their infrastructure. I migrated their servers from Windows 2003 to 2012 R2. Deployed DNS, DHCP HA, DFS (massive replication between locations to act as data backup), IIS. I managed day to day operations of a huge Exchange 2010 cluster and MS Lync 2010. I also managed all SAN and servers within VMware and Hyper-V.

• Support and maintain Microsoft Windows 2003 - 2012 R2 Enterprise server • Project Management • SOX Compliance • Training • SLA • Active Directory, DNS, DHCP (DHCP High Availability), DFS, IIS • Active Directory 2003 to 2012 R2 migration • Hyper-V 2008/20012R2 • Powershell Scripting and Reporting • MS Exchange 2010 Clustered Environment (multiple DAGs) support and maintenance • MS Lync 2010 support and maintenance • VMWare 5.1 – 5.5 installation, configuration, maintenance, template builds, P2V, deployment • Cisco UCS Blade and Chassis platform • Dell Compellent SAN • Dell Equallogic SAN • HP Servers • Dell Servers • ITIL • Technical Writing • SIEM - Log Rhythm - Security Log Monitoring • Solar Winds - System and Network monitoring

United Airlines 2015 - 2016

United Airlines - US airline with over 85,000 employee’s globally

At United Airlines I documented and designed systems for aircraft, airports, and lounges. This included designing UIs for aircraft WiFi systems, PCI-DSS environments, SOX environments and IOT devices. I worked with other engineers and architects to design and deploy numerous systems world wide. While working contract for UA, I took a week off unpaid to study for and pass the CISSP exam.

• Enterprise Infrastructure Engineering and Design • PCI, PII, SOX Compliance through infrastructure design • Financial systems engineering design • Project Management & Budgeting • Technical Writing and Document Control • Change Control • Windows 2008 R2 & 2012 R2 server engineering and design • Red Hat Enterprise Linux 6.5+ • HP C7xxx Blade & Chassis platform • Windows Server & SQL Clustering • Virtualization: Hyper-V & VMware • ITIL • Training • Application design

Tailored Brands 2016

Tailored Brands - is a formal clothing designer and resale

The role at Tailored Brands was short but provided a lot of hands on experience with security products. While at Tailored Brands I was messaged by a former co-worker about a security role that was opening up. I was offered the role and moved on from Tailored Brands.

• SIEM - Log Rhythtm / Correlog • Firewall - Check Point • DMZ Design • PAM/PIAM - CyberArk • PCI Compliance • SOX Compliance • Change Control • Project Management • Gemalto Encryption • 2FA - DUO • Network Security Policy Management/Orchestration

Texas Direct Auto / Vroom 2016 - 2018

TDA / Vroom - is an online car retailer

At Vroom I built the Information Security Program, designed and deployed numerous security countermeasures. This included Palo Alto Firewalls, security governance frameworks, ADDS (DNS, DHCP, Group Policy, DFS), EDR solution and a SIEM. I maanged IT and Security personnel and routinely had meetings with legal, HR and senior management.

• Security Governance Framework • Cisco ASA Firewall, IDS/IPS • Palo Alto Firewalls • PCI Compliance and vulnerability scanning • Project Management • Symantec Endpoint Protection / Sophos Endpoint Protection • Cloud Security • Policies, Procedures, Standards • PowerShell Scripting • Microsoft PKI (cert provisioning and revocation) • MS Infrastructure: Active Directory, DNS, DHCP, Group Policy, DFS • NIST, ISO 27002 • O365, Azure, Google Cloud Platform (GCP), AWS (Amazon Web Services) management • AlienVault SIEM installation, configuration and management • Security Awareness Training • Risk Management • Digital Forensics • Cyber Investigation • Department Budgeting • Penetration Testing • Application Security Testing OWASP

JP Morgan Chase 2018

JP Morgan Chase - US Based Bank

I don’t have this role on my resume or LinkedIn.

CGG 2018 - 2019

CGG - Oil and Gas data processor

CGG role was a focus specifically on network & cloud security and some Information Security. I helped build their SIEM and managed the day to day support with their MSSP. I provided security engineering and architecture assessments to help align business strategy. I also deployed instances in AWS, Azure and GCP to help log and monitor their cloud environments.

• Security Engineering & Architecture • Cloud Security: AWS, Azure, GCP Google Cloud • Palo Alto Redlock / Prisma Public Cloud • Network Security • Firewalls • IDS Intrusion Detection Systems / IPS Intrusion Prevention Systems • SIEM • Risk Assessments • Strategic Security Business Alignment • IAM & MFA • AWS Amazon Web Services: •••• VPC Deployment and management •••• Security Hub: Security standards from CIS AWS Foundations, Insight and Findings reviews •••• GuardDuty: Cloud platform security findings •••• CloudWatch/CloudTrails: Management of account audits, metrics, and event workflows

Texas Children’s Hospital 2019

Texas Children’s Hospital - US Based Hospital System

I don’t have this role on my resume or LinkedIn.

Shaw Systems 2020

Shaw Systems - Financial SAAS

My role at Shaw Systems had me manage day to day security operations, as well as review of IT operations. I worked with the business to try minimize risk and provide value to the business. I worked with Alert Logic to deploy logging and monitoring solutions. I also provided risk assessments and answered third party audits.

• Security Engineering & Architecture • Information, Cyber Security • Governance & Policy Writing • NIST Cybersecurity Framework • Risk Assessments • Cloud Security • DevSecOps • Security Awareness Training • SIEM - Alert Logic • Due Diligence Questionnaires • SOC Auditing • Incident Response

Walmart eCommerce 2020 - 2024

Walmart - Worlds largest retailer with an online presence comparable to Amazon.

At Walmart I’ve helped design and secure numerous architectures for our internal and external clients. I’ve lead initiatives for the Information Security Architecture team to promote visibility and develop strategic business relationships. I’m a member of the CISO Advisory Board, the Enterprise Architecture Council, EDEE Steering Committee, and a mentor for the Walmart Mentoring Circle.

• Security Architecture & Design • Information & Cyber Security • Application Security • CISO Advisory Board Member • Enterprise Architecture Council • EDEE Steering Committee • Walmart Mentoring Circle

QuVa Pharma 2024 - 2025

QuaVa Pharma - Hospital Pharmacy Solutions

• Security Engineering & Architecture • Information, Cyber Security • Governance & Policy Writing • NIST Cybersecurity Framework • Risk Assessments • Cloud Security • DevSecOps • Security Awareness Training • Security Leadership • Due Diligence Questionnaires • SOC Auditing • Incident Response • M365 Security • Entra ID

Confidential 2025 - Present

M365 Security MDCA - Microsoft Defender for Cloud Apps Purview - Security and Compliance