C
COLETTE CHAMBERLAND, CISSP, CEH, CHFI, PROJECT+-- – https://cjchamberland.com - twitter:@cjchamberland
Work Experience
Defiant, Inc, Seattle, WA (October 2015-present, multiple roles.)
Security Lead, Defiant, Inc.
A technical leadership role, responsible for securing the Defiant, Inc. network and data for all brands.
Leading and providing guidance to secure the infrastructure as well as maintain PCI compliance.
Develop and provide security policies & procedures to be utilized company wide. Work with other
teams and management on other security related projects. Help design & develop a company CTF to
be used for wordfence security training at wordcamps.
QA Lead, Gravityscan Division
Security SME & QA Lead, scrum master/product owner and developer on gravityscan.com project.
Engineered & programmed node.js plugins for the product based on agile requirements for a
vulnerability detection engine and management system. Researched vulnerabilities and develop rules
for scanner. Then moved into managing the QA & development process which involved leading daily
scrum meetings with the entire team as well as managing milestones, feature requests and managing
release cycles.
Sr. Security Analyst, Wordfence Division
Organized, designed and develop processes and procedures to build the company’s website malware
removal services & team. Managed, trained and mentored a team of remote security analyst to clean
malicious content from websites, collect samples; forensic analysis to look for IOC's and attack vectors.
Assisted with the development of new WAF and malware signatures. Reversed engineered malware and
botnet code. Managed small honeypot network, both high & low interaction honeypots.
In addition to these roles, also participated in wordpress vulnerability research, meta data analysis and
OSINT work on many security related articles which are available on the wordfence.com blog.
Scurit, LLC, Sarasota, FL -, Security Consultant)
Assisting business owners such as start-ups, small businesses, government entities, and financial services
with website and web server security. Main focus was post incident response - website recovery and
website malware removal on multiple platforms as well as removal of server level code injections. In
addition, I also performed penetration testing, vulnerability assessments, web server security measures
(install WAF's, IDS's, update servers, install security patches, etc). Provided basic security education to
customers to help them mitigate additional security issues in the future.
COLETTE CHAMBERLAND, CISSP, CEH, CHFI, PROJECT+
C
-- – https://cjchamberland.com - twitter:@cjchamberland
Precise Resources, Columbus, OH -, IT Consultant)
Maintain and enhance existing Legacy Microsoft internal agency applications at Nationwide Insurance.
Assisted other developers in converting classic ASP applications into J2EE. Also managed DBAi user
security database morning processes and created stored procedures and SSIS packages.
Tools/Languages used: classic ASP, JavaScript, DHTML, CSS, Visual Basic 6.0 COM, SQL Server 2005, DB2,
ODBC, ADO, XML, XSL, VB.NET, Visual Source Safe, VBScript.
Skills
Security
Security policy & procedure development/implementation. PCI compliance. Penetration testing,
vulnerability assessments, static code analysis. Forensics (web sites): malware removal, forensics,
auditing, monitoring. Security research, HIPAA Compliance. Network & Web server tools: OSSEC, Aide,
ModSecurity, Snort IDS, Sagan, base, fail2ban, IPTables. Other Tools: Burp-suite pro, Nmap, Nessus,
TamperData, WPScan, Arachni, sqlmap, metasploit, maltego, nikto, dirbuster, owasp ZAP, RIPS. Meta
data analysis, OSINT.
Web Applications
Secure web application design & development. Tools/Languages: HTML, XHTML, XML, DHTML, PHP,
Classic ASP, ASP.NET (C#), ADO.NET, Oracle.NET, MVC, JavaScript, Node.js, VBScript, CGI/Perl, ActiveX,
COM/COM+, MVC, Linq2SQL, CMS Systems: Wordpress, Joomla, Drupal. Servers: Apache & IIS
Databases
mySQL, SQL Server, Oracle, Access, ADO, DAO, OO4O, ODBC, SQL, T-SQL,PL/SQL.
OS & Scripting
Kali, Ubuntu, Linux, Mac OS X, Windows NT-10, Bash, Python, Perl
Other/Additional
Team leader/management experience, full life cycle project management, network design & diagrams,
database design & diagrams, organizational charts and project timelines. FogBugz, Slack, Skype, PGP,
Extreme Programming, Agile & Scrum Processes, Asana, Basecamp, Trello. Excellent analytical skills.
Current Professional Certifications
ISC2
CISSP, 2017
ECCouncil
Certified Ethical Hacker (CEH), 2016
Certified Hacking Forensic
Investigator (CHFI), 2016
CompTIA Project+, 2012
COLETTE CHAMBERLAND, CISSP, CEH, CHFI, PROJECT+
C
-- – https://cjchamberland.com - twitter:@cjchamberland
Volunteer/Other
•
OWASP Suncoast Chapter Leader, 2015-Present, Founding member of OWASP WIA.
•
Participate in bug bounty programs & a member of the OpenToAll CTF team.
•
Multiple Public Vulnerabilities & CVE’s.
Additional Education/Certifications
•
Ashworth College – HIPPA Compliance, Diploma with honors 2017 (CPE credits)
•
US Career Institute - Criminal Justice Specialist, Certificate 2016 (CPE credits)
•
Ashworth College - Computer Network Security, Diploma with honors 2016 (CPE credits)
•
Western Governors University, Utah - - IT Security Emphasis
•
Ohio University, Athens Ohio - 2006 – General Education Requirements
•
Cybrary.it – IDS/IPS certification (SC-4f4f205e9-a3b75) (CPE credits)
•
edX - Certificate for Cyberwar, Surveillance and Security
https://courses.edx.org/certificates/5f9f-b4650a6991d2a3cffa0ab
References
Available upon request