Denard.me

Leon Denard has eleven years of professional experience in the Information Technology field. The most recent years have focused on red teaming, penetration testing, security automation, security architecture, and incident response. Prior roles have focused on systems engineering supporting developers on Windows, AIX, Solaris, and Red Hat Enterprise Linux.

Education

Georgia Southern University - 2012
Bachelors of Science in Information Technology
Minor in Information Systems
Concentrations in SAP, Networking, and Datacenter Administration

Experience

July 2021 - Present | Compuquip Cybersecurity

Sr. Off-Sec Engineer / Red Team Lead

Tested Sentinelone against Atomic Red team and wrote custom alerts to catch attacks
Developed Ansible playbooks to deploy custom SOAR platform, and perform regular system and application updates
Wrote a slack bot to aid in SOC investigations to query for WHOIS, ASN, Shodan, InternetDB, Screenshot, CVE Search, and pull Greynoise data
Performed penetration test, and vulnerability assessments of customer infrastructure
Audited and tested Active Directory infrastructure for common exploits, weak password combinations, configuration issues, and accounts with over-provisioned permissions
Automated generation of penetration test and vulnerability assessment reporting
Hardened company external and internal infrastructure
Modified a Gophish platform to remove built-in IOCs to perform phish testing on customers and employees
Developed application to monitor Tor ransomware sites
Developed Application to generate reports of SentinelOne agent health
Served as a subject matter expert on SentinelOne agent deployment on Linux for a client with 33k+ endpoints
Deployed and maintained password cracking systems to audit organizations password complexity using 100gb of collected password dumps
Placed in DEFCON's password village for Crack Me If You Can competition (1st - 2021, 2nd - 2022)

May 2021 - July 2021 | ScienceLogic

Sr. Python Developer - Solutions

Scripted local development setup for team
Audited VMware vSphere test environments to make scalability improvements
Setup various VMware vSphere test environments (e.g. vSAN, SRM) to fully test new monitoring automation being written

March 2020 - May 2021 | Intercontinental Exchange / NYSE

Manager, Cybersecurity Automation - Information Security

Automated tracking of randomized Red Team tests deployed across the enterprise to identify detection gaps
Remotely on-boarded two new direct reports during a pandemic
Created detections that align with MITRE ATT&CK framework
Automated auditing of open issues to see if they needed to be re-evaluated based on updated CVE data
Created a fully REST API to pull data on users, machines, IPs, domains, firewall rules, and incidents based on user- inputted search term
Maintained server infrastructure that was core to the whole Information Security department as it tracked information on application compliance and ran over 170 reoccurring tasks
Deployed and wrote custom integrations for augmented reality tool, Polarity, to increase collaboration and provide instantaneous data during an incident or daily workflow

February 2018 - March 2020 | Intercontinental Exchange / NYSE

Senior Cybersecurity Engineer - Information Security

Mentored teammates with on-boarding, python scripting, malware analysis, and architecture of new products being built out
Managed incidents from infection to containment to remediation
Lead effort with a PoC to prove password complexity policies were too simplistic
Wrote custom modules to consolidate open-services found via vulnerability scanners, Masscan, NMap, and Shodan to identify unauthorized services available to the internet and influenced policy creation to remediate problems found
Wrote custom module to identify websites without hardened SSL/TLS and sites that answer only with http
Wrote automated testing to make sure email security controls worked and to alert the user if they failed
Data-mined and created custom management and c-level reports about the phish testing data to identify and alert users that needed further training
Maintained, monitored, and tuned many IDS/IPS systems for email and web traffic
Maintained, monitored, and tuned antivirus and memory protection policies to align with business needs and protection
Monitored logs for anomalous events and initiate incident response processes to remediate issues
Maintained, and used sandboxed environments to do static analysis and detonate malware
Malware Analysis Crash Course by the Mandiant Flare team

October 2016 - February 2018 | Intercontinental Exchange / NYSE

Cybersecurity Engineer - Information Security

Automated analysis of user reported phish emails to expedite triaging and, in some cases, process the report without human interaction which was estimated to over 2000 man-hours a year saved
Wrote web-based utility to query 24+ APIs for everything from user information to domain/IP information to file hash reputation to quickly aid in investigations
The Shellcode Lab by Threat Intelligence Pty Ltd

January 2016 - October 2016 | ACI Worldwide

Senior Systems Administrator - Corp IT

Member of Architecture Council as the Systems Security Subject Matter Expert
Utilized Security tools such as nmap in scripts to identify and auto-remediate vulnerabilities by shutting off insecure services or configuring insecure application configurations to be secure
Subject matter expert on vulnerability remediation and mass automation for Unix, Linux, and Windows on operating systems and applications
Wrote scripts to scan for SSH banners to establish baseline to find honeypots on the network
Wrote scripts to automate internal Red Team's screenshotting of found vulnerabilities saving hundreds of man hours
Managed remediation of penetration test results
Regularly Audited Systems for Security threats and insecure configurations via scripts
Lead and managed effort to remediate overall company-wide vulnerability reports
Lead efforts to close many open audit items against various departments due to security concerns
Wrote scripts to validate and remediate vulnerabilities and then presented the data in a web application dashboard to track progress
Regularly Architected large solutions to enhance user-end experience
Data mined Vulnerability reports to find patching gaps

November 2013 - January 2015 | ACI Worldwide

Unix Systems Administrator - Corp IT

Lead programming and culture change effort to remediate over one million vulnerabilities in a year after switching to authenticated scans
Wrote various scripts to fix audit issues and other scripts to automate long intensive processes to comply with policy
Worked closely with the Security department to stay on top of patching, recently found exploits/vulnerabilities, and configuration issues
Assisted end-users with performance issues, configuration needs, hardening of applications, and other day-to-day operations
Monitored the datacenter with daily walks to look for hardware failures

June 2012 - November 2013 | EarthLink

Information Security Analyst - Enterprise Information Security

Automated tedious functions of fraud and abuse work saving 3 hours a day
Coordinated with infrastructure teams for vulnerability remediation as subject matter expert on system and application vulnerabilities found with scans and manual audits of systems
Developed in-house applications to report and act on spam, phishing and other acceptable use policy violation trends based on POP logs, SMTP logs, and 3rd party intelligence
Created a database to track trends of abuse such as dictionary attacks, directory harvesting, and recidivism
Development automated processes to shutdown accounts with malicious/abusive activity
Conducted analysis of trending threats and how to mitigate those risk
Provided incident response for server compromises and other cases involving malicious intent

December 2010 - June 2012 | Morris Technology LLC

System Administrator - Development

Maintained production Linux and Windows servers in a virtualized environment for web applications that hosted over 40 different news sites
Wrote various scripts to automate labor intensive processes
Interfaced with customers to resolve various daily operational issues
Provided desktop support company wide
Added new email (exchange) accounts that synced with Postini
Added and organized users into Active directory
Added/Updated DNS records to correspond with company needs
Scaled application servers to adjust for the growing load

Summer 2009 | Briarwood Academy

Intern - IT Department

Participated in the creation of Linux based file servers
Used imaging servers to re-image an entire computer lab
Updated desktop machines; RAM and Operating System
Assisted in the architecture, creation, and migration of critical IT auxiliary services

Skills

OS's

Red Hat Enterprise Linux
Solaris
AIX
HP-UX
CentOS
Ubuntu
Mac OS X
Windows Server
Debian
Arch Linux

Languages

Bash
Python
Powershell
PowerCLI

Software

VMware vSphere
VMware View
Jenkins
Apache
MySQL
Microsoft Active Directory
Wireshark
Nginx
Git
Django
Tanium
Ansible

Virtualization

VMware vSphere/ESXi
KVM/Libvirt
Docker
Kubernetes

Monitoring

Solarwinds
Nagios
ScienceLogic SL1

Security Tools

NMAP
Nessus
Nexpose
Qualys
Metasploit
InsightDR
InsightVM

Protocols

TCP/UDP/IP
SSH/SCP/SFTP
DHCP
SMB/CIFS
SNMP
SMTP
DNS
SCP

IDS/IPS

Cloudflare
Cisco Firepower
FireEye NX/EX
BroIDS/Corelight
Darktrace
Vectra

Sandboxes

Cisco Threatgrid
FlareVM

Behavioral/AV

Exabeam
Cylance
Symantec
Sentinelone

Threat Intelligence

Anomali Threatstream
Threatconnect
Gerynoise

Projects

Scripts

Python scripts to automate common linux systems engineering tasks:
- Command Central
Denard.me - Blog to host technical guides on how to setup applications or systems:
- Denard.me
RSS concentrator for security and systems operations news
- Dashboard
LCrawl.com - API driven site to dynamically look at websites and detect possible malicious elements
- LCrawl
IPRep - API driven site to consolidate multiple IP reputation data sources into a single, fast lookup by a single IP or by CIDR. This site also keeps the first and last seen dates.
- IPRep

Professional

Wrote over 3500 lines of code to pre-process all user-reported phishing reports to cut triage time down to minutes or automatically close the report
Wrote custom SSL/TLS scanner to identify sites that had weak ciphers or no SSL/TLS implementation
Consolidated all phish reports and phish testing into a single view webpage in-order to identity groups or
Wrote scripting to interface with Nexpose scanners and label vulnerabilities for the respective departments to remediate
Wrote tests to make sure that internet available applications had proper IP whitelisting
Maintained visualization tools to show active attacks on internet exposed applications
Automated password cracking organization-wide (once a week) with Hashcat and Nvidia GTX 2080 to identify areas where password complexity was lacking which required writing a custom ESE database parser
Wrote PowerShell scripting to uninstall out-of-date versions of java cross all company owned workstations and servers
Implemented Jenkins server to manage all scripts across many build servers
Wrote scripts to keep java up-to-date on Linux systems
Wrote scripts to configure and secure SNMP using version 3 to properly monitor 2000+ systems
Wrote application to pull and parse vulnerability reports to auto report users with default passwords or insecure applications
Wrote web application for all of Corp IT and Developers to track remediation effort of vulnerabilities found during weekly scans
Consolidated all scanning data into one, central webpage to allow one to file tickets for remediation easily with respectable departments
Helped with the tuning of vulnerability scanners, resolved vulnerabilities, and assisted/guided other departments in the remediation of vulnerabilities to resolve more like 1 million vulnerabilities in a single quarter
Wrote scripting to change root password on 2000+ systems ranging from Solaris, HP-UX, AIX, and Linux based operating systems which saved 40 man-hours every 45 days
Wrote several python/Django applications for monitoring fraud and abuse statistics ranging from dictionary attack and directory mining to recidivism
Wrote perl/bash scripts to automate securing of abusive accounts
Wrote a web interface for an Ops Team Dashboard to monitor email queue for spikes in fraudulent activity
Implemented PXE Boot and TFTP server to remotely install XenServer for a rolling hypervisor upgrade for a cluster of servers running 40 high traffic news sites with minimal downtime
Implemented Zenoss Core Open Source IT Management monitoring software to monitor equipment corporate wide
Wrote bash scripts interfacing with Dell Open Manage for daily reports of hardware statuses and server disk space usage
Upgraded and expanded python web server cluster to newer operating systems for PCI compliance
Researched alternative software to replace Windows file servers with a Linux-based operating system
Researched monitoring systems for a transition to Nagios for improved secure monitoring of Linux machines over SSH
Trouble shot errors occurring from an expanding web infrastructure

Home Lab Projects

Virtualized pfSense firewall with multiple VLANS to isolate IoT devices, DMZ, and testing from regular endpoints
Graylog server for firewall logs, WIFI logs, speed test, and syslog from Linux machines
Used Ansible to create playbook to deploy, configure, update, and monitor VMs
Running a 2 node VMware vSphere cluster
Multiple versions of Windows Server Active Directory server to test out common domain exploits such as Mimikatz, DCSync, and Kerberoasting
Magic Mirror to display current weather data and twitter feed powered by a Raspberry Pi
DNS server for local domain, caching, and blocking of ads and malware domains
Git server to house custom code and scripts in version control
FreeNAS for backups
Password cracking build on Archlinux to fast parsing and cracking of password hashes
On-perm Kubernetes cluster to run honeypot servers re-deployed/re-built hourly from my gitlab server to experiment with a full CI/CD
Zeek to capture JA3s of network connections on local network