Andrew Bell

Application Security Consultant

Andrew By Design

Download my Resume Send me a message

I am Andrew Bell!

Application Security Consultant

In engineering, without a good and proper design, almost any project is certain to have errors and failures. This is no different with IT and software engineering...and it is what I strive to fix and correct! My interests extend to learning about and providing both red and blue team network security as I feel they are both one side of the same (valuable) coin.

I really enjoy interacting with technology and new ideas, understanding how it is all meant to work, and then using that knowledge to subvert and/or better protect technology (depending on which team I'm playing for). I am a highly motivated, reliable, and independent engineer with a strong work ethic that can also work and collaborate well with others. Please read on to see if my skills and talents can meet your IT needs.



Profile

Full name

Andrew C. Bell 

E-Mail

andrew.bell@andrewbydesign.com

PGP

Key Fingerprint: F1E4E83BDD4A1C338FF2C3496FB84A7939C6FAAB

Certifications

CEH-logo– (Expired July 2020)

FIND ME ON

Education

INFORMATION SECURITY AND FORENSICS

Rochester Institute of Technology (4 Years Course) - Start September 2010 - Graduation December 2013

Studied the discipline of IT Security with a focus on scripting languages, networking, systems administration and applied network security courses. Graduated with summa cum laude honors with a concentration in General Education. PFOS GPA: 3.9

GENERAL EDUCATION

Palm Beach State College (Dual Enrollment) - Start August 2009 - Graduation May 2010

In my High School senior year, I took classes at my local college which contributed to my college general education credits and helped me to complete my degree of study in 3 years.

WORK EXPERIENCE

Veracode

Application Security Consultant - June 2022 - Present

Be an application security expert and assist customers in understanding how to properly fix and address security flaws Veracode finds in their software. Educate dev teams on the importance and significance of issues Veracode reports on. Assist teams with properly preparing their application for a Veracode static scan to get optimal. actionable scan results. Partner with security teams at various public + private organizations to help them improve their SAST security programs.

Amazon.com

Security Engineer - April 2018 - Feb 2022

Developed new security detections for a centralized scanning framework which audit internal source code and application runtimes for identifiable, high-confidence security issues patterns and signatures. Ensured scan results stated the risk and issue in a consumable, flexible and simple format for development teams to review, triage and prioritize as part of their SDLC CI/CD pipelines. Static Analysis Detections were developed using Java language and regex pattern matchers. Ensured high fidelity rate of rules I developed (low false positive and low false negative rates) — where needed I have identified and proposed improvements to scanning strategy that can help make detections more accurate. Additionally, contributed dynamic application security checks for Amazon managed sites which reported on XSS, CSRF, and CSP misconfigurations. Dynamic Analysis Detections were developed using Python and Chrome webdriver. I helped contribute and influence development of internal and customer-facing rules and patterns to the AWS CodeGuru product, particularly rules which attempt to identify various instances and classes of credentials hardcoded into source code packages. Finally, I served as part of a general AppSec team rotation to field and address security review and design questions/concerns from our internal software development teams, making updates and additions to our security guidance and FAQs where appropriate. 

Amazon Web Services

Application Security Engineer - July 2016 - April 2018

Internal application security design reviewer and adviser for AWS service teams. Perform Threat Model reviews of services and hold consultations to answer and give guidance to security focused design questions and patterns. Provide education and documentation of any commonly observed and well established security design patterns. Partnered with various AWS teams in order to encourage adoption of security mindset and identify developers who could best evangelize security practices for their team. Participate in on-call rotation to serve entry point consultation of any new incoming security questions and review requests.

FactSet Research Systems

Security Assurance Engineer - June 2013 - January 2016

As part of the internal IT security team, I performed white-hat security audits and penetrations testing for several internal applications, services, programs and systems. In addition, I contributed to the development and maintenance of plenty of internal team tools, frameworks, and workflows using the Python language. I’ve worked with a few vendor solutions such as the F5 Web Application Firewall/Load Balancer, Mavituna Netsparker/Rapid7 AppSpider Web Security Scanners, and Tenable Nessus system scanners.

MIT Lincoln Laboratory

IT Network Security Engineer Intern - June 2012 - August 2012

Worked with manager and senior engineers to PoC Riverbed WAN solutions to optimize laboratory WAN connections to various long-distance sites and cut negative factors such as latency and jitter. PoC’d the open source Snort IDS and documented findings as a suitable solution for the lab to use in monitoring network activity. Assisted senior engineers with cataloguing laboratory IT systems and servers using internal tracking tools.

United Lighting Sales

IT Support Part-Time - June 2011 - August 2011

Performed computer maintenance and served as support for the sales employees. Worked together with the manager in getting a functional network file share setup in a Windows environment.

SKILLS

Professional

  • 95% Complete
    Independence 95%
  • 95% Complete
    Dedication 95%
  • 95% Complete
    Logical 95%
  • 95% Complete
    Motivation 95%
  • 90% Complete
    Integrity 90%

Application Security

  • 90% Complete
    Web Application Penetration Testing 90%
  • 90% Complete
    Security Automation 90%
  • 85% Complete
    Software Security Policies and Best Practices 85%
  • 75% Complete
    Vulnerability Management 75%
  • 60% Complete
    Research 60%

Network Security

  • 95% Complete
    Scanners 95%
  • 85% Complete
    Web Application Firewall 85%
  • 75% Complete
    Incident Response 75%
  • 75% Complete
    Encryption 75%
  • 65% Complete
    SIEM 65%

IT Networking

  • 90% Complete
    TCP/IP 90%
  • 85% Complete
    Troubleshooting 85%
  • 65% Complete
    Load Balancers 65%
  • 55% Complete
    Routing/Switching 55%
  • 40% Complete
    SNMP 40%

System Administration

  • 95% Complete
    Documentation 95%
  • 90% Complete
    Scripting/Automation 90%
  • 75% Complete
    Linux 75%
  • 70% Complete
    Log Management (Syslog/Splunk/ElasticSearch) 70%
  • 70% Complete
    Windows 70%

Web Development

  • 85% Complete
    JSON/XML 85%
  • 75% Complete
    REST/SOAP 75%
  • 80% Complete
    Git/Heroku 80%
  • 60% Complete
    Web Servers (IIS/Apache/Gunicorn) 60%
  • 65% Complete
    Databases (MySQL/MSSQL/SQLite) 65%

Programming/Scripting

  • 85% Complete
    Python 85%
  • 75% Complete
    Java 75%
  • 70% Complete
    JavaScript 70%
  • 90% Complete
    Regular Expressions 90%
  • 25% Complete
    Ruby 25%

Interests

Video Games

Mostly a PC gamer on Steam (I’m one of those people who has a huge library of unplayed games that I got through Steam deals). Favorite genres are 1. RPGs, 2. Action/Adventure, 3. Platformers

Music

Mainly listening, though in my earlier years I did study and play the piano. Favorite genres are 1. Classical, 2. Game, 3. Electric.

Movies/TV

I like watching films/shows that are dramas, comedies or fantasy/sci-fi epics. Favorite movie is Amadeus. Favorite TV show is MST3K. I also enjoy watching cartoons and Japanese animation

Reading

I do enjoy reading the occasional work of fiction when I have the time. Favorite fiction genres are 1. Science Fiction, 2. Fantasy, 3. Mystery

Table Tennis

I play in a club every week. Matches get quite intense, lots of fun. I play with a longpips paddle.

Bicycling

Cycling along the beach, doesn’t get better than that.

Internet

And of course, simply surfing the Internet 

Contact

SEND ME A MESSAGE

    ADDRESS

    PHONE

    MAIL

    andrew.bell@andrewbydesign.com

    Thanks for Reading!

    You can’t go back and change the beginning, but you can start where you are and change the ending.

    C.S. Lewis