I am Andrew Bell!
Application Security Consultant
In engineering, without a good and proper design, almost any project is certain to have errors and failures. This is no different with IT and software engineering...and it is what I strive to fix and correct! My interests extend to learning about and providing both red and blue team network security as I feel they are both one side of the same (valuable) coin.
I really enjoy interacting with technology and new ideas, understanding how it is all meant to work, and then using that knowledge to subvert and/or better protect technology (depending on which team I'm playing for). I am a highly motivated, reliable, and independent engineer with a strong work ethic that can also work and collaborate well with others. Please read on to see if my skills and talents can meet your IT needs.
Profile
Full name
Andrew C. Bell
andrew.bell@andrewbydesign.com
PGP
Key Fingerprint: F1E4E83BDD4A1C338FF2C3496FB84A7939C6FAAB
Certifications
– (Expired July 2020)
Education
INFORMATION SECURITY AND FORENSICS
Rochester Institute of Technology (4 Years Course) - Start September 2010 - Graduation December 2013
Studied the discipline of IT Security with a focus on scripting languages, networking, systems administration and applied network security courses. Graduated with summa cum laude honors with a concentration in General Education. PFOS GPA: 3.9
GENERAL EDUCATION
Palm Beach State College (Dual Enrollment) - Start August 2009 - Graduation May 2010
In my High School senior year, I took classes at my local college which contributed to my college general education credits and helped me to complete my degree of study in 3 years.
WORK EXPERIENCE
Veracode
Application Security Consultant - June 2022 - Present
Be an application security expert and assist customers in understanding how to properly fix and address security flaws Veracode finds in their software. Educate dev teams on the importance and significance of issues Veracode reports on. Assist teams with properly preparing their application for a Veracode static scan to get optimal. actionable scan results. Partner with security teams at various public + private organizations to help them improve their SAST security programs.
Amazon.com
Security Engineer - April 2018 - Feb 2022
Developed new security detections for a centralized scanning framework which audit internal source code and application runtimes for identifiable, high-confidence security issues patterns and signatures. Ensured scan results stated the risk and issue in a consumable, flexible and simple format for development teams to review, triage and prioritize as part of their SDLC CI/CD pipelines. Static Analysis Detections were developed using Java language and regex pattern matchers. Ensured high fidelity rate of rules I developed (low false positive and low false negative rates) — where needed I have identified and proposed improvements to scanning strategy that can help make detections more accurate. Additionally, contributed dynamic application security checks for Amazon managed sites which reported on XSS, CSRF, and CSP misconfigurations. Dynamic Analysis Detections were developed using Python and Chrome webdriver. I helped contribute and influence development of internal and customer-facing rules and patterns to the AWS CodeGuru product, particularly rules which attempt to identify various instances and classes of credentials hardcoded into source code packages. Finally, I served as part of a general AppSec team rotation to field and address security review and design questions/concerns from our internal software development teams, making updates and additions to our security guidance and FAQs where appropriate.
Amazon Web Services
Application Security Engineer - July 2016 - April 2018
Internal application security design reviewer and adviser for AWS service teams. Perform Threat Model reviews of services and hold consultations to answer and give guidance to security focused design questions and patterns. Provide education and documentation of any commonly observed and well established security design patterns. Partnered with various AWS teams in order to encourage adoption of security mindset and identify developers who could best evangelize security practices for their team. Participate in on-call rotation to serve entry point consultation of any new incoming security questions and review requests.
FactSet Research Systems
Security Assurance Engineer - June 2013 - January 2016
As part of the internal IT security team, I performed white-hat security audits and penetrations testing for several internal applications, services, programs and systems. In addition, I contributed to the development and maintenance of plenty of internal team tools, frameworks, and workflows using the Python language. I’ve worked with a few vendor solutions such as the F5 Web Application Firewall/Load Balancer, Mavituna Netsparker/Rapid7 AppSpider Web Security Scanners, and Tenable Nessus system scanners.
MIT Lincoln Laboratory
IT Network Security Engineer Intern - June 2012 - August 2012
Worked with manager and senior engineers to PoC Riverbed WAN solutions to optimize laboratory WAN connections to various long-distance sites and cut negative factors such as latency and jitter. PoC’d the open source Snort IDS and documented findings as a suitable solution for the lab to use in monitoring network activity. Assisted senior engineers with cataloguing laboratory IT systems and servers using internal tracking tools.
United Lighting Sales
IT Support Part-Time - June 2011 - August 2011
Performed computer maintenance and served as support for the sales employees. Worked together with the manager in getting a functional network file share setup in a Windows environment.
SKILLS
Professional
-
Independence 95%
-
Dedication 95%
-
Logical 95%
-
Motivation 95%
-
Integrity 90%
Application Security
-
Web Application Penetration Testing 90%
-
Security Automation 90%
-
Software Security Policies and Best Practices 85%
-
Vulnerability Management 75%
-
Research 60%
Network Security
-
Scanners 95%
-
Web Application Firewall 85%
-
Incident Response 75%
-
Encryption 75%
-
SIEM 65%
IT Networking
-
TCP/IP 90%
-
Troubleshooting 85%
-
Load Balancers 65%
-
Routing/Switching 55%
-
SNMP 40%
System Administration
-
Documentation 95%
-
Scripting/Automation 90%
-
Linux 75%
-
Log Management (Syslog/Splunk/ElasticSearch) 70%
-
Windows 70%
Web Development
-
JSON/XML 85%
-
REST/SOAP 75%
-
Git/Heroku 80%
-
Web Servers (IIS/Apache/Gunicorn) 60%
-
Databases (MySQL/MSSQL/SQLite) 65%
Programming/Scripting
-
Python 85%
-
Java 75%
-
JavaScript 70%
-
Regular Expressions 90%
-
Ruby 25%
Interests
Video Games
Mostly a PC gamer on Steam (I’m one of those people who has a huge library of unplayed games that I got through Steam deals). Favorite genres are 1. RPGs, 2. Action/Adventure, 3. Platformers
Music
Mainly listening, though in my earlier years I did study and play the piano. Favorite genres are 1. Classical, 2. Game, 3. Electric.
Movies/TV
I like watching films/shows that are dramas, comedies or fantasy/sci-fi epics. Favorite movie is Amadeus. Favorite TV show is MST3K. I also enjoy watching cartoons and Japanese animation
Reading
I do enjoy reading the occasional work of fiction when I have the time. Favorite fiction genres are 1. Science Fiction, 2. Fantasy, 3. Mystery
Table Tennis
I play in a club every week. Matches get quite intense, lots of fun. I play with a longpips paddle.
Bicycling
Cycling along the beach, doesn’t get better than that.
Internet
And of course, simply surfing the Internet
Contact
SEND ME A MESSAGE
ADDRESS
PHONE
andrew.bell@andrewbydesign.com