forked from digitalocean/sample-html
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
359 lines (353 loc) · 18.6 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
<!DOCTYPE html>
<html lang="en">
<head>
<title>Ian Norden</title>
<!-- Meta -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="favicon.ico">
<!-- Global CSS -->
<link rel="stylesheet" href="assets/plugins/bootstrap/css/bootstrap.min.css">
<!-- Plugins CSS -->
<link rel="stylesheet" href="assets/plugins/font-awesome/css/font-awesome.css">
<!-- Theme CSS -->
<link id="theme-style" rel="stylesheet" href="assets/css/styles.css">
</head>
<body>
<div class="wrapper">
<div class="sidebar-wrapper">
<div class="profile-container">
<img class="profile" src="assets/images/profile.webp" alt="Ian" />
<h1 class="name">Ian C. Norden</h1>
<h3 class="tagline">Manager, CloudSec</h3>
</br>
<i class="fa fa-download"></i>
<a href="https://iancnorden.com/assets/resume/iancnorden_res.pdf" target="_blank">PDF resume</a>
</div>
<!--//profile-container-->
<div class="contact-container container-block">
<ul class="list-unstyled contact-list">
<li class="">
<i class="fa fa-map-marker"></i>Remote, Colorado</li>
<li class="email">
<i class="fa fa-envelope"></i>
<a href="mailto: [email protected]">iancnorden_jobs <br>[@]protonmail.com</a>
</li>
<li class="website">
<i class="fa fa-globe"></i>
<a href="https://iancnorden.com" target="_blank">iancnorden.com</a>
</li>
<li class="linkedin">
<i class="fa fa-linkedin"></i>
<a href="https://www.linkedin.com/in/iancnorden" target="_blank">linkedin.com/iancnorden</a>
</li>
<li class="github">
<i class="fa fa-github"></i>
<a href="https://github.com/iancnorden" target="_blank">github.com/iancnorden</a>
</li>
</ul>
</div>
<!--//contact-container-->
<div class="education-container container-block">
<h2 class="container-block-title">Education</h2>
<div class="item">
<h4 class="degree">BS, Information Technology; </br> Data Center & Network</h4>
<h5 class="meta">Georgia Southern University</h5>
<div class="time">2007 - 2011</div>
</div>
<!--//item-->
</div>
<!--//education-container-->
<div class="languages-container container-block">
<h2 class="container-block-title">Languages</h2>
<ul class="list-unstyled interests-list">
<li>English
<span class="lang-desc">(Native)</span>
</li>
<li>Python
<span class="lang-desc">(~3.8 / 2.7)</span>
</li>
</ul>
</div>
<!--//Interests-->
<div class="interests-container container-block">
<h2 class="container-block-title">Homelab Progress</h2>
<ul class="list-unstyled interests-list">
<li>Edge Routing w/ OpnSense</li>
<li>Proxmox VM Deployments</li>
<li>Rancher Container Test Range</li>
<li>TrueNas RaidZ2</li>
<li>Pentest Lab</li>
<li>OS of the Month: PopOS</li>
</div>
<!--//Interests-->
<!--//Books-->
<div class="interests-container container-block">
<h2 class="container-block-title">Recent and Recommended:</h2>
<ul class="list-unstyled interests-list">
<li><a href="https://www.goodreads.com/book/show/170448.Animal_Farm">Current Ebook: Animal Farm</a></li>
<li><a href="https://www.goodreads.com/series/56399-the-expanse">Audiobook: The Expanse Series</a></li>
<li><a href="https://www.goodreads.com/book/show/22816087-seveneves">Seveneves</a></li>
<li><a href="https://www.goodreads.com/book/show/26893707-eccentric-orbits">Eccentric Orbits</a></li>
<li><a href="https://www.goodreads.com/book/show/34928122-artemis">Artemis</a></li>
</div>
<!--//Books-->
</ul>
</div>
<!--//sidebar-wrapper-->
<div class="main-wrapper">
<section class="section summary-section">
<h2 class="section-title">
<i class="fa fa-user"></i>Profile</h2>
<p>I'm
<b>Ian Norden</b>. I enjoy tackling projects by building secure solutions directly into SDLC pipelines, such as SAST/DAST/SCA (secure app delivery), container assurance, and cloud posture management systems which include far-left IAC Scanners. <br> <br>
I focus primarily within Cloud and Application Security teams, both helping to build and lead each. My efforts are always flavored by a Red Team first mentality. I find joy in steering away from manual, repetitive work, while investing in quality automation thru Python (3.x). <br><br>
I've introduced foundational change to lead AppSec, was the first member of Red Team, and am now building the CloudSec team at <a href="https://www.theice.com/index">Intercontinental Exchange(NYSE: ICE)</a>, a leading network of regulated exchanges and clearinghouses for financial and commodity markets.</p>
<div class="summary">
</div>
<!--//summary-->
</section>
<!--//section-->
<section class="section experiences-section">
<h2 class="section-title">
<i class="fa fa-briefcase"></i>Experience</h2>
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Manager - Cloud Security</h3>
<div class="time">Mar 2020 - Present </div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.theice.com/index">Intercontinental Exchange (NYSE: ICE)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Building the CloudSec team at ICE, starting with one engineer and scaling to four. Continued focus in controls alignment and architecture bringing on-prem requirements to cloud contexts. From bring your own key requirements, to default S3 bucket encryption, to our root 2FA strategy, my teams are fundamentally responsible for the security estate of our cloud. We focus on enablement through posture management tooling, use-cases for container security services, and bring POCs through solution delivery. Introduced golden ami project, logging standardization for cloud, Azure and GCP Landing Zone Security Architect. Responsible for M&A alignement initiatives, coordinating first thirty days through security assurance tasks.
</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Senior Security Engineer - Application Security</h3>
<div class="time">Sep 2018 - Mar 2020</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.theice.com/index">Intercontinental Exchange (NYSE: ICE)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Returned to the App Security team to help resolve lingering talent acquisition gaps. Returned to lead and own the ICE Bug Bounty program and automating its findings pipeline. Introduced applog standards to support Cyber DFIR team, building automation requirements to auto-detect known apps to their respective Splunk logs once forwarded, validating continuous applog pipeline. Broadened the AppSec team's capability to risk assess Cloud SAAS deployments, and improve standards aligning Vendor Management and GRC teams. Started ICE's initial CloudSec assessments for Lambda use supporting ephemeral compute in AWS.
</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Senior Security Engineer - Red Team</h3>
<div class="time">Mar 2017 - Sep 2018</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.theice.com/index">Intercontinental Exchange (NYSE: ICE)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Recognized as a leader within InfoSec at ICE promoted to Senior level. Owned the buildout and maintenance of vulnerability scanning program. Leading most initiatives to create automated solutions through a Python automation project bringing together disparate InfoSec teams, tools, and solving manual processes. Architecting and implementating an always-on security controls testing platform, Verodin. Considered the ICE subject matter expert on TLS implementations and the internal crypto policy owner. Regularly develop and publish TLS cookbooks internally for standardization. Developed config standards for SSH and SFTP servers throughout ICE.
</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Security Engineer - Red Team</h3>
<div class="time">May 2016 - Mar 2017</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.theice.com/index">Intercontinental Exchange (NYSE: ICE)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Challenged as the first member of the Red Team to build a platform for penetration testing and scenario developement dors for automating Red Team scenarios, building networks and infrastructure for penetration testing. Managing numerous penetration testing vendors, executing against policy and best practices. Pursuing OSCP Certification. Developing a platform for automated assessment of SSH / SFTP configuration hardening to expand on the TLS / dashboard dev project. Own and manage the Bug Bounty platform.</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Security Engineer - Application Security</h3>
<div class="time">Mar 2016 - May 2016</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.theice.com/index">Intercontinental Exchange (NYSE: ICE)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Created first hardening and configuration guidelines. Key resource in producing proof of concepts for improving password hashing standards. Continued aggressive expansion of the vulnerability scanning platforms. Developed a proof of concept HTML based Pentest Report Generation tool. Key automation resource for scripting heavy lift tasks from other InfoSec teams. Key resource in overhaul of vulenrability scanning policies. Built pentest produced POC's for internal use.</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Security Analyst - Application Security</h3>
<div class="time">Mar 2015 - Mar 2016</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.theice.com/index">Intercontinental Exchange (NYSE: ICE)</a>
</div>
</div>
<!--//meta-->
<div class="details">
<p>On day one, challenged to overhaul, expand, and own the entire infrastructure vulnerability assessment platform. Expert technical resource for SSL / TLS hardening, created automated platform for scanning TLS configurations throughout the enterprise (inspired my personal SSLDash project). Wrote the vulnerability assessment policies and procedures. Coordinated numerous penetration tests of ICE web and thick client applications. Championed the AppSec Web App Dashboard project to automate clunky metrics, reduce human error, and enhance AppSec assessment capabilities using Python / Django. Lead resource in implementing Bug Bounty program.</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Senior Security Engineer - Professional Services</h3>
<div class="time">Jan 2015 - Mar 2015</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.earthlink.com/">Earthlink (now Windstream)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Lead role and customer advocate within the Security Professional Services. Lead on all customer engagements and a key technical resource for major sales engineering efforts. Performed numerous penetration testing scenarios and assessments. Overhauled reports to integrate with new toolsets and align with industry best practices. Re-engineered the Network Professional Services assessment infrastructure.</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Security Engineer - Professional Services</h3>
<div class="time">Nov 2014 - Jan 2015</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.earthlink.com/">Earthlink (now Windstream)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Built a new team and infrastructure within the Security Professional Services organization. Expanded and strengthened our vendor management functions for backfill on special tests coordinating numerous testers. Rewrote the penetration testing policies and procedures in a customer facing function. Planned an overhaul of all capabilities within the organization.</p>
</div>
<!--//details-->
</div>
<!--//item-->
<div class="item">
<div class="meta">
<div class="upper-row">
<h3 class="job-title">Security Analyst I & II - Enterprise InfoSec</h3>
<div class="time">Jan 2012 - Sept 2013</div>
</div>
<!--//upper-row-->
<div class="company"><a href="https://www.earthlink.com/">Earthlink (now Windstream)</a></div>
</div>
<!--//meta-->
<div class="details">
<p>Part of a broad InfoSec team coordinating DFIR investigation, SIEM alert response, and vulnerability management. Grew vulnerability assessment to pre-production infrastructure. Lead resource for knowledgebase documentation. Lead for mentoring and training new team members through Analyst II.</p>
</div>
<!--//details-->
</div>
<!--//item-->
</section>
<!--//section-->
<section class="section projects-section">
<h2 class="section-title">
<i class="fa fa-archive"></i>Projects</h2>
<div class="item">
<!--//item-->
<span class="project-title">
<a href="https://github.com/iancnorden/Resume-Site">My Resume Site</a>
</span> :
<span class="project-tagline">
</br>This website, backed up thanks to Github. </span>
</span>
</div>
<!--//item-->
<div class="item">
<span class="project-title">
<a href="https://github.com/berzerk0/Probable-Wordlists">Probable Word-lists</a>
</span> :
<span class="project-tagline">
</br>I earned an attribution shout out for helping provide some lift (CPU @ homelab and bandwidth) to apply some better sort filtering in the early days. </span>
</div>
<!--//item-->
<div class="item">
<span class="project-title">
<a href="https://github.com/leebaird/discover">Discover Scripts</a>
</span> :
<span class="project-tagline">
</br>Trusted contributor to this OSINT and pentest automation resource.</span>
</div>
<!--//item-->
<div class="item">
<span class="project-title">
<a href="http://distroseed.github.io/distroseed/">DistroSeed</a>
</span> :
<span class="project-tagline">
</br>I co-founded this open source project which is an automated assistant for finding, downloading, and managing Linux Distributions. Trying to solve the "what can I contibute to with just bandwidth and a spare PC"
</span>
</div>
<!--//item-->
<div class="item">
<span class="project-title">
<a href="#">SSLDash</a>
</span> :
<span class="project-tagline">
</br>Beautiful dashboard for automated scanning, grading, and reporting on SSL / TLS strength for websites. <i>Homelab style project to be open sourced.</i>
</span>
</div>
<!--//item-->
<div class="item">
<span class="project-title">
<a href="https://github.com/PaulSec/awesome-sec-talks">Awesome-Sec-Talks</a>
</span> :
<span class="project-tagline">
</br>I regularly contribute to this well maintained security talks and conferences reference.</span>
</div>
<!--//item-->
<div class="item">
<span class="project-title">
<a href="#">"Home Lab" +Dashboard</a>
</span> :
<span class="project-tagline">
</br>This homelab project will integrate each of my disparate VM's web interfaces, manage backups, and handle monitoring all in one concise web frontend (name to be improved).</span>
</div>
<!--//item-->
</section>
<!--//section-->
</div>
</section>
<!--//skills-section-->
</div>
<!--//item-->
</div>
<!--//main-body-->
</div>
<footer class="footer">
<div class="text-center">
<small class="copyright">Licensed use under the Creative Commons Attribution 3.0 License</small>
</br>
<small class="copyright">Theme by Xiaoying Riley </small>
</div>
<!--//container-->
</footer>
<!--//footer-->
<!-- Javascript -->
<script type="text/javascript" src="assets/plugins/jquery-1.11.3.min.js"></script>
<script type="text/javascript" src="assets/plugins/bootstrap/js/bootstrap.min.js"></script>
<!-- custom js -->
<script type="text/javascript" src="assets/js/main.js"></script>
</body>
</html>