Jared Haviland
Details
Information Systems and Cybersecurity
ITT Technical Institute-Corona
2012 : 2014
Associates of Science
Computer Network Systems
ITT Technical Institute-Corona
2010 : 2012
- Managing penetration testing engagements, including assigning tasks to personnel for specific engagements, compiling and reviewing deliverables, and engaging the client from kickoff to report review.
- Reviewing vulnerability scans and working with client IT groups to implement patches based on factors like impact, criticality, and ease of implementation.
- Performing assessments of current control structures to identify areas of improvement based on regulatory need, business impact, and best practice.
- Identifying key areas for improvement for our managed services and deploying solutions, like automated reporting for Red Team engagements and monthly managed SOC services.
2022 : Present
Critical Path Security
Information Security Officer
As a Senior Security Specialist, I handle many different aspects of the Enterprise InfoSec program. I directly help with various InfoSec initiatives and projects. This includes :
- Designing and implementing an Enterprise wide Vulnerability management program.
- Installing and helping to complete initial setup of a GRC platform.
- Developing new rules and fine tuning Enterprise SEIM platform.
- Perform review of Active Directory Security groups to ensure they conform to the least privilege best practice.
This is above the normal day-to-day duties which include :
- Active response for malicious emails, including blocking phishing sites and testing malware samples.
- Monitoring of alerts and status via SEIM platform.
- Performing user education on InfoSec matters.
- Handling tier-two and above support for incidents concerning InfoSec systems.
2017 : 2022
Loma Linda University Health
IS Security Specialist Sr
2017 : 2019
Critical Path Security
Senior Security Engineer
I was on contract through TEKsystems for the position I currently hold within Loma Linda University Health.
2016 : 2017
TEKsystems
Information Security Analyst
As part of the Advanced Security Center's Attack and Pen team, I was involved in Network Penetration Testing. The group conducts tailored Red Team services including external and internal attackers, with emphasis on stealth operations to avoid alerting client Blue Teams. Normal duties included :
- Search Whois registries, DNS records, and BGP records to find and validate target IP ranges.
- Footprint ranges passively using tools like Shodan and Censys.
- Port Scanning using nmap. Most scans were not default scans of IP ranges, but limited targeted ports combined with speed modifiers to reduce the chance of detection.
- Probing external resources looking for vulnerabilities like exposed server information, default admin consoles and default login credentials.
- Conduct password guessing attacks.
- Use compromised credentials for services like Citrix to breakout into the network.
- Perform vulnerability scanning and validate results using tools and techniques such as banner grabbing, sslscan, snmpwalk, and nmap scripts.
- Document findings with screen shots and other supporting evidence into detailed reports.
2016 : 2016
EY
Staff / Assistant at Advanced Security Center
Skills
Active Directory, Antivirus, Cloud Computing, Computer Hardware, Computer Repair, Computer Security, Customer Service, Disaster Recovery, DNS, Firewalls, Hardware, Help Desk Support, Information Security, Information Technology, LAN-WAN, Laptops, Leadership, Microsoft Exchange, Microsoft Office, Networking, Network Security, Operating Systems, Printers, Remote Desktop, Routers, Security, Software Installation, Switches, System Administration, Technical Support, Testing, Time Management, Training, Troubleshooting, Virtualization, VMware, VPN, Windows 7, Windows Server, Windows Vista, Windows XP, Wireless, Wireless Networking, Vehicles, Software Documentation, Computer Maintenance, Customer Satisfaction
About
Blue Team by profession, but Red Team at heart!
I am a dedicated Information Security Professional. I love the intricate problems that Cybersecurity offers because it is challenging and exciting. Everything is constantly changing and there is always something new to learn and do. I have a Bachelor's in Information Systems and Cybersecurity, and am really thankful that my degree program was geared toward InfoSec specifically, and touched on all the complexities of managing risks in the context of regulatory compliance, business needs, and best practices. That foundation has prepared me well for my current career path. Most InfoSec people come into the field from other areas, like Sys admins, or Network admins. I am uniquely dedicated to the security perspective.
I have worked as a Pen Tester, and my desire to do that work is what set me on the path I am on today. I love the challenge of picking away at someone's defenses. There really is nothing more thrilling than that moment in which you pop a system and realize you now have the control. As I have transitioned to the Defender's side, I have used my experience to better understand the risks my organization faces, and help determine where our priorities should be to best manage those risks. I currently work on various projects and support Loma Linda's Information Systems teams with insights and best practices to deploy and maintain secure systems.
Things I enjoy about my work:
- Helping others implement secure systems and business processes.
- Analyzing threat vectors and attack surfaces to determine defense-in-depth needs.
- Laughing at bad phishing attempts.
- Educating people on ways to help them stay safe in their day-to-day lives and work.
- Popping boxes!!!!!
Profile Photo
