Profiles search
Medinet Lazo, CEH
Information Security Analyst at NetWest Consulting
Atlanta, GA, United States
Details
Experience:
• Thread modeling, design attacking vectors, and abuse test cases.
• Performing Penetration testing in Mobile and Web applications.
• Dynamic analysis : Using Burp, AppScan, ZAP, Frida instrumentation. Static analysis : Objection, adb, jadx, dex2jar, apktool, JD-GUI
• Documenting Reporting vulnerabilities based on NVD DB
• Providing support to developers based on technology used
• Continuous research of new vulnerabilities/exploits, new techniques, new tools
2019 : Present
netwest consulting
Information Security Analyst
• Performing Vulnerability Assessments and Penetration Testing in various applications using a set of guidelines based primarily on the Ethical Hacking methodology
• Testing and prioritizing OWASP top 10 and SANS top 25 vulnerabilities on Web Applications. Running tests with the highest privilege. Verifying Issues and improving Report accuracy.
• Using proxy tools such as Burp Suite Pro, AppScan, and WebInspect.
• Documenting and reporting the scope of each test, environment accessibility, user roles differences, out-of-scope items, and Green-zone times based on a well-defined SLA
• Documenting and reporting Abuse test cases in High-Risk functionalities, Thread Modeling, and the primary user stories. Explaining vulnerabilities at a technical level, and their possible exploits
• Providing recommendations for fixing or mitigating vulnerabilities based on specific environments, and using best-practices from OWASP, SANS, and CWE DB.
• Communicating in a systematic manner with clients, and internal teams. Collaborating, avoiding duplicate efforts, using cross information improving work efficiency and quality.
• Continuous research of new vulnerabilities/exploits, new techniques, new tools. Access to Safari Books Online, CBT Nuggets, Lynda dot com, and Pen Tester Academy
2017 : 2019
HackCheck Group
Information Security Analyst
• Performing Penetration testing in Mobile and Web applications.
• Dynamic analysis : Using Burp, AppScan, ZAP, Frida instrumentation. Static analysis : Objection, adb, jadx, dex2jar, apktool, JD-GUI
• Documenting Reporting vulnerabilities based on NVD DB
• Providing support to developers based on technology used
• Continuous research of new vulnerabilities/exploits, new techniques, new tools
2019 : Present
netwest consulting
Information Security Analyst
• Performing Vulnerability Assessments and Penetration Testing in various applications using a set of guidelines based primarily on the Ethical Hacking methodology
• Testing and prioritizing OWASP top 10 and SANS top 25 vulnerabilities on Web Applications. Running tests with the highest privilege. Verifying Issues and improving Report accuracy.
• Using proxy tools such as Burp Suite Pro, AppScan, and WebInspect.
• Documenting and reporting the scope of each test, environment accessibility, user roles differences, out-of-scope items, and Green-zone times based on a well-defined SLA
• Documenting and reporting Abuse test cases in High-Risk functionalities, Thread Modeling, and the primary user stories. Explaining vulnerabilities at a technical level, and their possible exploits
• Providing recommendations for fixing or mitigating vulnerabilities based on specific environments, and using best-practices from OWASP, SANS, and CWE DB.
• Communicating in a systematic manner with clients, and internal teams. Collaborating, avoiding duplicate efforts, using cross information improving work efficiency and quality.
• Continuous research of new vulnerabilities/exploits, new techniques, new tools. Access to Safari Books Online, CBT Nuggets, Lynda dot com, and Pen Tester Academy
2017 : 2019
HackCheck Group
Information Security Analyst
Company:
netwest consulting
About
Certified Ethical Hacker (CEH) with 3 years of hands on experience in Information System Security specializing in Vulnerability Assessment and Penetration Testing. With strong understanding of Ethical Hacking methodologies and resources such as OWASP, OSSTMM, and NVD. Highly motivated, bilingual professional with exceptional computer and communication skills. Accurate, energetic, organized, dedicated worker and adjust easily to new duties. Very creative, detail oriented & ability to work independently.
Profile Photo
