Todd Benson

Security Professional, Consultant, Manager, Instructor

Phoenix, AZ, United States

Details

Education: Bachelor's degree

Management

Grand Canyon University

1990 : 1992

Experience: Work with clients to analyze, evaluate, and enhance the effectiveness of their application security posture at procedural and technological levels. Use knowledge of current application security best practices and industry trends to lead the implementation of application security solutions for clients and support the clients in their desire to protect their business.

Provide technical leadership with respect to the development and execution of key application security service offerings, including : conducting assessments of applications (web, cloud, mobile) using range of manual and automated penetration testing and source code review techniques; performing security architecture reviews of applications in design and production phases; identifying potential threats and attacks to applications systems through threat modeling; identifying security recommendations and aligning them to appropriate risk ranking systems; evaluating, developing, enhancing and/or running application security programs for clients; conducting the above with a specific focus on DevSecOps.

Participate in market facing activities and developing thought leadership materials. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members.

2021 : Present

Ernst and Young

Manager, CyberSecurity Practice

Lead the classes for the program(s) according to each program’s specifically scheduled working days. Be available during designated office hours for student questions and other tasks as required for teaching the class. Ensure that the program runs effectively and oversee the quality of each class in order that students are consistently engaged and supported. Follow the course syllabus, lesson plans, and all required instructional materials to guide students’ learning. Complete all required training and development materials as required by the Company for the purposes of this role. Contribute to creating a culture of trust and inclusion during class.

2021 : 2022

2U

Adjunct Instructor

2019 : 2021

Smarsh

Security Engineering Manager

2018 : 2019

Smarsh

Senior Security Engineer

Work as part of the development team to identify and report security risk within applications and recommend possible remediation actions. Conduct regular security assessments against web application, web services, and mobile applications. Manage identified risk throughout the application life-cycle. Perform threat modeling during design and development phases to identify possible vulnerabilities and write stories to ensure necessary controls are in place. Perform static code analysis using automated tools. Present to the development team on security related topics, including vulnerability exploitation, security tools, and commonly found vulnerabilities.

• Created and maintained automated security tests within CI/CD pipelines for a number of projects.

• Implemented a security program covering the entire SDLC

• Created custom scripts and tests for automated security tests and audits

• Developed a security dashboard to report the current status of current security assessments

• Developed automated security checks for production systems

• Developed and managed the risk acceptance program for Digital Service’s vulnerabilities

• Developed documentation for the development team including design principles, and best security practices

• Developed templates for deliverables, including Security Assessment Reports

2015 : 2019

CSAA Insurance Group, a AAA Insurer

Security Anchor

Company: Ernst and Young

Years of Experience: 32

Spoken Language: English

Skills

Apache, Burp Suite, Computer Security, Databases, DHCP, DNS, Ethical Hacker, Information Security, Informix, Integration, JavaScript, Linux, Metasploit, Nessus, Network Administration, Networking, Network Security, Operating Systems, Penetration Testing, Program Management, RedHat, Red Hat Linux, Requirements Analysis, Risk Assessment, SDLC, Security, Security Management, Servers, Shell Scripting, Software Documentation, Software Installation, SQL, System Administration, System Architecture, TCP/IP, Technical Support, Telecommunications, Training, Troubleshooting, Unix, VMware, VMware ESX, VPN, Vulnerability Assessment, Vulnerability Scanning, WAN, Web Applications, Web Application Security, Web Application Security Assessment, Windows

About

A process-driven, versatile and service-focused individual with unique ability to manage expectations and ensure that security services meet both customer and contractual levels. Possesses a comprehensive understanding of best practice within the security industry with the ability to respond to and plan for the demands of a wide range of customers, also can effectively protect a company’s assets from various threats in line with any applicable legislation, regulation and relevant standards, also always uses appropriate language with members of the public and promotes excellence in customer satisfaction at every opportunity also a track record of giving security advice and protection that is both a credible deterrent to criminals, and an appropriate response to a business’s potential losses. Ability to assess a situation quickly and can use appropriate actions to diffuse confrontations.

Todd possesses an advanced understanding of information systems and information security concepts and principles. Todd works well independently and within a team, has excellent communication skills, possess in-depth knowledge related to IT systems, IT security assessments, and the ability to communicate complex technical issues in a simple manner, both written and verbal. Additionally, Todd has excellent organizational skills in order to schedule, track, and complete multiple tasks in a timely, effective, and efficient manner.