www.zuccaro.me
Open in
urlscan Pro
23.167.32.37
Public Scan
URL:
https://www.zuccaro.me/about/
Submission: On November 16 via manual from US — Scanned from DE
Submission: On November 16 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form>
<input id="ghost-hunter-search-input" class="gh-search-bar" type="search" placeholder="Type to search">
</form>Text Content
Skip to content 🖥🦠Bryce Zuccaro Hacker, Instructor, Pizza Lover Hi! My name is Bryce, and I'm a professional red team operator based out of Colorado. I love ethically breaking companies for fun and providing the report for profit. * Home * Archive * Resume * Contact * * * GitHub * Home * Archive * Resume * Contact * * * GitHub RESUME JUMP TO: PDF Download Experience Education & Certifications Volunteer Work I am a passionate information security specialist with over 7 years of security focused experience. I have proven experience in both red team (offensive) and blue team (defensive) security as well as systems administration, networking, and secure systems architecture. My professional interests lies in performing adversarial simulations, in order to better inform my clients about their unique threat landscape. -------------------------------------------------------------------------------- EXPERIENCE OFFENSIVE OPERATOR, NELNET :: JULY 2019 -- PRESENT Internal penetration tester & red/purple teamer focused on ensuring Nelnet is secure above and beyond mere PCI compliance requirements. All tests are from nuts to soup, working with each relevant party to develop comprehensive rules of engagement and scoping per the business's desired needs, ending with a comprehensive findings report containing more than just vulnerability scan results. Test types include: * PCI required segmentation and penetration testing for multiple business units against both network and web based targets * Long term red team engagements with the goal of providing a more realistic view of Nelnet's security posture against real world Advanced Persistent Threats (APTs) * Social Engineering to determine training program effectiveness as well as enumerate risk from successful phishing * Application reverse engineering & testing against newly deployed products within Nelnet Additionally, I've spearheaded utilizing purple teaming techniques to improve SOC response to offensive tactics, techniques, and procedures commonly used by us and other APTs via: * Implementation of atomic testing to measure SOC response against MITRE's ATT&CK TTP framework * Assisting the SOC in tuning and improving visibility throughout Nelnet's environment * Assisting interested business units in implementing automated adversary emulation against their particular security concerns ADJUNCT PROFESSOR, COMMUNITY COLLEGE OF AURORA :: AUGUST 2019 -- PRESENT Adjunct Professor at the Community College of Aurora (CCA) in charge of teaching: * CIS 128 - Introduction to Operating Systems: Focus on teaching students to first start troubleshooting operating systems * CNG 132 - Network Security Fundamentals: Security + preparation course * CNG 142 - Intro to Cloud Computing: Cloud+ preparation course * CNG 223 - Linux: Linux+ preparation course * CNG 256 - Vulnerability Assessment I: This is a course I have totally rewritten as a survey of basic penetration testing, while also including the core goals of vulnerability assessment techniques and goals. In addition to teaching these courses, I also have created a 12 host ESXi cluster, enabling CCA to provide students without their own computer capable of virtualization ample hardware to participate in workshops and classes with a virtualization requirement. This cluster is fully managed by VMware vCenter, allowing for the advanced clustering features vCenter provides. I personally have used this environment for implementing additional hands on content for students in support of my own classes. ADJUNCT PROFESSOR, RED ROCKS COMMUNITY COLLEGE :: AUGUST 2021 -- PRESENT Adjunct Professor at Red Rocks Community College (RRCC) in charge of teaching: * CNG 256 - Vulnerability Assessment I: This is a course I have totally rewritten as a survey of basic penetration testing, while also including the core goals of vulnerability assessment techniques and goals. SR. INFORMATION SECURITY ENGINEER, CENTURYLINK (VIA AQUISITION) :: MARCH 2018 -- JULY 2019 * Deployed SaltStack to automate the monthly update tasks of 100+ Linux servers. * Performed systems administration duties on Linux & Windows servers when automation would not be feasible. * Helped manage vulnerability assessment for a 20,000 + endpoint PCI environment. Tasks included: ➢ Managed results in RiskSense from daily scanning of over 20,000 endpoints per quarter. ➢ Reached out to relevant stakeholders to ensure vulnerabilities are patched in a timely manner. ➢ Lead an initiative to migrate to a new PCI ASV vendor to improve workflow and reduce cost. * Assisted and performed penetration testing on web applications & network infrastructure. SECURITY OPERATIONS ENGINEER, LEVEL 3 :: FEBRUARY 2017 -- FEBRUARY 2018 * Managed enterprise firewall infrastructure in regards to policies and vpn configuration. * Enforced segmentation network policy for maintenance and creation of new firewall rules across the network. * Migrated firewall configurations between different platforms. * Responded to potential intrusion incidents using standard threat detection platforms. * Handled log management, backtracking user command input to determine outage causes. * Worked closely with the Security Operations Center to train them in new responsibilities. * Continued to develop simple python based tools to speed up day to day tasks. SECURITY TECHNICIAN I & II, LEVEL 3 :: FEBRUARY 2015 -- FEBRUARY 2017 * Analyzed packet captures to perform troubleshooting for network connectivity and DDoS issues. * Mitigated DoS attacks within a strict 15 minute SLA using null routes, ACLs, and heuristic filtering. * Managed edge firewall devices on behalf of customers to enable connectivity for their networks in regards to policy, NAT, web filtering, and UTM services. * Troubleshot IPsec & SSL VPNs and rules in edge firewall devices. * Automated tedious or time consuming tasks using Python. * Automated creation of ACLs for Juniper and Alcatel routers. * Automated searching our firewall config backups to search for customer firewalls. -------------------------------------------------------------------------------- EDUCATION & CERTIFICATIONS COLORADO STATE UNIVERSITY, BS COMPUTER INFORMATION SYSTEMS 2013 CERTIFICATIONS * Certified Red Team Operator - Issuer: Zero Point Security Badgr Badge -------------------------------------------------------------------------------- VOLUNTEER WORK DERPCON CO-FOUNDER :: 2020 Helped to create Derpcon, an online virtual security conference focused on Denver Enterprise Risk Professionals (DERPs). This involved planning, marketing, and culminated in acting as host for one of our three speaker channels. At the conclusion of the conference, we managed to raise and donate over $20,000 to the CO COVID fund, the official COVID charity run by the state of Colorado. Official Derpcon Website ROCKY MOUNTAIN CYBER COLLEGIATE DEFENSE COMPETITION (RMCCDC) RED TEAM :: 2020 - 2021 Red team member in yearly collegiate cyber challenge. We are pitted against students tasked to defend a network, while simultaneously performing extra tasks as handed down by the white cell (organizers). Red team members sole goal is to throw as many wrenches in the student's plans as possible. US CYBER CHALLENGE VTA :: 2021 -------------------------------------------------------------------------------- CTFS & OTHER ACCOMPLISHMENTS SANS NETWARS WINNER Have competed in and won multiple NetWars competitions, including: * 3x NetWars Core, including once at Tournament of Champions * 1x NetWars Defense v2 * 1x NetWars DFIR * Home· * Archive· * Resume· * blog@zuccaro.me· © 2023 🖥🦠Bryce Zuccaro SEARCH