Carlton Brewster
Washington, DC 20037
Email: carltonbrewster@icloud.com LinkedIn: https://www.linkedin.com/in/carltonbrewster
Profile:
CISSP and CEH certified, experienced IT engineer with 15+ years in software development, cybersecurity, and project management in private and public sector companies.
Education and Key Certificates
Bachelor of Science in Computer Science – American University, Washington, DC
CISSP- 2019
CEH- 2023
AWS CCP 2023
Relevant Experience Summary
Cybersecurity (6+ years):
Certified Information Systems Security Professional (CISSP) (Obtained in 2019 and Renewed Every Year)
At HCL/Dell Technology I was the Security SME aka Security Champion responsible for system and product security including compliance with the White House Cybersecurity Executive Order for companies doing business with Federal Agencies.
Key member of the Product Security Incident Response Team PSIRT for both software and hardware.
Responsible for the Secure Software Development Lifecycle (SDL) in the company’s development teams. Extensive knowledge of security controls, standards, and best practices that must be followed throughout the development process to ensure the software is secure from the outset.
Performed quarterly product assessment using VSC Virtual Security Consultant tool.
Experience working as a Security Champion Specialist, Vulnerability Response Specialist, Security Research and Development professional and Secure SDL Specialist.
Comprehensive understanding of various aspects of Cybersecurity, including but not limited to security threats, vulnerabilities, and risk management.
Proficient with various tools essential to effectively manage and respond to vulnerabilities in computer systems and networks to ensure the safety and security of critical information assets. These include Nessus, Qualys, Nmap, Nexpose, OWASP ZAP, Burp Suite.
Addressing and correcting issues related to FISMA (Federal Information Security Modernization Act) and NIST 800-53 Security Control Audits.
Tasked and Responded to risk assessments based on NIST SP 800-30, 800-37, ISO 27001 and other Risk Management Framework (RMF) to provide information assurance, security policies and procedures.
Performing various security-related functions for the Government of the District of Columbia Tax and Revenue/Chief Financial Office Tax Compliance Division.
Software Development Experience (15+ Years):
Developing, testing, and deploying applications across a wide range of conventional programming languages: Java, C++, Python, and more.
Ensuring that all code is properly documented, tracked, and managed throughout the development process.
Maintaining version control systems for contract deployment.
Implementing best practices for version control, code reviews, and other quality assurance measures to ensure that all code meets the highest standards of quality and reliability.
Mastery in integrating off-the-shelf products with internal systems, ensuring that all software and systems can work seamlessly together to provide the best possible user experience.
Playing a leadership role in all phases of the software life cycle, from requirements gathering and design, to development, testing, and deployment.
Working closely with other developers, architects, and business analysts to identify requirements, design solutions, and implement integration strategies that meet the needs of the organization.
Working closely with cross-functional teams to ensure that all projects are completed on time, within budget, and to the highest standards of quality.
Presenting products and applications to business owners and senior management, demonstrating my ability to effectively communicate technical concepts to non-technical audiences.
Project Management (5+ years):
At the DC Chief Financial Office and through my work as an independent consultant, I was responsible for both monitoring their IT infrastructure for potentially malicious activities and managing complex projects. Performed security risk assessments of data flows in the companies. This involved working with different partners, different technologies, and in-depth understanding of business operations of those companies.
Professional Experience
Cyber Security Engineer
HCLTech / Dell Avamar – Remote October 2021 to June 2023
Used Blackduck for 3rd Party Open-Source Software Configuration Management and vulnerability tracking and remediation. Blackduck is a powerful tool that enables efficient management of open-source software, which is widely used in modern software development. With its comprehensive scanning and tracking features, Blackduck enables our team to quickly identify vulnerabilities and assess their impact, thereby enabling us to respond proactively to mitigate risks and prevent security breaches.
Used CheckmarX, a static code analysis tool, that focuses on identifying and remediating security vulnerabilities in software code. This tool is particularly useful in identifying code- level vulnerabilities that may not be visible to other scanning tools or security experts.
Used with Nessus and Qualys vulnerability scanners, which are powerful tools that enable comprehensive scanning and analysis of computer systems and networks. These tools enable us to identify and assess vulnerabilities in real-time, allowing us to respond quickly to potential threats and mitigate risks before they can be exploited by malicious actors.
Used Jira for issues management.
Investigated the root causes of reported CVEs to determine their real or false impact by working closely with other members of the team to analyze data, conduct research, and develop strategies for remediation.
Independent Consultant
Self-employed – Washington, DC January 2016 to October 2021
Developing Red team skills.
Received Elite Hacker designation after penetrating 84 systems in the Hacker-The-Box organization.
Reverse engineering malware.
Developed effective solutions to defend against cyber-attacks.
Implemented numerous pen-testing scripts in Python, Ruby, and Bash.
Determined indicator of compromise and root causes with Burp Suite, Zed Attack Proxy-Zap and Ghidra.
Utilized offensive/defensive techniques to prevent data loss.
Hardened hosts to reduce the risk of unauthorized access and minimize potential vulnerabilities.
Used Bash/Python for research, proof of concept and testing security posture and to find indicators of compromise.
DC Chief Financial Office – Washington, DC December 2008 to January 2015
Served as the sole senior IT specialist to the Tax and Revenue Division Director and provided crucial support in several key areas (financial reports, database analysis, and software management) to streamline operations and improve overall efficiency, enabling the Division to better serve the needs of the public.
Prepared financial reports and provided guidance on technology matters to the Director.
Performed database data analysis to support the Division's work.
Helped the Director's staff on various tech issues.
Played a key role in managing the Division's software systems, working closely with contractors to implement new systems and ensure that all software was up-to-date and functioning properly. This included running IRS data extraction reports for staff and performing ad-hoc reporting and investigations as needed.
Other Professional Experience:
Web Developer/Team Leader -Keane Federal System (US State Department) 1 year.
Senior Web & Database Developer – Advance Technology Systems (Department of Housing) 2 years.
Senior Software Developer – Chevy Chase Federal Savings Bank, 10 years
Languages and Skills:
English – Native
Spanish – Fluent
• Extract, Transform, Load (ETL)
• Python (6 years)
• Nmap (5 years)
• Metasploit (4 years)
• Burp Suite
• Linux (6 years)
• SQL (10+ years)
• GitHub(3 year)
• Information Security, Cybersecurity (5 year)
• JavaScript (4 years)
• Security Analysis (5 year)
• MySQL (10+ years)
• HTML5, XML, JSON (6 years)
• DNS, Network Firewall/Security (9 years)
• Business Requirements (5 years)
• Software Development (10+ years)
• Java (3 years)
• Docker, Vagrant, Kubernetes (3 years)
• AWS Compute Engine EC2
• KVM, VirtualBox, VMware (5 years)
• Penetration Testing (5 years)
• REST APIs (10+ years)
• C/C++ (5 years)
• Node.js (2 years)
• System Administration (6 years)
• Penetration Testing
• Vulnhub, HackTheBox, TryHackMe
• OWASP Zed Attack Proxy (ZAP) (2 years)
• Shell Scripting, Bash, PowerShell (10+ years)
• Ubuntu/Kali/Debian/SUSE/RHEL Linux (10 years)
• SSH/SSL/TLS
• AWS, Web Services
• Active Directory/LDAP (3 years)
• NIST standards
• AJAX
• Jira Issue & Project Tracking
• WAF, Firewall
• Continuous integration CI Jenkins
• Identity & access management
• Software testing
• Google Cloud Platform
• Perl Programming Language
• SDLC, Software Deployment
• DevOps
• Ruby
• PL/SQL, Oracle
• System Design
• PaaS/IaaS
• Project Management
• Scrum Agile Dev
• Cloud architecture
• System security
• Computer science
• Security Incident Response Team (IRT)
• RSA Authentication Manager
• SSO/Keycloak
• Cloud infrastructure
• TLS Certificate Authentication
• SIEM Event Management
• OpenAI/LLM/ChatGPT
• Root Cause Vulnerability research
• Computer forensics