Matthew Titcombe

Brought in as a consultant to conduct and oversee Penetration Testing and Vulnerability Scanning for publicly accessible network resources; wireless networks; publicly accessible applications; and, internal network penetration tests

Brought in as a consultant to conduct NIST SP 800-171 compliance assessments for Department of Defense contractors and then to facilitate the client’s remediation actions required to achieve compliance.
- Explained Information Security compliance requirements and responsibilities to Executive Leadership Teams
- Serve as the Contracted in Chief Information Security Officer (CISO) for multiple clients
- Identified and led the team responding to an Advanced Persistent Threat that had… Show more

Brought in as a consultant to conduct NIST SP 800-171 compliance assessments for Department of Defense contractors and then to facilitate the client’s remediation actions required to achieve compliance.
- Explained Information Security compliance requirements and responsibilities to Executive Leadership Teams
- Serve as the Contracted in Chief Information Security Officer (CISO) for multiple clients
- Identified and led the team responding to an Advanced Persistent Threat that had infiltrated a client’s network
- Architected client networks from no compliance to designs that met requirements using Cisco and Fortinet solutions
- Implemented Next-Generation Firewalls using Fortinet, Palo Alto, and Cisco to achieve compliance
- Implemented Vulnerability Management and Security Incident & Event Management solutions
- Performed Security Analyst functions reviewing SIEM outputs form multiple solutions
Show less

As a subcontractor to Razorthorn Inc., tasked to conduct a limited NIST CyberSecurity Framework Information Security assessment of Chesapeake Energy’s Microsoft Office 365 rollout and related Plans, Policies, and Procedures.
- Reviewed 26 Chesapeake Energy related documents, identified 45 specific findings, and provided recommendations

As a subcontractor to RazorThorn Inc., led the Information Security assessment team to conduct an ISO/IEC 27001 based assessment and penetration testing of PCORI in Washington DC.
- Successfully completed a complete assessment against ISO/IEC 27001 and multi-modal penetration testing
- Identified cultural & technical deficiencies; developed get-well actions to address shortfalls; drafted corporate policies to fill gaps; and, provided PCORI both a project plan and prioritized 1 year get… Show more

As a subcontractor to RazorThorn Inc., led the Information Security assessment team to conduct an ISO/IEC 27001 based assessment and penetration testing of PCORI in Washington DC.
- Successfully completed a complete assessment against ISO/IEC 27001 and multi-modal penetration testing
- Identified cultural & technical deficiencies; developed get-well actions to address shortfalls; drafted corporate policies to fill gaps; and, provided PCORI both a project plan and prioritized 1 year get well plan
- Developed Continuity of Operations Plan (COOP) and Incident Response Plan to fill PCORI gaps
- Educated and facilitated development of a Risk Management framework used by PCORI staff to assess 40+ risks’ probability and impacts. Facilitated the development of 20+ Risk Treatment Plans to reduce PCORI’s risk exposure
Briefed PCORI C-Suite on the Systems Security Assessment, deficiencies, and proposed recommendations Show less

As a subcontractor to WaveStrong Inc., tasked to design the ULA network segmentation architecture and implementation plan using virtualized Palo Alto (PA) firewall hardware clusters at four geographically dispersed datacenters.
- Evaluated the information and processes of 422 separate ULA applications that were mapped to 18 separate security zones
- Designed Palo Alto firewall policy governance process to ensure risk acceptance occurs at the appropriate level
- Analyzed 14+ GB of logs… Show more

As a subcontractor to WaveStrong Inc., tasked to design the ULA network segmentation architecture and implementation plan using virtualized Palo Alto (PA) firewall hardware clusters at four geographically dispersed datacenters.
- Evaluated the information and processes of 422 separate ULA applications that were mapped to 18 separate security zones
- Designed Palo Alto firewall policy governance process to ensure risk acceptance occurs at the appropriate level
- Analyzed 14+ GB of logs extracted from Splunk to identify 24.4 million unique communications traversing the firewalls
- Identified 580+ Palo Alto application signatures in use. Provided separate risk assessments for each of the 422 ULA Application and Palo Alto signature combination to ULA’s CISO for risk acceptance
- Developed 329K+ firewall rules for both as-is and to-be security zones that distilled down to 1900+ security policies
- Generated a project $3.2M cost and 12 man-year level of effort estimate for ULA to migrate their application to the new security zone architecture per ISO/IEC 27001 best practices
- Architected a secure solution for ULA to protect its launch sensitive SCADA equipment Show less

Tasked to document, assess, and recommend Information Security architecture designs to Sony’s datacenters as Sony refreshes their internal Checkpoint, Cisco, and Juniper firewalls to a new Checkpoint baseline.
- Reviewed 50+ internal firewalls and performance logs to provide Sony detailed architecture designs that led to the identification of multiple Information Security gaps in their design
- Recommended revisions to the current designs to include implementing both firewall and… Show more

Tasked to document, assess, and recommend Information Security architecture designs to Sony’s datacenters as Sony refreshes their internal Checkpoint, Cisco, and Juniper firewalls to a new Checkpoint baseline.
- Reviewed 50+ internal firewalls and performance logs to provide Sony detailed architecture designs that led to the identification of multiple Information Security gaps in their design
- Recommended revisions to the current designs to include implementing both firewall and end-point Intrusion Detection/Prevention Systems (IDS/IPS), architectural changes per Information Security best practices
- Oversaw successful rollout of the new architecture to Sony datacenters with minimal business impacts
- Guided Sony re-architecture efforts as Sony moved from internally hosted to hybrid in AWS & IBM Cloud
Show less

Led a workshop to facilitate CoP’s Information Security strategy and identify key strategic goals.

Facilitated development and fielding of CoP’s Data Loss Prevention solution using Digital Guardian.
- Engaged Information Security & Technology plus business subject matter experts to develop strategic Data Loss Prevention (DLP) implementation plan, key information flow processes, and alerting mechanisms
- Developed DLP monitoring processes for sensitive ConocoPhillips data types and… Show more

Led a workshop to facilitate CoP’s Information Security strategy and identify key strategic goals.

Facilitated development and fielding of CoP’s Data Loss Prevention solution using Digital Guardian.
- Engaged Information Security & Technology plus business subject matter experts to develop strategic Data Loss Prevention (DLP) implementation plan, key information flow processes, and alerting mechanisms
- Developed DLP monitoring processes for sensitive ConocoPhillips data types and rolled them out to production using the fielded Digital Guardian solution
- Supported migration to McAfee Total Protection for Data Loss Prevention (DLP) whe Digital Guardian had issues
Show less

Provided Information Security design guidance and oversight for the Munich Re’s implementation of Cisco Identity Services Engine (ISE) and micro-segmentation initiative. Identified critical vulnerabilities that were mitigated prior to implementation.