Ashley Taylor

Information security professional with over 17 years of technology experience. Defense, offense, and everything in between.

Skills

Architecture
  • Firewalls
  • SIEMS
  • IPS/IDS
  • Internet Security Gateways
  • Email Security Gateways
  • AV Systems
  • VPN
  • VNC
Languages, Operating Systems & Tools
  • Powershell
  • Python
  • git
  • Kali Linux
  • Debian Linux
  • Windows
  • HTML
  • CSS
Security Tools
  • Metasploit
  • Wireshark
  • Sparta
  • SearchDiggity
  • tcpdump
  • nmap
  • netcat
Security
  • Critical Controls
  • Incident Response
  • Security Policy Creation
  • Vulnerability Assessment and Remediation
  • Risk Assessment
  • Team Management
  • Project Management
  • Subject Matter Expert
Product Knowledge
  • Palo Alto Networks
  • Quest Kace
  • SonicWall
  • Netmotion Wireless
  • Barracuda Networks
  • Sophos
  • Kaspersky
  • VMware
  • Bomgar
  • Duo
  • Cisco Firepower
  • Symantec Web Security Services
  • Rapid7 Insight IDR, Insight VM, Insight OPS, and Insight Connect
  • Crowdstrike Falcon
  • Proofpoint Email Security Protection, Target Attack Protection, and Threat Response Auto-Pull
Other Skills
  • Software Automated Deployment
  • Public Speaking
  • Cybersecurity Education
  • Server Administration

Experience

Information Security Manager

Fortune 500 Company

Mentor security team members by conducting individual weekly one-on-one discussions and weekly group project discussions. Act as a liaison between security and other teams to develop collaborative solutions that meet organizational security initiatives. Improve incident response plan by formalizing documentation, automating processes, integrating security tools with ticket tracking system, and centrally locating incident response evidence collection. Lead incident responder during critical and high security incidents. Improve security team effectiveness by prioritizing projects, balancing workload, and managing team schedules. Support company values by taking part in committees for both security and non-security initiatives. Work with M365 product library to improve, combine, and simplify security solutions. Guide security awareness program by planning communications, creating report templates for leadership, and approving trainings/phishing campaigns. Conduct tabletop exercises for security team to practice playbooks for incident response. Assist with previous job duties as needed.

October 2020 - Present

Information Security Analyst III

Fortune 500 Company

Established new procedures for analyzing and responding to phishing and web proxy alerts. These job duties were then assigned to junior members of the team. Integrated security products with enterprise and open-source solutions to achieve better intelligence in a centralized platform. Improved vendor assessment process by creating an internal summary report for executive leadership. Created and tuned alerting and reports in multiple security tools including EDR, SIEM, IPS, email security gateway, and web proxy. Researched vulnerabilities and verified if vulnerabilities affected any production systems. Worked with other teams to remediate found vulnerabilities. Implemented new security tools and technologies by managing projects from initiation to completion. Tested information security tools using red team techniques to generate alerts or to test automation. Analyzed suspicious files to detect malicious activity.

January 2020 - October 2020

IT Security Officer

Local Government

Develop and maintain vulnerability management program, security policies, security infrastructure, endpoint security system, and end-user education program. Additionally, assist the networking/server administration teams and lead overall security initiatives. Major projects include updating all security policies, establishing a cybersecurity education program that includes simulated phishing, securely configuring web and email security gateways, auditing network environment and cleaning up unused accounts, and securing all possible internal websites with HTTPS.

November 2017 - December 2019

Public Safety Technical Support

Local Government

Maintained servers, network infrastructure, and a fleet of mobile devices for the public safety department. Additionally, developed security procedures and automated software distributions for the city. Major projects included two full mobile fleet replacements, establishing a complete remote support environment, and setting up and deploying a multi-factor authentication system for public safety mobile devices.

February 2008 - November 2017

Systems Administrator

Software Development Company

Maintained network infrastructure and server environment for a software development company. Responsibilities included setting up test servers in a wide variety of operating systems (Windows, Linux, Unix, and Solaris), maintain Apache webservers, maintain network infrastructure (modem, routers, switches, firewall, and email security gateway), build and maintain user systems, and maintain tape backups. A major project included establishing a new and secure software repository that could be accessed remotely by developers.

January 2007 - February 2008

Student Systems Administrator

University

Assisted the College of Engineering Information Technology team in providing support for the Center for Biofilm Engineering laboratories. A major project included replacing all computers in the student laboratory.

January 2006 - January 2007

Education

SANS Technology Institute

Masters of Science
Information Systems Engineering - Penetration Testing Focus
2018 - 2022

Montana State University

Bachelor of Science
General Business - Information Systems Management Option
2013 - 2017

Certifications

GIAC Python Coder

GPYC
Certified understanding of Python core programming concepts and the ability to write and analyze Python code. Certification covers knowledge of Python essentials (variable/math operations, strings, functions, compound statements), data structures, programming concepts, debugging, system arguments, argparser, and application development for pen testing like backdoors and SQL injection attacks.
2020 - Current

GIAC Penetration Tester

GPEN
Certified understanding of password attacks, password hash attacks, domain escalation techniques, persistence techniques, exploitation fundamentals, Kerberos attacks, Metasploit, data exfiltration, penetration testing planning, penetration testing with PowerShell and the Windows Command Line, scanning and host discovery, vulnerability scanning, reconnaissance, and web application injection attacks.
2019 - Current

GIAC Certified Incident Handler

GCIH
Certified understanding of detecting, responding and resolving computer security incidents. Certification covers knowledge of the steps of the incident handling process, detecting malicious applications and network activity, common attack techniques, detecting and analyzing system and network vulnerabilities, and continuous process improvement by discovering the root cause of incidents.
2019 - Current

GIAC Certified Intrusion Analyst

GCIA
Certified understanding of network monitoring, host monitoring, traffic analysis, and intrusion detection. Certification covers knowledge in traffic analysis, application protocols, Snort, Zeek, network traffic forensics, and network monitoring.
2020 - Current

GIAC Certified Project Manager

GCPM
Certified understanding of abilities critical to making projects successful including effective management of communications, time, costs, quality, procurements, and risks associated with information technology, security, and application development projects.
2019 - Current

GIAC Security Essentials

GSEC
Certified understanding of access control and password management, active defense, contingency planning, critical controls, cryptography, defense in depth, defensible network architecture, endpoint security, incident handling and response, risk management, Windows security, Linux security, log management & SIEM, malicious code and exploit mitigation, network device security, network security infrastructure, security policy, threat hunting, vulnerability management, web communication security, and wireless network security.
2018 - Current

SANS Security Awareness Professional

SSAP
Certified understanding on building mature security awareness programs. Certification covers knowledge in gaining leadership advocacy, effectively engaging across the organization, communication tools, sustaining a security awareness program, the five stages of the Security Awareness Maturity Model, measuring the impact of the security awareness program, and learning/behavioral/cultural theories and models to encourage behavior change.
2020 - Current

Organizations

Local Toastmasters Club

Secretary

May 2018 - Present

GIAC Advisory Board

Board Member

October 2018 - Present

Women's Society Cyberjutsu

Member

January 2019 - Present

Live Talks

Cybersecurity and Cloud Podcast

Discuss the information security community, hacktivism, incident response, social engineering, and keeping calm under pressure.
December 2020

The Many Hats Club Podcast

Discuss a variety of topics including SANS programs, business risk vs. technical risk, SWOT analysis, incident management, and the information security community.
October 2020

Cybersecurity and Business

Montana State University - Billings
Introducing cybersecurity in a business envrionment and explaining recent major breaches. We also discussed the various career opportunies that exist in cybersecurity.
March 2019
Nifty tech tag lists from Wouter Beeftink