Last active
March 14, 2021 16:42
-
-
Save kmcquade/03fd06e5cd295df4d31cfb9c41dc77e8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "basics": { | |
| "email": "kinnairdm@gmail.com", | |
| "image": "https://avatars.githubusercontent.com/u/3422255?s=400\u0026u=3aa6c1944134c93d3eb1500028e54826ce561f7f\u0026v=4", | |
| "label": "Lead Security Engineer", | |
| "location": { | |
| "city": "San Francisco", | |
| "countryCode": "US", | |
| "region": "California" | |
| }, | |
| "name": "Kinnaird McQuade", | |
| "profiles": [ | |
| { | |
| "network": "Twitter", | |
| "url": "https://twitter.com/kmcquade3", | |
| "username": "kmcquade3" | |
| }, | |
| { | |
| "network": "GitHub", | |
| "url": "https://github.com/kmcquade", | |
| "username": "kmcquade" | |
| } | |
| ], | |
| "summary": "I'm currently a Lead Security Engineer at Salesforce, where I lead and pioneer a variety of security initiatives, with a special focus in security automation, CI/CD, Cloud Security, and creating a better security experience for everyone, especially developers and operations. I love high-impact projects that can help buy down the most risk, embedding with teams on projects that prevent bugs from happening in the first place.", | |
| "website": "https://kmcquade.com" | |
| }, | |
| "education": [ | |
| { | |
| "area": "Cybersecurity", | |
| "endDate": "2016-12-31", | |
| "gpa": "3.8", | |
| "institution": "Marymount University", | |
| "startDate": "2015-08-01", | |
| "studyType": "Masters" | |
| }, | |
| { | |
| "area": "Information Technology", | |
| "endDate": "2015-08-01", | |
| "gpa": "3.9", | |
| "institution": "Marymount University", | |
| "startDate": "2013-09-01", | |
| "studyType": "Bachelors" | |
| } | |
| ], | |
| "interests": [ | |
| { | |
| "name": "Music" | |
| }, | |
| { | |
| "name": "Open Source" | |
| }, | |
| { | |
| "name": "Public Speaking" | |
| }, | |
| { | |
| "name": "Running" | |
| }, | |
| { | |
| "name": "Tennis" | |
| } | |
| ], | |
| "languages": [ | |
| { | |
| "fluency": "Native speaker", | |
| "language": "English" | |
| } | |
| ], | |
| "meta": { | |
| "theme": "keloran" | |
| }, | |
| "skills": [ | |
| { | |
| "keywords": [ | |
| "CI/CD Pipelines", | |
| "Threat Modeling", | |
| "Web App Penetration Testing" | |
| ], | |
| "name": "Application Security" | |
| }, | |
| { | |
| "keywords": [ | |
| "Composition Analysis", | |
| "Container Scanning", | |
| "DAST", | |
| "SAST", | |
| "Terraform Scans" | |
| ], | |
| "name": "AppSec Pipeline Automation" | |
| }, | |
| { | |
| "keywords": [ | |
| "AWS", | |
| "Azure" | |
| ], | |
| "name": "Cloud Providers" | |
| }, | |
| { | |
| "keywords": [ | |
| "Python", | |
| "Terraform", | |
| "VueJS" | |
| ], | |
| "name": "Coding" | |
| }, | |
| { | |
| "keywords": [ | |
| "Ansible", | |
| "AWS Lambda", | |
| "AWS SAM", | |
| "Docker", | |
| "GitHub Actions", | |
| "HashiCorp Vault", | |
| "Jenkins", | |
| "Packer", | |
| "Serverless Framework" | |
| ], | |
| "name": "DevOps Technologies" | |
| } | |
| ], | |
| "work": [ | |
| { | |
| "company": "Salesforce", | |
| "highlights": [ | |
| "Led Salesforce's Security Strategy for Microsoft Azure", | |
| "Enforced 300+ preventative guardrails in Microsoft Azure environment", | |
| "Published multiple open source AWS Security tools such as Policy Sentry, Cloudsplaining, Endgame, and aws-allowlister", | |
| "Pioneered Open Policy Agent (OPA) initiative at Salesforce for Terraform static analysis and security scanning", | |
| "Built AWS IAM Security Assessment automation that scans 100% of our AWS accounts", | |
| "Built AWS Service Control Policy (SCP) deployment and SCP exceptions mechanism", | |
| "Performed Threat Modeling activities" | |
| ], | |
| "location": "San Francisco, CA", | |
| "name": "Salesforce", | |
| "position": "Lead Security Engineer", | |
| "startDate": "2019-05-01", | |
| "summary": "Lead Engineer on the Redscar team - a cross-functional team of hackers, builders, and architects with an automation-first mentality. Embedded with teams on high impact projects to prevent systemic security issues. This requires a mix of threat modeling, security automation, targeted pentesting, consulting skills, evangelization, creativity, and a willingness to \"get your hands dirty.\"", | |
| "website": "https://salesforce.com" | |
| }, | |
| { | |
| "company": "Cigital, Inc. (a part of Synopsys)", | |
| "description": "Synopsys is a market leader in application security testing, penetration testing, architecture analysis, and security consulting.", | |
| "endDate": "2019-05-01", | |
| "highlights": [ | |
| "Built a Jenkins Shared Library that provided Automated AppSec Testing (DAST, SAST, SCA, report delivery, issue tracking, and metrics aggregation)", | |
| "Led Infrastructure as Code development projects with clients", | |
| "Led Cloud Security Maturity Action Plan projects with clients", | |
| "Increased team size from 7 consultants to 22 by driving internal training efforts", | |
| "Increased revenue from $1 million in 2017 to $3 million during first quarter of leadership" | |
| ], | |
| "location": "Sterling, VA", | |
| "name": "Cigital, Inc. (a part of Synopsys)", | |
| "position": "Interim Practice Lead (Cloud Security Practice)", | |
| "startDate": "2018-08-01", | |
| "summary": "After the previous practice lead left the company, served as Interim Practice Lead from August 2018 to May 2019. These leadership activities coincided with my responsibilities as a Senior Security Consultant, where I led billable technical projects for our clients.", | |
| "website": "https://www.synopsys.com/software-integrity.html" | |
| }, | |
| { | |
| "company": "Cigital, Inc. (a part of Synopsys)", | |
| "description": "Synopsys is a market leader in application security testing, penetration testing, architecture analysis, and security consulting.", | |
| "endDate": "2019-05-01", | |
| "highlights": [ | |
| "Built infrastructure as code (Terraform) blueprints for multiple clients with a security focus", | |
| "Built secure CI/CD Pipelines for application delivery and infrastructure deployment", | |
| "Built HashiCorp Vault deployment for a Fortune 500 company", | |
| "Built \"Secure Golden Image\" hardened to CIS, STIG, and company security standards", | |
| "Terraform, Packer, Ansible, and bash scripting", | |
| "Performed Threat Modeling and Security Architecture Reviews", | |
| "Performed Web App Penetration Testing", | |
| "Performed Cloud Security Reviews" | |
| ], | |
| "location": "Sterling, VA", | |
| "name": "Cigital, Inc. (a part of Synopsys)", | |
| "position": "Senior Security Consultant", | |
| "startDate": "2017-08-01", | |
| "summary": "Delivered technical engagements for clients, primarily Fortune 500 companies. Engagement types included Threat Modeling, Penetration Testing, Cloud Security Deep Dive reviews, and Cloud Secure Configuration Reviews.", | |
| "website": "https://www.synopsys.com/software-integrity.html" | |
| }, | |
| { | |
| "company": "Cigital, Inc.", | |
| "description": "Cigital was a software security managed services provider that offered services in application security testing, penetration testing, architecture analysis, and security consulting.", | |
| "endDate": "2017-10-01", | |
| "location": "Sterling, VA", | |
| "name": "Cigital, Inc.", | |
| "position": "Security Consultant", | |
| "startDate": "2015-09-01", | |
| "summary": "I performed Manual Web Application Penetration Testing, Threat Modeling reviews, Security Architecture assessments, and Secure Cloud Configuration Reviews.", | |
| "website": "https://www.synopsys.com/software-integrity.html" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment