About Me…

Adrian Puente

Profile: SecDevOps – Senior Security Engineer

Experience

Salesforce Inc., San Francisco, CA

Senior Infrastructure Security Engineer                 01/2020 – Present

Medallia Inc, San Mateo, CA

Senior Security Engineer

04/2017 – 01/2020

  • Responsible of the technical infrastructure that supports the vulnerability management process for the last 4 years
  • Lead Engineer of the migration of the vulnerability scan infrastructure from Qualys into Nessus
  • Designed the architecture and performed the implementation of the Vulnerability Scanning infrastructure in Docker, VMware and AWS environments
  • Designed the architecture and implementation of the Log Monitoring system based in Splunk in AWS using Terraform and custom AMI images in CentOS customized with Hashicorp Packer
  • Worked very closely and on a daily basis with TPMs and the SRE team to provide evidence and respond to questions during the FEDRamp audits on the AWS GovCloud environment; I was responsible for performing gap analysis of the current implementation of the continuous monitoring and vulnerability scanning infrastructures based on the compliance requirements and provided technical solutions and implementation for the findings remediation
  • Create, maintain and update internal documentation; provide reports and evidence to auditors; responsible for operalization of the monthly reporting and security operation of our cloud infrastructure. Including documentation and training of the team
  • Design and creation of tools for automation and system synchronization purposes using Python and Bash scripts; responsible for maintaining the infrastructure that synchronizes Nessus findings and Jira issues
  • Lead several Jira projects, including the Vulnerability Management and the Continuous Monitoring systems for GovCloud

Security Engineer

01/2015 – 04/2017

  • Responsible for the security assessment and analysis of the present state of the company infrastructure and IT corporate systems; responsible of the vendor validation and security system selection to remediate security gaps, for example continuous monitoring of our cloud services
  • Assist with identifying, communicating, researching, evaluating and remediating errors, issues and risks; responsible for analyzing, aggregation and report of the vulnerabilities detected by Qualys and the follow up with the engineers remediating the issue
  • Engineering, securing, implementing, and managing security solutions like Qualys, SentinelOne, Jira and Microsoft Cloud Application Security
  • Identified opportunities to improve risk posture, designing security controls for remediating or mitigating risks and assessing the residual risk; worked directly with engineers and stakeholders to understand their needs and capabilities and provide the right remediation of their issue
  • Overview several security incidents including follow up with clients, employees and vendors; performed the security analysis and triage of the incident and provided solutions for containment; performed several "lessons learned" excises and created corporate policies to avoid future incidents

KPMG LLP, Houston, TX

Senior Associate

10/2014 – 01/2015

  • Staffed multiple internal and external penetration tests for commerce, medical, finance, energy, and major oil and gas companies in the U.S including activities such as wireless assessments, social engineering, reverse engineering and cryptanalysis
  • Created custom tools needed for testing; configured a virtual laboratory using virtual machines and procured licenses for Burp Suite, Qualys and Nessus for local and remote security assessment infrastructure
  • Issue comprehensive reports to clients that included testing results, recommendations and remediation controls and procedures
  • Designed and developed custom system using Linux and Perl to integrate a locally developed inventory system with Archer (eGRC tool) for an American multinational Internet corporation

Associate

01/2011 – 10/2014

  • Staffed multiple internal and external penetration tests for commerce, medical, finance, energy, and major oil and gas companies in the U.S including activities such as wireless assessments, social engineering, reverse engineering and cryptanalysis
  • Created custom tools needed for testing; configured a virtual laboratory using virtual machines and procured licenses for Burp Suite, Qualys and Nessus for local and remote security assessment infrastructure
  • Issue comprehensive reports to clients that included testing results, recommendations and remediation controls and procedures
  • Designed and developed custom system using Linux and Perl to integrate a locally developed inventory system with Archer (eGRC tool) for an American multinational Internet corporation

Sm4rt Security Services S.A. De C.V., Mexico City, Mexico

Lead Security Engineer

7/2009 – 12/2010

  • Lead multiple internal and external penetration tests for commerce, finance, banking, manufacturing, entertainment, and insurance companies in Mexico
  • Performed social engineering proof of concepts with local and remote access including phishing campaign and in house developed malware
  • Researched and implemented new hacking techniques, and presented to internal staff for later use during penetration testing
  • Orchestrated industrial espionage investigation in Argentina for the largest TV companies based in Mexico City
  • Led architecture design and implementation of secure file-sharing system on Red Hat Enterprise Linux for the Mexican branch for 1 of the largest mutual life-insurance companies in the U.S.
  • Designed architecture and led technical implementation of a secure network for critical enterprise operations at the largest Mexican food service company

Security Engineer

11/2006 – 7/2009

  • Conducted penetration testing for clients and performed HP-UX migration and system hardening for the largest Mexican appliance manufacturers in Mexico
  • Participated in an investigation fraud committed by IT Director and staff of a credit card payment processor entity
  • Designed and implemented the Sm4rt’s IT Infrastructure

Career Note: Details of early career success are available upon request during an interview and include:

IT Security Diploma Instructor, Instituto Tecnológico Autónomo de México, Mexico City  |  2006 – 2012

System Administrator, Instituto Tecnológico Autónomo de México, Mexico City  |  2003 – 2006

IT Support Manager, Turn Key S.A. De C.V., Mexico City  |  2001 – 2003

Education 

Instituto Tecnológico Autónomo de México

Bachelor of Science: Computer Science – Computer Engineer                2000 – 2007

Thesis: Red Segura para Operación Crítica Empresarial (Secure Network for Critical Enterprise Operations).

Diploma: IT Security Diploma – 2004.

Activities and Societies:

  • Represented the school in the ACM programming contest in 2005 and 2006
  • Performed my Social Service with AIESEC
  • Founder of the Linux community http://linux.itam.mx

Other Highlights

  • Authored the white paper on Proxy Bypass Using an SSL VPN
  • Speaker at Bugcon2010: Homemade Undetectable Malware (HUM)
  • Featured speaker at multiple conferences, lectures and workshops in universities in Mexico and the Bay Area
  • Owner of the blog: www.hackarandas.com

Languages

  • Spanish – native
  • English – fluent
  • Mandarin – basic

 

 

For more profesional information about me, please visit my LinkedIn Profile

 

Thanks.
Adrián Puente Z.

Share