Jason Wood

Experience

• 

  Move, Inc

  Jan 2000 - Jul 2003

  Worked as a high performing member of Homestore’s web application systems administration team. Primary systems administrator for homebuilder.com and was a key member of the infrastructure systems administration team. The infrastructure team was responsible for all ad serving, web caching, DNS, network attached storage, monitoring and load balancing systems.Key Achievements:• Was promoted from network operator to associate systems administrator within the first three months of employment.• Architected and implemented a backup system for Homestore’s first Storage Area Network (SAN) as my first project as an associate systems administrator.• Successfully migrated Homestore’s ad serving web farm to new servers, upgraded operating system and upgraded ad application with no down time. This ad farm was the source of 30% of the company’s revenue. Show less This is the same position as Move.com. Homestore later changed their name to Move.com.Worked as a high performing member of Homestore’s web application systems administration team. Primary systems administrator for homebuilder.com and was a key member of the infrastructure systems administration team. The infrastructure team was responsible for all ad serving, web caching, DNS, network attached storage, monitoring and load balancing systems.Key Achievements:• Was promoted from network operator to associate systems administrator within the first three months of employment.• Architected and implemented a backup system for Homestore’s first Storage Area Network (SAN) as my first project as an associate systems administrator.• Successfully migrated Homestore’s ad serving web farm to new servers, upgraded operating system and upgraded ad application with no down time. This ad farm was the source of 30% of the company’s revenue. Show less

  • Systems Administrator

    Jul 2000 - Jul 2003

  • Systems Administrator

    Jan 2000 - Jan 2003
• 

  Homestore.com/Move.com

  Jul 2000 - Jul 2003

  Systems Administrator

  Worked as a high performing member of Homestore’s web application systems administration team. Primary systems administrator for homebuilder.com and was a key member of the infrastructure systems administration team. The infrastructure team was responsible for all ad serving, web caching, DNS, network attached storage, monitoring and load balancing systems.Key Achievements:• Was promoted from network operator to associate systems administrator within the first three months of employment.• Architected and implemented a backup system for Homestore’s first Storage Area Network (SAN) as my first project as an associate systems administrator.• Successfully migrated Homestore’s ad serving web farm to new servers, upgraded operating system and upgraded ad application with no down time. This ad farm was the source of 30% of the company’s revenue. Show less

• 

  Interthinx is now First American Data & Analytics

  Aug 2003 - Dec 2005

  Sr. Systems Administrator

  Responsible for the administration of the systems responsible for more 90% of the company’s revenue. Implemented new monitoring capabilities to improve technology operations’ insights into application and network activity. Architected and implemented new infrastructure systems to improve mail filtering, security monitoring and network monitoring. Performed all monitoring and maintenance of production database systems.Key Achievements:• Discovered and resolved an issue with unsolicited emails being delivered into the company network and was consuming more than 75% of the available internet bandwidth.• Promoted from systems administrator to senior systems administrator. Show less

• 

  Edmunds

  Dec 2005 - Jul 2006

  Sr. Systems Administrator

  Recruited to become a member of the applications operations team to support Edmunds’ highly available web applications and product delivery system. Worked on call as the initial technical point of contact for all incidents. Performed all production code releases and conducted troubleshooting of any site related issues.Key Achievements:• Collaborated with development and software vendor to implement a new search engine for all Edmunds’ public facing applications.• Consolidated all scheduled tasks and cron jobs into a central scheduling manager that decreased the level of access required to production systems and audited all activity performed via the scheduling manager. Show less

• 

  Interthinx is now First American Data & Analytics

  Jul 2006 - Mar 2011

  Oversaw all security related activities and tasks for Interthinx; this included security testing, incident response, responding to audit requests, working with sales on the customer onboarding and due diligence process. Actively monitored all network and host security events, responded to suspicious activity and worked them through to resolution. Key member of software development projects by recommending security requirements, collaborating with developers on operational and security mechanisms, and supporting the projects from initial development to release and then maintenance. Authored security policies and procedures around encryption key management, change control, disaster recovery and the overall information security program.Key Achievements:• Collaborated with business and development groups to implement an authentication system using LDAP for Interthinx’s .Net web applications.• Implemented and monitored network and host intrusion detection systems using Snort, Proventia appliances and Tripwire.• Successfully supported the sales department’s efforts to onboard new clients by reviewing contracts, completing due diligence questionnaires, and interact with client auditors as they reviewed company controls and procedures.• Key member of the technology operations group in troubleshooting application and network issues, designing technical architectures and mentoring staff on systems administration and security. Show less Oversaw all security related activities and tasks for Interthinx; this included security testing, incident response, responding to audit requests, working with sales on the customer onboarding and due diligence process. Actively monitored all network and host security events, responded to suspicious activity and worked them through to resolution. Key member of software development projects by recommending security requirements, collaborating with developers on operational and security mechanisms, and supporting the projects from initial development to release and then maintenance. Authored security policies and procedures around encryption key management, change control, disaster recovery and the overall information security program.Key Achievements:• Collaborated with business and development groups to implement an authentication system using LDAP for Interthinx’s .Net web applications.• Implemented and monitored network and host intrusion detection systems using Snort, Proventia appliances and Tripwire.• Successfully supported the sales department’s efforts to onboard new clients by reviewing contracts, completing due diligence questionnaires, and interact with client auditors as they reviewed company controls and procedures.• Key member of the technology operations group in troubleshooting application and network issues, designing technical architectures and mentoring staff on systems administration and security. Show less

  • Security Engineer

    Jul 2006 - Mar 2011

  • Security Engineer

    Jul 2006 - Mar 2011
• 

  Tenable

  Mar 2011 - May 2012

  Instructor

  Instructed students on how to get the most out of their investments in Nessus and Security Center by using the products properly and efficiently. Worked as a key member of the team that developed Tenable’s on-demand, prerecorded training courses. Key Achievements:• Built and automated a new virtualized environment to be used for Security Center classes. This environment allowed students to learn how effectively use the Security Center suite in their organizations.• Automated the deployment of Security Center training environments and reduced the multi hour class preparation process to less than 15 minutes.• Simulated malicious activity inside the training environment so that students could perform analysis on real security events and research them back to the initial bad actor. Show less

• 

  Secure Ideas, LLC

  May 2012 - Oct 2016

  Principal Security Consultant

  Performed as a member of the executive management team as Secure Ideas more than doubled its size in a two-year period. Oversaw the team of senior security consultants and monitored their performance of security engagements for all clients. Performed penetration tests for clients in a wide range of industries; these client industries included critical infrastructure, financial, software development, and healthcare. Frequent speaker at national and regional conferences on security related topics; these presentations were a critical component of the company’s growth and revenue acquisition. Key member of the strategic planning team in the areas of consulting services, technology architecture, training services and marketing.Key Achievements:• Conducted and lead client interactions from the initial sales calls, needs analysis, proposal creation, project management and engagement completion.• Promoted to the leader of the senior consultants and managed this team of talented individuals who were responsible for the largest source of company revenue.• Wrote numerous technical reports on the results of penetration testing engagements that communicated the issues present in clients’ organizations, provided recommendations to address these issues and overall strategic guidance on their security posture.• Increased the public profile of Secure Ideas by speaking at conferences such as MIRcon, DerbyCon, SAINTCON, InfoSec World, OpenWest, and several Security BSides.• Authored and taught two courses on computer security while managing the consulting team and leading penetration testing engagements.• Researched technology trends and how they impacted information security. Show less

• 

  Paladin Security, L.L.C.

  Jun 2015 - now

  Founder and President

  Paladin Security is a company that I started actively working on in November of 2016. Paladin Sec performs security consulting and online training. If you need help from an experienced professional, please let me know! www.paladinsec.com

• 

  Bank of America

  Oct 2016 - Oct 2018

  Red Team - VP, Data Security Specialist (penetration testing)

  Worked as part of a team of highly skilled penetration testers to assess the risk that systems, applications and projects posed to bank operations. Performed ad-hoc and pre-planned penetration tests against critical systems. Self-directed professional working remotely with a distributed team.Key Achievements:• Completed critical assessments with short timeframes to assist other bank lines of business in addressing publicly released vulnerabilities in core technology.• Assessed and presented the risks posted by legacy technology and provided recommendations to compensate for security weaknesses in these systems. Show less

• 

  Security Weekly Productions

  Jan 2017 - Feb 2024

  Co-host for Security Weekly News

  I provide commentary every week on Security Weekly News about notable events in security, privacy, and other trends. Occasionally I'll show up on the the regular Security Weekly podcast.

• 

  CrowdStrike

  Oct 2018 - now

  Discover new and innovative methods of hunting adversary operations on a large scale Perform deep analysis of hands-on intrusions performed by threat actors, mapping tactics, techniques, and procedures to the MITRE ATT&CK Framework, and trending actor behaviors over time. Provide weekly written tactical intelligence products to internal and external customers. Research threat actor behaviors, developments in the security landscape, and present this information in presentations, written materials, and customer meetings. Hunted for hands on intrusions being performed by criminal threat actors.Triaged intrusion information and provided written communication to customers about the hosts, accounts, files, and commands executed by the threat actor.Collaborated with an incredible team of threat hunters to constantly improve threat hunting techniques and procedures.

  • Sr. Researcher CAO: OverWatch R&D

    Aug 2022 - now

  • Senior Intrusion Researcher: OverWatch Outreach team

    Feb 2020 - Aug 2022

  • Threat Hunter: OverWatch eCrime team

    Oct 2018 - Feb 2020