Hi, I'm Ian Norden. Security guy to the core, I enjoy tinkering with web interfaces and tackling steep challenges. I am a high energy individual and passionate fighter for building towards automating the boring stuff. I am currently building out a new Red Team at Intercontinental Exchange (NYSE: ICE) , the leading network of regulated exchanges and clearinghouses for financial and commodity markets.
Recognized as a leader within InfoSec at ICE. Own and maintain all facets of the vulnerability scanning architecture. Own and maintain Red Team architecture within AWS. Executing on major initiatives to support automation efforts through a Python / Django dashboard linking many disparate toolsets. Overhauling and implementing an always-on security controls testing platform. Pursuing OSCP Certification. Considered expert in TLS implementation hardening and regularly publishes TLS configuration standards internally. Developing configuration standards for SSH and SFTP servers throughout ICE.
Challenged as the first member of the Red Team to build a platform for penetration testing and scenario developement for internal execution. Assessing vendors for automating Red Team scenarios, building networks and infrastructure for penetration testing. Managing numerous penetration testing vendors, executing against policy and best practices. Pursuing OSCP Certification. Developing a platform for automated assessment of SSH / SFTP configuration hardening to expand on the TLS / dashboard dev project. Own and manage the Bug Bounty platform.
Created first hardening and configuration guidelines. Key resource in producing proof of concepts for improving password hashing standards. Continued aggressive expansion of the vulnerability scanning platforms. Developed a proof of concept HTML based Pentest Report Generation tool. Key automation resource for scripting heavy lift tasks from other InfoSec teams. Key resource in overhaul of vulenrability scanning policies. Built pentest lab for internal resources. Coordinated Bug Bounty program, findings, and produced POC's for internal use.
On day one, challenged to overhaul, expand, and own the entire infrastructure vulnerability assessment platform. Expert technical resource for SSL / TLS hardening, created automated platform for scanning TLS configurations throughout the enterprise. Wrote the vulnerability assessment policies and procedures. Coordinated numerous penetration tests of applications. Prduced exploits for proof of concept references. Began the AppSec Web App Dashboard project to automate clunky metrics, reduce human error, and enhance AppSec assessment capabilities using Python / Django. Lead resource in implementing Bug Bounty program.
Lead role and customer advocate within the Security Professional Services. Lead on all customer engagements and a key technical resource for major sales engineering efforts. Performed numerous penetration testing scenarios and assessments. Overhauled reports to integrate with new toolsets and align with industry best practices. Re-engineered the Network Professional Services assessment infrastructure.
Built a new team and infrastructure within the Security Professional Services organization. Expanded and strengthened our vendor management functions for backfill on special tests coordinating numerous testers. Rewrote the penetration testing policies and procedures in a customer facing function. Planned an overhaul of all capabilities within the organization.
Continued as a key leader within the Information Security department. Agressively broadened coverage of the infrastructure vulnerability management platform. Contributed to appliction and information security policies. Key role in the incident response team, and coordinated a number of cyber forensics efforts. Lead for mentoring and training new team members.
Part of a larger team that coordinated incident response, SIEM investigation, and vulnerability management. By year one, I led engineering and management of the infrastructure vulnerability remediation program. Introduced vulnerability assessment to infrastructure before production. Key technical resource in coordination on penetration testing throughout the environments.