Welcome

I'm

"All you need are these: certainty of judgment in the present moment; action for the common good in the present moment; and an attitude of gratitude in the present moment for anything that comes your way"
Marcus Aurelius - Meditations

Download Resume

About Me

Hello! I'm Andy Simko.

I am a results-driven IT security expert with a progressive 15-year career that includes building robust security-conscious practices, policies, and cultures for organizations. I believe in leveraging a passionate, "can-do" attitude to solve problems.

Cyber security and hacking are a passion, but I also love to spend time with family and friends, exercise, travel, and cook.

Fun fact: My name is Andy. My wife's name is Diane. My Dad's name is Andy and my mom's name is Diann. If I have a son, his name will be Andy (family tradition).

Send an Email

My Skills

My certifications: CISA, CISSP, GPEN, GSNA, and HCSFP.

Social Engineering

I have performed over 200 unique social engineering assessments. Each client recieved consulting on the nuances of effective testing using a "test-train-repeat" program. My strategic approach resulted in an average decrease in the click ratio by over 8%.

Tools: Barracuda Networks - PhishLine, Maltego, Metasploit, Recon-ng, Social Engineer Toolkit (SET), Foca

Penetration Testing

As a red-team lead, I performed and assisted with the deep technical inspection of devices, applications, and networks of varying size and complexity. These evaluations were designed to simulate the effectiveness of controls using real world attacks.

Tools: Kali Linux, PowerShell Empire, Responder, SMBExec, Veil, Mimikatz, Scapy, Hashcat, John, Bash, PowerShell, Python, Ruby, C/C++, HTML, CSS, JavaScript, PHP.

Vulnerability Assessments

I have performed hundreds of vulnerability assessments for clients ranging in size from only a few devices to thousands of devices. Each client recieved a custom report with false-positives removed and specific and actionable recommendations designed to meet the needs of a variety of audiences.

Tools: Tenable - Nessus and Security Center, Rapid 7 - Nexpose, Qualys - Qualysguard Saint, OpenVAS, Nmap, Burp Suite, IBM AppScan, HP WebInspect, Veracode, Rapid 7 - AppSpider

Auditing and Controls Review

I am well versed in inspecting technology resources using the guidances provided by a variety of frameworks. A successful examination requires significant attention to detail and a comprehensive understanding of the nuances in business relationships in order to arrive at the correct determination of risk and control effectiveness.

Frameworks: PCI, NIST, CIS Critical Controls, FFIEC CAT, COBIT, ITIL, HIPAA, HITRUST

Product Development

In my current role, I created and/or significantly enhanced 8 different products and services to meet the changing needs of our clients. These changes optimized the strategic value and financial performance of the business unit.

Project Management

I posses an ability to analyze complex situations in order to help prioritize solutions and deliver results. My excellent communication and leadership skills have allowed me to effectively serve as a leader of many high-visibility projects with multiple key priorities and tight deadlines.

My Projects

January 2018

I beleive a willingness to share, teach, and lead are important personal characteristics. This project is my attempt to help others learn about security testing, specifically penetration testing, and give back to the world-wide community of security professionals.

Visit the site

March 2018

This blog is being developed to document life lessons I learn and share experiences that may help others. As content becomes available, a link will be made public.

© Copyright | Andy Simko 2018 | All Right Reserved