Josh Sokol - Resume

About Me | Work Experience | Education | Certifications, Awards, and Leadership Positions | Contact | Blog


To become the Chief Security Officer (CSO) or Chief Information Security Officer (CISO) of a Fortune 500 company where I can be the driving force behind risk management, compliance, application security, secure architecture, and physical security initiatives.

Skills Matrix

Operating Systems: Linux (RedHat, CentOS, Ubuntu), Windows (XP, 2000, NT, 98, 95), Unix (Solaris)
Programming Languages: C, C++, Java, Perl, PHP, Pascal
Web Servers: Apache (1.x, 2.x), Microsoft IIS, Oracle HTTP Server (OHS)
Application Servers: Oracle Application Server (OAS), IBM WebSphere, Tomcat, BEA WebLogic
Database Servers: MySQL, Oracle
Security Tools: SimpleRisk, Rapid7 Nexpose, FireEye, McAfee Network Security Manager, 21CT LYNXeon, Qualys Qualysguard, WhiteHat Sentinel, IBM Rational AppScan, Web Application Attack and Audit Framework (w3af), OWASP WebScarab, Google Ratproxy, TamperData, Snort, Juniper IPS, Mod_Security

Topics I've Presented On

  • Burning Down the Haystack to Find the Needle: Security Analytics in Action @ LASCON
  • Convincing Your Management, Your Peers, and Yourself that Risk Management Doesn't Suck @ BSides Austin, BSides Las Vegas, HouSecCon, & LASCON
  • The Magic of Symbiotic Security @ BSides Las Vegas, HouSecCon, & OWASP AppSecUSA
  • A New Technique for Data Exfiltration and Confidentiality @ LASCON, HouSecCon, & InfoSec Southwest
  • How to Hide Your Pr0n @ BSides Las Vegas
  • Speed Debate Moderator @ (ISC)2 Secure SDLC Event
  • Security Practitioners: Winning Friends and Influencing People @ HouSecCon & TRISC
  • Architecting Secure Web Systems @ ConSec
  • HTTPS Can Byte Me @ BlackHat, LASCON, & MISTI InfoSecWorld
  • Reducing Your Data Security Risk Through Tokenization
  • Web Application Developer Security Training (2 day)
  • Architecting a Secure Web Application
  • Using Proxies to Secure Applications and More @ Austin OWASP, UT Security Summit, & MISTI InfoSecWorld
  • Finding and Fixing Vulnerabilities with AppScan and Sentinel
  • OWASP AppSec NYC
  • Top 10 Strategies to Secure Your Code
  • Using Splunk to Improve PA Productivity
  • Security Development Lifecycle
  • The OWASP Testing Framework
  • Web Application Security Using Open Source Tools and Methodologies