Hi, I'm Eric Kmetz.

About Me

Dynamic, highly technical, hands-on asset, with a wealth of knowledge and experience establishing robust operations, optimizing source code and systems configurations, relational database design, and implementing high-performance, fault-tolerant, secure services over HTTPS other secure network protocols. Gain knowledge and experience in all aspects of network administration and cybersecurity through interactive training and on-the-job learning experiences. Successfully pivoted into the security space recently,

I am an experienced software engineer/architect (10+ years of C on various Unix/POSIX API systems, user-space and kernel; coding web services on various tech stacks).

Skills

Linux
Windows
OSX
VMWare ESXi
Solaris
Cisco
AWS
Azure
DigitalOcean
Metasploit
Nmap
Wireshark
ELK Stack
SIEM
Splunk
Security Onion
Zeek
Wazuh
osquery
OSSEC
Suricata
Snort
Qualys
OpenVAS
Nessus
Burp Suite
OWASP ZAP
Fortify SCA
MySQL
Docker
Rails
Cassandra
MongoDB
Elasticsearch
ElastAlert
Kibana
Grafana
Memcached
HTML5
CSS3
Python
PHP
C
C++
SQL
JavaScript
Ruby
Gitlab
Bitbucket
JIRA
PyCharm
RubyMine
Visual Studio
SAST
DAST
DevSecOps

Experience & Education

For more information, have a look at my resume .

  • Shift4 Payments 2021 - Present
    Security Analyst III
    CSOC AppSec DevSecOps GitLab Fortify PCI-DSS SoX CIS Splunk
  • Sprux LLC 2019 - 2020
    Network Security Engineer
    Cisco IOS NX/OS ASA IPv4 & IPV6 802.1q VLAN & PVLAN Wireguard VPN OpenVPN Graylog IPAM
  • Consulting 2015 - 2019
    Principal Consultant
    AWS Kali Nmap Metasploit Burpsuite OpenVAS ELK Security Onion SIEM VLAN Routing Wireguard OpenVPN Graylog PHP Python C++ Wordpress Magento
  • Proofpoint 2014 - 2015
    Principal Engineer
    Ruby Rails REST JIRA
  • Social Concepts 2012 - 2014
    Director of Engineering
    SDLC Mentoring Project Management Fraud Prevention
  • Social Concepts 2007 - 2012
    Sr. Systems Architect
    PHP Javascript MySQL Memcached C Trac SVN
  • Western Governors University
    B.S. Cybersecurity and Information Assurance
    Information Technology Risk Management Network Security Data Management Web Security Cloud Security Penetration Testing Digital Forensics Incident Response Ethics & Cyber Law Project Management Technical Writing

Certifications

To verify these certifications, check out my Credly .

  • (ISC)² — CISSP
    Access Management Asset Security Communication Security Identity Management Network Security Risk Management Security Assessment Security Engineering Security Management Security Operations Security Testing Software Development Security
  • CompTIA — CySA+
    Behavioral Analytics Blue Teamer Incident Response Security Analytics Security Architecture Security Engineering Reporting Communication Risk Management Threat Intelligence Threat Management Vulnerability Analysis Vulnerability Management
  • CompTIA — Network+
    Network Management Network Security Cloud Networking DHCP DNS IPv4 IPv6 Troubleshooting Routing & Switching SDN Network Configuration Virtualization VPN WAN Wireless Technologies Vulnerability Management BCDR
  • CompTIA — Project+
    Budgeting Change Management Communication Execution IT Project Management Vendor Procurement Project Management Planning Quality Assurance Scheduling Stakeholder Management
  • PDSO — Certified DevSecOps Professional (CDP)
    Ansible AppSec CI/CD Compliance as Code Docker Dynamic Testing (DAST) Infra as Code (IaC) Static Testing (SAST) Secure SDLC Compliance as Code Component Analysis (SCA) Vuln Managemenet
  • CompTIA — PenTest+
    Attacks & Exploits Exfiltration Info Gathering Pentesting Plan & Scope Recon Red Teamer Reporting Communication Vulnerability Assessment Vulnerability Identification Vulnerability Management
  • AWS — Certified Cloud Practitioner
    Compute (EC2) Storage (S3) Route 53 Private Cloud (VPC) Database (RDS) Elasticache Notifications (SNS) Queues (SQS) CloudFront CloudWatch Auto Scaling (ASGs)
  • AXELOS — ITIL 4 Foundation
    Availability Management Case Development Risk Management Capacity Management Configuration Management Continuity Management Customer Service Incident Management Security Management Change Management Governance Problem Management Relationship Management Release and Deploy Service Level Support

Projects

Semi-Autonomous Threat Processing

After several years in the social networking industry, it became clear that a computer-assisted threat detection and response solution was needed in order to better handle our scammers, spammers, and personae non grata.

Presentation — Cats and Mice Ever Evolving Attackers
Behavioral Patterning Image Recognition Algorithms Signatures Longest Common Subsequences Root Mean Square Composite Thresholds Defense In Deptch

Open Source Projects

droplet-cloudflare-updatefw

Tool to retrieve a list of origin IPs or CIDR netblocks from Cloudflare and then use DigitalOcean's API to update the firewall for one or more droplets

Github

Contact