Carlton Brewster, CISSP, Elite Hacker(HTB)
Washington, DC 20037
[email protected]
![](/home/ezri/jobs/pandoc_resume/carlton409c.png)
TECHNICAL SKILLS SUMMARY
Technical Skill |
Experience |
Software Development/Documentation |
(30+ years) |
Version control & Troubleshoot |
(20+ years) |
Windows/Linux OS |
(20+ years) |
Database analysis |
(20+ years) |
Bash/Perl/REXX scripting |
(20+ years) |
MS Access/Exchange |
(15+ years) |
MS SQL Server, MySQL |
(10+ years) |
Extract, Transform and Load (ETL) |
(10+ years) |
APIs |
(10+ years) |
Agile |
(10+ years) |
Computer Networking |
(9 years) |
Security Analysis |
(6 years) |
Network Security |
(6 years) |
Linux |
(6 years) |
Information Security |
(6 years) |
OBHTML5, XML, JSON |
(6 years) |
Cybersecurity |
(6 years) |
QEMU/KVM, VirtualBox, VMware |
(6 years) |
Python |
(5 years) |
Penetration Testing |
(5 years) |
Business Requirements |
(5 years) |
Nmap |
(4 years) |
Network Penetration Testing Automation |
(3 years) |
Metasploit |
(3 years) |
Java |
(3 years) |
Docker, Vagrant |
(3 years) |
Network Firewalls |
(2 years) |
JavaScript |
(2 years) |
GitHub |
(2 years) |
ColdFusion Web Development |
(2 years) |
AWS Compute Engine |
(2 years) |
IBM Notes |
(2 year) |
Information Systems Risk Assessment |
(1 year) |
Burp Suite |
(1 year) |
Professional Experience Summary
|
Cybersecurity Consultant |
|
Reverse engineer decrypted code, found and patched bug in Java. |
|
Responsible for the Physical Security of Federal and State Tax Information. |
|
Managed daily Security Procedures to protect the IRS PII lab per regulations. |
|
Security Guidelines Publication 1075, Federal Tax Information Security. |
|
Tasked with responding/correcting FISMA, NIST 800-53 Security Control Audits Issues. |
|
Responsible to responding to risk assessment based upon NIST SP 800-30, RMF, NIST 800-37 |
|
Working knowledge of the NIST 800-37 Risk Management Framework is part the CISSP certification. |
(5 years) |
Performed the following functions for the DC Gov Tax and Revenue/CFO Tax Compliance Division: |
|
Obtained & maintained public Trust required for DC & IRS Tax investigations and reporting. |
|
Office IRS Government Liaison for Data Exchange Program. |
|
Tasked with secure record storing, access, disposal, and systems security. |
|
Responsible for programmatic pulling data necessary to support local taxpayer's audits. |
|
Worked with contractor of defunct company with no software escrow of tax extracts system. |
|
Software Development |
|
Developed, tested and deployed applications in all major conventional languages. |
|
Maintained the version control system for contract deployment. |
|
Master integration with off-the-shelf products with internal systems. |
(25+ years) |
Lead and participated in all phases of the software life cycles. |
|
Presented products & apps to business owners and senior management. |
|
I'm a USA with no security clearance. Had public trust for the District Government. |
|
Implemented & troubleshoot myriads of Pen-testing scripts in Bash, Python, Ruby, Perl, Lua. |
|
Install & troubleshoot java applications (OWASP Zap, Ghidra). |
|
Cyber-certified by ISC2 with CISSP - Information Systems Security Professional. |
|
Master the art of hacking, blocking and data protection/hardening. |
|
Extensive use of Python for all types of system Hacking and rooting. |
Professional Experience
IT Specialist
December 2008 to January 2015 |
IT Management Specialist |
|
Coded logical/physical database descriptions. |
DC Chief Financial Office |
Established/determined optimum values for database parameters. |
Office of Tax & Revenue |
Trained non-technical users and answered technical support questions. |
Compliance Division |
Created conceptual and physical data models. |
Washington, DC |
Worked in team to coordinate database development and determine scopes. |
|
Achieved cost-savings by developing functional solutions for CFOs. |
|
Leveraged ODBC to input and compile data gathered from various sources. |
|
Improved operations with team members/customers to find workable solutions. |
Web Developer Team Leader
January 1999 to December 2000 |
Web Developer Team Leader |
Keane Federal System |
Managed a team of web and database developers. |
(State Department Contract) |
Worked with business owners to develop web technical requirements. |
Arlington, VA |
Development environment: JavaScript, ColdFusion and SQL Server. |
|
Conducted weekly team meetings. |
|
Prepared and reviewed system documentation. |
Senior Web & Database Developer
January 1998 to December 1998 |
Senior Web & Database Developer |
Advance Technology Systems |
Developed nation-wide Web/DBMS to assist public housing management |
Washington, DC |
Technologies: JavaScript, Cold Fusion, SQL Server, HTML and CSS. |
(HUD Contract) |
|
Senior Software Developer
January 1988 to December 1998 |
Senior Software Developer |
Chevy Chase Federal Saving Bank |
Pilot IBM Java Enterprise Beans pilot project. |
Chase, MD |
Developed web system using IBM's Notes Development. |
|
Created Automated Voice System (AVS) in REXX scripting language. |
|
Implemented enterprise-wide network and messaging systems. |
|
Implemented enterprise-wide standards and many business systems. |
|
Principal IT Specialist to Division Director |
|
Prepare financial reports. |
|
Advise Director on technology matters. |
|
Perform database analysis. |
|
Assist Director's staff on tech issues. |
|
Ran IRS data extraction reports for staff. |
|
Manage software systems. |
|
Liasoned IBM contractors to implementing Bank's new systems. |
|
Perform ad-hock reporting and investigations. |
EDUCATION, CERTIFICATION AND TRAINING
Year |
Degree |
Title |
Location |
2021 |
Elite Hacker |
HackTheBox Ranking |
Online |
2020 |
CISSP |
(Certified Information Systems Security Professional) |
Washington, DC |
1988 |
BSCS |
Bachelor of Science Computer Science |
American University, Washington DC |
MEDIA LINKS
ASSESSMENTS
Subject |
Result |
Date |
Java |
Highly Proficient |
January 2021 |
Analyzing Data |
Completed |
December 2020 |
Programming fundamentals |
Proficient |
January 2021 |
-------------------------- |
------------------- |
--------------- |
GROUPS
BugCrowd |
August 2020 to Present |
Bugcrowd is a crowd-sourced security platform. |
|
It's the largest bug bounty/vulnerability disclosure companies. |
|
Involvement: Blockchain Static C++ Code Analysis. |
|
PUBLICATIONS