A brief bio and head shots are available here.
Work Experience
Wolf & Company, P.C. June 2013 – Present
Senior Manager – DenSecure by Wolf & Company, P.C.
Sean is a Senior Manager in Wolf’s DenSecure group. This role entails developing security reviews, managing projects including security reviews (e.g. Active Directory, firewall configurations, etc.), vulnerability assessments, penetration tests, and threat emulation exercises.
Sean is also Wolf’s Lead QSA responsible for carrying out PCI DSS audits and mentoring Associate QSAs.
- Staff Consultant – June 2013 to September 2016
- Senior Consultant – October 2016 – September 2019
- Supervisor – October 2019 – September 2020
- Manager – October 2020 – September 2022
Education
Bentley University
Bachelor of Science, Information Systems Audit and Control (ISAC) – May 2013 Activities: Football (Team Captain), Bentley Leadership Society (Executive Board Member)
SANS Technology Institute
Master of Science, Information Security Engineering (MSISE) – January 2022
Certifications
Listed in order of attainment
- CISA (Certified Information Systems Auditor) – View on Acclaim
- QSA (Qualified Security Assessor) – View on PCI SSC
- PCIP (Payment Card Industry Professional)
- CISSP (Certified Information Systems Security Professional) – View on Acclaim
- CCSP (Certified Cloud Security Professional) – View on Acclaim
- GSEC (GIAC Security Essentials Certification) – View on GIAC
- GCIH (GIAC Certified Incident Handler) – View on GIAC
- GCIA (GIAC Certified Intrusion Analyst) – View on GIAC
- GCWN (GIAC Certified Windows Security Administrator) – View on GIAC
- GCCC (GIAC Critical Controls Certification) – View on GIAC
- GCUX (GIAC Certified Unix Security Administrator) – View on GIAC
- GCPM (GIAC Certified Project Manager) – View on GIAC
- GDAT (GIAC Defending Advanced Threats) – View on GIAC
- GSE (GIAC Security Expert) – View on GIAC
- MITRE ATT&CK Defender – View on MITRE Engenuity
- MITRE ATT&CK Adversary Emulation Fundamentals – View on MITRE Engenuity
- MITRE ATT&CK Threat Hunting Fundamentals – View on MITRE Engenuity
- MITRE ATT&CK Cyber Threat Intelligence Defense Recommendations – View on MITRE Engenuity
- GX-IH (GIAC Experienced Incident Handler Certification) – View on GIAC
- GX-CS (GIAC Experienced Cybersecurity Specialist Certification) – View on GIAC
- GX-IA (GIAC Experienced Intrusion Analyst) – View on GIAC
- GSP (GIAC Security Professional) – View on GIAC
- MITRE ATT&CK Purple Teaming Fundamentals – View on MITRE Engenuity
- MITRE ATT&CK Purple Teaming Methodology Certification – View on MITRE Engenuity
Articles
- 18.SEP.2015 – Reducing Risk for Contactless Payments (Wolf & Company, P.C.)
- 10.FEB.2016 – How Data Tokenization Can Help Helathcare Entities Improve Their Data Security (Wolf & Company, P.C.) (Contributing author)
- 14.NOV.2016 – Combating the Rising Threat of “Smart” Devices(s) (Wolf & Company, P.C.)
- 28.SEP.2017 – My CISSP Success Story (Advanced Persistent Security)
- 25.OCT.2017 – What to look for in a QSA (Wolf & Company, P.C.)
- 28.NOV.2017 – DerbyCon 7.0 Legacy Round Up (Wolf & Company, P.C.)
- 09.FEB.2018 – Active Directory Passwords – Who is Right? (Wolf & Company, P.C.)
- 17.APR.2018 – ATM Jackpotting is Just a Symptom (Wolf & Company, P.C.)
- 22.MAY.2018 – Meet the NCUA ACET (WolfPAC Solutions)
- 31.JUL.2018 – Vulnerability Scanning vs. Penetration Testing: What is the difference, and what is right for me?
- Also re-published in the Fall 2018 edition of the New Jersey Banker Magazine
- 04.DEC.2020 – PCI Network Segmentation: Key Findings & Insights (Wolf & Company, P.C.)
- 12.DEC.2022 – Threat Emulation vs. Penetration Testing: Understanding the Differences (Wolf & Company, P.C.)
- 18.APR.2023 – Getting Started With Cyber Deception (Wolf & Company, P.C.)
- 28.JUL.2023 – Why Your Phishing Program Is a Waste of Time and Money (Wolf & Company, P.C.)
- 24.OCT.2023 – Highlighting the Exploit Prediction Scoring System (EPSS) (Wolf & Company, P.C.)
- 08.JAN.2024 – Annual Security Assessments? Well, It’s a Start (Wolf & Company, P.C.)
Speaking Events
- 09.NOV.2017 – HIMSS New England Chapter – Northern Maine Educational Event | SlideShare
- 29-31.MAR.2019 – BloomCon 0x04 “No one Secures it Alone” | SlideShare
- 13.MAY.2019 – NYBA TCRM “Cybersecurity Assessments Workshop”
- 10.JUL.2019 – AmerstSec Meetup “Deploying Security Onion for Monitoring HIDS”
- 12.MAR.2020 – Wild West Hackin’ Fest
- 23.SEP.2020 – 2020 Business Continuity and Cybersecurity in a New World, Seminar OKC
- 24.MAY.2021 – Oklahoma Bankers Association
- 21.SEP.2021 – Wisconsin Bankers Association – WBA Secur-I.T. & BSA/AML Conference
- 13.OCT.2021 – New York Bankers Association – Technology, Compliance, and Risk Management Conference
- 04.NOV.2021 – WolfPAC User Conference
- 05.NOV.2021 – Wolf & Company’s 2021 Financial Services Leadership Annual Summit – Preparing to Mitigate and Respond to Ransomware
- 14.NOV.2021 – Pennsylvania Bankers Association – Digital Banking Conference
- 30.NOV.2021 – FMS Boston Chapter – Technology Update – Ransomware
- 19.APR.2022 – CT Bankers Association – IT Committee Meeting – MITRE ATT&CK – Combining APTs, TTPs, & GRC To Build Realistic Security Programs
- 03.MAY.2022 – IIA Central NJ – Annual Fraud Conference – MITRE ATT&CK – Combining APTs, TTPs, & GRC to build realistic security programs
- 18-19.MAY.2022 – WI Bankers Directors Summit – Learning the Magic Words: Demystifying Cybersecurity Jargon
- 20.OCT.2022 – HOU.SEC.CON – Combining APTs, TTPs, & GRC to build realistic security programs with MITRE ATT&CK
- 13.NOV.2022 – PA Bankers Digital Banking Conference
- 12.JAN.2023 – CA Bankers Bank Presidents Seminar
- 21.MAR.2023 – BCAC’s Information Technology Compliance Seminar
- 26.APR.2023 – ME Bankers Association – Bank Expo
- 23.AUG.2023 – Antisyphon Training Blue Team Summit | Recording
- 12.SEP.2023 – WI Bankers Association – Secur-I.T.
- 21.SEP.2023 – HexCon23
- 13.OCT.2023 – HOU.SEC.CON | Slides
- 17.OCT.2023 – AEHS 39th Annual International Conference on Soils, Sediments, Water, and Energy
- 06.DEC.2023 – Antisyphon Snake Oil? Summit 2023 | Recording
- 12.MAR.2024 – BCAC’s Information Technology Compliance Seminar
- 13.MAR.2024 – SecureWorld Boston 2024
Webinars
- 11.APR.2017 – Preparing for the FDIC’s Information Technology Risk Examination (InTREx) Program (Wolf & Company, P.C.) | Slides and Video Recording
- 13.APR.2017 – PCI DSS: What It Is and Why You Should Care (SCIP.org) | SlideShare
- 24.APR.2018 – How to Use PCI DSS for a Stronger IT Security Posture and Streamline Your Compliance Efforts | Slides and Video Recording
- 1.JUL.2019 – Detecting Malicious Activity on a Budget
- 16.OCT.2019 – DEF CON 27: Major Conclusions and Key Concepts (Wolf & Company, P.C.) | Notes | Recording
- 22.SEP.2021 – Western Bankers Association: Practicing Data Privacy in an Age of Sharing
- 28.APR.2022 – Bank Compliance Association of CT – BCAC Vendor Management & Cybersecurity Webinar
- 21.SEP.2022 – PCI DSS v4 – What You Need to Know (Wolf & Company, P.C.)
- 15.FEB.2023 – Is Your Organization Prepared for a Breach? | Video | Slides
- 28.MAR.2024 – Is Your Organization Prepared for a Brach (ICBA) | Slides and Recording
- 28.MAR.2024 – BHIS Webcast – B&B – DenSecure Expansion Deck | Recording
Other Media
- May 2019 – CISOs vs. the Board – SCMagazine | Web Link
- July 2019 – SANS Institute Information Security Reading Room “Attackers Inside the Walls: Detecting Malicious Activity”
- July 2019 – July 12 Episode SANS Internet Storm Center Daily Stormcast
- August 2019 – August Edition of the ISSA Journal ” Attackers Inside the Walls: Detecting Malicious Activity” | PDF
- August 2019 – Developing personal OPSEC plans: 10 tips for protecting high-value targets – CSO Online
- February 2021 – 5 Ways to Combat Audit Fatigue – CSO Online
- March 2021 – SANS Institute Information Security Reading Room “Remote Workforce Impact on Threat Defenses”
- October 2021 – Wisconsin Bankers Association – What Community Banks Need to Know About Ransomware Attacks
- Stumbling Through Security podcast – https://podcasts.apple.com/us/podcast/stumbling-through-security/id1460066606
- Security Without Obscurity podcast – https://anchor.fm/sec-without-obscurity
Industry-Relevant Volunteer Experience
- Eastern Massachusetts (ISC)2 Board Member
- US Cyber Patriot Mentor – Available for coaching
- InfoSec Mentors – Mentor
- Mass Cyber Center – Mentor Fall 2021, Spring 2022, Fall 2022, Spring 2023
- Cyber Mentor Dojo – Mentor
Industry Memberships
- High Technology Crime Investigation Association (HTCIA)
- International Information Systems Security Certification Consortium (ISC)2
- InfraGard – Boston Members Alliance
- Information Systems Audit and Control Association (ISACA)
- GIAC Advisory Board Member
- SANS Security Awareness Community Member
The Personal Blog of Sean Goodwin 