CV

A brief bio and head shot is available here.

Work Experience

Wolf & Company, P.C. June 2013 – Present

Senior Manager – DenSecure by Wolf & Company, P.C.

Sean is a Senior Manager in Wolf’s DenSecure group. This role entails developing security reviews, managing projects including security reviews (e.g. Active Directory, firewall configurations, etc.), vulnerability assessments, penetration tests, and threat emulation exercises.

Sean is also Wolf’s Lead QSA responsible for carrying out PCI DSS audits and mentoring Associate QSAs.

• Staff Consultant – June 2013 to September 2016
• Senior Consultant – October 2016 – September 2019
• Supervisor – October 2019 – September 2020
• Manager – October 2020 – September 2022

Education

Bentley University

Bachelor of Science, Information Systems Audit and Control (ISAC) – May 2013 Activities: Football (Team Captain), Bentley Leadership Society (Executive Board Member)

SANS Technology Institute

Master of Science, Information Security Engineering (MSISE) – January 2022

Certifications

Listed in order of attainment

• CISA (Certified Information Systems Auditor) – View on Acclaim
• QSA (Qualified Security Assessor) – View on PCI SSC
• PCIP (Payment Card Industry Professional)
• CISSP (Certified Information Systems Security Professional) – View on Acclaim
• CCSP (Certified Cloud Security Professional) – View on Acclaim
• GSEC (GIAC Security Essentials Certification) – View on GIAC
• GCIH (GIAC Certified Incident Handler) – View on GIAC
• GCIA (GIAC Certified Intrusion Analyst) – View on GIAC
• GCWN (GIAC Certified Windows Security Administrator) – View on GIAC
• GCCC (GIAC Critical Controls Certification) – View on GIAC
• GCUX (GIAC Certified Unix Security Administrator) – View on GIAC
• GCPM (GIAC Certified Project Manager) – View on GIAC
• GDAT (GIAC Defending Advanced Threats) – View on GIAC
• GSE (GIAC Security Expert) – View on GIAC
• MITRE ATT&CK Defender – View on MITRE Engenuity
• MITRE ATT&CK Adversary Emulation Fundamentals – View on MITRE Engenuity
• MITRE ATT&CK Threat Hunting Fundamentals – View on MITRE Engenuity
• MITRE ATT&CK Cyber Threat Intelligence Defense Recommendations – View on MITRE Engenuity
• GX-IH (GIAC Experienced Incident Handler Certification) – View on GIAC
• GX-CS (GIAC Experienced Cybersecurity Specialist Certification) – View on GIAC
• GX-IA (GIAC Experienced Intrusion Analyst) – View on GIAC
• GSP (GIAC Security Professional) – View on GIAC
• MITRE ATT&CK Purple Teaming Fundamentals – View on MITRE Engenuity
• MITRE ATT&CK Purple Teaming Methodology Certification – View on MITRE Engenuity

Articles

• 18.SEP.2015 – Reducing Risk for Contactless Payments (Wolf & Company, P.C.)
• 10.FEB.2016 – How Data Tokenization Can Help Helathcare Entities Improve Their Data Security (Wolf & Company, P.C.) (Contributing author)
• 14.NOV.2016 – Combating the Rising Threat of “Smart” Devices(s) (Wolf & Company, P.C.)
• 28.SEP.2017 – My CISSP Success Story (Advanced Persistent Security)
• 25.OCT.2017 – What to look for in a QSA (Wolf & Company, P.C.)
• 28.NOV.2017 – DerbyCon 7.0 Legacy Round Up (Wolf & Company, P.C.)
• 09.FEB.2018 – Active Directory Passwords – Who is Right? (Wolf & Company, P.C.)
• 17.APR.2018 – ATM Jackpotting is Just a Symptom (Wolf & Company, P.C.)
• 22.MAY.2018 – Meet the NCUA ACET (WolfPAC Solutions)
• 31.JUL.2018 – Vulnerability Scanning vs. Penetration Testing: What is the difference, and what is right for me?
  • Also re-published in the Fall 2018 edition of the New Jersey Banker Magazine
• 04.DEC.2020 – PCI Network Segmentation: Key Findings & Insights (Wolf & Company, P.C.)

Speaking Events

• 09.NOV.2017 – HIMSS New England Chapter – Northern Maine Educational Event | SlideShare
• 29-31.MAR.2019 – BloomCon 0x04 “No one Secures it Alone” | SlideShare
• 13.MAY.2019 – NYBA TCRM “Cybersecurity Assessments Workshop”
• 10.JUL.2019 – AmerstSec Meetup “Deploying Security Onion for Monitoring HIDS”
• 12.MAR.2020 – Wild West Hackin’ Fest
• 23.SEP.2020 – 2020 Business Continuity and Cybersecurity in a New World, Seminar OKC
• 24.MAY.2021 – Oklahoma Bankers Association
• 21.SEP.2021 – Wisconsin Bankers Association – WBA Secur-I.T. & BSA/AML Conference
• 13.OCT.2021 – New York Bankers Association – Technology, Compliance, and Risk Management Conference
• 04.NOV.2021 – WolfPAC User Conference
• 05.NOV.2021 – Wolf & Company’s 2021 Financial Services Leadership Annual Summit – Preparing to Mitigate and Respond to Ransomware
• 14.NOV.2021 – Pennsylvania Bankers Association – Digital Banking Conference
• 30.NOV.2021 – FMS Boston Chapter – Technology Update – Ransomware
• 19.APR.2022 – CT Bankers Association – IT Committee Meeting – MITRE ATT&CK – Combining APTs, TTPs, & GRC To Build Realistic Security Programs
• 03.MAY.2022 – IIA Central NJ – Annual Fraud Conference – MITRE ATT&CK – Combining APTs, TTPs, & GRC to build realistic security programs
• 18-19.MAY.2022 – WI Bankers Directors Summit – Learning the Magic Words: Demystifying Cybersecurity Jargon
• 20.OCT.2022 – HOU.SEC.CON – Combining APTs, TTPs, & GRC to build realistic security programs with MITRE ATT&CK
• 13.NOV.2022 – PA Bankers Digital Banking Conference
• 12.JAN.2023 – CA Bankers Bank Presidents Seminar
• 26.APR.2023 – ME Bankers Association – Bank Expo

Webinars

• 11.APR.2017 – Preparing for the FDIC’s Information Technology Risk Examination (InTREx) Program (Wolf & Company, P.C.) | Slides and Video Recording
• 13.APR.2017 – PCI DSS: What It Is and Why You Should Care (SCIP.org) | SlideShare
• 24.APR.2018 – How to Use PCI DSS for a Stronger IT Security Posture and Streamline Your Compliance Efforts | Slides and Video Recording
• 1.JUL.2019 – Detecting Malicious Activity on a Budget
• 16.OCT.2019 – DEF CON 27: Major Conclusions and Key Concepts (Wolf & Company, P.C.) | Notes | Recording
• 22.SEP.2021 – Western Bankers Association: Practicing Data Privacy in an Age of Sharing
• 28.APR.2022 – Bank Compliance Association of CT – BCAC Vendor Management & Cybersecurity Webinar
• 21.SEP.2022 – PCI DSS v4 – What You Need to Know (Wolf & Company, P.C.)
• 15.FEB.2023 – Is Your Organization Prepared for a Breach? | Video | Slides

Other Media

• May 2019 – CISOs vs. the Board – SCMagazine | Web Link
• July 2019 – SANS Institute Information Security Reading Room “Attackers Inside the Walls: Detecting Malicious Activity”
• July 2019 – July 12 Episode SANS Internet Storm Center Daily Stormcast
• August 2019 – August Edition of the ISSA Journal ” Attackers Inside the Walls: Detecting Malicious Activity” | PDF
• August 2019 – Developing personal OPSEC plans: 10 tips for protecting high-value targets – CSO Online
• February 2021 – 5 Ways to Combat Audit Fatigue – CSO Online
• March 2021 – SANS Institute Information Security Reading Room “Remote Workforce Impact on Threat Defenses”
• October 2021 – Wisconsin Bankers Association – What Community Banks Need to Know About Ransomware Attacks
• Stumbling Through Security podcast – https://podcasts.apple.com/us/podcast/stumbling-through-security/id1460066606
• Security Without Obscurity podcast – https://anchor.fm/sec-without-obscurity

Industry-Relevant Volunteer Experience

• Eastern Massachusetts (ISC)2 Board Member
• US Cyber Patriot Mentor – Available for coaching
• InfoSec Mentors – Mentor
• Mass Cyber Center – Mentor Fall 2021, Spring 2022, Fall 2022
• Cyber Mentor Dojo – Mentor

Industry Memberships

• High Technology Crime Investigation Association (HTCIA)
• International Information Systems Security Certification Consortium (ISC)2
• InfraGard – Boston Members Alliance
• Information Systems Audit and Control Association (ISACA)
• GIAC Advisory Board Member
• SANS Security Awareness Community Member

Industry Conference Attendance

2016

• SecureWorld Boston
• ISACA New England Conference
• DEF CON 24

2017

• BSides Boston
• BSidesCT
• DerbyCon 7.0 (Remote)

2018

• ISACA New England IT Audit, Security, and Risk Expo
• North America PCI Community Meeting
• Wild West Hackin’ Fest

2019

• SecureWorld Boston
• BloomCon 0x04 (Speaker)
• NYBA Technology, Compliance & Risk Management Forum (Speaker)
• Layer 8 Conference
• DEF CON 27
• DerbyCon 9
• Wild West Hackin’ Fest

2020

• Wild West Hackin Fest – San Diego (Speaker)
• Layer 8 Conference
• Wild West Hackin Fest – South Dakota
• PCI North American Community Meeting

2021

• SANS Purple Team Summit
• Wild West Hackin Fest – Way West
• SANS Security Awareness Summit

2022

• CT Bankers Cybersecurity Forum
• ATT&CKCon
• DEFCON
• HOU.SEC.CON (Speaker)