Zach Phillips
I'm
Experienced Penetration Tester with 4 years experience specializing in web application and network security assessments. Proficient in identifying vulnerabilities using tools like BurpSuite and Cobalt Strike, and skilled in delivering actionable security solutions. Known for a keen eye for detail and a commitment to staying current with evolving cybersecurity threats.
About Me
My introduction
Penetration Tester with 4 years of experience in web app and network security. Skilled in using various security tools to identify vulnerabilities and deliver effective solutions. Detail-oriented and up-to-date with the latest cybersecurity trends.
PenTesting
Metasploit
Cobalt Strike
Sliver
Impacket
BurpSuite
Tenable
Kali Linux
MacOS
Windows
Rubeus
CrackMapExec
Active Directory
OWASP Top 10
Coding
Python
JAVA
C++
SQL
HTML
CSS
Domains
Social Engineering
Penetration Testing
Web Application Testing
Work Experience
Tennessee Valley Authority
- Spearheaded the establishment and ongoing management of a government Vulnerability Disclosure Program, ensuring compliance with security standards and streamlining vulnerability reporting processes.
- Led and executed comprehensive offensive cybersecurity engagements, including penetration tests, to proactively identify, assess, and mitigate security vulnerabilities, reducing organizational risk and strengthening overall security defenses.
- Proactively addressed client concerns and managed escalations, ensuring resolution and maintaining trust
- Managed client escalations and monitored engagements, resolving issues promptly to ensure operational continuity and maintain client trust.
- Conducted Breach and Attack Simulation (BAS) assessments, optimizing alerting systems and improving early threat detection capabilities.
- Assisted in the deployment of advanced security solutions, ensuring seamless integration and bolstering organizational cybersecurity posture.
- Developed and managed robust information security metrics and reporting systems utilizing Python, SQL, and PowerBI, enabling data-driven decision-making
- Advanced the social engineering program by designing and executing sophisticated engagements, and provided detailed remediation strategies to reduce human-related security risks.
- Automated cybersecurity tasks using Python scripting, improving efficiency and response times.
- Created clear, concise documentation of cybersecurity findings and mitigation strategies, ensuring effective communication across all levels of the organization.
- Collaborated with business and cybersecurity leadership during Red Team engagements, aligning efforts with security goals to ensure maximum impact.
- Presented detailed Penetration Test findings and technical insights to external stakeholders, including power companies, recommending actions to improve cybersecurity resilience.
- Conducted thorough vulnerability assessments to identify weaknesses and recommend actionable improvements to enhance system defenses.
NetSPI
- Utilized industry-standard tools such as BurpSuite, CrackMapExec, and Metasploit to perform comprehensive penetration testing, identifying critical vulnerabilities and providing actionable insights to strengthen security posture.
- Conducted rigorous security assessments on applications, proactively uncovering and analyzing vulnerabilities to ensure robust defense mechanisms and minimize risk.
- Collaborated with cross-functional teams and worked independently to perform thorough security evaluations, ensuring comprehensive risk identification and a high level of confidence in security controls.
- Collaborated with team members and independently conducted thorough security assessments to ensure robust evaluation
- Produced clear, detailed vulnerability reports, enabling stakeholders to understand risks and prioritize remediation efforts for enhanced security response.