Matthew J.

Parsons, CISSP, MSM 6075 Monte Vista Lane #1628 Fort Worth, TX, 76132 Blackberry: (315)-559-3588 Email: mparsons1980 [at] gmail.com Web: www.parsonsisconsulting.com Blog: http://www.parsonsisconsultingblog.com LinkedIn: http://www.linkedin.com/in/parsonsconsulting Twitter http://twitter.com/parsonsmatt Parsons on Passwords news Spot http://www.vimeo.com/8939668 Open Ounce and Static Code Analysis http://www.vimeo.com/10207701 Matthew J. Parsons, MSM, CISSP, Application Security Engineer, Senior Security Consultant Software Security/Application Code Review/ Senior Security Engineer/C.E.O/Owner /Ethical Hacker. SUMMARY Certified Information Systems Security Professional. (CISSP) 326814 Pursuing CSSLP and Global Information Assurance Certification. GIAC for Java Pr ogramming Security Eight years of professional experience in Security. Six years experience in Software and Database Security. Eleven Years experience in Information Technology and Programming. Held a secret clearance. Honorable Discharge United States Air Force Reserves. www.af.mil Self employed, Parsons Software Security Consulting, LLC. Member of OWASP member number 73N4Q4M27PH. www.owasp.org Pursuing Certified Physical and Information Security Consultant http://www.secu rityrecruiter.com/converged_security_certifications.htm References below and available on request. CORP to CORP contracts only. Fully insured for four million dollars errors and omissions. Passed Drug Test and Background Check on June 1, 2010 and September 15, 2010. EDUCATION Masters of Science in Management, Colorado Technical University www.coloradotech .edu/ctu-online Focus in Information Security May 2006- August 2007 GPA: 3.94 Bachelor of Arts in Information Science, State University of New York at Oswego www.oswego.edu Focus in Psychology and Human Computer Interaction August 2001-August 2004 GPA: 3.25 Information Studies minor Entrepreneurship, Syracuse University www.syr.edu Focus in military studies, Information Science August 1998-May 2001 GPA: 3.93 PROFESSIONAL EXPERIENCE Parson Software Security Consulting, LLC Fort Worth, TX www.parsonsisconsulting. com June 2007-Present Senior Information Security Consultant, Owner, CEO, CIO, CTO, Vice President Errors and Omissions Insurance and General Liability Insurance for four million dollars. Subject Matter Expert in Payment Card Industry, Data Security Standard complian ce, Software and Database security, Enterprise Risk Management. Created awareness in the Java and .NET developed community by creating a biweek

ly newsletter for LinkedIn. Java security point of contact and senior security analyst for Aetna insurance Application Development Security Assessment Team . http://www.aetna.com/ .NET security point of contact and senior security analyst for Aetna insurance Application Development Security Assessment Team. http://www.aetna.com/ Web Penetration Tester for Aetna insurance Application Development Security Ass essment Team. http://www.aetna.com/ Worked and trained Raymond James http://www.raymondjames.com static code analys is project Worked with Fishnet Security on Secure Coding project with Walmart. http://www. walmart.com Found keystore password on SAMS membership and Marketing Application. Senior Security Consultant for Fishnet Security. http://www.fishnetsecurity.com / Specialized in Java, J2EE and ASP.NET, PHP, Perl, Mainframe, C and C++ security . Member of Open Web Application Security Project(OWASP) www.owasp.org Featured Blogger for www.securityrecruiter.com Found Software security vulnerabilities for clients including: SQL injection, X SS, Cross Site Request Forgery and multiple other vulnerabilities. Blackbox Web Penetration test for http://www.lonestarvalet.com PCI compliance remediation for various clients in the Dallas Fort Worth Area. Submitted bugs for Google Chrome Project. http://code.google.com/p/chromium/iss ues bug number 37040 buffer overflow, 37042 No Validation, 37043 buffer over flo w, 37044 Buffer Over flow. Scanned open source software to report software security vulnerabilities with O unce Labs and full disclosure. Clients include: Verizon Telecommunications, Bank of America, Merrill Lynch Ban k Suisse companies, Financial Institutions and South West Airlines. Implemented and became subject matter expert for Database Hard drive encryption for Harris County Toll Road Authority. https://www.hctra.org. http://www.nubrid ges.com Training of offshore developers in India, Singapore, Peru, Italy, England, Swit zerland and Hong Kong, Germany, Brazil at a Large Fortune 100 Financial Institut ion implementing and teaching Fortify Static Code Analysis tool enterprise wide at World Wide Bank. Subject Matter Expert for Contract Land Staff, Houston Texas. http://www.contra ctlandstaff.com. Lead security web penetration test of main Right of Way Land ap plication, completed manual and automated source code review. Developed Remediat ion plan of action. Scanning of source code for a large financial Institution using Fortify. Doing source code review with Fortify and Ounce Labs to find software security vulnerabilities. Found Software security vulnerabilities in open source software including Secon d Life. www.secondlife.com/ Website Administration and Development with Various clients. Worked with Martindale and Lexus Nexus helping lawyers get a web presence. www. martindale.com/ Worked with Info Vision Consultants www.infovision.net. Worked with Genesis10 www.genesis10.com/ Partnered with Fortify Static Code Analysis Company. www.fortify.com. Partnered with Vera Code. www.veracode.com Partnered with Ounce Labs static analysis tool, Ounce Certified Partner, www.ou ncelabs.com. Partnered with IBM. www.ibm.com Created and developed basic static code analysis class for Ounce Labs. Ask for presentation. User, Developer, Consultant and Administrator of Open Ounce http://www.o2-ounce open.com/ Actively writing a blog about software security. http://www.parsonsisconsulting

blog.com Partnered with Application Security Database Security Tool. http://www.appsecin c.com/ PGP and software security consulting with various clients in the Dallas Fort Wo rth Area including Venray Technology. Training at Bank of America for bug of the month club. Programmer in C#,NET, VB.NET and Java for various freelance projects Parts and PC's web penetration assessment. http://www.parts-and-pcs.com/ City of South Lake Network Security and physical security risk assessment audit . http://www.ci.southlake.tx.us/ Performed Network Security Testing for clients using tools such as NMAP, NESSUS and NET Saint. Worked on testing Armorize Code Secure Software Security Computing Cloud Techno logy o http://www.armorize.com/ Web Penetration testing to prove Software Security Vulnerabilities with IBM App scan, Burp Professional, Paros and Manual Fuzzing and Penetration Testing with A ppScan and Firefox plug-ins. Partnered with IDEA consulting www.idea.com and Emerson www.emerson.com for man ual and automated Web penetration testing using HP Web Inspect IBM Appscan and m anual methods testing for SQL injection, Cross Site Scripting and Cross Site Req uest Forgery. Created reports from web penetration testing and offered remediation assistance to developers to the following websites. www.avocent.com, http://www.dixell.com/, https://agile92tst.avocent.com:443 http://www.crmknurr.com.br:80, https://agile92tst.avocent.com:443, http://www.e mersonclimate.eu/, http://www.hurst-motors.com. http://emersonkm.misgl.com/emers onkm/login.do Manager of PHP security Sub group for Linkedin. Successfully, manually hacked internal website for Rent-a-center. http://www6.r entacenter.com.SCI Software Security Review for Raymond James. http://www.raymondjames.com/.org Sponsor for Security B-Sides. http://www.securitybsides.com/BSidesAustin Subject Matter expert in Software Security for Password Strength, New York Time s Story o http://www.the33tv.com/news/kdaf-password-security-jim,0,3650695.story o http://www.vimeo.com/8939668 Subject Matter expert in Software Security for Dallas station The 33 News for C onficker Worm outbreak. http://www.the33tv.com/pages/content_landing_page/?Conficker-Worm-Set-to-Strike= 1&blockID=254636&feedID=460 Bank of America, www.bankofamerica.com Fort Worth, July 2009-January 2010 Genesis 10, Contractor Specialist Information Security Engineer for Enterprise Information Management E nterprise Security Assessment Provided security code reviews using the Fortify Source Code Analysis Product a nd evaluated results for security vulnerabilities for eCommerce applications. Tr ained, documented and advised application developers for security risks, secure coding best practices, with practical remediation guidance to developers. Created Custom Rules matrix. Started Malicious Code review program for offshore developers. Helped complete the Cyber Security Mandate of a 706 target applications. With t eam identified 1274 Critical/important issues. Closed 700 at year 's end prior t o exploitation. Deployed early life cycle service source code scanning to 232 internet facing w eb applications. Completed 100 percent Bank developed internet apps for 2009. Reviewed Source code in .NET, PHP, Internet-Web, J2EE, Java, Java Script. Created documentation for bank on software security via private and public Wiki

pedia. Was scribe for Enterprise Security Management meetings. Reviewed peers ethical hacking assessments and offered feedback. Migrated from finding security problems to finding elegant and effective busine ss security solutions for bank. Completed software security assessments of banking applications to meet banking regulatory compliance and to start software security program early in the softw are security life cycle by on boarding different software development line of bu siness groups from around the country and around the world in the Fortify Self S ervice scanning. To train developers to write secure code using the OWASP softwa re security testing guide. Successfully onboarded and helped implement new software security program at Ba nk of America. Updated internal wiki and onboarded and trained developers how to write secure code and use the Fortify Static Code Analysis tool and Fortify Man ager. Trained Developers in India, England, Switerzland, Singapore and Hong Kong and on the West Coast, Central and East Coast of the United States from my remo te office in Fort Worth, Texas. The bank ended up with thousands of developers trained in software security and the Fortify Static code analysis tool including Fortify Manager. New processes and ideas were documented for the next generation of software security experts. Helped reduce the attack surface at the bank and limited the number of vulnerabi lities, by finding software security bugs early in the development life cycle we ll before the application was in the public space. Verizon Business/ Verizon Corporate, www.verizon.com Richardson, TX Oct 2007-Apr il 2010 Info Vision Consultants, Contractor Senior Internet Software Security Systems Engineer for Information Technology Ap plication Security Security Source Code Java/.NET Hired for strategic role in the development and maintenance of extremely comple x network security/protection systems and architectures. Provided security solut ions that required resolution of complex operational and integration issues asso ciated with networks, data systems, and applications to successfully deploy secu re technologies and to enhance existing technologies. Lead computer security inc ident response activities, conducting technical investigation of security-relate d incidents and conduct post-incident digital forensics to identify causes and r ecommend future mitigation strategies. Served as the highest level of information security consultant to all internal clients and technical management in all areas of Verizon to ensure conformity wi th corporate information security standards. Comprehended large Enterprise Applications and Source code. Responsible for performing security code reviews and application risk assessmen ts for customer facing applications at Verizon. Audited applications written in multiple languages, including Java/JSP, VB.NET, ASP.NET, C#, C/C++, COBOL, PHP, and Classic ASP. Utilized OWASP and Ounce Labs formal methodology to conduct cod e reviews and risk assessments. Used internal documents at Verizon Business, ultra-edit, and static analysis to ols like Ounce Labs and Open Ounce to supplement manual code reviews. Worked closely with business units, vendors, and developers onshore and offshor e to understand applications, analyze business processes, and identify areas of risk. Worked with management to access risk and certify all applications for PCI comp liance. Responsible for the code review infrastructure at Verizon Business and administ ered all Windows and Linux servers regarding code review. Created custom scripts to take out certain security vulnerabilities. Used regular expressions to search for sensitive data, like credit card numbers and social security numbers.

Developed and documented a software security program. Found software security vulnerabilities in 200 million dollar annual revenue Ve rizon Core application. Applications scanned for PCI compliance, Minute Pass, IPM, E-payment, Voice Por tal, IP manager, Single Sign On, Speech Services, Epoem. Completed Malicious Code Review for offshore developers. Developed and implemented malicious code review program for Verizon Business. C reated Training for Malicious Code Review, created one hundred question test, fo r malicious code review training. Developed Power Point Slides that trained thou sands of Security analysts to complete Malicious Code Review for Offshore Develo pers. Served as a key member of the Information Technology Application Security Revie w team and founding member of the code review team of three for all of Verizon B usiness and Verizon Telecommunications. Successfully audited, remediated and approved five Payment Card Industry applic ations for 2008 PCI compliance. https://www.pcisecuritystandards.org Audited and reviewed 500K LOC of Perl and PHP for configuration management syst em and Verizon. Worked with a team to discuss vulnerabilities, trends and risks and protect Ver izon software and information assets. Contributed to weekly team meetings by researching new vulnerabilities, securit y threats and attacks. Personally Audited and reviewed eight million lines of source code in Java, .NE T, ASP, C#, Visual Basic, PHP, Perl, COBOL, C and C++. Found and helped remediate Software Security Vulnerabilities including credit c ard numbers and social security numbers, SQL injection, Cross Site scripting, St ored Cross Site Scripting, Buffer Overflows, Improper use of Cryptography, Malic ious code and various other vulnerabilities. Found Software Security vulnerabilities in twenty billion dollar Networx projec t (www.gsa.gov/networx) and potentially saved Verizon Business from millions of dollars in fines for failed compliance and lose of contract. Networx is a 40 million LOC java application and consists of 170 projects. Dire ctly responsible for the security and remediation of 85 projects. Had to build a pplication without help from development staff. Found social security numbers, c redit card information and other personal customer information using advanced se arches in ultra-edit. Created, Deployed, Taught and Developed Software Security Program and Ounce Lab s Training Program which consisted of live webinars, teleconferences, Power Poin t Presentations and multipage internal training documents. Worked as a liaison between Ounce Labs and Verizon Business addressing the need s of both parties. Lead Remediation efforts of several applications as subject matter expert and r educed the number of software security vulnerabilities in multiple applications. Provided ongoing security advice to developers taking all questions and either answering the question or researching the question to provide the best answer fo r the developer and the company. Web Penetration testing of various vulnerabilities for confirmation. Manual and automated methods for testing XSS, SQL injection and various other Web Security Vulnerabilities listed by OWASP. Verizon ended up passing PCI compliance saving the company millions of dollars of fines and brand name damage in 2007, 2008 and 2009. Lockheed Martin Software Design and Integration/ Aeronautics Fort Worth, TX Feb 2006-June 2007 Lockheed Martin is a large multinational aerospace manufacturer and advanced tec hnology company formed in 1995 by the merger of Lockheed with Martin Marietta. I t is headquartered in Bethesda, Maryland, in the Washington Metropolitan Area. L ockheed Martin employs 140,000 people worldwide. Systems Integration Analyst, Enterprise Information Systems Secure Coding and Database Auditing Point of Contact (POC) for Fort Worth, Aero

nautics Business Unit and Enterprise Information Systems SD&I Fort Worth Member of Elite Lockheed Martin Aeronautics, Network Operations Security Center (NOS) Active Secret Security Clearance Kept senior management informed of Information Security Risks, Vulnerabilities and Trends. Developed, Started and implemented Software Security Program. Performed Network Security Audits in Network Operations Command Center. Web Penetration testing to prove Software Security Vulnerabilities with Web Ins pect, Burp and manual fuzzing and penetration testing. Security reviewed three million LOC in Java, C#, VB.NET, and ASP. Security Reviewed F-22 application Global Task Management System and certified application to meet customer requirements. http://en.wikipedia.org/wiki/F-22 Certified and Reviewed mission critical code for the infrastructure of Lockheed Martin. Developed and trained developers in software security best practices. Selected static code analysis tool for Lockheed Martin www.ouncelabs.com and ww w.fortify.com with 1.5 million dollar purchase. Mentor to Lockheed Martin Network Support Employee in Liverpool, NY. Certification and Accreditation of Various internal documents to Department of Defense Policies including: DoD 8550.2. Security Engineer, Technical lead and Subject Matter Expert (SME) on multiple p rojects. CISSP Site coordinator to corporate wide CISSP class. Reviewed and found suspicious and malicious code internally and externally. Programmed in Java and .NET development environments. Worked on International Espionage case working on code forensics. Lockheed Martin Superior Technical Resources, Syracuse, NY Dec 2004-Feb 2006 Desktop Support Analyst Worked as a System Support Analyst supporting 2300 end users on a team of three as Windows Administrator. Completed 20-40 tickets a week through Incident Response and problem resolution and customer support to clients with computer problems. Removed viruses and spyware on clients systems. Physically destroyed and degaussed hard drives with sensitive company informati on on them. Researched latest security threats, installed latest patches, installed softwar e on clients ' computers. Built and deployed computers for clients working at Lockheed Martin Performed Network Security Audits on Local Area Network. Worked with Microsoft Digital Rights Management on a client server environment. Network Administrator, Installing Catalysts and Network Troubleshooting. Helped plan and install Voice Over Internet Protocol System. (VOIP) Programmed in VB.NET and C#.NET to create scripts to automate tasks. Lead an asset reduction program that saved the company thousands of dollars in duplicate PCs. Verizon Wireless, Dewitt, NY Aug 2004-Dec 2004 Customer Service Technician-Contract Solectron Increased sales revenue in accessories and enhanced features. Incident response and problem resolution. Investigated internal fraud of fellow employee. Decreased work time on cell phones from four hours to 45 minutes Checked account status and activated User Account Management. Career Services, NY Oswego, NY Sept 2003-Aug 2004 Information Technology Administrator Assisted staff with Information technology including Mac 's and PC 's site admi nistrator.

Created and administered accounts for local users. Administrated and installed Virus Management software. Network Administrator. Researched Viruses and Security Patches. Installed latest security patches on PC 's. Programming. Instructed employees on the proper use of computing assets. Managed Career Services Database as Database Administrator. Protected Database and monitored e-mail list-server. The Raven Pub, Oswego, NY June 2002-Aug 2004 Head of Physical Security Supervised Security Personnel to ensure that proper security procedures were in place. Identified patrons were of the age of 21. Physically removed any patrons that were in violation of the Establishments ' c ode of conduct. Established a relationship with local police department and called upon them in emergencies. United States Air Force Reserves, Syracuse, NY Aug 2000-Oct 2001 Active Secret Clearance May, 2001, E-3 Airman 1st class, Honorable Discharge DD-256. Studied in military science, leadership development training and professional t raining activities. Acted as General Military Science Advisor. Studied the field of Information Science for Detachment at Syracuse University. Eddies Big M Grocery Store Mexico, NY Oct 1996 June 2002 Computer Receiving Clerk Checked in all store goods into grocery store through computer DOS system Started this career while in high school. Worked as a cashier, stock clerk and meat department and during summers and weekends while in college. Worked 20-40 h ours a week. CERTIFICATIONS/TRAINING Certified Information Systems Security Professional ID number: CISSP 326814 www. isc2.org Member of Open Web Application Security Project, member number 73N4Q4M27PH, www. owasp.org Project Management Certificate, 2007 Information Systems Security Certificate, 2006, Information Systems Security Management Certificate, 2006, Information Systems Certification and Accreditation Certificate, November, 2006 Active Secret Clearance since May, 2001 good through January, 2017, Cigital Software Security Series, http://www.cigital.com/services/training/cours es, August 2009 Foundations of Software Security Principles, TECH210039, August 2009 Advanced Fortify Analysis Scanning, TECH230700, August 2009 Architecture Risk Analysis, TECH210041, September 2009 Defensive Java Programming, TECH210040, August 2009 Aspect Security Secure coding .NET course, March, 2007, Aspect Security Secure coding J2EE/Java course, May, 2007, http://www.aspectsecurity.com/training.htm Ounce Labs Advanced Static Analysis Training, San Francisco, CA July 2009 Software Security Summit, Baltimore, MD, June, 2006 Attended Qualified Systems Engineering Training Class, July, 2006, Foreign Object Debris Training, September, 2006 International Traffic and Arms, (ITAR) briefing, August, 2006,

Attended Network World Security Conference, Dallas, TX Fall, 2006, Attended IEEE, Metrocon, Arlington, TX Fall, 2006, Guest Speaker for Information Science Department at Oswego State University, Nov ember, 2005 Guest Speaker at Fort Worth Java User Group on Software Security, February, 2007 Guest Speaker at Fort Worth Web Design User Group on PCI compliance, August 2007 Site Coordinator for Lockheed Martin CISSP corporate class, December, 2006- Apri l, 2007 Book Review for CISSP, Software Security, Building Security In, By Dr. Gary McGr aw, November 2009 Security Awareness and Software Development Training for Oswego State University , December, 2009 Aetna Software Security and Design Classes 1-3 Aetna Medicare Fraud and Abuse Class Aetna Business Conduct and Integrity Class Fishnet Security Technical Writing Class Monthly Series, 2010 Fishnet Security Secure Application Development 1, October, 2010 Fishnet Security Threat Modeling, October, 2010 Fishnet Security Secure Code Review Methodology, October 2010 Fishnet Security Application Security Methodology, October 2010 Anthony Robbins Personal Power Two, 2009-2010, http://www.tonyrobbins.com SCIPP International's Secure Web-Application Development Awareness (SWADA) certi ficate program http://swada.mycrowdwisdom.com/diweb/catalog/cert/id/ef0189f5-ecbf-4247-a2af-b32 1009ed46f/view/1 Pre-paid Legal Associate, Small Business and Group Certified Licensed for the st ate of Texas, 2008-2010 http://www.prepaidlegal.com/index.html AWARDS/HONORS Air Force ROTC Scholarship Aug 1999-May 2001 Winner, Cadet of the Semester Dec 2000, Syracuse University Detachment 535 Honorable Discharge United States Air Force Reserves, DD-256 Airman 1st class Oc t. 2001 T-38 incentive ride and Air Force ROTC internship at Sheppard Air Force Base, Te xas Dean 's list multiple semesters at both Universities Achieved a 4.0 GPA Fall Semester 2000, Syracuse University Commanding Officer of a 110 cadets, Marine Corps JROTC Mexico High School, Mexic o, NY, Sept 1998- June 1999 TECHNICAL SKILLS Computer Operating Systems: UNIX, Linux, Ubuntu, Windows 95, 98, 2000, XP Window s 7, Vista, Server 2003, Mac OS 9, OS X, MS-DOS, Solaris 9, Solaris 10 Software: Microsoft Office, Quick Books 2007, Microsoft Project, Microsoft Visio , Outlook, MARS Remedy, Microsoft Share Point, Windows Administrator Tools, Acti ve Directory, Microsoft Exchange Server 2000, Directory Resource Administrator, VS 6, Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Fortify S tatic Analysis Tool, Ultra-edit, Serena Change Man Dimensions, Perforce, IBM Rat ional Developer, Eclipse, App Detective database scanning tool, Windows SQL Serv er 2000, Internet Information Services, Ounce Labs Static analysis tool, SPI Dyn amics Dev-inspect, HP Web Inspect, IBM AppScan, IBM App Scan Source, NTO Objecti ves, VMware, Web Scarab, Web Goat, Paros, 010 editor, X-way Forensics, Win-Hex, PGP, Microsoft Threat Modeling tool, Mozilla Firefox plug-ins including: Firebug , Web Developer, XSS ME, SQL inject ME, Hackbar, Switch Proxy, Tamper Data, Live HTTP headers, User agent switcher, Js-view, Burp Suite, Ethereal, Nessus, Micro soft Baseline Security Analyzer, GRC-Shields UP!, Zone Alarm by Check Point, Eth ereal, PGP Desktop Email, PGP Net share, PGP whole disk encryption, SMAC, telnet , putty, SSH, Net stumbler, Cisco wired and wireless Linksys routers, VPN, md5de ep hash, Metasploit, Qaulsys, IDA Pro, Regex Buddy, Confluence, Wiki Markup. Fid

dler Web Proxy, Snagit editor. Net Sparker Pro, Burpe Suite Pro, SQL Map, Clear Case. Languages: C, C++, C#, Visual Basic.NET, Java, J2EE, SQL, CLIPS, Perl, PHP, Prol og, XML, HTML, Java Script, SQL, COBOL, Python General Skills: PCI compliance remediation, security engineering, manual and sta tic analysis tool code review, web penetration testing, fuzzing, network securit y fundamentals, NIST Network Security Tool Kit, HTTPrint, NMAP, Security Risk As sessments, Software Security Risk Assessments, knowledge of Orange Book (TCSEC) and Rainbow series, Security Policies and Procedures, Security Management, Secur ity Engineering Capability Maturity Model (SSE-CMM), Defense Information Systems Agency (DISA) publications, National Institute Standards and Technology (NIST) publications, DoD 8550.2, DITSCAP, Evaluation Assurance Levels (EAL) Common Crit eria of Information Security Evaluations, Open Web Application Security Project. (OWASP). advanced searching, system analysis design, project management, leader ship, time management, public speaking, knowledge of networking, accounting, str ong written and verbal communication skills, customer service, consulting, softw are development life cycle (SDLC), knowledge of binary and hexadecimal number sy stems, sales, problem solving, computer building hardware and software, computer deployment, break fix, trouble shooting. Architecture risk analysis, threat mod eling, Cigital White Box Secure Assist, Armorize Code Secure, VeraCode, NuBridge s, Samurai Web Testing Framework, OWASP Live CD, OWASP ESAPI. ACTIVITIES Member, ISC2 Certified Information Systems Security Professional, CISSP, 326814 January 2009-Present Member, IEEE Member #87051477 Aug -2006- 2007 Member, OWASP, 73N4Q4M27PH www.owasp.org Aug-2009-Present Member, Phi Kappa Phi Honor Fraternity Member #11272553 April 2003 2007 Member, Information Systems Security Association Aug- 2006-Present Member, Lockheed Martin Recreation Association Cycling Club Feb 2006-June 2006 President, Oswego State Cycling Club Jan. 2004 Aug 2004 Member, Theta Chi Fraternity, Syracuse University Alpha Chi chapter Mar 2001-Ja n 2006 Teaching Assistant, Systems Analysis and Design Syracuse University Aug 2000-De c. 2000 Research Assistant, Institute for Sensory Research Syracuse University Aug 2000 -May 2001 Member, Onondaga Cycling Club May 2000-Jan 2006 Member, Lockheed Martin Auto Club Aug 2006- June 2006 Certified Level 1 Snowboard Instructor Feb 2003- June 2006 Certified Life Guard Sept 2001- Sept 2003 Certified CPR Sept 2001- Sept 2002 NASTAR Alpine Snowboard Racer Dec 2004- Jan 2006 Member, Fort Worth Java User Group March 2006-June 2006 Men 's Christian Bible Study, Fort Worth, TX March 2009-Present Member, Fort Worth Cycling Club http://www.fwbaclub.org/ January 2010-Present Member, Fort Worth Golf Club http://www.fortworthgolf.org/ August 2010-Present Partner, Daystar Christian Television Station http://www.daystar.com/ August 20 08-Present Member, 24 hour Fitness www.24hourfitness.com/ Personal Training January 2010-P resent Member, Elk Castle Shooting Range, 9mm Glock 19 target shooting February 2011-P resent SAMPLE WORK http://www.vimeo.com/8939668 http://www.vimeo.com/9069858 http://www.vimeo.com/8056446

http://www.vimeo.com/8054415 http://www.vimeo.com/8054415 http://www.vimeo.com/7998595 http://www.vimeo.com/7992560 http://www.vimeo.com/7987114 http://www.vimeo.com/7985052 http://www.vimeo.com/7968877 http://www.vimeo.com/8629442 http://www.vimeo.com/8812145 RECOMMENDATIONS Internet Security Analyst www.bankofamerica.com I had the pleasure of working with Matthew Parsons while he was a consultant fo r Genesis10 at our client, Bank of America. Matthew performed as a Source Code A nalyst on a six month assignment. He was an exceptional consultant. He always co mpleted his work on time, was flexible, was a team player, communicated well wit h us and received great reviews from his reporting manager. Matthew represented us well and I would recommend him as a Security Consultant. Regards ~ Katie Culpepper Matt is a man of character and integrity with strong Application Security skill s instilled by his extensive work experience. I am confident that he is an ethic al practitioner of his profession, an involved and informed leader in the AppSec community, and a friend. I highly recommend Matt Parsons and wish him success i n his future development. August 12, 2010 Brandon Rose Information Technology Recruiter, Apex Systems, Inc. (colleague) worked with you Verizon Communications Matt is a dedicated and highly skilled Security Analyst - his technical skills in the area of Source Code Reviews and deciphering insecure code, vulnerabilitie s and malicious code are some of the best in the nation. Matt is a team player a nd has proven himself in the area of teaching others in a highly technical area - and retaining participants attention and interest. Matt is a valuable and inte gral member of my team. September 30, 2009 George Turrentine, CISSP, CISM, Mgr - IT Security, Verizon Communications managed Matt at Verizon Communications Senior Internet Security Engineer Contractor Verizon Business Over the past 2 years I have worked closely with Matt. Through out our relation ship, he has been very professional, willing to learn as well as taking on proje cts to learn. Our field is a very new field in the industry and the majority of experience comes from hands on work. I am very impressed with both his work ethi cs and his quest for knowledge. September 18, 2009 Scot Cairns, CISSP, CSSLP, Application Security Analyst, Verizon managed Matt indirectly at Verizon Business Verizon Business Matt is the single most smart guy I have ever known in my entire life. He const antly strives to do what is right. While he often appears orthodox in his method s, he is actually as cowboy and as unorthodox as people can get. July 26, 2009 William Copley, Senior Internet Software Systems Engineer II, Verizon worked directly with Matt at Verizon Business Verizon Business

Matt is very detail oriented, intelligent, hard working, and customer oriented, which makes him my first choice for source code analysis projects. He is always looking to educate himself on the latest security technologies and trends to st ay on top of his field. A pleasure to know and work with him. March 30, 2009 Markus Bohlander, CISSP, Director, Application Security, InfoVision worked directly with Matt at Verizon Business CEO, CIO, CTO, Security Consultant Parsons Software Security Consulting LLC I 've had the opportunity to work with Matt on several related projects. Matt k nows his strengths and works hard to make his strengths stronger. He is wise eno ugh to seek out advice and guidance when he encounters a subject that isn 't his strength. I recommend Matt for his professional integrity, his ability to deliv er on his strengths and his willingness to seek out advice when he recognizes th e need to tap into someone else 's strengths. November 5, 2009 Jeff Snyder, President, SecurityRecruiter.com & J.A. Snyder & Associates, Inc. was with another company when working with Matt at Parsons Software Security Con sulting LLC CEO, CIO, CTO, Security Consultant Parsons Software Security Consulting LLC Matt is a consummate professional and a pleasure to work with. He seeks to find the appropriate solutions to his client's needs while still keeping your cost i n mind. Matt adapts his problem solving approach to each client's unique busines s concerns. He also focuses on the quality of the solution rather than the quant ity which assures your businesses the right product the first time. Above all el se, Matt is trustworthy and will give you practical appraisals and solutions bas ed on your business needs. July 20, 2007 Top qualities: Great Results, Personable, High Integrity Nick Grimshaw hired Matt as a IT Consultant in 2005, and hired Matt more than once Security Engineer Lockheed Martin Matt gave our security product a fair an extremely thorough examination last ye ar. The level of expertise, maturity and rigor he brought to this action, upon w hich the security standing of the greater Lockheed corporation depended, was ver y impressive indeed, especially for someone so young. I recommend him for increa singly demanding positions of trust in the future, whether as an employee or a s ervice provider. December 26, 2007 Andy Bochman, Director, Federal Markets, Ounce Labs, Inc. was a consultant or contractor to Matt at Lockheed Martin Customer Support Solectron Contractor for verizion Wireless Matthew was a dedicated employee concerned with assuring customers received the best experience with Technical Services with Verizon Wireless. Matt consistentl y went above and beyond to assist these customers with their needs on an ongoing basis. March 22, 2009 Brendon Scarano, Area Team Leader, Solectron managed Matt at Solectron Contractor for Verizon Wireless Student I would heartily endorse Mr. Matthew Parsons. I have known him for several year s - as both a colleague in the Computer Security field and as one of my OUTSTAND ING students at Colorado Technical University. Matt's attention to detail, thoro ughness in his work (and assignments) and his integrity are just a few of the qu alities that I feel make Matt an exemplary person, employee, and colleague. I wo uld recommend Matt to anyone looking to find and hire top-notch talent - I know

that if I had an opening on a team - he would be one of the first people I'd cal l. Derek E. Isaacs May 1, 2010 Derek Isaacs , Adjunct Professor , Colorado Technical University taught Matt at Colorado Technical University We have worked with Matthew Parsons for several years and find him to be honest, trustworthy, knowledgeable and reliable. His prices are fair and he is a most n ecessary asset in this day and time. We would recommend him to everyone. Parts & PC 's Danny Schiffner Craig Newnam.