Mike Housley
Meridian
Summary
Expert in security management with extensive experience in developing and implementing robust security protocols that enhance organizational safety. Demonstrated success in leading cross-functional teams to identify vulnerabilities and execute strategic risk mitigation plans. Recognized for strong analytical capabilities and adaptability in high-pressure environments. Achievements include improved security posture through proactive threat analysis and effective communication strategies.
Overview
21
21
years of professional experience
Work History
QA Manager
BishopFox
Meridian
07.2022 - 10.2023
- Build out and manage QA team and integrate culture and processes into an existing product.
- Design and implement test database schemas.
- Design and implement automation frameworks.
- Add SAST, DAST, container, secret and cloud scanners to deployment pipeline.
- Map all services and owners to a single source of truth.
- Create test plans and repeatable manual test cases for all existing services.
- Write smoke, functional, security, performance and environment automated test cases.
- Create release process and publish metrics for each release.
- Mentor direct reports and guide them along their career path.
- Embed QA into all phases of the SDLC.
- Implement UAT testing with product team.
- Implement Jira workflow across multiple development teams to standardize the QA and release process.
Product Security Engineer
Clarivate
Meridian
06.2018 - 04.2022
- Create application CMBD, or product source of truth.
- Create and implement web application ranking and penetration testing program.
- Implement a continuous attack surface penetration testing program.
- Implement responsible disclosure program, and soon to be bug bounty program.
- Create Security Champion program and help implement and train champions.
- Create application incident response process and conduct tabletop exercises with all product teams.
- Conduct threat models against applications.
- Mentor junior or new members to our team.
- Implement role-based security training for development teams.
- Conduct code reviews with development teams.
- Approve security changes for change requests.
- Provide forensics for incident response process.
- Implement security controls and processes into CI/CD pipelines.
- Automate metrics for security dashboards.
- Create process to aggregate vulnerabilities from security tools or code scanners and automate ticket creation.
- Complete client questionnaires and manage some 3rd party audits.
- Drive requirements and provide evidence for ISO 27001 and SOC2 certifications.
- Implement a continuing education program for Information Security team.
- Work with architects to fine tune SOC and other security tool alerts.
- Participate in weekly on-call rotation for responding to security alerts, team inbox, and being the point SOC analyst.
- Manage the SDLC process with Agile and Waterfall development teams for vulnerability remediation.
Senior QA Engineer/Internal Penetration Tester
Clarivate
Meridian
01.2014 - 06.2018
- Create and maintain test automation and manual testing frameworks.
- Use tools like Burp Suite, dirbuster, gobuster, ZAP, Beef, Curl, Nmap to perform security related tests against the client facing applications and Restful APIs.
- Write security tests for web applications, APIs, and segregation software products.
- Write up security issues found from manual testing, and 3rd party penetrations tests.
- Prioritize results returned from SAST scans and help the development team understand the impact of issues.
- Aid management with answering prospective client security questionnaires.
- Write up defects, and new enhancements.
- Troubleshoot errors submitted by clients and support users.
- Create API documentation, and help clients develop against our API.
- Create and manage tools for testing and for internal support users.
- Contribute to the design process of new features.
- Collaborate in agile processes and daily standups.
- Contribute to developer code reviews.
- Write test plans for both automated and manual test cases.
- Automate metrics for management around manual and automated tests, potential risks or vulnerabilities.
Partner Support Engineer
Hewlett Packard
Boise
01.2010 - 01.2013
- Debug SDK and printer firmware.
- Provide a code fix for SDK bugs.
- Find vulnerabilities within SDKs and create a patch or recommend a fix to firmware or component teams.
- Troubleshoot hardware, software, servers, and firmware.
- Support, coach, train and mentor first tier support engineers.
- Create technical white papers.
- Resolve defect and enhancement requests in a timely manner.
- Work with architects on specifications for new SDKs.
- Specialized in HTML, and XML based printer solutions.
- Help 3rd party partners with solution development.
- Troubleshoot complex customer escalations.
- Prioritize incoming defects around solutions submitted by other teams.
- Assist firmware labs, test labs and ACT lab in troubleshooting solution related problems.
Partner Support Engineer, Triage Engineer, Test Automation, Test Analyst
Adecco Technical at Hewlett Packard
Boise
01.2003 - 01.2010
- Debug SDK, firmware, and automated tests.
- Troubleshoot hardware, firmware, and software.
- Fix minor firmware bugs for enterprise printers.
- Write automated test cases using Perl, and TCL.
- Create framework for automated testing using Perl.
- Lead manual test team.
- Write manual test cases around new features and fixed defects.
- Create test sessions for release lifecycle, and report current metrics.
- Create tools to help in debugging firmware.
- Create scripts to help aid in test localization, test importing, and general testing aids.
- Maintain HP-UX and Linux systems for automated testing, and debugging.
- Work with firmware component owners to resolve defects in a timely manner.
- Train new operators and testers.
- Write documentation on new features added into firmware, for testing.
Education
SEC588 Cloud Penetration Testing
Sans Institute
09.2021
FOR518 Mac and iOS Forensic Analysis and Incident Response
Sans Institute
09.2020
FOR508 Advanced Incident Response, Threat Hunting and Digital Forensics
Sans Institute
09.2019
OSCP - Penetration Testing with Kali Linux
10.2017
SEC642 Advanced Web App Penetration Testing and Ethical Hacking
Sans Institute
04.2017
SEC542 Web App Penetration Testing and Ethical Hacking
Sans Institute
01.2016
Gold certificate - Information Security Risk Management
Thomson Reuters Application Assurance Academy
07.2015
Computer Science, Electrical Engineering
Boise State University
01.2005
Skills
- Vulnerability assessment and penetration testing
- Incident response and digital forensics
- Risk management and threat modeling
- Team leadership and collaboration
- Security frameworks and agile methodology
- Detail orientation and process improvement
- Effective communication and application security
Presentations
- 07/24/17, Idaho Technology Council @ University of Idaho, Web and Mobile Application Testing with Burp Suite technical presentation.
- 11/02/19, Boise BSides, Introduction to Web Application Penetration Testing.
Languages And Technologies
HP-UX
- Linux
- Mac
- Windows
- C
- C++
- Java
- C#
- Perl
- Python
- TCL
- HTML
- PHP
- CSS
- JS
- GDB/DDD
Environments
- AWS
- Azure
- GCP
- Datacenters
References
References available upon request.
Timeline
QA Manager
BishopFox
07.2022 - 10.2023
Product Security Engineer
Clarivate
06.2018 - 04.2022
Senior QA Engineer/Internal Penetration Tester
Clarivate
01.2014 - 06.2018
Partner Support Engineer
Hewlett Packard
01.2010 - 01.2013
Partner Support Engineer, Triage Engineer, Test Automation, Test Analyst
Adecco Technical at Hewlett Packard
01.2003 - 01.2010
SEC588 Cloud Penetration Testing
Sans Institute
FOR518 Mac and iOS Forensic Analysis and Incident Response
Sans Institute
FOR508 Advanced Incident Response, Threat Hunting and Digital Forensics
Sans Institute
OSCP - Penetration Testing with Kali Linux
SEC642 Advanced Web App Penetration Testing and Ethical Hacking
Sans Institute
SEC542 Web App Penetration Testing and Ethical Hacking
Sans Institute
Gold certificate - Information Security Risk Management
Thomson Reuters Application Assurance Academy
Computer Science, Electrical Engineering
Boise State University
Similar Profiles
Keegan JonesKeegan Jones
Forklift Operator at Sam's ClubForklift Operator at Sam's Club
Virginia Kathleen (Kathy) DeanVirginia Kathleen (Kathy) Dean
School Counselor at Enterprise Elementary and Middle SchoolSchool Counselor at Enterprise Elementary and Middle School
Gina HolbrookGina Holbrook
Administrative Assistant at Eagle Ridge ApparelAdministrative Assistant at Eagle Ridge Apparel
Jackson WilkieJackson Wilkie
Active Duty Guardian at United States Space ForceActive Duty Guardian at United States Space Force
Ian XiminiesIan Ximinies
QA Manager at Synchronoss Technologies IncQA Manager at Synchronoss Technologies Inc