Nathan Acks
Attendere ad singula

Led teams of 1 - 4 engineers during multi-week engagements covering multiple services and applications. Worked closely with other application security engineers to perform reviews and tests on web applications, thick clients, mobile applications, IoT devices, and more. Reviewed code for common security vulnerabilities. Used a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications. Created threat models that resulted in more secure application design. Designed and developed security testing scenarios. Analyzed and presented results of testing to team members, managers, and customers. Wrote detailed problem reports, test plan documents, and mitigation recommendations as needed. Developed in-house and open source tools to aid penetration test automation and effectiveness.

• Developed a standardized testing environment using Linux containers (Docker/Podman) and Debian Linux.
• Maintained an offline knowledge base for use by engineers during on-site engagements without direct internet access.

Worked closely with other application security engineers to perform reviews and tests on web applications and thick clients. Used a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications. Reviewed code for common security vulnerabilities. Created threat models that resulted in more secure application design. Designed and developed security testing scenarios. Analyzed and presented results of testing to team members, managers, and customers. Wrote detailed problem reports, test plan documents, and mitigation recommendations as needed.

Founded and oversaw the organization's IT & Security team, crafting organization-wide security policies in collaboration with the Legal team and the President's Office. Wrote and maintained IT and security-related documentation and trainings. Held bottom-line responsibility for the roll-out, maintenance, security, and support of IT systems used by all staff, including email, user authentication, document management, and custom internal applications. Served as the technical point-of-contact for IT-related PCI DSS issues, investigated and remediated potential IT security incidents, and maintained IT and security-related documentation and trainings.

• Developed and implemented a security tier system for offices and staff to rationalize existing IT and physical security policies.
• Created an internal system for the provisioning and management of the full lifecycle for accounts in services managed by the IT & Security team.
• Oversaw the successful migration from a legacy vendor email system to Google Workspace, and from a legacy LDAP system to Okta.
• Managed the successful roll-out of two-factor authentication to the staff, the transition to Microsoft 365, and the migration of multiple office-based phone systems nationwide.
• Upgraded and managed office networks nationwide.

Served as the key point on data analysis, database development, and IT vendor management for the organization's digital organizing program. Evaluated and developed new organizing tools and reports for the Digital team and created a customer Perl script to generate constituent mass-mailings. Managed multiple Ubuntu, CentOS, and Arch Linux servers running mission-critical applications, including LDAP/GOsa, MySQL, NFS, Git, Postfix, Apache, CiviCRM, WebGUI, and Tenable Security Center. Responsible for contractor and vendor relations for all Digital team technology, as well as associated budgets. Wrote/curated a large library of custom SQL and PL/SQL scripts for reporting and data import, export, and clean-up. Provided wide-ranging support in the development of content and outreach strategies as part of a rapid response organizing team. Managed the social media presence for the Recruitment team and served as the technical point-of-contact for PCI DSS and computer security issues. Provided general technical support for the Denver office's staff and maintained the office's network.

• Oversaw the successful migrations of an in-house constituent relationship management (CRM) and action system to Convio, followed next to Salsa and MySQL.
• Led a successful project that integrated vendor CRM databases with a separate system hosted by ROI Solutions.