Christopher T.

Ruggieri
114 Clear Creek LN (205)405-5814
Ashville, AL 35953 cruggieri@phoenix-comp.com
https://www.phoenix-comp.com

Summary of Qualifications:

 Extensive Network Design and Implementation experience

 Extensive Information Security and Penetration Testing experience
 Extensive Experience implementing and maintaining the FirePower module on Cisco ASA Firewalls
 Extensive Experience with Cisco Switches and firewalls, Dell/SonicWall Firewalls, Sophos XG
Firewalls and HP switches
 CompTIA certifications (A+, Network+, and Security+)
 EC-Council Certified Ethical Harker (CEH) and Certified Network Defense Architect (CNDA)
 Working on OSCP and many others
 Experience with everything from NT Server to Windows Server 2019 and SQL Server 2005, 2008,
and 2015
 Experience running a business for 17 years, which gives me experience running on a budget and
managing employees and projects.
 Active member of the Central Alabama Chapter of the ISSA and Sector Chief for Technology for the
Birmingham Chapter of the Infragard Members Alliance’s Sector Security and Resiliency Program
 Given lectures on Red Teaming, General Information Security, IAM, Automating Vulnerability
Management, and the Zero Trust Security Model
 Received Super Honorable Mention at the 2019 SANS Holiday Hack Challenge (Top 2.51%), Top 3%
at the 2020 SANS Holiday Hack Challenge, received Honorable Mention at the 2021 SANS Holiday
Hack Challenge (Top 1.8%), Top 3% at HackTheBox’s 2021 Cyber Santa is Coming to Town, Former
Top 100 on HackTheBox Leaderboard (Top .06% currently, Ranked Top 10% on TryHackMe
 Web Application Penetration Testing – 15 years experience
 Network Penetration Testing – 20 years experience
 Internal/Systems Penetration Testing – 22 years experience
 Mobile App Penetration Testing – 5 years experience
 Physical Penetration Testing – 20 years experience
 External Vulnerability Assessments – 18 years experience
 Cloud Platform Penetration Testing – 6 years experience with Azure (both app containers and
infrastructure) and AWS (both container and infrastructure
 Discovered Azure container vulnerability in 2018 – Disclosed to Microsoft, but not to public (per NDA
agreement)

Technical Skills:
 Computer Hardware: Personal Computer, HP Blade Servers, Dell Servers, NetApp Storage,
 Networking Hardware: Cisco ASA Series with the FirePower Module, Dell SonicWALLs, Cisco
(OSPF and EIGRP) some experience with BGP routing (mainly BGP Hijacking) and HP Switches,
Wireless Access Points (AeroHive, SonicWALL, Meraki, and Cisco), Synology NAS devices, NetAPP
SAN devices
 Operating Systems: DOS, Windows95/98, Windows NT, Windows 2000, Windows Server
2003/2008/2012/2016/2019, Windows Operating Systems (XP, Vista, 7, and 10), Linux (Mint, Ubuntu,
CentOS, RHEL), Kali, Hyper-V, Citrix, and VM-Ware
 Enterprise Applications: Exchange Server, SQL Server, Footprints (and Remedy) and some SAP
administration, Fluke NetFlow, SolarWinds, some Nagios, System Center Configuration Manager
(SCCM), CyberArk, Ping Identity, QRadar SIEM, Nessus, Tenable IO, Rapid 7 InsightVM, Snort,
Security Onion, some ServiceNOW
Christopher T. Ruggieri
114 Clear Creek LN (205)405-5814
Ashville, AL 35953 cruggieri@phoenix-comp.com

 Programming Languages: Visual Studio 2008, 2013, 2019 (VB, C#, ASP, .NET), Python, Bash,
JavaScript, Powershell scripting
 Penetration Testing/Digital Forensics Software: Kali, SIFT, CSI Linux, OWASP, MSF Framework,
BurpSuite, Radare2, IDA, Ghidra, WAPpalyzer
 Governance Frameworks: COBIT 4 & 5, COSO, PMBOK, and ITIL
 Compliances: PCI-DSS, FISMA, CJIS, GLBA, HIPAA, and SOX

Education

 MS – Management Information Systems – Concentrations in Web and Mobile Development, IT

Management, and Information Security – University of Alabama at Birmingham, April 2018 – GPA
3.91
 Phi Kappa Phi and Golden Key International Honor Societies

Professional Experience:

Senior Information Security Engineer 2017-Current

Hibbett Sports, Inc. Birmingham, AL

 Performed weekly to monthly internal and external penetration tests, both “blind” and using the
vulnerability scans to confirm or exclude as false positives the vulnerabilities found during the
scans
 Performed PCI-DSS “Pre-Checks” Monthly (EVS scans, External Penetration Tests, Vulnerability
Reporting and Management)
 Performed Web Application Penetration Tests on Internal-Only Web Apps
 Perform Bi-Monthly Penetration Tests on our Staging environment (E-Commerce Site hosted in
SFCC)
 Performed limited Penetration Tests on Mobile Applications
 Analyzed and tracked reports of inappropriate use of technology and company/personal
information, including information security incidents, and participated in the investigation and
resolution of such incidents.
 Designed, deployed, and administered network and application security controls such as intrusion
detection/prevention, vulnerability scanning, log reporting and correlation, web application
scanning, endpoint protection, securing wireless networks, access controls and encryption
capabilities.
 Identify and define system security baseline requirements.
 Design system security architecture and develop detailed security designs.
 Proactively mitigate risks to the organization from emerging threats by maintaining knowledge of
current technology, issues and best practices related to information and systems security.
 Plan and execute security assessments such as internal and external network penetration tests,
network vulnerability scanning, website vulnerability assessments, and others. Report findings
and assist with development and completion of any remediation plans necessary.
 Develop technical solutions and new security tools to help mitigate security vulnerabilities and
automate repeatable tasks.
 Utilize IT Security tools to monitor and research potential information security issues related to
the systems at the organization to ensure internal security controls are appropriate and operating
as intended
Christopher T. Ruggieri
114 Clear Creek LN (205)405-5814
Ashville, AL 35953 cruggieri@phoenix-comp.com

 Ensure organization's information technology policies are appropriate, achievable, and followed.
 Participate in developing and administering appropriate sensitive information handling and
storage practices.
 Participate in the handling and resolution of cyber incidents.
 Protect the company’s assets and financial information by ensuring the accuracy and
effectiveness of internal control procedures and informing management and/or appropriate
officials of potential fraud risk.
 Implemented CyberArk Privileged Account Management and Privileged Session Manager
 Created integration between Tenable.IO and ServiceNOW’s CMDB (custom script collating
output from several different API endpoints, provided script to Tenable to improve their Tenable
for Assets ServiceNOW plugin)
 Designed and began implementation of an Automated Vulnerability Management system
(Tenable.IO > ServiceNOW > BigFix > QA > CAB > Production Deployment)
 Managed SSO configurations with both Ping Identity, On-Premises ADFS, and Azure ADFS
 Architected and implemented an Automated Account Lifecycle Management system (joiners,
movers, and leavers) converting to a hybrid Role-Based and Policy-Based Access Control Model,
including implementing Dynamic Groups in Azure AD to automatically add users to their
appropriate groups based on attributes provided by Workday’s APIs
 Implemented Zscaler Internet Access and Zscaler Private Access and introduced micro-
segmentation at Layer 7 using ZPA’s Access Controls
 Secured 1100 Store locations and 3 data centers with a team of two.

Chief Information and Security Officer/Owner 1996-Current

Phoenix Computing Solutions, LLC. Milledgeville, GA then Ashville, AL
 Perform Penetration Tests for Small to Medium businesses and Non-Profit Organizations
 Participated in dozens of Bug Bounty Programs
 Maintained Information and Network Security, including compliances and penetration testing for clients
 FORMER - Designed, Spec-ed, Budgeted, and Implemented LAN/WAN configurations for Client
Offices including Cisco and SonicWall firewall configurations (SonicWall using Global Services
Manager (GSM)
 FORMER - Built, Sold and Repaired workstations and servers for both clients and the office
 FORMER - Implemented and maintained Cisco Firewalls with FirePower module and Dell SonicWall
NGFWs

Network Systems Analyst 2015-2017

City of Hoover Hoover, AL
 Performed internal penetration tests and physical security tests quarterly
 Replace current Cisco PIX firewall with Cisco ASA Firewall
 Added FirePower module to the new ASA and created new firewall rules
 Helped Design, Budget, and Began Implementation of network conversion to 10. network with
EIGRP across 20 locations with varying connection types (VPN, MPLS, Dark Fiber)
 Conducted Level 1 and Level 2 incident analysis and network troubleshooting
 Conducted incident management and tracking using Support Central
 Develop Backup Solution and Disaster Recovery Plans
 Administer Active Directory/Group Policy Controls and account auditing
 Upgraded all Domain Controllers to increase Domain Functional Levels
 Developed Security Policies for Management to put forward for council approval
 Upgraded Cisco 10/100 Switches for Cisco GB Switches
Christopher T. Ruggieri
114 Clear Creek LN (205)405-5814
Ashville, AL 35953 cruggieri@phoenix-comp.com

 Assisted in the Upgrade of Cisco Call Manager and Cisco Unity VOIP and Unified Messaging
Systems
 Acted as the Primary contact for Microsoft Exchange and developed an Upgrade Plan for the
Exchange Environment
 Replaced Cisco Wireless Controller and APs with AeroHive Cloud Managed APs
 Auditing current security posture to recommend changes
 Provide backup support for the Network Manager, Telecom Manager, and Desktop Support

IT Analyst 2014-2015
Southern Company (3-month contract extended to 8 months) Birmingham, AL
 Provided Front-Line IT Support for All Southern Company OPCO’s
 Maintained Higher-than-Average Results with a 97%+ Customer Satisfaction rate
 Coded Several Automated Fixes for Common Problems using Incident Management using Remedy

Help Desk Analyst 2014-2014

ALFA Insurance Co. (3 month contract extended to 5 months) Montgomery, AL
 Tier 1 Support for Agents and Customer Service Reps
 Provided remote support for hundreds of Service Centers and Thousands of Systems
 Coded Several Automated fixes for Common Problems using Incident Management
 Helped Diagnose connection issues with Fluke NetFlow
 Maintained ITIL guidelines for ticket creation and Escalation
 Maintained Excellent Call Resolution Times and Issues Handled

IT Specialist 2013-2014
Zorlu Manufacturing Co. LLC. (3 month contract extended to 5 months) Sandersville, Ga
 Monitored and administered Enterprise level Network operations and services including new
SonicWall NSA 220 Firewall configurations with VPN between Sandersville and New York.
 Managed SAP R/3
 Performed Vulnerability Assessment and Penetration Testing on both Sandersville and New York
networks
 Developed a new technology asset inventory management system in ASP.Net

Business Manager 2010-2013

Air Conditioning Refrigeration Co. Milledgeville, GA
 Reviewed potential and current employees
 Oversaw Installation and Service teams
 Managed customer billing and contracts
 Managed inventory and product pricing

Licensed Insurance Agent 2002-2004

GEICO Insurance Co. Macon, GA
 Provided quality customer service for policyholders over the phone and in writing.
 Answered questions and solved a variety of policy problems.
Christopher T. Ruggieri
114 Clear Creek LN (205)405-5814
Ashville, AL 35953 cruggieri@phoenix-comp.com

 Maintained highest up-sales results in my section for several months

Computer System Support Specialist 1999-2001

Baldwin County Board of Education Milledgeville, GA
 Designed, Budgeted, and Implemented new CAT 5 and fiber optic networks between the individual
schools
 Performed troubleshooting for a variety of different computer and network problems, hardware/
software
 Implemented training courses for teachers in the Microsoft Suite
 Handled all repairs for the 5 Elementary Schools