Mason Jones

Email: mason@masonjon.es

Location: Virginia, US

Website: www.masonjon.es

LinkedIn: www.linkedin.com/in/mason-jones-security

Professional Experience

Federal Reserve Bank of Richmond

Senior InfoSec Engineer - January 2023 to Present

  • Leads the majority of engagements assigned, having executed over 100 cumulative penetration tests for both local and national level Federal Reserve systems, web applications, networks, and cloud infrastructure.

  • Coordinates specific assessment events, including definition of testing scope, technical restrictions, event scheduling, access provisioning, coordination of testers, and detailed reporting of findings.

  • Meets regularly with customers to review the results of penetration tests, ensuring understanding and highlighting value provided.

  • Mentors junior employees, helps them understand their future cyber security career goals, discusses skills and competencies needed to achieve them, and provides support and guidance through their journey.

  • Taught and presented at multiple internal training events for our Cyber Bank Examiners to help them increase their knowledge base and competence around cyber security and technical knowledge in preparation for examining banks around the country.

  • Assists in onboarding new employees both onto our team directly, as well as presenting and teaching our Security Policies and Employee Expectations at new hire onboarding events.

Intermediate InfoSec Engineer - January 2020 to January 2023

  • Executed over 50 penetration tests, having led many, for both local and national level Federal Reserve systems, web applications, networks, and cloud infrastructure.

  • Lead annual threat hunting initiative, worked on various new routes of possible vulnerability discovery, and reported quarterly to upper management.

Associate InfoSec Engineer - May 2018 to January 2020

  • Provided offensive security testing and vulnerability scanning reviews to customers throughout the development lifecycle and on an ad hoc basis.

  • Provided daily security monitoring review of inbound and outbound business data via a Splunk dashboard to prevent data leakage and exfiltration.

  • Maintained continuous security monitoring capability, including Qualys external web application scanning, Nessus internal network endpoint scanning, and false positive identification.

Education

University Degree

  • Computer Engineering B.S. from Christopher Newport University (Sept 2014 - May 2018)

Technical Certifications

  • Offensive Security Certified Professional (OSCP)

  • GIAC Penetration Tester (GPEN)

  • GIAC Web Application Penetration Tester (GWAPT)

  • ISC2 Certified Cloud Security Professional (CCSP)

  • AWS Certified Cloud Practitioner (CCP)

  • Security Assurance for the Federal Reserve (SAFR)

Skills

Tools

  • Burp Suite, Nikto, SQLmap

  • Tenable Nessus, HCL Appscan, Qualys, Nmap

  • VS Code, Metasploit, ExploitDB

Technologies:

  • Amazon Web Services (AWS), Digital Ocean

  • Kali, MacOS, Windows, Debian, Ubuntu

  • Git, GitHub, GitLab, Gitbook

Languages

  • Python, JavaScript, Java

  • Bash/sh/zsh, PowerShell

Interests

  • Rock Climbing - Highest indoor climb grade is a 5.12+

  • Chess - Highest rapid rating on Chess.com is 1275

  • Table Tennis - Decent

NextReference

Last updated