Matthew

Andreko
Senior Red Teamer and Penetration Tester

Smart-working and focused security consultant and software developer with 19+ years of Personal Info
experience in Information Technology (IT) providing security services and developing custom
applications. Patient and persistent problem solver; excels in supporting and overcoming Address

challenges in complex situations. Quickly masters new technologies and consistently strives to 10367 N State Road 39

broaden skill set and expand capabilities. Lizton, IN 46149

Phone
Experience 317.331.9089

06.2015 - Senior Red Team Consultant E-mail

present Accenture (Formerly FusionX) matt@andreko.net
Perform red-team attack simulations against external customers networks. GitHub
Maintain persistence on internal networks for goal-oriented results, providing github.com/mandreko
value by identifying detailed attack chains that could be utilized by real
WWW
attackers. Complete in-depth research and development, establishing new
www.mattandreko.com
approaches to an ever-changing attack landscape.
• Utilize new techniques to identify and exploit vulnerabilities in customer LinkedIn
networks. linkedin.com/in/mattandreko/
• Develop custom command and control (C2) software and other tools to aid in
team projects and prevent detection. Skills and Tools
• Create comprehensive and accurate reports and presentations for both OSINT
technical and executive audiences.
Attack Simulation
09.2012 - Security Consultant
Penetration Testing
06.2015 Optiv (Formerly Accuvant)
Perform onsite and remote security consulting including penetration testing, Social Engineering

vulnerability assessment, web application security assessment, internal and Mentoring

external security assessment, social engineering, and wireless assessment.
Meming
• Generate and present technical and executive level reports on security
vulnerabilities to external customers. Software
• Develop custom tools for security testing and workflow management to aid
Metasploit
and expedite projects and the work of other consultants.
• Provide tools and mediums to aid in communication between remote Cobalt Strike
consultants.
Burp Suite
07.2011 - Senior Software Analyst Linux (Various Distributions)
09.2012 Leaf Software Solutions
Microsoft Windows (NT4 to current)
Develop web-based management software for automative dealer services.
• Refactor and clean a large portion of the codebase to upgrade from .NET 2.0 Source Control (Git, SVN, etc)
to 4.0, utilizing Linq, generating the same functionality with fewer lines of code
as well as being more easily readable.
Programming Languages
• Undertake research assignments for the next generation of the software. Main C#, ASP.net
topics include build/deployment, NoSQL database storage, and best-practice
JavaScript (Node, jQuery, React,
development patterns and standards.
Angular, etc)
• Identify security weaknesses in the current code-base. Provide demonstration
of how malicious actors could cause data loss or cause harm to the company. PowerShell

06.2010 - Software Developer III Python

07.2011 Autobase/Dominion Dealer Solutions Ruby

Develop web-based automotive CRM software to replace existing client-server
C/C++
software.
SQL (MySQL, Microsoft SQL Server,
• Participate in an Agile SCRUM product lifecycle, utilizing an extreme
Postgresql, etc)
 programming model, pairing developers to analyze business requirements Go
given by analysts to implement solutions.
PHP
• Lead the initiative to switch from SVN to Git, providing guidance and training
to the team.
• Work with outside vendors to understand and implement web-based solutions
for scanning driver licenses and other cards from a web-based interface.

04.2007 - Software Developer

05.2010 Key Benefit Administrators
Develop in-house applications based on a set of specifications provided by a
team lead. Work with several team members to provide stable and scalable
services. Provide custom reports on a day-to-day basis.
• Develop and maintain a service that would distribute agent and vendor
commissions based on a complex set of rules, handling cash advances, and
several other advanced features. Responsible for running monthly, verifying
data to finance department and creating custom reports from Microsoft SQL
2008 and Active Reports.
• Manage SVN repositories, including advanced branching and merging
scenarios to aid in development amongst multiple team members.
• Train new team members and contractors to learn and use the existing code-
bases for various web applications.

08.1999 - Software Developer / System Administrator

04.2007 On-Ramp Indiana
Provide technical expertise for a multitude of tasks, including developing custom
software, customer support, and network engineering in a team-oriented
environment. Delivery of superior service to customers, fielding diagnosing,
troubleshooting, and resolving complex and/or unusual support calls.
Instrumental in training new staff.
• Configure and support Cisco network devices on a complex network, providing
segmentation from customer and company assets. Harden Microsoft Windows
server infrastructure in accord with baselines such as CIS benchmarks.
• Develop several custom applications, integrating into various internal services
such as Vircom Modusmail Server, WebTrends, Microsoft IIS, and Microsoft
DNS Server to provide automation to previously manual tasks.
• Reverse-engineered Vircom Modusmail to identify a weakness in their
webmail interface, allowing an attacker to decode plain-text cookie values to
hijack user sessions.

Education
2002 - IUPUI
2004 Computer Technology with minor in Electrical Engineering

Certifications
06.2012 Offensive Security Certified Professional (OSCP)

04.2013 Offensive Security Certified Expert (OSCE)