Miguel Hummel

LinkedInGitHubInstagram

Who I am

Motivated security specialist focusing in information security and risk management through the creation of policies, response plans, and preventative technical controls based off of real world experience from penetration testing and handling security incidents. Increases an organization’s security posture and objectives with innovative solutions while allowing for innovation and transformation. Strong communication skills with the ability to effectively speak to technical and non-technical team members.

Experience

The Global Event Management (GEM) Operations team leads the operational response to the most critical cybersecurity vulnerabilities, known as GEMs, and to drive tactical and strategic improvements to the GEM Process. Within the GEM Operations Team, the GEM Operational Response NAM Lead maintained oversight of all potential and newly activated GEMs, including tactical coordination with security, engineering, and operations SMEs, align with Fusion Center communications, organize remediation response instructions and data, manage stakeholders, and provide remediation/status reporting. These efforts were in partnership with EMEA and APAC regional leads, to provide around-the-clock vulnerability data and stakeholder support.


Identified and evaluated organizational risk through various methods, including penetration testing, adversary simulations, and analysis of publicly reported vulnerabilities. As part of my responsibilities, I led vulnerability assessments and effectively coordinated with engineering teams to address new vulnerabilities impacting the global infrastructure. This included conducting comprehensive risk evaluations and providing informed remediation recommendations. I also led the careful selection and implementation of multiple security tools to increase the security posture of the organization. 


Orchestrated several proof-of-concept projects, which involved rigorous vendor selection, business case development, defining testing parameters, and strategizing post-purchase product deployment. This was accomplished by delivering comprehensive recommendations to the Director of Infrastructure and the Chief Information Security Officer (CISO). Assisted on the migration of an eCommerce website's Web Application Firewall (WAF), maintaining robust security measures while minimizing operational impact. In the event of security incidents, I supported the external forensics team and coordinated forensic collections and evidence handling and provided remedication recommendations to leadership. 


Worked as a technical resource on multiple security and forensic engagements. Created internal documentation on forensic procedures and assisted in monitoring internal security systems and managing the forensics lab. Worked and led multiple incident response engagements of varying sizes including on-prem infrastructure and cloud infrastructure including Office 365 deployments.


Worked as a technical resource on multiple penetration testing and security assessment engagements. Designed report deliverables for security engagements and assisted with the creation of new products to increase revenue while decreasing costs, time, and effort. This included migrating products from hourly rates to fixed fee engagements with automated workflows.


Worked in a SOC type role reviewing IDS logs and tracking down events. Automated several workflows to handle alerts and copyright notifications.


Education

Certifications

Training

Memberships, Awards, & Publications

Voting member on the Common Vulnerability Scoring System Special Interest Group (CVSS SIG) working to develop and publish CVSSv4.

Oldest all-discipline honors society in the United States, founded in 1897. Membership is by invitation only, by an established campus chapter, and is restricted to students with integrity and high ethical standards and who are ranked scholastically in the top of their class, regardless of the field of study.

Made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program. Participation is by invitation only and is offered to certification holders who earn a score of 90% or better on at least one exam.

Awarded to those who win the capture the flag challenge at the end of the SEC560 course. The Coin is meant to be an honor to receive it; it is also intended to be rare.

Achieved the rank of Eagle Scout in 2006 at 14.