Robert Cao

Shifting Security Forward

Expierence

RED TEAM LEAD

As a Red Team Lead, I conducted offensive operations during purple team engagements with DoD customers, performing recon, executing exploits, and maintaining persistence to emulate real-world adversaries. I developed and delivered Cobalt Strike training to enhance team readiness and ensure effective red team performance. To improve efficiency, I created a repository of common attack injects that mimicked Advanced Persistent Threat (APT) tactics, techniques, and procedures (TTPs). These efforts enabled my team to conduct realistic, repeatable exercises that strengthened organizational defenses. My leadership ensured the successful execution of operations, which provided actionable insights for customers. This work demonstrated my dedication to simulating advanced threats and preparing organizations for emerging challenges.

PEN TEST LEAD

As a Pen Test Lead, I conducted internal network penetration tests across 12 internal subnets and 10 web applications, identifying vulnerabilities such as authentication bypass and information disclosure. I led red team engagements using the Mitre ATT&CK framework to uncover security weaknesses and improve organizational defenses. By integrating threat modeling and penetration testing into the CI/CD pipeline, I enhanced security while ensuring seamless product delivery. I developed a comprehensive playbook for network and web application penetration testing, along with threat modeling SOPs, rules of engagement templates, and reporting templates, eliminating 40 hours of manual documentation. I implemented a Shift-Left security approach by creating repeatable practices for internal, external, and web application security testing. Additionally, I established a vulnerability management program to scan 4,000 endpoints across 10 locations, reducing the organization’s security risk posture on a monthly basis.

SEC OPS DIRECTOR

As a Security Operations Director, I built a cloud-based SIEM with Sumo Logic, AWS, and Azure to monitor over 35 SaaS environments and over 660 endpoint devices. To enhance threat detection I built custom Indicators of Compromise (IOCs) for cloud services, operating systems, and security tools. I integrated threat intelligence feeds from US-CERT, NIST, Mitre, and InfraGard to provide situational awareness. I led a vulnerability management program for 660+ endpoints, utilizing Defender ATP, Cortex XDR, and other tools to reduce risks effectively. To conduct incident response I used Forensic Imager FTK and Volatility to collect evidence, investigate compromises, and build attack timelines.

Creds

Bachelor of Science in Cybersecurity form SANS Technology Institute

Publications

Data Analysis: The Unsung Hero of Cybersecurity Expertise

“As a cybersecurity professional, I've always prided myself on my technical skills… being technically savvy is only part of the equation.”

robert@cyberforks.com