Scott M. Kriebel, CISSP

• Email: smk at foov dot net

Summary

Security Engineer with a strong technical background, delivering cost-effective security solutions that align with business goals and drive substantial savings through risk reduction and compliance optimization.

Certifications

• Certified Information Systems Security Professional (CISSP, ID 626659)

Professional Experience

Liberated Syndication, Security Engineer Lead

• Jan 2023 - Jan 2025
• Pittsburgh, PA
• Designed, implemented, and managed a comprehensive security strategy for a major podcast platform and related SaaS products, safeguarding customer and employee data.
• Enhanced longstanding AWS IAM configurations by aligning them with current industry standards, strengthening cloud security posture.
• Key contributor in SOC operations, including threat monitoring, incident response, and remediation.
• Drove efforts toward SOC2 certification through collaboration with external auditors and Drata compliance automation platform.
• Led the implementation of Okta as the identity provider (IdP), improving access security.
• Designed and deployed security awareness training using KnowBe4 across the company.
• Managed a vulnerability management program using Rapid7 InsightVM to enhance security posture.
• Consulted on security best practices, aligning with NIST frameworks, CIS Controls, and OWASP Top 10.
• Researched and integrated third-party vendor solutions, improving efficiency and reducing costs.

Pair Networks, Security Engineer Lead

• Feb 2018 - Dec 2022
• Pittsburgh, PA
• Led the design and implementation of Pair's security program, improving overall security posture.
• Worked with SOC teams on incident response, monitoring, and threat remediation.
• Partnered with Development and DevOps teams to identify security gaps and implement CIS Critical Security Controls.
• Authored security awareness blog posts, educating employees on phishing and security best practices.
• Led the upgrade of physical security systems, improving access management at data centers and offices.
• Implemented open-source security solutions, reducing costs while maintaining security standards.
• Developed and maintained a log enrichment layer and alerting framework using Logstash and Elastic Security.
• Advocated for and helped deploy Google Workspace to strengthen business email security.
• Led the adoption and deployment of 1Password for improved credential security.
• Conducted thorough security code reviews. Identified and remediated vulnerabilities in software through manual review and analysis.

Virtustream (Dell/EMC), Senior Security Engineer

• Feb 2015 - Feb 2018
• Pittsburgh, PA
• Enhanced security tooling across a multi-cloud environment, improving performance and scalability.
• Designed and implemented custom software tools to support security operations.
• Collaborated on deploying critical security tools, including Nexpose, ELK, Splunk, Suricata, and Trend Micro.
• Managed Kafka-based messaging queues for real-time log processing with the ELK stack.
• Designed an implemented S3-compatible system for structured audit data, resulting in $350,000 in cost savings and earning the Excellence@EMC Platinum Award.
• Used fluentd to route event logs to the logging pipeline efficiently.
• Developed a Python-based alerting system, significantly reducing alert fatigue by introducing event limiting, de-duplication, and grouping.

Pair Networks, Senior Software Engineer

• May 2006 - Feb 2015
• Pittsburgh, PA
• Collaborating with a team responsible for developing new functionality, fixing bugs, modernizing, and ensuring the general stability of a large monolithic Perl application was essential to our core hosting product (ACC).
• Worked with developers on adjacent teams to create interoperability between our hosting and domain registration businesses.
• Introduced the ELK stack to enhance logging capabilities, creating custom Logstash grok filters and logging standards.
• Designed and implemented a real-time call monitoring system in Ruby, improving call center efficiency.
• Successfully migrated core functions from FreeBSD to Ubuntu Linux, ensuring platform portability.
• Led the adoption of the Bootstrap UI framework, overhauling the ACC interface.
• Applied test-driven development (TDD) methodology, ensuring high code reliability through unit testing.
• Solely administered, maintained, and optimized an on-premises phone system using Asterisk, ensuring efficient call routing for our customers.

Skills

• SIEM: Splunk, Elastic Security, Elasticsearch, Logstash, Kibana, Rapid7 InsightIDR, fluentd
• Vulnerability Management: Rapid7 InsightVM, Nexpose
• Security Tools: NMAP, Burp Proxy, Shodan.io, 1Password
• Automation: Ansible, Salt, Puppet
• Operating Systems: Linux, Ubuntu, FreeBSD, Windows, OSX
• Languages: Perl, Python, Ruby, HTML, CSS, JavaScript, SQL
• Development Tools: git, GitHub, GitLab, vim, Visual Studio

Achievements

• Excellence@EMC Platinum Award
• Excellence@EMC Bronze Award
• Eagle Scout (Troop 399, Pennsylvania)

Links

• LinkedIn: https://www.linkedin.com/in/scott-m-kriebel-cissp-20170867/
• GitHub: https://github.com/skriebel