VP and CISO at Memorial Sloan Kettering Cancer Center

I have over 11 years experience in IT and Information Security. My primary role is developing and leading an application security and penetration testing program, performing hands-on testing of a variety of systems, devices, and applications (web, desktop and mobile applications, medical devices, etc).

My primary areas of interest and core competencies are application security, penetration testing, and Windows OS security and I spend the majority of my free time researching these and related topics. Please visit my website to see more of my research interests: http://www.securitysift.com.

Published Exploits: http://www.exploit-db.com/author/?a=6450

Other Published Advisories/CVEs: http://osvdb.org/creditees/11091-mike-czumak

Regular Hands-on Experience with:
– Pentesting suites / tools (Kali, Metasploit, Burpsuite, Nmap, Sqlmap, etc)
– Debugging / Reversing / Binary Analysis (Immunity, WinDbg, IDA Pro, JPEXS, etc)
– Programming / Scripting languages (C/C++, Assembly, Python, Perl, Ruby, PHP, Javascript)
– Web / Database Platforms (IIS, Apache, MS-SQL, MySQL, Oracle, Sybase, etc)
– Other: Vulnerability Scanners, DLP, Network analysis, etc

Recognized by multiple organizations for security contributions including: Microsoft, Apple, Adobe, PayPal, Ebay, Sony, and Etsy

Practical Professional Certifications: OSCE, OSCP

Other certifications: CISSP, CISM, CNSS 4012, Six Sigma Green Belt, CompTIA Security+/Network+/A+/Project+

Updated November 2018