Resume

Links

Summary

I'm a senior security and application engineering professional with a history of delivering quality and accurate work.

AI Note

Being born in the late 90s, I learned coding without using AI. When I was in highschool/college, LLMs were really not capable of generating/analyzing source code. As a result, I...can just code without AI! If you want proof, just read my GitHub history pre-2023. There's a lot.

However, I have tested and used various different LLM coding tools, and they make coding so, so, so much faster. I am very pro-AI coding for speed's sake, but still understand the need for unit/user testing, proper documentation, and that LLMs aren't magic and can still make mistakes.

For example, https://github.com/meltingscales/dogbox.moe was made almost entirely with AI, but it is a very fast, secure, and post-quantum-encryption-secure piece of software. Go test it yourself if you'd like.

Bayview

As Lead Application Security Engineer at Bayview Asset Management, I led secure coding training and vulnerability remediation, and created automation that provided executives with useful metrics. We achieved a 60% reduction in software risk within a year.

My leadership in 0-day fixes protected us against both immediate threats and long-term risks.

I continue to research and provide red-team, purple-team style support to our organization by using various pen testing tools.

I also lead penetration testing, interview vendors, and continue to cost-cut while improving efficiency and various services.

U.S. Bank

At U.S. Bank, I advanced from Security Analyst to Senior Security Engineer and Assistant Vice President.

I led the modernization of development tooling, integrating a code scanning pipeline that I wrote myself across 9 languages and 10 build environments, and improved legacy application security through modern frameworks like Spring Boot and container orchestration with Kubernetes and Helm.

I wrote a field guide that my entire team used and sped up our vulnerability review process greatly.

General

My academic knowledge in cybersecurity is complemented by diverse projects, from fire disaster data analysis to innovative cost-saving technology solutions. I write clear, reusable, and well-documented code, and am used to teaching developers and giving technical leadership.

If you hire me, your organization will get safer, and very quickly.

Throughout my education and career at U.S. Bank and Bayview, I have prioritized educating others. I have taught colleagues PowerBI reporting, Python scripting, Postman usage, vulnerability remediation, and process automation, and many other skills to colleagues and friends.

PDF

==> Download a PDF of Henry Post's resume <==

Resume (Text Version)

Henry Post

Northeast Skokie, IL • henryfbp@gmail.com

henrypost.github.iogithub.com/meltingscalesdrakonix.systemssocial media?

Work Experience

Lead Application Security EngineerMarch 2023 – Current, 2 years 10 months Bayview Asset Management — Skokie, Remote

  • Summary: Led secure coding training, tracked hundreds of internally-developed software applications, reduced volume of software risk by 60% within a year, assisted with various pentests and vulnerability fixes
  • 0-day fixes: Gave guidance on emergency 0-day fixes when discovered by pentests.
  • Vulnerability Fixes: Met with software developers to quickly and accurately fix vulnerabilities within source code.
  • Created PowerBI + Python + Pandas automation for execs to track various metrics
  • Assisted with governance+risk+compliance (GRC) evidence collection and advised on automated collection. For example, "a sample of all vulnerabilities within an infrastructure scanning tool between 2 dates"
  • Created and published a series of Controls patterns that require code scanning and developer training

Assistant Vice President — Info Security EngineerAugust 2022 – March 2023, 8 months U.S. Bank — Chicago

  • Summary: Developed, tested, deployed, and helped devs integrate with Code Scanning Pipeline. Add support for new build tools and languages. Add integration with Evidence Collection systems.
  • Integrating code scanning pipelines with evidence collection systems
  • Working with my team and other teams to integrate code scanning
  • Prototyping support for new languages and tools to be scanned

Senior Security EngineerJan 2022 – August 2022, 8 months U.S. Bank — Chicago

  • Summary: Migrated team to modern development tooling. Improved existing monolithic Java apps by adding Spring Boot, GSON, unit testing, swagger to allow teams to consume data from apps. Worked on a few side projects for my team and another team. Planned and diagrammed/architected upgrade to Microservice architecture. Deployed vendor Helm apps and custom helm apps in k8s.
  • Implementing Kubernetes and Helm applications to production
  • Creating and deploying Application Security Code Scanning Pipelines for developers to self-integrate with
  • Teaching my team members and coworkers about Helm and containerization
  • Writing clean documentation for deployed systems for L1 support
  • Maintaining and diagnosing infrastructure integration issues and challenges

Security AnalystMay 2019 – Jan 2022, 2 years 8 months U.S. Bank — Chicago

  • Summary: Triaging vulnerabilities. Wrote a comprehensive field guide to cover specific scenarios (SQL Injection, XSS, SSRF, but also more specific vulnerabilities like Apple Keychain best practices, Java Certificate mismanagement, Java OGNL Injection, PHP-specific XSS, etc)
  • Analyzing C#, Java, ASP.NET, PHP, and JS source code
  • Discussing implementation and security vulnerabilities with developers
  • Managing workload between multiple co-workers and prioritizing work items
  • Creating, disseminating, and maintaining documentation

Education

OFFSECAugust 2026 (planned) OSCP+ Certification (Penetration Testing)

New York University, New YorkOctober 2021 – May 2025 Master's in Cybersecurity

Illinois Institute of Technology, ChicagoSeptember 2015 – December 2019 Bachelor's in Information Technology Management Dean's List: Spring 2016, Fall 2018, Fall 2019

Projects

Twitter Disaster Data AnalysisMarch 2019 Co-author and co-maintainer of a Python package that allows developers and data scientists to gather thousands of tweets from Twitter for sentiment and regression analysis. Our research whitepaper is available at this link.

Replacement of library reference computers2018 Designed a custom linux-based microcomputer (Raspberry Pi) solution for aging Windows PCs at the Oak Bluffs Public Library of Massachusetts that saved thousands of dollars of the cost of new Windows Desktop PCs and was much safer.

ASCII compression algorithmJune 2015 Over the summer, I enrolled in an IIT summer Mathematica course where I coded an ASCII compression algorithm that took 256 of the most common duplets of characters in an ASCII file and compressed them into a file containing a dictionary followed by compressed data.

Arduino soil tester2013 Soil sensor built by simple circuitry and C coding in an arduino. Resistance measurements of soil by recording averages of AC current through two electrodes were how the moisture levels in the soil were determined.

Technical Strengths
SkillsREST APIs (6y), Kubernetes (3y), Helm (2y), Groovy (4y), Programming (10y), Linux (7y), IT Administration (6y), Software Design (8y), Technical Documentation (6y), Computer Repair (5y), Circuitry (1y)
Programming LanguagesC# (2y), C++ (3y), C (2y), ASP.NET (3y), Python (8y), Java (8y), Kotlin (2y), Ruby (2y), Bash (6y), PowerShell (6y), MySQL (6y)
Software & ToolsVisual Studio, Git, MS Office, LaTeX, AutoDesk Inventor

Extra-Curricular

  • Part of a student-led schoolwide computer repair club at Northside College Preparatory High School. Serviced laptops, servers, and desktops. (2012–2013)
  • Worked for "Dirt Actualizers", a landscaping club at Northside College Preparatory High School. (2012–2015)
  • Part of "Electronic Gaming Club" at Illinois Institute of Technology. (2016–2018)

Personal Traits

  • Actively learning in and outside of work — just check my GitHub/personal site.
  • Loves working in group settings with diverse team members.
  • Skilled in writing concise and descriptive documentation with working examples.

Why should you choose me?

I have an intense drive to explain, document, and teach programming and technology concepts. I am comprehensive and concise in my work, and I enjoy creating examples, demonstrations, and diagrams with the purpose of teaching.

When creating code, I make reusable, clean, and well-documented code. I often find myself re-using code techniques such as programming by contract, using factory functions, and using inner functions or subroutines to keep my code DRY, to name a few. I use techniques that work well for me, are reusable, and that provide overarching structure and patterns to my code.

I enjoy creating reusable coding examples with the purpose of teaching things to people, and ensuring that everyone is given the chance to try them out.

I have a wide and deep history of programming projects, all under version control and most on my GitHub that are all well-documented and meant to be reused by anyone.

In short, I love to program, teach, and document my work; and I would say that I'm very good at it.