Tim Crosby - Principal Consultant at Fidelis Risk Advisory

Disclaimer: This information was obtained from publicly available sources online and is believed to be accurate at the time of publication. Valimates collects this information with proprietary technology and cannot guarantee the accuracy or completeness of the data. The purpose of the data is to inform the reader about the expertise of the individual and should not be used for any other purpose. Valimates does not have any affiliation with the individual.

Tim Crosby Principal Consultant at Fidelis Risk Advisory

Claim Profile Update Profile Delete Profile

Tim Crosby is a highly experienced and accomplished Senior Security Consultant and Cybersecurity Professional with a successful career spanning decades. With over 4,522 LinkedIn connections, Tim has established a strong network in the industry. They are recognized for their expertise in leading and performing comprehensive cybersecurity assessments, penetration tests, and compliance assessments for a wide range of clients, including internal, external, and cloud environments.

Tim's knowledge and background have been highly sought-after, and they have been interviewed and cited by prestigious media outlets such as Bloomberg, Variety, CTV, and Scotsman Guide News. They have also contributed their expertise through blog posts and mentoring, helping emerging professionals understand and navigate the complex landscape of cybersecurity. Tim holds several industry certifications from renowned organizations such as Cisco, (ISC)2, Amazon, and CompTIA, including the prestigious CISSP certification. Currently listed as a CompTIA CySA+ and Pentest+ Subject Matter Expert (SME), Tim continuously seeks to expand their skill set and expertise through ongoing certification and continuing education requirements.

Their impressive professional background includes positions with Fidelis Risk Advisory, CompTIA, Spohn Consulting, Inc., Springboard, and TEKsystems. In these roles, they have effectively managed and executed various cybersecurity assessments, audits, and penetration tests using a range of tools and methodologies. Tim's extensive experience in working with diverse clientele and their demonstrated ability to provide customized reports and recommendations for remediation or mitigation make them a trusted and highly sought-after cybersecurity expert.

More about this expert

Full name: Tim Crosby
Location: Austin, Texas, United States
Title: Principal Consultant
Company: Fidelis Risk Advisory (since 2021)
Industry: Computer and Network Security
LinkedIn profile: https://www.linkedin.com/in/tim-crosby-05870915/
LinkedIn Connections: 4522
Summary: Senior Security Consultant ,Cybersecurity Professional and Mentor with decades of hands-on technical and management experience. Responsible for leading and performing cyber security centered penetration tests and compliance assessments on internal, external as well as cloud environments to validate the effectiveness employed countermeasures. Providing results and recommendations that are measures against regulatory standards such as the HIPAA Security and Privacy Rules or PCI-DSS or "Security Best Practice" or ... depending on the clients needs or stated objectives. Perform NIST Cybersecurity Framework Assessment that provide the consistency where multiple compliance objectives exists - NIST 800-53, COBIT, NIST 800-171/CMMC, CIS (CSC) or... Definitely a fun, interesting and rewarding career path. Writing blog posts based on my knowledge and background - the old Army Warrant Office always seems to come out. I have been interviewed and cited by several media outlets including 'Bloomberg', 'Variety', 'CTV' and 'Scotsman Guide News' about several topics including the Equifax and HBO Hacks as well as the WannaCry/NotPetya and KRACK attacks . I have several industry certifications from Cisco, (ISC)2, Amazon (AWS) and CompTIA including CISSP to validate my skills; currently listed as a CompTIA CySA+ and Pentest+ Subject Matter Expert (SME) and working on other certification as well as CPE requirements. If you are trying to de-conflict CCAF with CWO, my enlisted time, prior to earning a commission as an US Army Warrant Officer, was in the Air Force as a Teletype/Crypto tech where I attained the rank of SSGT.
Skills: Cisco Technologies Security

Education

Community College of the Air Force: AS
Attended in 1983 - 1997
Field of study: Electronic Technology

Positions

Fidelis Risk Advisory Austin, Texas Metropolitan Area: Principal Consultant
Jul 2021 - Present

Provide systematic security program guidance in the areas of DFRS, NIST 800-171 and CMMC for a diverse size of clientele and wide range of product offerings

Manage and lead external perimeter and cloud 'Security Risk Assessments' on client networks using commercial and opensource tools Nessus, Metasploit Framework, Nmap, Kali Linux etc.; provide customized reports detailing vulnerabilities and steps to remediation or mitigate vulnerabilities.

Manage, lead and perform 'HIPAA Cyber Security and Privacy' Audits/GAP Analysis for Medical Services Professions (Covered Entities) and BAs (Business Associates) to include a full network audit/technical controls audit focused on not only HIPAA Security regulations including the protection of PHI, but also includes disaster recovery planning, recovery testing and industry security best practices.

Manage and lead uninformed/blind 'Penetration Tests' of client internal and cloud network environments using commercial and opensource tools Nessus, Metasploit Framework, Nmap, Kali Linux etc., and personal experience to find and exploit network vulnerabilities; provide the customer a detailed report of the vulnerabilities and samples of the compromised data and accounts.
Manage, lead and perform informed 'Network Cyber Security Assessments' which includes scans and reports including: internal, external, and cloud networks; physical security analysis, Social Engineering (SE) and assessment of security policy, procedures and practices. Tools include: commercial and opensource tools Nessus, Metasploit Framework, Nmap, Kali Linux etc.
Lead external 'Penetration Testing" (PEN Testing) efforts on client networks using; provide customize reports of the findings and steps for remediation or mitigation.
CompTIA Greater Chicago Area: Subject Matter Expert (SME)
Mar 2017 - Present

Perform duties as an CompTIA SME, assisting in critical development phases of CompTIA Certification Exams. To date, I have participated in (Job Task Analysis) JTA, Cut Score and Exam Item Writing workshops. CompTIA Subject Matter Experts (SMEs) are individuals who are deemed qualified to represent specific CompTIA certifications based on relevant and strong expertise, knowledge and experience in particular areas. The purpose of SMEs is to assist in the development phases of CompTIA’s certification exams.

CySA+ SME - April 2019
PenTest+ SME - May 2018
CSA+ SME - March 2017

https://certification.comptia.org/get-involved/become-a-subject-matter-expert/current-smes
Spohn Consulting, Inc. Austin, Texas Area · Hybrid: Sr. Security Consultant
Nov 2013 - Apr 2023

Lead external perimeter and cloud 'Cybersecurity Assessments' on client networks using Nessus, Metasploit Framework, Nmap – Kali Linux Distributions, CobaltStrike and Acunetix; provide customized reports detailing vulnerabilities and steps to remediation or mitigate vulnerabilities.

Lead and perform 'HIPAA Cyber Security and Privacy' Audits/GAP Analysis for Medical Services Professions (Covered Entities) and BAs (Business Associates) to include a full network audit/technical controls audit focused on not only HIPAA Security regulations including the protection of PHI, but also includes disaster recovery planning, recovery testing.

Lead uninformed/blind 'Penetration Tests' of client internal and cloud network environments using Nessus, Metasploit Framework, Nmap – Kali Linux Distributions, CobaltStrike and personal experience to find and exploit network vulnerabilities; provide the customer a detailed report of the vulnerabilities and samples of the compromised data and accounts.

Lead and perform informed 'Network Cyber Security Assessments' which includes scans and reports including: internal, external, and cloud networks; physical security analysis, Social Engineering and assessment of security policy, procedures and practices. Tools include: Nessus, Metasploit Framework, Nmap – Kali Linux Distribution, Acunetix and CobaltStrike.

Lead external 'Penetration Testing" (PEN Testing) efforts on client networks using; provide customize reports of the findings and steps for remediation or mitigation.
Springboard Austin, Texas Area: Cybersecurity Mentor
Sep 2018 - Apr 2019

Mentor students entering into the cybersecurity workforce, providing career advice; helping student grasp the concepts required to thrive in the fast paced, diverse and ever changing world of cyber security. Help students complete a Capstone Project for their portfolio and prepare them to take and pass the CompTIA Security+ exam.
TEKsystems TxDOT Austin Texas: Sr. Network Engineer
Mar 2013 - Oct 2013

Project manage ITS projects for remote nodes from equipment acquisition to implementation and establish baseline standards for these packages that include ASA 5520, 3750X Switches, and 7200 Cisco routers

Deploy and manage TxDOT Remote VPN on ASA 5555-X to include failover across two clustered Cisco 6509s, Clientless, IPsec and Anyconnect VPN access for 5000 concurrent users.

Configure, deploy and maintain Cisco routing and switching equipment for TxDOT to include: Catalyst 3750, 3550, 2900, ME 3400 series and the 6500 series switches

Configure, deploy and maintain Cisco security appliances for TxDOT including: FWSMs, PIX535, ASA 5520 and ASA 5555-X

Implement and manage routing protocols for TxDOT’s WAN; BGP, EIGRP and OSPF.