Landon Mayo

Senior Cybersecurity Penetration Tester

📧 landonmayo722@gmail.com
📱 832-510-4535
📍 Spring, TX
🌐 landonmayo.com

Professional Summary

Senior Penetration Tester with 22+ years of specialized experience in offensive security, vulnerability assessment, and red team operations. Former OWASP Houston Chapter Leader with proven expertise in:

  • Healthcare Security - Multiple EMR system investigations and HIPAA compliance
  • Enterprise Environments - 18,000+ applications at Bank of America
  • Cloud Security - AWS, Azure adversarial emulation
  • Red Team Operations - Purple team engagements and threat simulation

Key Achievements

🏥
Healthcare Incident Response Leader
Led forensic investigations at multiple medical facilities involving EMR systems
🏦
Enterprise Security at Scale
Managed security for 18,000+ applications across global team
☁️
Cloud Security Expert
500+ cloud infrastructure assessments on AWS and Azure
🎯
Social Engineering Success
85% success rate in advanced phishing campaigns

🏥 Healthcare Cybersecurity Expertise

Proven track record of securing healthcare environments with deep understanding of medical facility operations, EMR systems, and HIPAA compliance requirements.

Healthcare Incident Responses

Living Well Family Health Center
EMR Security Incident Investigation

Led comprehensive forensic analysis of suspected ransomware attack. Conducted detailed investigation of SQL Server, Domain Controller, and Application Server. Determined incident was data loss due to IT admin negligence, not ransomware.

  • EMR database integrity validation
  • HIPAA breach assessment
  • Healthcare network architecture analysis
  • Crisis communication with medical facility staff
Confidential Medical Facility
Ransomware Investigation & Response

Investigated alleged Phobos ransomware incident affecting EMR systems. Performed detailed technical analysis and determined no actual breach occurred, preventing unnecessary HIPAA notifications.

Healthcare-Specific Expertise

EMR Systems

Database Forensics SQL Server Investigation Data Integrity Validation RDP Security Assessment

Healthcare Compliance

HIPAA Security Rule Breach Notification Requirements PHI Protection Risk Assessment

Medical Facility Operations

Healthcare IT Architecture Medical Device Security Clinical Workflow Impact Incident Response

Penetration Testing Tools

Kali Linux Metasploit Wireshark Burp Suite Pro OWASP ZAP Nmap Cobalt Strike Empire

Programming & Scripting

Python PowerShell Bash JavaScript

Cloud Platforms

AWS IAM AWS CLI Azure CLI GCP

Security Frameworks

MITRE ATT&CK OWASP Top 10 NIST 800-53 PCI-DSS PTES

Operating Systems

Kali Linux Ubuntu Windows Server CentOS

Specialized Areas

Social Engineering API Security Wireless Security IoT Security

🛠️ Security Tools Demonstration

$ nmap -sS -O -A target.example.com
Starting Nmap scan on target.example.com
Host is up (0.045s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4
80/tcp open http Apache httpd 2.4.6
443/tcp open https Apache httpd 2.4.6
3389/tcp open ms-wbt-server Microsoft Terminal Service

Metasploit Framework

msf6 > use exploit/windows/smb/ms17_010_eternalblue
msf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 192.168.1.100
msf6 exploit(windows/smb/ms17_010_eternalblue) > exploit
[*] Meterpreter session 1 opened

Demonstrated expertise with advanced exploitation frameworks for authorized penetration testing.

Burp Suite Professional

  • Web Application Testing - Automated and manual testing
  • API Security Assessment - REST/GraphQL testing
  • Custom Extensions - Python-based automation
  • Collaboration - Team-based testing workflows

Cloud Security Tools

$ aws iam list-users --profile target-account
$ azure ad user list
$ python3 cloudsploit.py --scan s3-bucket-permissions
Finding: S3 bucket with public read access

Social Engineering Toolkit

  • Phishing Campaigns - Email template creation
  • Credential Harvesting - Authorized testing
  • USB Drop Attacks - Physical security testing
  • Success Rate: 85% - Proven effectiveness

🔍 Vulnerability Scanner Demo

Interactive demonstration of vulnerability assessment capabilities:

Professional Experience

Lead Penetration Tester
Security Sages, LLC (March 2022 - Present)
  • Cloud adversarial emulation on AWS and Azure
  • Custom Python and PowerShell payload development
  • Purple-team engagements with 40% efficiency improvement
  • C-level executive vulnerability assessments
Lead Web Penetration Tester
Rapid Red Team, LLC (January 2018 - March 2022)
  • 500+ web application security assessments
  • 85% social engineering campaign success rate
  • 50+ critical vulnerability discoveries
  • Automated scanning tool development (40% time reduction)
VP Global Information Security
Bank of America (March 2016 - January 2018)
  • Directed security for 18,000 applications
  • 60% improvement in vulnerability detection
  • 95% vulnerability closure rate within SLA
  • 30% false positive rate optimization

Key Accomplishments

👑
OWASP Houston Chapter Leader
Led cybersecurity community initiatives and education
🎖️
US Air Force Veteran
Military cybersecurity background and discipline
🔬
22+ Years Experience
Extensive expertise across multiple industries
🏥
Healthcare Security Specialist
Multiple EMR investigations and HIPAA compliance

Professional Certifications

CompTIA PenTest+
CompTIA - Penetration Testing Certification
Certified Ethical Hacker (CEH)
EC-Council - Ethical Hacking Certification
CompTIA Security+
CompTIA - Security Fundamentals
CompTIA Network+
CompTIA - Networking Technologies
CompTIA A+
CompTIA - Core IT Technologies

Education & Training

Bachelor of Science in Cybersecurity and Information Assurance
Western Governors University (2018 - Present)
Continuous Professional Development
  • SANS Training Courses
  • DEF CON Annual Attendance
  • OWASP Chapter Leadership
  • Industry Conference Speaking