Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
ADDITIONAL AWARDS
Generic

MICHAEL LASALVIA

Lancaster

Summary

Dynamic information security professional specializing in offensive security, penetration testing, adversary simulation, and red team operations. Recognized for leadership in developing robust security programs, managing cross-functional teams, and translating complex technical findings into actionable business strategies. Expertise includes blending hands-on technical execution with exceptional program management skills, consistently leveraging emerging security technologies to enhance organizational security posture. Committed to driving continuous improvement and fostering a culture of security awareness at all organizational levels.

Overview

29
29
years of professional experience
1
1
Certification

Work History

Manager of Fidelity Adversary Simulation Team

Fidelity National Financial
05.2024 - Current
  • Built an enterprise red team program from ground up, conducting sophisticated adversarial operations that successfully demonstrated critical security gaps to FNF and its subsidiaries.
  • Collaborated with C-suite executives and business leaders to align red team objectives with organizational risk tolerance and strategic security initiatives.
  • Created executive reporting framework and metrics dashboard, providing C-suite visibility into security posture and remediation progress.
  • Design and execute complex red team engagements, including reconnaissance, social engineering, execution, and post-exploitation activities. Successfully demonstrating critical security gaps in network segmentation, role-based access, endpoint detection, and incident response capabilities.
  • Developed custom tooling to emulate real-world cyber threats and assess the effectiveness of existing security controls.
  • Utilize Bloodhound and Cobalt Strike to identify attack paths, exploit security misconfigurations, and achieve operation goals such as domain administrator access.
  • Conducted security assessment of Microsoft Copilot implementation, identifying vulnerabilities in prompt injection defenses and data access controls.
  • Provides technical guidance and mentorship to junior team members, fostering their professional growth and development.

Manager of Offensive Security

Fidelity National Financial
05.2022 - 05.2024
  • Oversaw FNF's comprehensive penetration testing services for applications and network infrastructure, building high-performing teams while delivering critical security assessments and expanding service capabilities.
  • Drove comprehensive penetration testing coverage across entire organizational portfolio through strategic stakeholder engagement and implementation of scalable, time-boxed testing methodologies ensuring full coverage of each solution.
  • Developed and tracked KPI’s on a comprehensive dashboard for penetration testing operations, reported monthly metrics on vulnerability discovery rates, remediation timelines, and service delivery performance to C-suite executives.
  • Recruited and trained penetration testing professionals to expand program capacity and ensure consistent service delivery standards.
  • Delivered comprehensive penetration testing reports to stakeholders, providing detailed vulnerability analysis and actionable recommendations to drive effective remediation initiatives.
  • Conduct thorough assessments of FNF’s network, systems, and applications to identify weaknesses and potential attack vectors.

Manager, Cyber Security Network Penetration Testing Lead

KPMG
04.2021 - 05.2022
  • Lead and overseen KPMG's Network Penetration Testing Program, encompassing strategic team development, comprehensive service portfolio design, and hands-on technical security assessments.
  • Led technical network penetration assessments and team management, ensuring KPI achievement while safeguarding KPMG's digital infrastructure and maintaining organizational security posture.
  • Recruited, hired, and trained penetration testing professionals, building team capacity to efficiently manage network penetration testing workflow and service delivery.
  • Directed purple team exercises with CSIRT personnel, strengthening threat detection capabilities against Advanced Persistent Threats (APTs) and reducing organizational attack surface.
  • Created and maintained comprehensive documentation for network penetration testing service offerings, ensuring standardized methodologies and knowledge transfer.
  • Carried out advanced security assessments for high-priority initiatives, including custom exploit development, reverse engineering, and specialized vulnerability research.

Cyber Security Program Manager

Service Link /Fidelity National Financial
09.2020 - 04.2021
  • Tasked with developing Service Link’s cyber security program and align it to their parent company Fidelity. Working with the director and CISO to set process and policies to create a successful and secure program to protect Service Links assets and client’s data.
  • Created and documented the new project intake process, which includes a security risk assessment, security testing, remediation and retesting before go live.
  • Developed the pen testing program including the testing methodologies, reporting templates and process.
  • Developed and delivered the state of security presentations to the executives outlining our current security posture and reporting on current initiatives.
  • Provide guidance for staffing and training needs based on work load and program objectives.
  • Conduct a thorough assessment of Service Link network, systems, and applications to identify weaknesses and potential attack vectors.

Manager BT Security

KPMG
05.2018 - 07.2020
  • Manage KPMG’s application pen test Quality Control and Specialize testing team. Responsible for a multitude of different security testing engagements which included application, mobile, red teaming and network infrastructure.
  • Technical and team lead made sure our team met our KPI’s while ensuring the security of KPMG’s digital assets.
  • Provide technical review and additional advance testing of third party penetration testing engagements for KPMG’s clients.
  • Designed and implemented a developer training program to educate them on application attacks and defenses to help decrease KPMG’s risk through best coding practices.
  • Automated many of our repetitive manual testing to streamline our processes and make the service more efficient.
  • Conduct a thorough penetration test of KPMG applications to identify weaknesses and potential attack vectors.
  • Worked with the Associate Director of network security testing to develop processes and methodologies for network security testing. Assisted on network security testing engagements to fill gaps in resources. Provided coverage when Associate Director was on leave.

Senior Security Technical Consultant

GSK
12.2017 - 05.2018
  • Provided technical review and redesign of GSK’s security testing solutions. This included the development of the Red Team and service improvements for the penetration testing service, dynamic application scanning and infrastructure testing. Worked as a member of the Red team driving remediation of vulnerabilities through exploitation.
  • Help design, implement and execute GSK’s red team.
  • Perform risk assessments and security testing to determine risk and corrective actions of our current portfolio to assure the security of GSK’s digital assets.
  • Work closely with business units to explain the risk in easily understandable terms, allowing them to make important business decisions on how to better protect our data.
  • Reviewed and redesigned the security testing services to provide better review of our security posture while decreasing the time it takes to carry out the testing, decreasing the load on the network and creating metrics that are actionable.

Manager, GIS Security Testing Services

Pfizer Inc
12.2013 - 11.2017
  • Managed Pfizer’s vulnerability management services, assure continuous operation through the support and leadership of the attack and penetration testing team, web security scanning team and infrastructure scanning team. This allows for an accurate review of our risk profile, reducing the risk of external attacks.
  • Help design, implement and execute Pfizer’s red team operations.
  • Perform risk assessments and security testing to determine risk and corrective actions of our current portfolio to assure the security of Pfizer’s digital assets.
  • Work closely with business units to explain the risk in easily understandable terms, allowing them to make important business decisions on how to better protect our data.
  • Develop and updated Pfizer’s testing methodologies and frameworks for mobile and web application testing.
  • Work closely with our vendors to provide value add to our services. This included writing custom scanning signatures for our tools.
  • Provide metric reporting and trending of our security posture across the services I manage. Add functionality in our tools to help with correlating staging, testing to production sites for allowing us to use the data for investigations.

Enterprise Security Administrator

Lancaster General Hospital
04.2007 - 12.2013
  • Provided enterprise security guidance and leadership to assure the protection of ePHI and Lancaster Generals electronic assets.
  • Preformed risk assessments and penetration tests to determine current strengths, weaknesses and to define Lancaster General’s acceptable risk.
  • Analyzed security logs and packet captures for anomalies to help pinpoint rogue machines, access points, Malware and other malicious applications to ensure the integrity of our digital assets.
  • Research on evolving threats and new security regulations to help Lancaster General to be able to protect electronic assets and patient information the best way possible.
  • Member of the incident response team. Helped develop and write the PICERL process for the organization. As part of the team I provided security reviews and forensic analyst of assets to determine cause of compromise and to collect evidence for disciplinary and or legal action.
  • Collect and review malicious code that is not detected by our Antivirus solution through use of honey pots and malicious links found in emails. The malicious code is reviewed in our sandbox to see what changes it makes to the system and what traffic it tries to send across the network. This allows me to write tighter security policies for our web filters, firewalls and web application firewall. I then submitted the code to our anti-virus vendor for new signatures.
  • Developed and wrote policies, procedures and standards for information security and other IT departments to help standardize the proper security practices across the hospital.

Adjunct Professor

ITT Tech
06.2012 - 12.2012
  • Provide student instruction and hands on labs for Windows Server 2008 and Information Security classes. Provided lectures that incorporated real world scenarios and case studies to add to their learning.

Senior Security Engineer

SunGard
03.2006 - 04.2007
  • Provided third level technical support for SunGard’s Managed Firewall and IDS security service offerings such as Checkpoint, Netscreen, Cisco Pix firewalls, and ISS. Responsible for identifying customer issues, troubleshooting, determining root causes, design and coordinating resolutions using a variety of applications and tools. Performed security audit and participated in the incident response team.
  • Planned, implemented, and managed SunGard's firewall management infrastructure for Checkpoint Provider1, Netscreen Security Manager, and Cisco Security Manager allowing SunGard to centrally manage internal and customer firewalls.
  • Provided incident handling for our managed clients as well as internal systems.
  • Preformed security vulnerability scans and penetration tests to test current security controls and provide mitigation for issues found.
  • Designed, wrote, and delivered technical training and documentation to SunGard’s security operations team, thus helping them to provide increased tier 2 support to our customers.
  • Research on evolving threats and new security solutions to help SunGard to be able to provide their customers with the best solutions possible.

Senior Security Engineer

GMAC Residential
10.2005 - 03.2006
  • Tasked with assuring the security and business efficiency of the IT infrastructure through vulnerability and risk assessment, thus allowing for the implementation of proper controls to mitigate security threats.
  • Created a detailed inventory of IT server and network appliance assets by running a multitude of discovery and vulnerability scans.
  • Worked with Information Security Office and business owners to classify old and new vulnerabilities based on business impact and come up with a plan for remediation.
  • Performed weekly validation of external penetration test results and worked with internal contacts to correct issues.

Senior Desktop Security Specialist

Independence Blue Cross
06.2004 - 10.2005
  • Assured the security of over 8000 nodes both local and remote to ensure they met the strict HIPAA regulations. Investigated and resolved issues pertaining to security policy violations, malicious code and patch management.
  • Lead researcher and tester for IPS project. Installed, tested and evaluated Cisco CA, Symantec and ISS IPS products. Ran multiple attack scenarios against each product and reported my findings to help in the decision making of our IPS solution.
  • Analyzed firewall logs for anomalies to help pinpoint rogue machines, access points, spyware and other malicious desktop behavior to ensure the integrity of our internal network.
  • Attended weekly CERT meeting to give updates on new security related issues related to the desktop and server environment.
  • Audited the security of the Desktop and Server environment by running custom MBSA scripts, this assured that our internal network was secure.
  • Worked with ISO and legal to perform internal employee investigations.

Senior Security Analyst

Verisign (formerly Guardent Inc. Now Dell Secure works.)
02.2003 - 04.2004
  • Implemented, configured and administered network security devices for up to 2,000 customers worldwide. Consulted with many Fortune 500 customers, including major sports organizations, higher educational institutions, law firms, e-commerce sites, investment firms and medical insurance companies on risk assessment and network audit issues.
  • Managed Network Security to ensure high-risk configuration exposures are eliminated for increased protection against internal and external intrusion.
  • Saved an investment firm client the potential loss of $30K every 5 minutes by effectively monitoring and managing Firewalls, IDS and Virus scan systems.
  • Assisted a medical insurance company in achieving HIPAA compliance by conducting penetration testing, analyzing vulnerabilities and interfacing with company management and IT staff.
  • Ensured the integrity of data for major legal customer by reviewing firewall policies, analyzing logs, IDS packet dumps and escalating to the forensics team to mitigate the damage from a network breach.
  • Updated and configured Pix, Check Point, Real Secure, Cisco IDS, Tripwire, and Websense systems.
  • Analyzed packet captures using “tcpdump” and “ethereal” to determine cause of alerts, and to troubleshoot network connectivity issues.

Information Technology Coordinator

The Jason Foundation
02.2001 - 02.2003
  • Sole responsibility for providing Help Desk support for Windows, Mac and Linux problems as well as Microsoft Office products and video software for 30 internal employees and 60 mobile employees. Network and Security Administration of all on site and off site servers, including e-mail, web and file servers as well as firewall, IDS and user accounts.
  • Managed expedition technology project, which included determining requirements, researching and selecting ISP vendors, negotiating contracts, setting up a wide area network, WAN, delivery logistics at remote sites as well as ensuring corporate connectivity.
  • Wrote and implemented security policies and procedures that were used to assure the company’s data and the proper use of the company’s resources
  • Researched, purchased and implemented new hardware and software technologies to achieve strategic goals.
  • Conducted penetration testing and patching on test servers, before applying patches to live servers.
  • Saved approximately $20K annually in reoccurring connectivity costs by establishing a Wireless WAN.

Senior Lab Assistant

Xavier Computer Center
01.1997 - 01.2001
  • Managed and supervised 20 Lab Assistants on performing computer troubleshooting and repairs. Designed Academic Computer Services website. Responsible for the technical management of more than 240 Windows 95/98/NT Computer Workstations and servers. Conducted training sessions on Windows 95/98, Microsoft office, Computer basics, and troubleshooting printer problems.

Education

B.S. Bachelors of Science - Information Science - Networking concentration

Johnson & Wales University
Providence, RI
01.2001

Skills

  • Bloodhound
  • Cobalt Strike
  • Python
  • Go
  • MITRE
  • Vulnerability Management
  • Defense Evasion
  • Offensive Security
  • Team leadership
  • Decision-making

Websites

Certification

  • OSCP (Offensive Security Certified Professional)
  • GXPN (SANS GIAC Exploit Researcher & Advance Penetration Tester)
  • GCIH (SANS GIAC Hacker Tools, Techniques, Exploits, and Incident Handling)
  • GMOB (SANS GIAC Mobile Device Security Analyst)
  • SSP-GHD (SANS Google Hacking and Defense)
  • SANS 642: Advance Web Application Penetration Testing
  • CISSP: (Certified Information Systems Security Professional)
  • SpecterOps Red Team Operations
  • Adaptive Red Team Tactics by Veris Group

Timeline

Manager of Fidelity Adversary Simulation Team

Fidelity National Financial
05.2024 - Current

Manager of Offensive Security

Fidelity National Financial
05.2022 - 05.2024

Manager, Cyber Security Network Penetration Testing Lead

KPMG
04.2021 - 05.2022

Cyber Security Program Manager

Service Link /Fidelity National Financial
09.2020 - 04.2021

Manager BT Security

KPMG
05.2018 - 07.2020

Senior Security Technical Consultant

GSK
12.2017 - 05.2018

Manager, GIS Security Testing Services

Pfizer Inc
12.2013 - 11.2017

Adjunct Professor

ITT Tech
06.2012 - 12.2012

Enterprise Security Administrator

Lancaster General Hospital
04.2007 - 12.2013

Senior Security Engineer

SunGard
03.2006 - 04.2007

Senior Security Engineer

GMAC Residential
10.2005 - 03.2006

Senior Desktop Security Specialist

Independence Blue Cross
06.2004 - 10.2005

Senior Security Analyst

Verisign (formerly Guardent Inc. Now Dell Secure works.)
02.2003 - 04.2004

Information Technology Coordinator

The Jason Foundation
02.2001 - 02.2003

Senior Lab Assistant

Xavier Computer Center
01.1997 - 01.2001

B.S. Bachelors of Science - Information Science - Networking concentration

Johnson & Wales University

ADDITIONAL AWARDS

Eagle Scout, Staten Island, NY

Similar Profiles

  • Jegannath N

    Jegannath NJegannath N

    Manager – Incident Response & Engineering Operations at Fidelity National FinancialManager – Incident Response & Engineering Operations at Fidelity National Financial

  • Kourtney McClure

    Kourtney McClureKourtney McClure

    Intake Assistant at Fidelity National FinancialIntake Assistant at Fidelity National Financial

  • Ranjith Rallapalli

    Ranjith RallapalliRanjith Rallapalli

    Technical Lead at Fidelity National FinancialTechnical Lead at Fidelity National Financial

  • Joshua Hall

    Joshua HallJoshua Hall

    Building Services Student Supervisor at University Of Wisconsin-madisonBuilding Services Student Supervisor at University Of Wisconsin-madison

  • Robbiana Mccune

    Robbiana MccuneRobbiana Mccune

    Certified nursing assistant at Antelope valley care centerCertified nursing assistant at Antelope valley care center

CREATE PROFILE
MICHAEL LASALVIA