Donny Schreiber

Amazon Web Services (AWS) — Professional Services

Security Consultant II (Jan 2024 – Present) · Security Consultant I (Jun 2022 – Jan 2024) · Colorado · Jun 2022 – Present

• Authored a policy-as-code foundation for a HITRUST-certified healthcare SaaS using AWS CDK (Python) — 5 reusable L3 constructs (Service Control Policies, AWS Config rules, Security Hub automation, automated remediation); cut audit prep from 8 weeks to under 1 week and removed 65% of compliance overhead.
• Developed 15+ AWS Config custom rules (Guard DSL) detecting IAM privilege escalation, cross-account trust gaps, CloudTrail tampering, and missing MFA — integrated into enterprise security assessments.
• Built multi-account, multi-region Amazon VPC IPAM automation in Terraform — 67 hierarchical pools, 874 network resources, cross-account sharing via AWS RAM; published to aws-samples and as AWS Prescriptive Guidance.
• Built a shift-left DevSecOps suite orchestrating 15+ scanners (Bandit, Semgrep, Checkov, TFSec, Terrascan, GitLeaks, ESLint, Safety) through GitHub Actions with intelligent change detection (40–60% CI cost reduction); cut a financial-services platform's security validation from 2 weeks to 4 hours for a $60B+ trading system.
• Engineered iSQA, a production Python tool with 100+ context-aware analysis patterns that automates security-questionnaire and assessment review — eliminated 3,000+ annual review hours across the global ProServe practice and cleared a one-year backlog.
• Built IAMulator, a GenAI tool that generates least-privilege IAM policies from natural language and flags excess permissions in existing policies — used across 7+ engagements; ~75% faster policy development.
• Led 18 product / deliverable security reviews across 9 development teams for a ~$26M connected-home IoT platform (AWS's largest telco engagement); built ASHparser (Python) automating scan-output consolidation — 500%+ throughput vs. manual review; surfaced and mitigated 190 threats and 100 vulnerabilities.
• Designed a zero-trust-aligned cloud security framework for a multi-agency state government under simultaneous IRS Pub 1075 + HIPAA — Landing Zone Accelerator customization, attribute-based access control, SCP-enforced isolation, and 12+ NIST 800-61r2 incident-response playbooks (ransomware, cryptojacking, credential compromise, EC2 forensics).
• Performed STRIDE threat modeling identifying 127 threats across a financial-services Amazon Bedrock GenAI platform, enabling FINRA model-risk approval for AI securing $60B+ institutional portfolios.
• Led the security architecture review for an AWS re:Invent 2025 GenAI session (70,000+ attendees) — assessing an AI coding-assistant architecture (Amazon Q, Model Context Protocol, multi-agent) against OWASP LLM Top 10, securing AI-assisted developer workflows.

Zayo Group — Tier 1 Fiber Provider (146,000+ route miles, 400+ global markets)

Network Security Engineer (Apr 2021 – Jun 2022) · Cyber Security Analyst III (Jul 2019 – Apr 2021) · Boulder, CO · Jul 2019 – Jun 2022

• One of two engineers accountable for all corporate and data-center security at a global Tier 1 fiber provider — administered Palo Alto NGFW policy, application controls, and GlobalProtect VPN alongside a Cisco ASA fleet across Windows / Active Directory environments and geographically distributed perimeters.
• Built Splunk dashboards, alerting logic, and ETL pipelines spanning NGFW, email, Cybereason EDR, and Google Workspace — 70% MTTR reduction via proactive threat hunting across 5,000+ endpoints.
• Led end-to-end email security transformation — vendor RFP, contract negotiation, and migration to Abnormal Security, measurably reducing phishing exposure.
• SME for Google Workspace, Cybereason EDR, and MDM during a hiring freeze; architected the corporate MDM program from scratch and co-authored the Organization of Information Security policy aligned to ISO 27001 A.6.

KIOSK Information Systems

Cybersecurity Administrator & Security Analyst · Louisville, CO · Jan 2017 – Jul 2019

• Delivered managed security services (MSP/MSSP-style) for 10 distinct client organizations (10,000+ endpoints) — AV, encryption, file-integrity monitoring, firewall, and DLP across a heterogeneous portfolio.
• Ran the full email-security lifecycle (RFP, selection, negotiation, migration) and launched an MDM program with no prior organizational precedent.
• Authored Tier 3 escalation runbooks that reduced on-call load and improved security-operations agility.

Earlier

• Hewlett Packard Enterprise — Cybersecurity Intern, USPS Enterprise Security · Colorado Springs, CO · 2016 — competitively selected for HPE's 12-week CSIP; delivered a technical white paper and presentation to C-suite and senior security leadership.
• Front Range Community College — Cybersecurity & Networking Work-Study · Westminster, CO · 2015–2017 — built hands-on lab curricula; co-authored a 51-page VMware ESXi reference guide.