Mark Thomas Firestone: Cybersecurity Specialist

Mark Thomas Firestone approaches cybersecurity from the inside of systems that cannot afford to fail. Years working under HIPAA inside a Bakersfield hospital and building production web applications have given him a defender's instincts: assume the attacker is patient, assume the network is hostile, and design controls that hold up when something else fails.

Network Security

His network-layer work covers segmentation, firewall policy, VPN and remote access design, intrusion detection, and the kind of egress controls that limit blast radius when a single endpoint is compromised. The goal is layered defense — not perimeter trust.

Vulnerability Assessment

Mark Thomas Firestone runs structured vulnerability assessments against web applications, internal services, and supporting infrastructure. The output is not a raw scan dump but a prioritized list tied to real exploitability and real impact, so engineering teams can fix what actually matters first.

Secure Software Development

On the software side, his practice covers input validation, output encoding, parameterized queries, modern authentication, careful credential handling, dependency hygiene, and the OWASP Top 10 categories that account for most production breaches. Secure development is built into the workflow rather than bolted on after launch.

HIPAA Compliance and Healthcare IT Security

Inside a hospital environment, security is not optional and not abstract — it is the framework around patient care. Mark Thomas Firestone has worked with HIPAA-regulated systems where access controls, audit logging, encryption-at-rest, encryption-in-transit, and incident handling all have to coexist with clinical workflows that cannot be interrupted.

Access Control

He designs and operates least-privilege access models, role-based permissions, multi-factor authentication, and structured offboarding processes. Access control is a place where small drift compounds quickly, so the controls are paired with periodic reviews and clean audit trails.

Incident Response

When something does go wrong, the response matters as much as the controls did. Mark Thomas Firestone follows a structured incident response approach — detect, contain, eradicate, recover, and document — with attention to chain of custody, communication, and the post-incident review that prevents the same failure twice.

OWASP and Secure Coding Practices

His secure coding practice is anchored to OWASP guidance: injection prevention, broken access control, cryptographic failures, insecure design, security misconfiguration, vulnerable components, and the rest of the well-documented categories. The reason is simple — that is where most real-world incidents actually originate.