Cybersecurity Engineer & Technical Specialist · Author · Human

Bill
Corning

Cybersecurity Engineer & Technical Specialist
Author, The Willing Prison
Founder, The Willing Prison Project

Twenty-three years in IT. Nearly a decade in cybersecurity. One memoir about what happens when the walls you build to protect yourself become the thing that traps you. Not your average résumé.

Bill Corning

23 Years of Building Things That Actually Work

I didn't start in cybersecurity. I started in a call center.

Over twenty-three years I worked my way through nearly every layer of IT: helpdesk, systems administration, network operations and cybersecurity. I've managed complex infrastructure and complex people. I've worked in the video game industry and the financial sector. I've held the title of individual contributor and I've led teams of security engineers. The IT world hasn't stopped moving, and neither have I.

I never went to college. I don't have a degree on the wall. What I have is two decades of real-world experience cutting through problems that textbooks don't cover, plus a track record of building things that work.

My specialty is vulnerability management. Not the checkbox kind. I'm talking about inheriting a broken program, rebuilding it from the ground up, and securing the cross-functional buy-in required to turn a massive backlog into actual remediation. I’ve designed and optimized these workflows at scale using Qualys VMDR. I know the difference between a dashboard that merely tracks exposure and a program that actively drives risk down to zero.

But beyond the technical work, I lead by a philosophy I arrived at the hard way. Something no certification ever could teach:

People first. Process second. Technology last.

Most organizations get this backwards. They invest heavily in vendor solutions and complex tooling, then wonder why the risk to the business never actually decreases and adoption stalls. A shiny dashboard cannot patch a cultural vulnerability. I invest in the people around me first: their growth, their clarity, their buy-in. Then we build the operational process that serves them. Then we evaluate what technology fits. In that order, every time.

AI is no exception. It's a genuine companion in how we work now. I use it daily, and I don't dismiss it. But too many organizations treat AI adoption as a shortcut: they lay off the workforce first and figure out the problem later, without ever having defined what the problem was. Productivity ends up tied to token usage and rising subscription costs instead of outcomes, and eventually a lot of these companies quietly rehire the people they let go. Had they led with people and process, treating AI as technology to be integrated deliberately rather than a tool to replace judgment, they'd have saved themselves millions and a lot of disruption.

Further reading:

"Employers who laid off workers for AI are reversing their decisions", CNBC

"Companies Fired Workers For AI. Now They Want Them Back", Forbes

"Companies Are Rehiring Workers They Cut for AI, and the Reason Is a Wake-Up Call for Leaders", Inc.

"Design Your Company for AI, Not AI for Your Company", BCG, on what it looks like to get this right

I believe in paying it forward. In leaving every organization better than I found it. In the idea that a security program is only as strong as the people running it, and that people perform best when someone has invested in them first.

I'm currently available for cybersecurity engineering, advisory, and technical specialist roles. Open to Helsinki capital region hybrid, European contract assignments, or US remote.

SOC 2 Compliance Specialist Identity & Access Management Practitioner Security Awareness Program Lead Vulnerability Management Consultant Information Security Leader
Download Resume
Vulnerability Mgmt
Qualys/Tenable, VM lifecycle, Program Design, Stakeholder Reporting, Risk Management aligned with BIA
EDR Operations
CrowdStrike, SentinelOne, Netskope, Defender, Taegis XDR/SIEM, Splunk, Nmap, Incident Response
Cloud & Identity
Microsoft Entra ID, Okta, IAM, SSO/MFA, Conditional Access Policies, Key Vault Management
Compliance
SOC 2, ISO 27001, CIS Benchmarks, Third Party Risk Assessments (TPRA)
Infrastructure & Systems
Structured Cabling, Rack & Stack, Server/Network Hardware, Data Center Operations, Linux/Windows Administration, NOC Operations
Security Awareness
KnowBe4, Phishing Simulation, Employee Training, Policy Development, Program Ownership
Technical Documentation
SOC 2 Audit Documentation, Policy Writing, Runbooks, Stakeholder Reporting in leadership roles

From Call Center to
Security Engineering

2003 – 2007
Senior Technical Support
Sony Online Entertainment · San Diego, CA
Where it all started. Customer escalations, training new hires, earning Outstanding Service Representative multiple times. The foundation of every skill that followed.
2007 – 2011
System Engineer
Sony Online Entertainment · San Diego, CA
Mission-critical production infrastructure. Server lifecycle, data center operations, global gaming infrastructure. Building the muscle memory of enterprise IT.
2011 – 2015
Network Operations Administrator
Sony Interactive Entertainment · San Diego, CA
Global NOC. 24/7 Linux and Windows infrastructure. Built a single sign-on proof of concept connecting on-prem Linux servers to Active Directory. Played a key role supporting the PlayStation 4 launch, with zero downtime on one of gaming's biggest nights.
2015 – 2018
System Administrator
Sony Interactive Entertainment · San Diego, CA
Endpoint security, macOS fleet management (jamf/Casper), executive threat reporting. Migrated all American studios to McAfee Endpoint Security and consolidated licensing into Sony's global agreement, cutting $50,000 from the yearly security budget. The pivot toward dedicated security work.
2018 – 2020
Security Analyst
Sony Interactive Entertainment · San Diego, CA
Consolidated seven legacy Qualys environments into a single global tenant. Reduced org-wide vulnerabilities by 15% in six months. Where vulnerability management became a craft.
2020 – 2024
Senior → Lead Security Engineer
defi SOLUTIONS · Remote
EDR deployment, Entra ID, Azure, SIEM. Rebuilt Qualys VMDR from scratch. Led incident response. Managed certificate lifecycle. The full stack.
2024 – 2025
Manager, Security Engineering
defi SOLUTIONS · Remote
Led SOC 2 compliance, onboarded SentinelOne, built executive dashboards, managed a team of talented engineers, and learned that leadership meant less time in the work I actually love.
Now
Available · Writing · Building
Espoo, Finland · Open to US Remote
Having led a team, I'm choosing to go deep again as an individual contributor, hands in the tools and close to the problem. Finishing a memoir. Seeking Information Security IC or fractional contract roles in the Helsinki/Capital Region. Not slowing down.
The Willing Prison book cover

The Willing Prison:
Unlocking the Gifts Inside

Every man builds a fortress. It's supposed to be temporary: a place to retreat, regroup, recover. But some men never leave. The walls become the thing that traps them.

"The key is in your pocket.
It always was."

This is a memoir about forty-six years inside. It's honest, it's dark, and it has more humor than you'd expect from someone writing about a lifetime of hiding in plain sight. It's for any man who has retreated so far inside himself that he forgot there was a world waiting on the other side.

Coming to Amazon in 2026

Visit the Book Site

Something Bigger Than a Book

The memoir started a conversation. The Project is where that conversation goes next.

The Willing Prison Project is a developing initiative focused on men's mental health, specifically the epidemic of emotional withdrawal that leaves men present in body but absent in every way that matters.

The details are still taking shape. But the mission is clear: to reach the men sitting in their own willing prisons right now, convinced the door is locked from the outside.

It isn't.

Learn More
1 in 8
Men experience depression or anxiety; most never seek help
Men are three times more likely to die by suicide than women
The number of men who don't have to stay inside

Let's Talk

Whether you're a hiring manager, a reader, a journalist, or just someone who needed to read something today, the door is open.

Currently Available

Based locally in Espoo, Finland, with full work authorization for both Finland/EU and the US. After leading a security engineering team, I'm back in the field as an individual contributor, available for hybrid roles in the Helsinki capital region, fully remote European contracts, or US remote assignments.

Individual Contributor Vulnerability Mgmt Consultant / Specialist US Remote Europe Remote Helsinki · Finland

Also available for short-term and project-based work via Upwork.