SUMMARY:

• Knowledge of the nature and sources web application and database vulnerabilities, how to identify and exploit them; Knowledge of the nature and sources network and host application vulnerabilities; Knowledge of the nature and sources of computer viral infestations.
• Develop and present al programs and/or workshops.
• Assist clients in remediating vulnerabilities on their network or web application.
• Maintain and modify data and physical security guidelines and procedures.
• Work effectively with peers and cross - functionally within the organization.
• Install, troubleshoot, and maintain information security software and software enhancements.
• Stay current with technological developments/trends in area of expertise.
• Vast knowledge in computer security issues, requirements and trends.
• Develop policy and procedure documentation and identify, then eliminate computer system intrusions and/ or security breaches.
• Devise solutions to computer virus problems.
• Understand firewall and VPN solutions.
• Design secure networks, conducting network and security audits.
• Proficiency in utilization of information security tools such as NeXpose, Retina, Webinspect, Netcat, cURL, Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect and Nikto, Metasploit, Canvas, Backtrack Disto and manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited too cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems.
• Too many tools to list these days, I find the proper tool for the situation.
• Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
• 10+ years hands on experience in one or more of the following Operating Systems: Windows Server NT/, Linux and UNIX
• A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures
• Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools
• Knowledge of information system architecture and security controls (i.e. firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures)
• HIPAA Project experience

AREAS OF KNOWLEDGE:

• IT Audits, Penetration Testing, Vulnerability assessments for regulatory compliance.
• Amap, Nmap, Nessus, Nikto, SQLix, Retina, cURL, Paros, Burp Suite, Webscarab, Spike, Achilles "fault injection", TamperIE, Whax, Backtrack 2-4, Knoppix STD, Netcat, Watchfire's AppScan, SPI Dynamics' WebInspect, AppDetective, Whisker and many other tools.
• Knowledge of databases, and web applications and how to test and identify vulnerabilities and exploit them.
• HTML, ASP, PHP, XML, CSS, SOAP, Perl, JavaScript, VBscript
• Windows XP, NT 4.0, Workstation, Server, and Terminal editions, 2000, 2003 Professional and Advanced Server, Exchange 5.5, and 2000 and 2003, SQL 7.0, 2000 and 2005, IIS 4.0, 5.0, and 6.0, Front page, Interdev 6.0, Visual Studio 6.0
• Linux / Solaris, FreeBSD
• Citrix MetaFrame 1.8,
• Ethernet, Token Ring, LAN, WAN, Intranets, Internets, Extranets, VPN, RAS, RSA SecureID
• Cisco PIX, Checkpoint, Sonicwall
• Cisco, Nortel routers, switches and extranets, Nortel PBX with Meridian Mail, Avaya VOIP
• Norton Ghost 7.0, 2003, 2004 enterprise edition, Symantec Client Security and Antivirus Technology Architect.
• Novell Netware 3.x, 4.x, 5.x, GroupWise, ZENworks

PROFESSIONAL EXPERIENCE:

Confidential

Penetration Tester / Sr. Security Engineer

Responsibilities:

• Deployed Alertlogic Log Manager across the global organization
• Deployed Nexpose vulnerability scanning across the global organization
• Worked with development teams to in corporate Nexpose scans into the provisioning process through the API.
• Initiated the use of Metasploit for vulnerability validation across the organization
• Perform network and web application penetration testing for product releases.
• Perform quarterly internal audits for compliance.
• Review vulnerability reports, create tickets for remediation by infrastructure and respective service manager.
• Educate the service managers and developers about various web application vulnerabilities.
• Then demonstrated how to exploit them.
• Educate the service managers and developers about the risk of a particular vulnerability.
• Recommend remediation steps to resolve various vulnerabilities identified in the environment.
• Work with the developers to provide a better understanding of the vulnerabilities.
• Work with developers and infrastructure on how to resolve the vulnerabilities.
• Participated in development and implementation of information security policies and procedures; recommended hardware, software, security guidelines, and safe practices for corporate SAAS wide computing and networking systems.

Confidential

Penetration Tester / Sr. Security Engineer

Responsibilities:

• Deploy Alertlogic Threat Manager across the global organization
• Perform network and web application penetration testing.
• Review DDI vulnerability reports and address the issues with the service managers.
• Perform quarterly internal audits for compliance.

Confidential

Information Security Analyst

Responsibilities:

• This is a contract position configuration of Imperva SecureSphere devices and tuning the signatures for web application attacks. Monitoring the Alerts and classifying the incoming traffic.

Confidential

Information Security Analyst

Responsibilities:

• This was a contract deployment of Nessus within the environment for PCI compliance.
• Design Vulnerability Management Program
• Design and implement Nessus Security Center configuration and setup.
• Create scan policy templates, Create scan templates
• Setup CIS Benchmark baseline policies for hardening hosts
• Ensure scans and audits were running properly as scheduled.
• Pass of knowledge to internal Restoration Hardware staff.

Confidential

Director of Technical Services

Responsibilities:

• Oversee and conduct vulnerability assessments and penetration testing/ethical hacking
• Oversee and conduct social engineering testing
• Oversee on site senior consultants engaged in internal penetration testing and vulnerability assessments.
• Oversee and perform the review and analysis of security vulnerability data to identify applicability and false positives
• Prepare and distribute security assessment reports to customers
• Research and develop testing tools, techniques, and process improvements
• Perform additional incidental duties as assigned

Confidential

Penetration Tester

Responsibilities:

• Perform internal and external penetration tests on behalf of Confidential for their clients.
• Oversee and conduct vulnerability assessments and penetration testing/ethical hacking
• Oversee and perform the review and analysis of security vulnerability data to identify applicability and false positives
• Prepare and distribute security assessment reports to customers
• Research and develop testing tools, techniques, and process improvements
• Perform additional incidental duties as assigned

Confidential

Compliance Specialist

Responsibilities:

• Perform internal and external IT audits for Confidential s clients then write a report of the findings in regards to HIPAA and HITECH compliance gaps.
• Oversee and conduct vulnerability assessments and penetration testing/ethical hacking
• Oversee and perform the review and analysis of security vulnerability data to identify applicability and false positives
• Prepare and distribute security assessment reports to customers
• Research and develop testing tools, techniques, and process improvements
• Perform additional incidental duties as assigned

Confidential

Sr. Associate - Consultant

Responsibilities:

• Performed web application assessments and penetration tests for Salesforce in preparation for Dreamforce.
• Oversee and conduct vulnerability assessments and penetration testing/ethical hacking
• Oversee and perform the review and analysis of security vulnerability data to identify applicability and false positives
• Prepare and distribute security assessment reports to customers
• Research and develop testing tools, techniques, and process improvements
• Perform additional incidental duties as assigned