SUMMARY:

• Highly skilled WebApp Penetration Tester (PenTester)/network security analyst and IT expert with years of proven experience securing networks and data in corporate, government, and academic environments.
• Demonstrate expertise in identifying malicious code and traffic through traffic analysis, threat vectoring, honeypot traps, and classified means.
• Possess strong business experience and ability to mesh business objectives with IT resources.
• Design processes and system improvements to increase security while reducing costs.
• Collect intelligence on pending attacks, sector advisories and other information pointing to potential threats
• Review log files and tripped sensor alarms to identify unauthorized use of networks/systems
• Identify and analyze how the attack entered and propagated across the network
• Identify and analyze the source of attacks; research hidden and spoofed IPs to accurately determine source
• Identify and analyze weaknesses in firewall, IDS, and spam filtering systems that allowed the attack to propagate
• Evaluate potentially malicious code to make threat determinations and outline neutralization methods
• Create detailed reports summarizing the origin, target, and impact of unauthorized intrusions
• Document all observations and actions for coordination with colleagues, outside vendors, and Intel agencies
• Review the operability and effectiveness of firewalls, threat sensors, antivirus systems, and logging systems

KEY SKILLS:

• Computer Security Analysis
• Malware Detection
• Intrusion Detection & Prevention
• Information Assurance Initiatives
• Traffic Review & Analysis
• Code Review & Analysis
• Root Cause Analysis
• Disaster Recovery
• Penetration Testing
• Standard Operating Procedures
• Troubleshooting
• Process Analysis & Improvements

TECHNICAL PLATFORMS & TOOLS:

Networking: TCP/IP, Ethernet, IPSEC, DES/3DES, SSH, OSPF, IPtables, Kerberos, NAT, Radius Protocol, Assymetrical PKI, Certifcate Authorities, Layer 2 (Arping, Arp Watching, Port Stealing), Layer 3 (Pf, Fragtest, traceroute, Sing, LFT, Etrace, Firewalk), Layer 4 (TCP fragroute), OWASP, BGP, EIGRP, RESTFul Web Service (REST APIs, or HTTP APIs), Vulnerability Assessment

Security Tools: Nmap, Retina Security Scanner, Superscan, Basic Analysis and Security Engine (BASE), SGUIL, SSA Ticketing System (CAPRS), Confidential Ticketing System (Mantis), Track - it, Nessus, Enterasys Dragon IDS, ArcSight ESM Logger/Console, Keystroke Logger, Encase, Forensic Toolkit, Backtrack/Auditor Security Auditing Tools, Handy PRO, Maltego, Airodump, Airmon-ng, shodan, Confidential FireSight, Confidential FirePower, and Confidential AMP, Burp Suite PRO/Open Source Version, and Carbon Black (formerly known as bit9), SQLNinja, OWASP ZAP, Postman (API Development App), IBM Security Identity Manager (SIM), Process Explorer, Process Hacker, HP Fortify, AWS Networking (EC2 (VPC, IGW, ROUTE53, NAT)), Hydra

Network Tools: Kismet, netcat, netcraft, hping, windump/tcpdump, netstat, WireShark/Ethereal, Security information and event management (SIEM), Antivirus

OS & Virtualization: Windows (32bit and 64bit), Linux (Red Hat - now part of IBM, Fedora - Open Source sponsored by IBM, Ubuntu, Debian), OSX, and VMware, Dameware, Oracle Virtual Box, Docker, Kali Linux

Languages: C++, Perl, Snort - now part of Confidential FirePower, Intrusion Detection Systems IDS, PCRE, XHTML/HTML/CSS, SQL, PL/SQL, Python, Shell scripting, PowerShell, scapy, Software Developmental LifeCycle (SDLC), Linux Scripting

Enterprise Software: Microsoft Systems Management Server, Oracle Database, Microsoft Office

Hardware: PC Desktops, Laptops, Servers, Confidential 2600 Series Routers, Confidential 2600 Series Firewalls, Confidential ASA Firewall, Confidential PIX 500 Series Firewalls, VPN

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Network Security Specialist (Senior)/WebApp PenTester

Responsibilities:

• Reviewed documents and procedures on the Certification and Accreditation processes of systems.
• Worked and collaborated with other Information Assurance Officer (IAO) team members to check the status of Authority to Operate (ATO) of the assets.
• Checked and verified the findings and from the beginning process to the accreditation process were correct and accurate based on the Pentagon’s A&A process.
• Verified and validated through eMass that systems, network, and application devices on the entire JSP network were remediated
• Worked with collaboration with the Confidential and Microsoft Team under the JP2 - Pentagon contract
• Escorted un-cleared personnel to secure room facility
• Validated and verified that systems were being maintained based on the organization baseline
• Researched and tested a lot of “Hacked the Pentagon” projects and re-ran the Risk Assessment - WebApp Pen Test manually
• Performed and validated scans from ZAP (Zed Attack Proxy) and looked at the CWE alerts and remediation

Confidential, Washington, DC

Mid-Level SWA Support Specialist/PenTester

Responsibilities:

• Performed manual session fixation attacks, Cross Site Request Forgery (CSRF), cookie not set to secure flags and recording all the records and working with the development team to fix the issues as it arises.
• Researched and tested a lot of “Hacked the Pentagon” projects and re-ran the PenTest manually
• Researched and tested exploits against Web Client/Server manually performed manual validations
• Weekly status reports were submitted as part of daily projects in progress
• Worked with collaboration with the Confidential and Microsoft Team under the JP2-Pentagon contract
• Escorted un-cleared personnel to secure room facility
• Double checked making sure the alerts were true positive by running the automated test using IBM AppScan
• Double checked made sure that the website is not susceptible to web scrapping

Confidential, Washington, DC

Sr. Security Engineer/PenTester

Responsibilities:

• Double checked making sure the alerts were true positive by running the automated test using IBM AppScan (Static Source Code) and manually intercepting traffic using Burp Suite PRO through a proxy to the loopback address (local machine)
• Researched different types of exploits to find vulnerabilities to run on the simulated environment
• Documented and reviewed findings step by step on a documentation
• Researched and tested a lot of “Hacked the Pentagon” projects and re-ran the PenTesting manually
• Worked on the Scorecard for the compliance team for the weekly, monthly, and annual report
• Tracked down none compliance machine and asked account coordinators of the status
• Escorted uncleared personnel to secure room facility

Confidential, Washington, DC

Sr. Cyber Threat Analyst

Responsibilities:

• Double checked making sure the alerts were true positive by checking the Confidential FirePower Network Intrusion Prevention Systems (NIPS), Palo Alto Networks, and Confidential AMP endpoint Signature based - where the infection was originated and what process did it ran
• Made recommendation to tune out the alerts based on the signature and payload of the packet
• Made sure that after making the recommendation, the signatures alerts are not showing up again
• Made sure the noise of the sensor is tune to a minimum, but still generating alerts
• Gathered threat actors so the agency is aware of which hash value or Indicator of Compromise (IOC) to monitor
• Evaluated Oracle Identity Management (IdM), IBM Tivoli IdM, or CA IdM and made recommendation to customer the types of Identity Management tools to implement they should implement
• Evaluated Amazon Web Services - AWS Networking EC2 (VPC, Route53, Internet Gateway (IGW), ELB) on the test lab
• Installed Kali Linux (formerly known as BackTrack) on the staging environment using MetaSploit

Confidential, Washington, DC

Information Assurance Specialist

Responsibilities:

• Double checked making sure the alerts were true positive by checking the Confidential SourceFire Signature based, now Confidential FirePower, and RNA on Microsoft Cloud
• Determined whether the Source IP, Threat Indicator, Indicator of Compromise (IOC) were legitimated by uploading the file of the compromised machine were verified in VirusTotal and applied whitelists or blacklists to SPAM filters
• Made sure the Tenable daily scheduled nightly Nessus scans were correctly performed
• Collaborated with DoC Computer Emergency Response Team (CERT) and US-CERT on the latest cyber threats, and performed intel/threat gathering using iSightPartners - now acquired by FireEye
• Performed SPLUNK searches on the logs to search source IP addresses or Indicator of Compromise (IOC), Pattern of Attacks (POA)
• Performed assembly language analysis on OllyDGB, and looking for any anomaly in the test lab, while also evaluated Amazon Web Services - AWS Networking Elastic Cloud Computing (EC2) (Virtual Private Cloud (VPC), Route53, Internet Gateway (IGW), and Elastic Load Balancer (ELB))
• Installed Kali Linux (formerly known as BackTrack) on the staging environment using MetaSploit

Confidential, Fort Meade, MD

Information Assurance Engineer/Security Engineer

Responsibilities:

• Installed, removed, and upgraded Passive Vulnerability Scanners (PVS) 3.8.1 to PVS 4.0.3 on the Windows 2008 R2 (64bit) on NIPRNet (Non-Routable Internet Protocol Network) and SIPRNet (Secret Internet Router Network) servers
• Installed Windows Snort IDS, now part of Confidential FirePower on the Windows 2008 R2 (64bit) and looked at the logs on the see if the logs were being recorded
• Looked for any malware or anything suspicious in FireEye, Carbon Black(endpoint), Palo Alto, and checked to see if the malware is a false positive or false negative
• Performed daily scan result status checks ACAS Nessus scans and see if there were any failures on the scans

Confidential, Bethesda, MD

Information Assurance Engineer

Responsibilities:

• Gathered and looked for any malicious malware in FireEye for any system changes e.g. Confidential changes that calls to another Confidential processes that can change the registry entries, and looked for any suspicious abnormal changes in the system
• Looked for any anomaly behavior in the malware by checking if the repetitive traffic pattern by observing the traffic over a period time, in addition, performed some shell code analysis
• Gathered and looked up for any suspicious, and threatening on the site reputation, and comments
• Reviewed and searched for any traffic patterns for any deny and acceptance traffic at the Confidential ASA firewall, and as well as on the SYSLOG and correlate event from Juniper VPN logs
• Performed and looked up at the spam/proxy to administer deny or accept traffic
• Performed and looked for any malicious and added blockage on the malicious site
• Performed SCAP Scan on machine for compliance
• Performed McAfee IntruShield IPS, and RSA Archer by looking at the Source, destination, and country of origin

Confidential, Dulles, VA

Information Assurance Specialist / Intel Analyst

Responsibilities:

• Gathered intelligence via social media, Internet chatter, and classified means to identify and classify potential threats
• Gathered intelligence for any APT, Hacktivists, or Hackers trying to take down the Agency for any malicious intent
• Reviewed HP Fortify, RSA Archer, Snort, and SourceFire, now Confidential FirePower events from ArcSight ESM Console to ensure sensor operability and further evaluated traffic events from Snortby for malicious traffic
• Scanned operating systems using Tenable Nessus and patched the application vulnerabilities using IBM BigFix
• Created incident tickets based on observations and forward to team for further action and personnel notification
• Created and currently maintain a Linux patch repository by creating a simple shell script to ensure systems are protected from known exploits. In addition, created simple python scripts to extract data from PCAP files on Fedora and Red Hat Enterprise Linux (RHEL).
• Daily setup of the Video TeleConferencing (VTC) systems for the Cyber Operation Response Center (CORe) and Penetration Testing Team
• Monitored and looked for suspicious traffic e.g. SQL injections, blind SQL injections, plaintext password, malware analysis, reverse engineer by looking at what kind of entry was loaded, and remove on the registry e.g. AEX, EBX, ECX, EDX and unauthorized access attempt to online applications -- by step into a function to examine the content, or step over a function and followed the OWASP guidelines for WebApp vulnerabilities
• Performed lookup using the “strings” command line tool to extract ASCII characters and search for indicators or by searching using a “grep” command on the log files for any Indicator of Compromise (IOC), or Pattern of Attacks (POA) based on the threat intel gathered
• Setup, evaluated, and tested Burp suite in the test lab environment trying to intercept traffic and modify the session id, or payload to login to the account
• Installed Kali Linux (formerly known as BackTrack) on the staging environment using MetaSploit

Confidential, Washington, DC

Desktop Scan and Remediation Expert

Responsibilities:

• Verified target connectivity; performed local scans; authenticated via LANMAN to scan remote machines
• Coordinated and scheduled time to remediate machines with identified vulnerabilities
• Patched and remediated application based patches such as SQL injection command shell exploits on the servers based on scanner recommendation, Information Assurance Vulnerability Alerts and Bulletins

Confidential, Falls Church, VA

Junior Information Assurance Engineer

Responsibilities:

• Performed Security Test & Evaluations (ST&E)/upgrades for equipment to obtain authority to operate in the lab
• Tested end to end Tandberg video teleconferencing connections for stability and security
• Hardened Windows operating systems per Security Technical Implementation Guidelines (STIG)
• Performed vulnerabilities scans and looked for any application vulnerabilities with the system
• Verified the stability of patches and patched Linux and Windows systems according to IAVA/IAVB notices for the Kabul, Afghanistan Theater Video Bridge (ATVB) project

Confidential, Annapolis Junction, MD

Senior Consultant / Cyber Network Analyst

Responsibilities:

• Charted traffic observations and reported abnormalities to supervisor for further action
• Escorted uncleared personnel to secure room facility

Confidential, Fairfax, VA

Cyber Security/Network Intrusion Analyst

Responsibilities:

• Tracked malicious behavior based on watch officer instructions and traced traffic patterns to source IP
• Verified antivirus/malware findings with online analysis tools
• Attended briefings to maintain current on threats and vulnerabilities in collaboration with USCYBERCOM (Formerly known as JTF-GNO)
• Analyzed traffic patterns and looked for SQL injections, blind SQL injections and matched the signature with the payload

Confidential, Columbia, MD

QA/Network/Security Engineer

Responsibilities:

• Tested network performance with Tenable Nessus/Passive Vulnerabilities Scanning/Security Center 3 (beta) simulations on Red Hat Enterprise Linux (RHEL) and Windows Operating Systems
• Tested PVS(beta), LCE(beta), Security Center(beta), and Nessus(beta) application to check to see the scanner had any application vulnerabilities
• Tested vulnerabilities of security verification and data protection protocols/systems
• Used Access Control Matrix to verify proper security models were implemented
• Tested information security configuration for issuing, defending, changing, and revoking passwords
• Created and tested simple bash script to run command line nessus scans

Confidential, Arlington, VA

Network Engineer / Security Engineer

Responsibilities:

• Checked switch status to verify all sensors were operating correctly at each remote location
• Analyzed traffic on peer to peer network and shut down traffic remotely using command prompts
• Analyzed log tcpdump, and looked at the SGUIL payload and compared it to the SourceFire signatures; looked up and modified Linux IPTables as necessary
• Utilized Microsoft Systems Management Server to identify machines operating with spyware or malware
• Analyzed code analysis by observing what kind of registry was entered in the shellcode or OllyDbg
• Hired through TMSI Staffing and turned into a Confidential employee after seven months

Confidential, Adelphi, MD

IT Support Associate

Responsibilities:

• Managed, maintained, and supported campus networks, peripheral equipment, software, services and devices
• Checked out, compiled, installed, and checked the program back into the application library after successful installation of the program
• Coordinated and implemented network security measures to protect data and hardware systems
• Installed or upgraded software/hardware, implemented UNIX file backup, restoration, password, shell, directory changes, and configured systems and/or applications
• Provided expertise to all users and answered queries or requests for support/training on systems and software
• Proactively monitored systems to identify problems and maintenance needs; repair systems and configurations
• Developed plans to safeguard data from accidental or unauthorized modification, disclosure, and destruction