We provide IT Staff Augmentation Services!

Network Administrator Assistant Resume Profile

Owings, MillS

SUMMARY OF QUALIFICATIONS:

IT Security and Networking Professional with excellent written and oral communication skills. Thorough understanding of Networking, Information Assurance and Cybersecurity disciplines to include open-source information gathering, threat and vulnerability assessments, penetration testing and techniques, and network defense. I have over twelve year of hands on experience in IT Security specializing in penetration testing. I am an accomplished security engineer, malware analyst, and incident responder. I recently attained certification as an Offensive Security Certified Professional OSCP .

AREAS OF EXPERTISE:

  • Network Analysis Physical Security Threat and Vulnerability Research Analysis, Incident Handling and Response speaking two languages: English and Russian. CERTIFICATIONS
  • Certified Ethical Hacker C EH , 2010
  • Cisco Certified Network Associate, 2010 CompTIA Security , 2010
  • Microsoft Certified Technology Specialist MCTS , 2010
  • EC-Council Certified Security Analyst E CSA , 2011
  • Offensive Security Certified Professional OSCP , 2013
  • Offensive Security Certified Expert OSCE , 2014

EXPERIENCE

Confidential

Sr. Penetration Tester

  • Lead Security Engineer of an Assessment Team doing full vulnerability assessments of the US Courts national systems
  • Conduct network/host penetration tests and web application penetration tests using
  • Assist the information security risk assessment program by identifying risks in the current security posture. Conduct risk assessment using NIST SP 800-53 v4 Operational, Management and Technical controls
  • Perform network security analysis and risk management for designated systems
  • Develop test cases to test web application according to OWASP and mapped every test case to NIST controls
  • Assess and evaluated risk based on threats, vulnerabilities, and shortfalls uncovered in testing
  • Develop CVSS calculator to rate risks for vulnerabilities found in assessments
  • Examine assets to determine if vulnerabilities exist and, if vulnerabilities are found, proposes remediation strategies that can be applied to mitigate them
  • Assist in vulnerability remediation efforts across various projects by proposing remediation strategies and engaging key stakeholders utilizing Plan of Actions and Milestones PO AM risk management process
  • Key contributor for developing templates such as Security Assessment Plan, Security Assessment Report, Rules of Engagement, Security Assessment Questionnaire, Kick-Off and Exit Brief

Confidential

Sr. Information Security Engineer/Penetration Tester

  • Member of the Computer Security Information Response Center CSIRC participating in incident analysis, response and threat assessment on a daily basis.
  • Deployed Fire Eye, Symantec DLP, Symantec Web Gateway and Splunk
  • Performed firewall reviews and tuning
  • Conducted Penetration Test of the United States Mint's non-Commerce web site and related infrastructure, including web servers, application and database servers. Weaknesses discovered resulted in a multi-phase remediation and upgrade effort to resolve flaws.
  • Conducted PCI required Penetration Test of the eCommerce System which resulted in minor findings requiring remediation and furthered the PCI compliance effort for the system.
  • Conducted PCI required Penetration Test of the outsourced call center and fulfillment operation serving the ecommerce line of business. Findings resulted in a multi-phase remediation effort.
  • Performed wireless scans using Kismet, KisMac, and the Aircrack-ng suite
  • Participated in the development of the tailored security baselines for servers and networking equipment
  • Built, configured and deployed Snort IDS appliances to monitor Manufacturing department SCADA and industrial control assets.
  • Developed custom written malware to evade anti-virus systems as a demonstration for non-Commerce website stakeholders and United States Mint management. This resulted in the cancellation of a project to receive file submissions from the public on non-hardened infrastructure.
  • Performed evasions of Symantec and Sophos antivirus suites using various techniques to deliver payloads in PDF and executable files
  • Conducted social engineering test exercises coordinated with Treasury GSOC to determine level of infiltration possible using remote command and control frameworks.
  • Developed custom written Python scripts to generate weekly vulnerability dashboards used by technical and management staff.
  • PHP and Cold Fusion source code analysis to reveal vulnerabilities

Confidential

Penetration Tester/Courseware writer

  • Performed open-source intelligence OSINT gathering for target customers in preparation for security assessments
  • Performed Network and Web Application Penetration tests within the parameters defined by rules of engagement coordinated with the client.
  • Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
  • Developed training materials for Strategic Security Online courses on the following subjects:
  • Network Penetration Testing
  • Web Application Penetration Testing
  • Network/Host Forensics
  • Maintained the Strategic Security Online target lab network comprised of the following Operating Systems:
  • Red Hat/Ubuntu
  • Windows 2000/XP/Vista/Windows 7
  • Vulnerable Web Applications on the following platforms:
  • ASP/MSSQL2000
  • ASP.NET/MSSQL2005
  • PHP/MySQL
  • C, PHP and Cold Fusion source code analysis to reveal vulnerabilities

Confidential

Network Administrator Assistant/Security Analyst

  • Developed and maintained installation and configuration procedures for a project at Dulles International Airport. Performed system monitoring to verify the integrity and availability of hardware, server resources and systems security on a proactive basis
  • Assisted in creation of a Network Security website for both administrators and end users to access proper configuration templates, safe internet surfing
  • Monitored network intrusion attempts using Snort IDS
  • Installed, upgraded and diagnosed software issues
  • Performed network scanning using Nessus to identify weaknesses
  • Demonstrated exploits on vulnerable assets to prove weakness by using Metasploit and Nmap
  • Conducted remediation activities to close vulnerabilities
  • TECHNICAL EXPERIENCE: General Technical Skills:
  • Scripting Languages: Shell scripting, Python, Java, C
  • Operating Systems: Windows 95/98/NT/2000/XP/Vista/7/2003/2008, Mac OS X, Linux/Unix Red Hat Enterprise Linux, Debian, Ubuntu, Fedora, Backtrack 2/3/4/5
  • Software Applications: Symantec/Norton/McAfee Antivirus/AntiSpyWare/Antispam products, Microsoft Office 2003/2007, Microsoft Office Mac 2008, Apache, Microsoft IIS, Virtual Box, VMware Fusion/Workstation/Server, Tenable Security Center, FireEye, Symantec Web Gateway.
  • Security Skills/Tools:
  • Network Enumeration: Maltego, Google Hacking, DNS, SMB, LDAP, SNMP
  • Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine NSE , Hping 2/3, Netcat, Nessus
  • Sniffing/Man-in-the-Middle: Wireshark, Ettercap, Cain
  • Web Application Vulnerability Scanning: Acunetix tool similar to WebInspect/AppScan ,NTOSPider

Exploitation:

  • Reversing: Malware analysis and source code analysis to find vulnerabilities in software
  • Exploit development: Windows based exploits such as Stack/Buffer overflows and Linux/Unix based exploits such as Stack/Buffer overflows.
  • Server/Client-Side Exploitation: Metasploit, Social Engineering Toolkit SET ,
  • Core Impact/Insight
  • Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper
  • Web Application: Manual SQL Injection, Manual Cross Site Scritping, SQLmap
  • Debuggers: Ollydbg, Immunity Debugger, WinDBG, GDB
  • Wireless: Kismet, Aircrack-NG Suite
  • TRAINING EC-Council Certified Ethical Hacker CEH Training, University of Maryland UMBC , 2010
  • Networking, RTEK2000, Baltimore,
  • CompTIA Security , University of Maryland UMBC ,
  • Offensive Security Certified Professional, Offensive Security,
  • Offensive Security Certified Expert, Offensive Security,

Hire Now