We provide IT Staff Augmentation Services!

Network Administrator Assistant Resume Profile

Owings, MillS


IT Security and Networking Professional with excellent written and oral communication skills. Thorough understanding of Networking, Information Assurance and Cybersecurity disciplines to include open-source information gathering, threat and vulnerability assessments, penetration testing and techniques, and network defense. I have over twelve year of hands on experience in IT Security specializing in penetration testing. I am an accomplished security engineer, malware analyst, and incident responder. I recently attained certification as an Offensive Security Certified Professional OSCP .


  • Network Analysis Physical Security Threat and Vulnerability Research Analysis, Incident Handling and Response speaking two languages: English and Russian. CERTIFICATIONS
  • Certified Ethical Hacker C EH , 2010
  • Cisco Certified Network Associate, 2010 CompTIA Security , 2010
  • Microsoft Certified Technology Specialist MCTS , 2010
  • EC-Council Certified Security Analyst E CSA , 2011
  • Offensive Security Certified Professional OSCP , 2013
  • Offensive Security Certified Expert OSCE , 2014



Sr. Penetration Tester

  • Lead Security Engineer of an Assessment Team doing full vulnerability assessments of the US Courts national systems
  • Conduct network/host penetration tests and web application penetration tests using
  • Assist the information security risk assessment program by identifying risks in the current security posture. Conduct risk assessment using NIST SP 800-53 v4 Operational, Management and Technical controls
  • Perform network security analysis and risk management for designated systems
  • Develop test cases to test web application according to OWASP and mapped every test case to NIST controls
  • Assess and evaluated risk based on threats, vulnerabilities, and shortfalls uncovered in testing
  • Develop CVSS calculator to rate risks for vulnerabilities found in assessments
  • Examine assets to determine if vulnerabilities exist and, if vulnerabilities are found, proposes remediation strategies that can be applied to mitigate them
  • Assist in vulnerability remediation efforts across various projects by proposing remediation strategies and engaging key stakeholders utilizing Plan of Actions and Milestones PO AM risk management process
  • Key contributor for developing templates such as Security Assessment Plan, Security Assessment Report, Rules of Engagement, Security Assessment Questionnaire, Kick-Off and Exit Brief


Sr. Information Security Engineer/Penetration Tester

  • Member of the Computer Security Information Response Center CSIRC participating in incident analysis, response and threat assessment on a daily basis.
  • Deployed Fire Eye, Symantec DLP, Symantec Web Gateway and Splunk
  • Performed firewall reviews and tuning
  • Conducted Penetration Test of the United States Mint's non-Commerce web site and related infrastructure, including web servers, application and database servers. Weaknesses discovered resulted in a multi-phase remediation and upgrade effort to resolve flaws.
  • Conducted PCI required Penetration Test of the eCommerce System which resulted in minor findings requiring remediation and furthered the PCI compliance effort for the system.
  • Conducted PCI required Penetration Test of the outsourced call center and fulfillment operation serving the ecommerce line of business. Findings resulted in a multi-phase remediation effort.
  • Performed wireless scans using Kismet, KisMac, and the Aircrack-ng suite
  • Participated in the development of the tailored security baselines for servers and networking equipment
  • Built, configured and deployed Snort IDS appliances to monitor Manufacturing department SCADA and industrial control assets.
  • Developed custom written malware to evade anti-virus systems as a demonstration for non-Commerce website stakeholders and United States Mint management. This resulted in the cancellation of a project to receive file submissions from the public on non-hardened infrastructure.
  • Performed evasions of Symantec and Sophos antivirus suites using various techniques to deliver payloads in PDF and executable files
  • Conducted social engineering test exercises coordinated with Treasury GSOC to determine level of infiltration possible using remote command and control frameworks.
  • Developed custom written Python scripts to generate weekly vulnerability dashboards used by technical and management staff.
  • PHP and Cold Fusion source code analysis to reveal vulnerabilities


Penetration Tester/Courseware writer

  • Performed open-source intelligence OSINT gathering for target customers in preparation for security assessments
  • Performed Network and Web Application Penetration tests within the parameters defined by rules of engagement coordinated with the client.
  • Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
  • Developed training materials for Strategic Security Online courses on the following subjects:
  • Network Penetration Testing
  • Web Application Penetration Testing
  • Network/Host Forensics
  • Maintained the Strategic Security Online target lab network comprised of the following Operating Systems:
  • Red Hat/Ubuntu
  • Windows 2000/XP/Vista/Windows 7
  • Vulnerable Web Applications on the following platforms:
  • ASP/MSSQL2000
  • C, PHP and Cold Fusion source code analysis to reveal vulnerabilities


Network Administrator Assistant/Security Analyst

  • Developed and maintained installation and configuration procedures for a project at Dulles International Airport. Performed system monitoring to verify the integrity and availability of hardware, server resources and systems security on a proactive basis
  • Assisted in creation of a Network Security website for both administrators and end users to access proper configuration templates, safe internet surfing
  • Monitored network intrusion attempts using Snort IDS
  • Installed, upgraded and diagnosed software issues
  • Performed network scanning using Nessus to identify weaknesses
  • Demonstrated exploits on vulnerable assets to prove weakness by using Metasploit and Nmap
  • Conducted remediation activities to close vulnerabilities
  • TECHNICAL EXPERIENCE: General Technical Skills:
  • Scripting Languages: Shell scripting, Python, Java, C
  • Operating Systems: Windows 95/98/NT/2000/XP/Vista/7/2003/2008, Mac OS X, Linux/Unix Red Hat Enterprise Linux, Debian, Ubuntu, Fedora, Backtrack 2/3/4/5
  • Software Applications: Symantec/Norton/McAfee Antivirus/AntiSpyWare/Antispam products, Microsoft Office 2003/2007, Microsoft Office Mac 2008, Apache, Microsoft IIS, Virtual Box, VMware Fusion/Workstation/Server, Tenable Security Center, FireEye, Symantec Web Gateway.
  • Security Skills/Tools:
  • Network Enumeration: Maltego, Google Hacking, DNS, SMB, LDAP, SNMP
  • Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine NSE , Hping 2/3, Netcat, Nessus
  • Sniffing/Man-in-the-Middle: Wireshark, Ettercap, Cain
  • Web Application Vulnerability Scanning: Acunetix tool similar to WebInspect/AppScan ,NTOSPider


  • Reversing: Malware analysis and source code analysis to find vulnerabilities in software
  • Exploit development: Windows based exploits such as Stack/Buffer overflows and Linux/Unix based exploits such as Stack/Buffer overflows.
  • Server/Client-Side Exploitation: Metasploit, Social Engineering Toolkit SET ,
  • Core Impact/Insight
  • Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper
  • Web Application: Manual SQL Injection, Manual Cross Site Scritping, SQLmap
  • Debuggers: Ollydbg, Immunity Debugger, WinDBG, GDB
  • Wireless: Kismet, Aircrack-NG Suite
  • TRAINING EC-Council Certified Ethical Hacker CEH Training, University of Maryland UMBC , 2010
  • Networking, RTEK2000, Baltimore,
  • CompTIA Security , University of Maryland UMBC ,
  • Offensive Security Certified Professional, Offensive Security,
  • Offensive Security Certified Expert, Offensive Security,

Hire Now