We provide IT Staff Augmentation Services!

Senior Systems Engineer Resume Profile

Long Island, CitY

PROFESSIONAL OVERVIEW

Information Security Professional with the ability to identify, communicate, and drive remediation of technical and business risk.

Founder, FuzzDB Project

FuzzDB is the largest open-content licensed attack and discovery pattern database of test cases for security fuzz testing

PROFESSIONAL EXPERIENCE

Gotham Digital Science Consulting Manager

  • Successful SDLC/Security business process transformation effort for one of the largest hedge funds in the world Analyzed the technology and business risks in organizations acquired by clients, and created remediation plans
  • and integration strategies taking into account business and security requirements
  • Designed and managed competitive analysis of a security assessment tool product space for a leading security tool vendor
  • Performed and managed numerous penetration testing, application assessment, and source code review engagements for C .NET and Java applications
  • Developed and delivered custom secure development training course to a large electronic trading technology firm's software developers in several US cities and internationally, a Federally funded space research group located at a major research university, one of the largest public transportation agencies in the United States, and others.
  • Won new and ongoing business for GDS in the Financial and Public Sector markets

QuietMove - Managing Partner

  • Conceptualized and co-founded a boutique security services consultancy that served organizations including Fortune 500, in diverse public sector, banking, retail, and e-commerce spaces
  • Created testing and reporting methodologies, marketing collateral, web and SEO strategy
  • Performed a wide variety of web application assessments, source code review, incident response, developer security training, penetration testing, wireless security, physical intrusion tests, and compliance consulting
  • Sales win rate of over 75 , often competing against significantly larger organizations
  • Built service channel partner relationships with VARs that brought QuietMove into Fortune 500 and other large accounts for assessment engagements
  • PCI-DSS readiness consulting, code review, web application assessments penetration testing. QuietMove was PCI ASV certified for its first two years
  • Deployed and maintained SugarCRM for sales management and metrics.

Accuvant - Sr. Security Consultant

  • Served large clients in diverse sectors such as cellular networks, power utilities, banking, traveling over 50 .
  • Performed network, web application, wireless, dialup penetration testing, physical intrusion testing, and PCI, SOX, NERC, HIPAA governance and compliance consulting
  • Scoped engagements, wrote statements of work, and managed engagement teams of 2-4 consultants Created and taught web application assessment and developer training offerings to
  • Spoke about web application security at national security conferences on behalf of Accuvant Participated in many pre-sales presentations and meetings, contributing to wins

Pegasus Solutions - Security Analyst / Acting Security Officer

  • Responsible for operational security at the leading ASP for the Hotel and Travel industry
  • Managed a team of two dedicated information security personnel, and an ad-hoc team composed of network administration, system administration, development, and operations personnel responsible for the their respective domains
  • Key achievements: Introduced security to the Pegasus software development lifecycle, implemented a vulnerability management program, built a multi-sensor Snort IDS, maintained an audit-ready environment
  • Acting CSO for one year, navigating them through their first year of compliance with Sarbanes-Oxley Section 404

IBM Global Services - Information Security Advisor

  • Promoted to be IBM Managed Security Services Delivery's ISA responsible for the security of two Fortune-500 firms Internet-facing transaction presences hosted by IBM
  • Maintained an audit ready environment
  • Was successfully responsible for all IBM security delivery to these clients satisfaction

Sr. Information Security Consultant

  • One of the founding members of IBM's Ethical Hacking Center of Competency, a national team of Subject Matter
  • Experts
  • Performed network, host, dialup, web application penetration testingand compliance consulting
  • Technical lead during penetration testing engagements, engagements typically consisted of 2-5 consultants
  • Served Fortune 500 clients in sectors such as Banking, Insurance, Electronics, Software, and Public Sector clients Performed technical interviews of potential new hires

confidential

IT Director and Lead Systems Engineer

  • Created all policies, processes, procedures, managed IT organization of 8 developers and systems administrators Assisted in developing the business plan and raising startup capital
  • Built server infrastructure using Windows and FreeBSD, including a scalable web email hosting farm and a live streaming broadcast studio

cofidential

Director, MIS and Senior Systems Engineer

  • Conceptualized the transformation of Ebiz Enterprises, a white-box PC manufacturer, into The Linux Store, a leading Linux workstation and server manufacturer, leading to a 2.5 million investment by The Canopy Group
  • The transformation garnered significant press coverage, causing the stock share price to increase over 10x Was responsible for all Information Technology
  • Led R D for new computer products, ranging from the first sub- 500 desktop workstation ever marketed to Beowulf-class Linux supercomputers

Software Developer Consultant

  • The following projects primarily utilized Visual Basic, Microsoft Transaction Server, and SQL Server in n-tier client/server architecture
  • Lead developer of client/server change control management system for one of the largest grocery and restaurant food distributors through deployment to hundreds of desktops across the United States
  • Developed industrial automation systems for a robotic car airbag inflator assembly line, interfacing with Allen-Bradley PLCs
  • Developed remote reporting solution for traveling quality inspectors for a large national franchise brand
  • Automated credit card embossing machines via RS-232 serial and implemented encryption to transmit data over public phone networks, prior to the ubiquity of leased lines and Internet, for a major credit card brand

SELECTED MEDIA REFERENCES

  • Live Data In Test Environments Is Alive And Well -- And Dangerous http://www.darkreading.com/security/app-security/showArticle.jhtml articleID 223900045 cid RSSfeed
  • Speculations Abound Over Massive DDOS Attacks http://blogs.channelinsider.com/secure channel/content/internet threats security/speculations abound over mass ive ddos attacks.html
  • USB devices make companies vulnerable to computer viruses, data theft
  • Database Servers Candy for Hackers http://www.informationweek.com/news/security/attacks/showArticle.jhtml articleID 218100141
  • Sub- 400 Linux Workstation
  • http://news.cnet.com/The-Linux-Store-drops-PC-prices/2100-1001 3-226820.html
  • 96 Processor Beowulf cluster at University of Richmond https://facultystaff.richmond.edu/ cparish/beowulf.htm
  • Beowulf Cluster launch event at Linux Expo 1999
  • http://findarticles.com/p/articles/mi m0EIN/is 1999 May 20/ai 54687101/

SELECTED SPEAKING ENGAGEMENTS

  • ISSA/ISC2 Information Security Summit 2005, Independence, OH Talk Web Application Security ISSA/ISC2 SecureSD Conference, San Diego, CA Talk on Web Application Security
  • Texas Regional Information Security Conference 2005, Austin, TX Talk on Web Application Security, Walking through Walls
  • Ziff-Davis Security Management Virtual Tradeshow 2007 Panel Discussion, Creating Security Awareness and Education Programs
  • ISSA Southwest Security Conference 2008, Phoenix, AZ Talk, Rethinking the Perimeter
  • Third Annual Arizona Entrepreneurship Conference, 2008 Panel discussion on building new products
  • Third Annual Arizona Entrepreneurship Conference, 2008 Talk on Web Application Security concepts for startups and entrepreneurs
  • Gangplank Brown Bag Lunch Series, 2009, Phoenix, AZ Talk on Black Hat SEO Internet Marketing, Pay Per Click PPC and Cost Per Action Fraud
  • Phoenix OWASP, 2009 Talk on what the cloud means to web security

SELECTED PAPERS AND OTHER CONTRIBUTIONS

  • Founder, FuzzDB Project
  • http://fuzzdb.googlecode.com
  • Project contributor, OWASP Fuzzing Code Database
  • http://www.owasp.org/index.php/Category:OWASP Fuzzing Code Database
  • Web Application Security Testing Add-On Collection for Firefox https://addons.mozilla.org/en-US/firefox/collection/webappsec
  • Cloud Security Alliance Cloud Security Guidance Document V2.1
  • Contributing author to Domain 6, Portability and Interoperability
  • Security Catalyst Blog previously, a contributing blogger

Hire Now