- Alternative to PENETRATION TESTER position names: Ethical Hacker, Application Penetration Tester, Application Security Consultant, Red Team Lead, Principal Subject Matter Expert SME , Senior Security Auditor, Security Advisor Engineer SAE , Senior Information Assurance Technical Analyst.
- Seeking Penetration Tester consulting position in a network security field with exposure to: penetration testing, manual and automated testing of: operating system, network, web application, source code, mobile devices, database, wireless, and social engineering, and also exposure to: website security, security testing, network audit, vulnerability scanning and assessments, cyber security of Industrial Control System ICS / Supervisory Control and Data Acquisition SCADA , Secure Software Development Life Cycle SSDLC , mitigation strategies and solutions, hardening, enterprise patch management, Continuous Monitoring CM , U.S. federal government IT security FISMA compliance, Certification and Accreditation C A , DoD DISA STIG compliance, financial and secure banking compliance PCI DSS 2.0, SOX, Basel II .
- Offering occasionally travel to nationwide clients for 1-2 days, every few weeks 10 -20 for internal review.
- ONLY as an independent Corp-to-Corp C2C sub-contractor through own company Yarekx IT Consulting LLC , no W2.
- Offering a unique mixture of penetration testing, web application / computer / network security, auditing, network system engineering, operational security, management, and government consulting skills, experience, and knowledge.
- Offering for clients the usage of the best commercial penetration testing tools available on the market. many expensive pentesting tools' licenses are already owned . It previously resulted in winning government contract bids.
- Experience consists of 26 years of exposure in computers and networks, 19 years in information security / assurance, 13 years in project management, 13 years in penetration testing and vulnerability assessment, 13 years in application security, 13 years supporting government clients DoD/ANGB, DSS, DISA, DHHS/FDA, PSC, DoL/ESA, DoS/CA, DHS/FEMA, TSA, DoED, FHFA, LOC, USAID , and 5 years in supporting commercial companies in telecommunication and banking industry. Education includes 40 IT certifications, 100 courses, a Master Degree in Geography 1990 , and a second Master Degree in Information Security 2004 .
- Information security and audit skills: support the secure development of systems by discovering information protection needs, defining system security requirements, designing systems security architecture, implementing system security, and finally assessing information protection effectiveness to ensure that they support the business mission and provide assurance. Ensure that all practical steps have been taken to protect the information system itself, as well as the data it contains from violations of policy, laws or customer expectations of availability, confidentiality and integrity. Writing security policies, standards, procedures, guidelines, best practices, Project Management Plans PMP , System Security Plans SSP , Contingency Plans CP , Security Controls Assessment Plan SCAP , Security Categorization Report SCR , Security Requirements Traceability Matrix SRTM , Incident Response Plans IRP , Disaster Recovery Plans DRP , Business Continuity Plans BCP , Plan of Action and Milestones POA M for General Support Systems GSS and Major Applications MA performing Privacy Impact Assessment PIA , Business Impact Analysis BIA , Framework Self-Assessment FSA , Risk Assessment RA , conducting Certification and Accreditation C A activities in accordance with DITSCAP and NIACAP, preparing Authority To Operate ATO documents, developing Security Test and Evaluation ST E and Certification Test and Evaluation CT E plans and procedures, Continuous Monitoring CM , security test reporting, and other associated deliverables for system accreditation exposure to Sarbanes-Oxley Act SOX compliance, The Institute of Internal Auditors IIA professional standards, Operationally Critical Threat, Asset, and Vulnerability Evaluation OCTAVE , Control Objectives for Information and Related Technology COBIT , Federal Information System Controls Audit Manual FISCAM , System Development Life Cycle SDLC , Systems Assurance SA , Quality Assurance QA , Information Assurance IA policies, GISRA/FISMA compliance reporting and enforcement, developing of Information Systems Security ISS solutions, Configuration Management CM , Continuity of Operations Planning COOP , Secure Software Development Life Cycle SSDLC , Information Assurance Vulnerability Assessments IAVA , penetration testing, Identity and Access Management, detection and mitigation weaknesses to prevent unauthorized access, protecting from hackers, incident reporting and handling, cybercrime responding, analyzing Intrusion Detection System IDS , performing computer forensic, security auditing and assessment, regulatory compliance analysis, testing, and remediation consulting, securing Personally Identifiable Information PII and Sensitive Security Information SSI , creating a security review program, architecting and implementing customer security solutions, developing a security training and awareness program, anti-virus scanning, security patch management, testing hardware/software for security, hardening/auditing Windows, UNIX, VMS, SQL, Oracle, Web, and network devices, providing recommendations for secure network architecture, firewalls, and VPN.
- Network system engineering and operational skills: extensive experience in the full life cycle network development routers, switches, and firewalls , network requirement analysis, architecture, design, drawing, specification, configuration, test, simulation, implementation, development, integration, operation, maintenance, system administration, system performance optimization, software and hardware troubleshooting, and product research and evaluation.
- Management and organizational skills: write winning proposals for federal government IT security contract solicitations, provide leadership, motivation, and direction to the staff, successfully managing day-to-day operations, tasks within schedule and budgetary constraints, responsible leader, manager, evaluator and decision-maker, thinking independently, identifying project scope, analyzing and solving complex problems, quickly learning and applying new methods, adapting well to changing environment, requirements and circumstances, excellent collaborating with corporate and government customers and technology stakeholders, excellent writing, oral, communication, negotiation, interviewing, and investigative skills, performing well in teams as well as independently, working effectively under pressure and stress, dealing successfully with critical deadlines, implementing activities identified in statements of work SOW , detail orienting, managing team resources efficiently to ensure customer satisfaction and maximize team utilization and effectiveness Information Resources Manager IRM , utilizing time management, and project management methodology.
- SECURITY DOCUMENTATIONS, PROCESSES, POLICIES, STANDARDS, and GUIDELINES:
- Security policies, standards, and procedures, SSP, SSAA, POA M, PIA, BIA, FSA, RA, CP, DRP, BCP, COOP, C A, DITSCAP, NIACAP, ATO, IATO, SRTM, ST E, CT E, SA, QA, IA, GISRA, FISMA, ISS, CM, IAVA, IDS, DAA, PDD-63, OMB A-130, A-11 Exhibits 300s, NIST SP 800 series, FIPS 199, FISCAM, ISO 17799, OCTAVE, COBIT, COSO, PCAOB, IIA, ISACA, STIG, SRR, CVE, CWE, CVSS, OWASP, OSSTMM, SDLC, SSDLC, SAST, DAST, STRIDE, DREAD.
- PROTOCOLS and STANDARDS:
- VPN, IPSec, ISAKMP, IKE, DES, 3DES, SHA, MD5, AH, ESP, PKI, PGP, X.509, SSH, SSL, VoIP, RADIUS, TACACS , BGP, OSPF, IS-IS, EIGRP, IGRP, RIP, ARP, ATM, Frame Relay, NAT, HSRP, VLAN, TCP/IP, DNS, NetBEUI, DHCP, HTTP, Telnet, FTP, TFTP, T1, T3, OC 3-48, SONET, 802.11b, XML, SOAP, WSDL, REST, JSON, UDDI, WLAN, WEP, WAP.
- Cisco Routers, Catalyst Switches, PIX Firewalls, Cisco VPN Concentrators, Cisco Intrusion Detection System Appliance Sensors NetRanger , Cisco Aironet Wireless Access Point Juniper Routers Foundry Networks Routers and Switches Intrusion.com with Check Point Firewall CSU-DSU SUN, HP, Dell, Compaq servers.
SOFTWARE, PROGRAMS, TOOLS, and OPERATING SYSTEMS:
- Penetration Testing tools:
- CORE Security CORE Impact OS, web, and wireless modules , Rapid7 Metasploit Framework with Armitage , Pro, and Express, SAINT Corporation SAINTExploit, NGSSQuirreL for SQL/Oracle/Informix/DB2 database pentesting tools, Application Security AppDetective Pro database pentesting tool, Offensive Security BackTrack, w3af, sqlmap, Havij, Portcullis Labs BSQL Hacker, SCRT Mini MySqlat0r, NTOSQLInvider, SqlInjector.
- Operating System scanners:
- Lumension PatchLink Scan formerly Harris STAT Guardian vulnerability scanner and PatchLink Remediation module, Rapid7 Nexpose, ISS Internet and System Scanner , GFI LANguard Network Security Scanner, Tenable Nessus Security Scanner, Secure Configuration Compliance Validation Initiative SCCVI eEye Retina Digital Scanner, Foundstone FoundScan scanner and SuperScan, Shavlik NetChk, Shadow Security Scanner SSS , Microsoft Baseline Security Analyzer MBSA , Center for Internet Security CIS Security Configuration Benchmarks, QualysGuard, ManTech Baseline Tool Kit BTK configuration scanner, Gold Disk, Anomaly Detection Tool ADT , Router Audit Tool RAT , Cisco Secure Scanner NetSonar , nmap.
- Oracle/SQL Database scanners, audit scripts, and audit checklists:
- Application Security Inc.'s AppDetective Pro database audit tool NGSSQuirreL for SQL, NGSSQuirreL for Oracle, NGSSquirreL for Informix, NGSSQuirreL for DB2 database audit tool Shadow Database Scanner SDS CIS Oracle audit script Ecora audit software for Oracle State Dept Oracle 8i / 9i R2 RDBMS / SQL 2000 audit script State Dept Oracle 8i / 9i / 10g / SQL 7 / 2000 / 2005 security hardening guides and audit checklists Homeland Security Dept, DoD DISA STIGs, and CIS security guides and checklists for Oracle and SQL.
- Web application scanners and tools:
- HP WebInspect, IBM Rational AppScan Standard Edition, Acunetix Web Vulnerability Scanner WVS , Cenzic Hailstorm Pro, Mavituna Security Netsparker, N-Stalker Web Application Security Scanner, Syhunt Dynamic Sandcat Pro , Subgraph Vega, OWASP Zed Attack Proxy ZAP , CORE Security CORE Impact Pro web module, SAINTExploit Scanner, IronWASP, Foundstone SiteDigger, Samurai Web Testing Framework WTF , PortSwigger Burp Suite Pro Scanner, Parosproxy Paros, SensePost Wikto, NTO Spider, CIRT nikto2, BeEF, Web Application Attack and Audit Framework w3af , OWASP WebScarab, wget, Absinthe, HTTPrint, DirBuster, Grendel-Scan, RatProxy, SprAJAX, Flare, SoapUI, Durzosploit, TamperIE, Firefox plug-ins: Web Developer Extension, Live HTTP Headers Extension, TamperData, Security Compass Exploit-Me SQL Inject Me and XSS Me .
- Application source code scanners:
- Mobile tools, emulators, and scanners:
- Android Virtual Device AVD , Apple Xcode, BlackBerry Ripple Emulator, Windows Phone Emulator, Opera Mobile, Android Debug Bridge ADB , Apktool, Androwarn, Drozer, Snoop-it, iBeacon, iAuditor, iBackup Viewer, Apple Configurator for MDM solution.
- Programming Languages different level of knowledge :
- Wireless scanners:
- CORE Security CORE Impact wireless module, Fluke OptiView Network Analyzer, NetStumbler wireless detector, Kismet, Airsnort, aircrack-ng, inSSIDer, AirPcap.
- Forensics Tools:
- EnCase, SafeBack, FTK Forensic Toolkit, TCT The Coroner's Toolkit, nc, md5, and dd.
- Miscellaneous programs and services:
- McAfee HBSS 2.0, 3.0 ePO Orchestrator 3.6.1, 4.0 , McAfee Hercules, VMWare, BlackICE, ZoneAlarm, Snort NIDS, Tripwire HIDS, NetIQ Security Manager, Checkpoint Firewall, Cisco Secure IDS Host Sensor CSIDSHS, Cisco Secure Policy Manager CSPM Symantec security products AntiVirus, AntiSpyware, Firewall, IDS , Wireshark Ethereal sniffer, tcpdump, MS Office, MS IIS 4/5/6, MS SQL 7/2000/2005, Oracle 8i/9i/10g/11g, whois, nslookup, DIG, Netcraft, Geoiptool, Dnsstuff, FOCA, Paterva's Maltego, ServerSniff, Google Hacking DataBase GHDB , Robtex, Foundstone SSLDigger, THCSSLCheck, SSLScan, openssl, netcat, p0f, Fierce DNS Scanner, L0phtcrack, John the Ripper, Custom Word List Generator CeWL , Sam Spade, NTFSDOS, Pwdump2, Solarwinds, Pwnie Express Pwn Plug Elite and Pwn Pad.
Windows DOS/3.1/95/98/NT/2000/XP/2003/Vista/7 , UNIX Sun Solaris, Linux Red Hat, Knoppix , Cisco IOS.
VULNERABILITY ASSESSMENT / ETHICAL HACKING / PENETRATION TESTING SKILLS:
- Hacking Methodology: footprinting, scanning, enumeration, penetration, and root access privilege escalation.
- Hacking Techniques: cracking, sweeping, SYN flooding, audit log manipulation, DNS Zone transfer, DDoS, IP spoofing, sniffing, brute force, buffer overflows, keystroke logging, trojans, and backdoors.
- Countermeasures: patching, honey pots, firewalls, intrusion detection, packet filtering, auditing, and alerting.
- Application vulnerabilities: inadequate input validation, SQL Injection, Cross-Site Scripting XSS , Cross-Site Request Forgery CSRF , buffer overflow, security misconfiguration, cookie manipulation, insecure cipher.
Project through own company
- Conducted remote web application security vulnerability and penetration testing automated and manual against huge Internet commercial applications 10,000 web pages based in the U.S., Europe, and Asia.
- Analyzed scans results, manually verified each security vulnerability to avoid reporting false positive issues.
- Wrote very detail reports of findings and suggested remediation step-by-step procedures.
- Presented to executives/developers web applications security vulnerabilities as defined by OWASP Top 10.
DC Penetration Testing Leader / Security Advisor Engineer
- Co-wrote a successful winning proposal for Penetration Testing contract with Library of Congress.
- Served as the Penetration Testing Leader / Security Advisor Engineer SAE / Subject Matter Expert SME supporting an effort performing:
- penetration tests network, OS, web, and mobile application, source code, database and wireless approach ,
- provided close hands-on mitigation assistance to System, Web, DB Administrators, and Code Developers,
- provided innovative approach and solutions to the mitigation process of the IT security findings,
- advised changes needed to penetration testing policies and procedures,
- took initiative on various new IT security projects on top of existing ones in multi-tasking approach,
- created hardening guides and providing guidance to address vulnerabilities found in systems,
- provided security consulting services to other application, Service Units, and IT teams SOC, NOC, FO .
- provided IT security support for Certification and Accreditation C A of IT systems,
- provided after-hours evenings, nights, and weekends IT security support for many urgent projects.
- Wrote penetration testing Rules of Engagements RoE , Test Plans, Standard Operating Procedures, and Memos.
- Conducted remote external and local internal penetration testing and vulnerability assessment of web application and web services SOAP, RESTful using tools: Acunetix Web Vulnerability Scanner, HP WebInspect, IBM Rational AppScan Standard Edition, Mavituna Security Netsparker, N-Stalker, Subgraph Vega, Syhunt Dynamic Sandcat Pro , Foundstone SiteDigger, CORE Impact Pro web pentesting module, SAINTExploit Scanner, Web Application Attack and Audit Framework w3af , sqlmap, Security Compass Exploit-Me SQL Inject Me and XSS Me , Burp Suite Pro, OWASP Zed Attack Proxy ZAP , N-Stalker Web Application Security Scanner.
- Conducted remote external and local internal penetration testing and vulnerability assessment of servers and workstations operating systems using tools: CORE Impact Pro, SAINTExploit Scanner, Nessus, GFI LANguard, BackTrack5, Rapid7 Nexpose and Metasploit with Armitage, nmap, netcat, Foundstone SuperScan.
- Scanned SSL Servers using tools: Foundstone SSLDigger, SSLScan, The Hacker's Choice THCSSLCheck.
- Scanned, analyzed, assisted web developers in configuration and security findings mitigation in web servers, web applications, and web software development platforms: Apache HTTP Server, Apache Tomcat, IBM HTTP Server, Microsoft Internet Information Services IIS , Jetty, Nginx, Oracle HTTP Server, Oracle Business Intelligence BI Publisher, Oracle WebLogic Server, Oracle Fusion Middleware OFM . And Oracle Application Express APEX .
- Created and implemented security configuration guidelines for Oracle Fusion Middleware OFM and Oracle Application Express APEX .
- Successfully identified, manually exploited, and compromised operating systems, web application, databases.
- Performed application black box testing vulnerability assessment, DAST - Dynamic Analysis Software Testing and white box testing source code review, SAST - Static Analysis Software Testing as part of application Secure Software Development Life-Cycle SSDLC .
- Examined results of web/OS scanners, conducted hands-on static source code analysis, found vulnerabilities, misconfiguration, and compliance issues, wrote final reports, defended findings during meetings with developers, and provided security recommendation for government executives, developers and web/system administrators.
- Recommended for Java Developers the implementation of an OWASP J2EE Stinger filter Security Validation Description Language SVDL XML file for Stinger with validation rules for the regex, cookies, and parameters of an HTTP request for Java 2 Platform Enterprise Edition J2EE platform, which has not validation features.
- Ensured current application security controls are sufficient and detect those that need improvement.
- Created and executed Agency-wide Web Developers Security Training Program, educated the client on the secure web coding and inherent risks, and provided significant hardening and mitigation strategies.
- Created findings reports for various groups: CISO, Branch Chiefs, System Owners, IT Architects, OS System Administrators, Web Server Administrators, Application Developers, DBAs, third-party vendors, defended explained security issues during meetings, described risk level, and assisted in vulnerabilities mitigation process.
- Conducted wireless war-walking within Agency buildings to identifying rogue Wi-Fi devices, such as an employee plugging in to the Corporate Network unauthorized wireless routers, iPhones, iPads, kindle, etc.
- Reported vulnerabilities identified during security assessments utilizing standard CWE, CVE, CVSS, WASC, CWE/SANS Top 25 Most Dangerous Programming Errors, and OWASP Top 10 classifications, as well as compliance standards: FISMA NIST SP 800-53, PCI DSS 2.0, SOX, Basel II, and DISA STIG.
- Submitted discovered vendor's vulnerabilities to Mitre CVE Common Vulnerabilities and Exposures database.
- Researched Web Application Firewall WAF vendors and suggested their deployment to Network Architects.
- Conducted security reviews, technical research, and provided reporting to increase security defense mechanisms.
- Conducted remote penetration testing and vulnerability assessment of networks and banking web applications.
- Performed black-box, grey-box, and white-box testing with security vulnerabilities exploitation.
- Provided customized SOX, BASE II, PCI DSS banking compliance reports and suggested solutions techniques.
- Explained to web developers and executives common web security vulnerabilities as defined by OWASP Top 10.
- Conducted penetration testing and vulnerability assessment of web application of the e-commerce sites.
- Reviewed scans results, analyzed security vulnerability issues to identify potential false positives, created risk-based security dynamic static code reviews, and provided source code fix recommendation for web developers for changing security architecture of the commercial website.
- Conducted penetration testing and vulnerability assessment of public web applications.
- Performed application security penetration and vulnerability testing against high risk Internet applications.
- Conducted manual and automated, non-authenticated and authenticated tests of users' web portals.
- Provided for UK client with world-class consulting services and reports, concentrating on the performance of security assessments, application penetration testing, testing methodologies, and enterprise environments.
- Conducted remote external, local internal, wireless, physical, and social engineering penetration testing and vulnerability assessment of networks, web application, and XML web services with SOAP.
- Scanned and assessed network vulnerabilities for 2,000 servers/workstations and 200 web applications.
- Provided reports of findings and suggested counter-measures and remediation techniques.
- Served as the Principal Cyber Security Engineer / Subject Matter Expert SME / Red Team Penetration Testing Leader supporting an effort conducting a double-blind penetration testing assessment against more than thousand devices to determine the security effectiveness of federal government customer's applications, networks, systems, tools, security defense processes, and personnel.
- Performed security testing activities using manual methods and tools and ethical hacking techniques simulating those used by the full spectrum of hackers in order to discover potential vulnerabilities in client's IT systems.
- Conducted and completed following security Assessments: External Remote Access Security, External Application, Social Engineering Testing, Internal Security, Internal Application, and Wireless.
- Performed discovery activities, attack planning, test execution, and detailed reporting on test scenarios, findings.
- Used following tools, services, and techniques in security assessments:
- Phase 1 External Remote Access Reconnaissance, Discovery, and Footprint Identification: whois, nslookup, DIG, Netcraft, Geoiptool, Dnsstuff, FOCA, Paterva's Maltego, ServerSniff, Google Hacking DataBase GHDB , Robtex, Foundstone SSLDigger, THCSSLCheck, wget.
- Phase 2 External Remote Access Enumeration and Vulnerability Mapping: nmap, p0f, Netcat, Fierce DNS Scanner, Foundstone SuperScan, SAINT Scanner, Nessus, Metasploit with Armitage.
- Phase 3 External Application Assessment: Acunetix Web Vulnerability Scanner WVS , HP SPI Dynamics WebInspect, IBM Rational Watchfire AppScan, Foundstone's SiteDigger, PortSwigger Burp Suite Pro, SensePost Wikto, CIRT Nikto2, Paros, OWASP WebScarab.
- Phase 4 External Remote Access Exploitation: CORE Impact Pro, SAINTExploit Scanner, w3af, sqlmap, SQL Inject-Me, BackTrack4, Metasploit with Armitage.
- Phase 5 Internal Security Assessment: Wireshark, tcpdump, nmap, netcat, SuperScan, fierce, CORE Impact Pro, SAINTExploit Scanner, Nessus, GFI LANguard, BackTrack4, Metasploit with Armitage.
- Phase 6 Social Engineering Testing Assessment: setup fake website with malicious code for the purpose of host fingerprinting, setup fake website with malicious code to steal login credentials, send via phishing e-mail malicious form requests which bypass firewalls/IDS , create and mail CDs with malicious documents.
- Phase 7 Wireless Assessment: NetStumbler, Kismet, inSSIDer, aircrack-ng, BackTrack4, CORE Impact.
Reported and presented to government officials the security findings and provided recommendation to fix them.
Lead, supervised, trained, and mentored lower-level penetration testing analysts.