- Penetration Tester: Monitor the latest trends and exploits keeping security knowledge on cutting edge, Practice writing exploits, Setting up scenarios and exploiting them in the lab, Reviewing security tools and determining if they have value to our needs, Writing reports when necessary, Running vulnerability scans, Reading advisories and tutorials on emerging technology and trends, Obtaining malicious software and deconstructing and determining the potential use for our penetration tests, Web Application Testing Practice, Experimenting and hunting for exploits in commonly used software and services.
- Accomplishments: Wrote a few exploits for practice and practical use with the assistance of tools, Assessed the different Vulnerability Scanners.
- Software: Gentoo, Debian, Slackware, OSX 10.4, Windows 2003 Server, Windows 2000 Server, Windows XP, Metasploit, Core IMPACT, nessus, ISS Scanner, Debuggers, Ollydbg, NMAP, NetCat, and other standard penetration testing tools such as those found on the BackTrack disk.
- IDS Technician: Monitor the IDS console for malicious activity. Analyze suspicious activity to determine possibly attacks and breeches of the network. Write up technical documentation for all attacks and notify on site staff of activity and provide remediation documentation. Analyze network, perform firewall analysis, and build new secure products for team internal use. Train and stay up to date on technology for the future. Verify vulnerability to reduce false positives and minimize notifications.
- Accomplishments: Wrote a NASL Nessus Signature for identification purposes when scanning court systems.
- Software: Debian, Fedora Core 5, Windows Server 2003, Windows Server 2000, Tenable Nessus 3.0.4, Nmap, Site Protector, ISS scanner, Netcat, Web Scarab, Paros, WebGoat, Hackme products, Openssl, Ssh, Putty, Core Impact, Custom ticketing system, and other basic tools for network troubleshooting.
- Security Consultant: Perform penetration tests and security assessments for network and dial-in infrastructure. PCI certification tests against vendors. Provide full written reports of findings and remediation steps associated. War-dialing against full ranges of telephone lines for modems. Performing and troubleshooting networking issues and security awareness of the latest emerging technologies. Penetrating vulnerable systems at client request by constructing exploits. Provide more information to Site managers about security risks and vulnerabilities associated with their network.
- Software: Gentoo, Nessus 3.0.4, Nmap, IKEscan, Eeye Retina, Phonesweep, Nikto, Wikto, Netcat, Burp Suite, Web Scarab, Scapy, Kismet, Windows Xp Professional, Windows 2003 Server, CANVAS, Openssl, Ssh, Putty, Hydra, and other basic tools for network troubleshooting.
- Jr. Systems Administrator contracting with Thomson Financial : Troubleshooting problems and errors on a wide variety of systems, Installing servers into racks in a critical environment, Monitoring network applications and websites, POC in event of an emergency, Linux Routers, and detailed analysis of server issues.
- Software: Windows NT server 4.0, Windows 2000 PRO, Windows XP Pro, UNIX, Big Brother, Infra-desk ticket system, and a lot of custom in-house applications.
- Systems Administrator: VPN and firewall configuration, management, and troubleshooting Server configuration, deployment, and maintenance Domain controller configuration Cisco wireless router and switches configuration and management Cable management Network cable installation Imaging and ghosting, troubleshooting, build out, and maintenance of workstations Help desk support Exchange server build out, configuration, and management Linux email server management Composed technical documentation, white papers, and statement of work PBX configuration moves adds and changes Vendor relations Firewall audits and minor penetration tests End user training VLAN configuration and deployment Wireless network configuration, auditing and penetration tests SNMP management and audits through SNMP walking Website management and updating SMTP hacking and auditing Virus control and prevention Spyware and spam cleaning and prevention and Created logon scripts as well as other scripts for daily tasks.
- Software: Microsoft Office 97-2003 Symantec, Solarwinds, Watchguard, Adobe Products, Ad-aware, Spyware blaster, Pc Anywhere, VNC, Microsoft NT4 Server-Windows Server 2003, Windows 95-Windows XP Pro SP2, Airsnort, and WepCrack.
- Major Accomplishments while employed: Combated the Sober.P virus and a variation of the Sasser worm and kept 11 sites online and live as well as a few home offices. I built five windows 2003 servers for the production network. I was rated outstanding for customer support and relations with the company.
- Contract position working with the Vulnerability and Remediation Team: Wrote remediation for different operating systems to include Solaris, Redhat, SUse, Microsoft 2k Scanned for vulnerabilities with Nessus, Foundstone, Harris-Stat, Internet Security Scanner ISS , etc. Performed scripting with Auto-it, some basic scripting with Perl, batch file scripting, and NASL as well as some shell scripting Built, created, and installed Vmware Imaging and Vmware servers Installed and configured: Solaris, multiple brands of Linux, and all forms of Windows Installed configuring software: Nessus, SSH, Eclipse, MS-SQL, and several other UNIX programs and Built spare computers for random automation, and clustered Unix Nessus boxes together P1, P2, and P3 systems.
- Volunteer position with the Federal Bureau of Prisons FBOP , Information Security Section, as a Vulnerability and Auditing Specialist: Built a UNIX logging server Demonstrated the Unix Operating system and how to use several UNIX based security tools to staff Set up lab environments for vulnerability scanning and testing Installed and hardened several different UNIX platforms Performed minimal certification and accreditation checks Composed virus reports and summaries Composed articles on spyware and malware Researched new security and new technology for the FBOP to include what forms of security and benefits the products offered Consulted supervisor on many of the security products being offered to the organization Performed security analysis of the basic user configuration and reported vulnerabilities found.