Summary:

Passionate security professional with proven experience in high performance environments.

Experience:

Confidential

• Reported directly to the CSO, providing up to date information on security policy, as well as evaluating risk for new applications, internal development, and infrastructure.
• Coordinated with 3rd parties for external penetration tests and vulnerability assessments
• Developed corporate incident response policy
• Audited firewall controls across extremely high traffic global network, including critical video streams, VPN access, web email proxies, and DMZ access for outside vendors and CBS radio and TV affiliate stations.

Confidential

• Leveraged background in development and Systems Administration to communicate with developers and sysadmins directly in resolving security issues. Commended by several clients in being able to expedite the remediation process in time critical situations.
• Led creation of a research development division to increase the value of security offering.
• Identified new threats relevant to our client's security posture, threat modeling based on the latest Common Vulnerability Scoring System CVSS 2.0 , including remediation steps.
• Developed security policy based on industry best practices and professional expertise.
• Worked under absolute deadlines in providing security report deliverables, including updated testing status via conference calls on a daily basis with CSO's, project managers, and development teams.
• Engagements included web application pen tests, network assessments, Multi factor authentication implementations, PCI compliance and auditing, as well as more esoteric testing of emerging technologies such as cellular SMS systems, check scanning systems, and social engineering.
• Penetration testing and vulnerability assessments for Fortune 100 clients, with the majority of engagements performed for some of the top 5 financial institutions in the world.

Confidential

• Configured switches and servers across multiple datacenters in a high bandwidth environment.
• Provided security expertise in implementing a variety of e commerce shopping carts and credit card processing systems. Constantly monitored for unauthorized network activity, attacks on web applications, and forensics when necessary.
• Developed an extremely proactive 24/7 monitoring system, with an average response time under 5 minutes.
• Increased client value by tuning various aspects of the LAMP stack for higher performance applications.
• Managed hosting for high end small business clients, across 500 Linux and FreeBSD servers.

Confidential

• Worked efficiently with little oversight, in addition to collaborating with team members working off-site.
• Required to investigate and quickly learn how to deploy new technologies to maintain the company's competitive edge.
• Provided training for all new sysadmins in the last 6 months.
• Dealt with security and denial of service issues on a daily basis.
• Maintained email, web hosting, DNS, and database services for over 12,000 customers.
• Top level technician overseeing a fleet of 375 Linux servers, in multiple geographic locations.

Confidential

• Worked with senior management in implementing and maintaining the company's online and e commerce strategies. Provided technical information in an effective manner for decision making.
• Maintained custom shopping cart code base for both online and in store ordering.
• Managed dedicated servers running Linux and Windows. Responsible for the operation of corporate network, email, and DNS services.

Skill Set:

• Security: Proven experience in performing both external penetration tests as well as internal security audits across a broad range of technology.
• Constantly remaining up to date on security models and evolving threats, such as local privilege escalation attacks, remote exploits, SQL injection, XSS Cross Site Scripting , CSRF Cross Site Request Forgery , DNS Poisoning/Pinning, Root kits, Denial of Service, Buffer overflows/under runs, session hijacking, authentication bypass, and client based malware.
• All aspects of cryptography and its secure implementation via SSL certificates, TLS, OpenSSH, as well as Full Disk Encryption via PGP, TrueCrypt, and dmcrypt.
• Fluent with CISSP and CEH principals, computer security regulations SOX, HIPAA, BS7799, and ISO 17799
• Tools: Metasploit, Paros, Qualysguard, Appscan, Webinspect, Nikto, Nessus, Nmap, Core Impact, Ollydbg, gdb, Sysinternals, Ikescan, Wireshark, HTTPwatch, Kismet, Airsnort, Aircrack ng, Tripwire, Rkhunter, Encase, Sleuthkit, DDrescue, Netcat, SSLDigger, WSDigger, Scanrand, Hping, Hydra, John the Ripper, Snort, Microsoft Baseline Security Analyzer

Operating systems:

• Linux Redhat, generic 2.6 , BSD, Windows, Mac OS X, including virtualized environments via VMWare, Xen, VirtualPC, and Parallels.
• Understanding of local OS security principals, access controls, file permissions, memory protection.

Development:

• Creating custom scripts to quickly solve tasks using BASH, sed, awk and other GNU tools.
• Deep understanding of the LAMP stack and successfully implementing applications in high traffic environments in frameworks such as PHP, Perl, and Ruby.
• Securely configuring web server software: Apache, IIS, and Websphere.

Networking:

• Advanced proficiency in all aspects of internet operations, including DNS, the TCP stack, IP addressing delegation, and BGP.
• In depth familiarity with the operations of datacenters and NOC's, including best practices for working with remote personnel, as well as on site maintenance and installation of servers, switches, et al.
• Implementing and securing network architecture such as Cisco IOS, Cisco VPN, Checkpoint firewall VPN Secure Client, OpenVPN, 802.11 wireless auditing, Citrix Server, and VLAN's.
• Developing firewall rule sets in high traffic, high target environments using IPTables and PF.

Professional: Highly developed interpersonal, email, and telephone communications ability. Able to convey technical information effectively and courteously to people with varying levels of expertise. Approaches new technology with a genuine interest that doesn't stop at the end of the business day. Conscious of correlation between detailed decisions to big picture goals.