Professional Summary:

• Experience with High-Profile, High-Risk International Enterprises
• Oil and Gas Industry Experience
• IT Project Security Project Coordinator and Facilitator
• Windows 7 and 8 Roll-Out Implementation
• SCCM and Altiris Software delivery
• VMWare and Hyper-V Hosting Security and Critical Update Monitoring
• VMware, MED-V Workstation Virtualization
• VMware ThinApp Package Troubleshooting
• End Point Security, Incident Management Response and Mitigation
• Active Directory
• Office
• Intrusion Detection and Prevention and Attack-Vector Discovery
• Symantec, McAfee and Trend Endpoint and VM Protection
• SCADA, Industrial Control Systems, HMI security analysis and hardening experience
• Office and Production Security Architecture Upstream and Down Stream
• Pre-Release Testing of Office 365 ProPlus for Enterprise
• IDS IPS, Fire Eye, Arcsight and various Intrusion Detection Appliances Administration
• Policy Development
• Log Analysis
• Server Hardening
• Role Based Access Control and Identity Management
• Physical Security
• Risk Analysis and Assurance
• Disaster Recovery Planning and Architecture experience

Additional Technical Experience and Knowledge:

Vulnerability Testing Tools Nessus, Metasploit, others TCP/IP Deep Packet Analysis, Penetration Testing, Log Analysis, ArcSight, eEye, Fir Eye, Forensic tools EnCase, Open Source tools, ISO17799 Security Standards, Wireless Security, Wireless Penetration Testing, and various Network Reconnaissance and Sniffing tools. Snort NIDS, Cisco Security Agent HIDS, ISS, SOX, GLB, HIPAA, PCI, COBIT, NIST. Disaster Recovery and Business Continuity solutions. Symantec Endpoint Enterprise, Trend Deep 7, McAfee ePO.

EXPERIENCE:

Most Recent Position:

Confidential

Title: Consulting Security Engineer

• Originally, I was contracted to support this firm in its transition from Cisco Security Agent to Symantec Endpoint Protection 12 Enterprise and advised and assisted in the Roll-Out from Windows XP to Windows 7. In my time short time here, the scope of my duties have expanded broadly, to encompass all aspects of the Security Infrastructure, the Win7 and Virtualization Initiative, Application Vulnerabilities, Malware detection and mitigation and general Host Environment Architecture, current and projected. This was in addition to my primary objective of helping to translate the Cisco Security Agent rule sets and policies into a structure as close as could be re-created in SEP 12 SONAR, as well as assisting the various business units in understanding the differences between CSA and many moving parts of SEP 12. Besides SEP 12, I also worked with and evaluated Bit9 and Trend Deep 7 and Deep Discovery, as well as evaluating Win 8 as an Enterprise OS option.
• I can list as my major accomplishments in my time here:
• Identification and alerting the company to a sophisticated Spear-Phishing attack coming from Russia three weeks before it was discovered and confirmed by major security organizations.
• Assisting Software Management in resolving application issues involving VMware ThinApp Application packaging, testing and recommending remediation solutions outside of the Security field.
• Assisting the Roll-Out team in determining the nature and cause of Roll-Out related issues due to software delivery, PXE boot imaging failures, TPM, and BIOS issues that were hindering the Migration generally and Bit Locker
• Using my knowledge of both CSA and SEP 12 to resolve reimaging issues having a critical impact on the Roll-Out and finding a solution to the problem, as well as the root-cause.
• The discovery and elimination of literally hundreds of new Trojans, Key-Stroke loggers, information stealers and various Malware variants cataloged by Symantec as New and Unknown Threats.
• Identification of widely-distributed vulnerable software versions being maliciously leveraged or directly exploited that had gone previously unnoticed.
• Successfully maintaining the highest level of security while correcting or avoiding HIPS-triggered disruptions to the numerous multi-million dollar Application and Web Development projects currently underway in conjunction with the Win7 and Virtualization initiatives.
• From my experience in black-box Penetration Testing, companies are the most vulnerable to targeted phishing, malware and various intrusion attempts during roll-outs, and I have found resumes to be a wealth of information. I will gladly share the company name at the time of interview.

Confidential

Title: Host Intrusion Prevention Consultant, Desktop Roll-Out Project

• I was responsible as part of a three person team working on the development and integration of CA HIPS Computer Associates Host Intrusion Prevention Software 8.1, a Non-Enterprise product, into an Enterprise-Wide HIPS solution for the roll-out of Windows 7, and Win 7 compatible applications. This will eventually encompass 130,000 host machines connecting to multiple CA HIPS servers spread around the globe. To achieve this goal, I assisted in the design of the Event Reporting from servers in Asia, Africa, Europe and the Mid-East into a single manageable reporting service server and design infrastructure and Host Client development directly with the CA teams in Israel and India. I advised on configuration issues, performed the daily tasks of writing Event Exceptions, Host distribution and connectivity issues and worked with the Application Readiness Team to have rules in place to avoid workflow disruptions for the 11,000 pilot users going into Rule Enforcement Full Blocking mode. I distributed the updated HIPS policies to the various servers to maintain a correct and consistent rule set.
• As the project has matured, I have been primarily responsible for determining if application issues experienced by the user were HIPS related, the result of the native Windows 7 security, Active Directory GPO Restrictions or the company's Windows 7 OS hardening. Resolving these issues has ranged from writing a new exception, directing the local Roll-Out team to the correct responsible group, developing non-HIPS related work-arounds, to fixing the application problem myself, and worked with the SCCM team and on Bit Locker issues MBAM and SCOM I also developed a Black-Listing, Grey-Listing and Monitoring HIPS rules and rule sets. While not included in my duties, I identified and reported detected critical malware infections to my Team Lead, and alerted them to expected spikes in malware attacks based on the royal wedding as an example, newsworthy events.
• Also, I trained and wrote simple How-To guides on the administration of the CA HIPS console, working with the offices in Buenos Aires, Argentina, who would be performing my responsibilities when my contract ended in late August. At that time, I transitioned the management of CA HIPS to my BA colleagues.

Title: Network Security, Host-Intrusion, Vulnerability Threat-Remediation Consultant

After leaving the Northrop-Grumman project, I traveled around the U.S., working independently on short-term contracts for small businesses and non-profit organizations around the country that could not afford a staff Network Security Engineer. I wrote Policies, performed Pen and Vulnerability testing, Server and Workstation security hardening, Firewall installation and configuration, taught basic security concepts to end-users, and helped design a Security Infrastructure that was manageable with the staff available.

Confidential

Title: Security Infrastructure Consultant

• In this position, I served as the Security resource and Team Lead for the Northrop-Grumman VITA Network Transformation Project, a multi-billion dollar effort to modernize, standardize and unify the diverse governmental agencies of the Commonwealth of Virginia under a single managed network. Each team was comprised of a Security, Server and Network resource, all of which combined in a cross-area team. As the Team Lead, I was the primary contact for the agency we were engaged with, the Re-IP Project Managers, and NG/VITA.
• This position required me to survey the assigned agency for its existing security posture, perform security discovery on existing legacy hardware and software switches, routers, servers, ,, organize the information and develop a plan for the migration of the agency to the NG VITA MPLS network. Planning involved determining the timing, potential relocation and conversion of the existing network resources, convert the current firewall rules for transfer to the NG network Cisco Firewall Service Module and Juniper Firewalls. This position required me to understand, support and configure a diverse collection of firewalls and security hardware and software, including Sidewinder, Raptor, Microsoft ISA and Cisco PIX and ASA v. 6.x-7.x and exiting HIDS Cisco Security Agent, CA HIPS, Symantec and ISS as needed to achieve the Transformation objective at the Server Workstation level.
• This planning required determining which servers should be placed in the Shared, Secured of DMZ zones of the NG network, which servers required 3rd party support, and which fell under HIPPA and PCI status. I coordinated the requirement to maintain the current VPN solution before moving the agency to the NG Transformed VPN solution.
• I performed a Risk Analysis on each agency, reported my findings to the Project Managers and Security group, made recommendations on Risk Remediation prior to the move, and deal with any security-related incidents triggered by the change in state to the Network Transformation.

Title: Network Security, Host-Intrusion, Vulnerability and Threat-Remediation Consultant

I worked independently Corp-to-Corp, 1099 on short-term contracts around the country as a consultant to numerous businesses, supplementing the existing staff in Desktop Migrations, performing Security Audits, and developing project plans, mainly in the areas of NIPS and HIPS. I wrote Policies, performed Pen and Vulnerability testing, performed server hardening, taught basic security concepts to end-users, and helped with reinforcing the existing Security Infrastructure. My clients during this time included Circuit City, Landmark Trust, and the State of Michigan.

Confidential

Title: Cisco Security Agent Administrator Network Security Consultant

• This was a contract opportunity that presented me with a variety of challenges that revolved around the company's Risk Management and Security Architecture. During my time there, I was involved in numerous projects and assumed primary responsibility in several areas:
• Interim Project Manager Consulting Technical Lead CSA Administrator primary responsibility for planning, implementation and management of Cisco Security Agent 5.x Host Intrusion Detection software to 13,000 workstations and 500 servers, including manufacturing interface machines. I was responsible for planning and organizing the pilot project and in Project Plan development. I performed configuration and tuning of agent rules, built Installation Kits, management of the CSA 5.0 console, monitoring events write rules and reported previously undiscovered threats and vulnerabilities to the CSIRT team.
• As part of this project, I was responsible for promoting, presenting and explaining the scope and nature of the implementation, how CSA worked, and the benefits that would be derived from it.
• I was responsible for the creation of Help Desk troubleshooting scripts for our 3rd party Service Desk, and well as develop training materials customized for this company.
• I gathered the necessary information on machines and software, organized meetings and developed working groups from the diverse business units.
• I also helped to create the processes that would be needed Change Control, Rule Exemption process, Software certification, etc., with the introduction of this product.
• I developed the escalation process for CSA related events from the 1st level support to the CSA Administrators.
• Wired Wireless Guest Network Consultant I worked with the Network and Security Architecture groups to assist in the introduction of a Wired and Wireless Guest network. I researched Guest Network appliances and advised in the selection, developed a logical diagram of the proposed network, and helped write the Policies and Standards that will govern the network. I consulted on Rogue Access Point detection, Network Security, encryption and management.
• Policy and Standards Development I worked with members of the company to develop written security polices and standards for all aspects of Network Security.
• My contract with is company ended October, 2007 due to company policy on how long a contractor was allowed to continuously work for the enterprise.

Confidential

Title: Network Administrator Network Security Engineer

• Alert, advise and respond to viruses, worms and Trojans, and all other security threats to the workstations and servers. Conduct security audits of server, switch and router logs and respond to suspicious activity. I Monitored the Cisco MARS appliance, as well as monitored Snort IDS host for possible security compromise and intrusions. Educated users on threats and alert them to possible outbreaks and supported the implementation of Cisco PIX 500 Series firewalls.
• Installed, configured and troubleshot the VCCS Central Office LAN/WAN. This was comprised of 6 3524 and 8 2900 Cisco switches, 2 3640 routers, 7 VG200 analog switches, 2 4908 Level 3 Gigabit switches, an ATM Lightstream 1010, 7204 and 4700 Cisco routers, Cisco 3000 VPN concentrator, and PIX firewalls.
• I configured VLANs, port assignments, access lists and global configurations on the edge devices, installed and configured new switches and routers as needed RIP, BGP and performing changes to enhance security as needed.
• I upgraded the System Office servers to Active Directory and Windows 2003.
• Supported the Unix based VCCS Library systems servers UNIX 5 and Red Hat Linux and a Solaris 8 machine.
• Added and deleted users, and resolved any NT related problems, DHCP, RAS, IIS, POP3 mail, SQL servers, Ghost and supported the system DNS servers, securing the servers, updating critical patches, intrusion detection and avoidance, and applying baseline security configurations
• Install, configure and support Cisco-based Secure Wireless WLAN 802.11b and g and configure and support Wireless Hand-held devices, such as Tablet PCs and PDAs.
• Install and support the migration from a Pop3 email system to Microsoft Exchange 2003 and Outlook 2003 client.
• Provided 2nd and 3rd level desktop, administrator, and network support for 160 users in the Richmond System Office, comprised of Win 98, NT4, 2000 and XP desktop units and various brands of laptops, as well as 20 NT4, Windows 2000 and 2003 servers and Active Directory.
• I was responsible for system backups ArcServe , Veritas Backup Exec, new server configurations, physical security and make recommendations on equipment purchases.
• I assisted in the development of the agency's Disaster Recovery Plan and the remote location Data Storage SAN planning and implementation.
• To assist the staff of the IT unit, I installed and supported a wide variety of software, Office 2000, Office XP, McAfee Anti-virus, Outlook 2000, 2002 and 2003, numerous POP3 email clients, PeopleSoft 7.6x and Oracle 8 clients.
• I took on the responsibility of Installing and configuring Cisco 3.2x-4.x VoIP Call Managers, routing and dialing patterns, configure remote gateway devices, troubleshoot voice over IP problems, and worked with our Cisco representatives to resolve outstanding issues, and integrated the Exchange 5.5-based Unity Voice Messaging into a unified messaging system, besides hardening them against possible compromise and DoS attacks.
• I also installed, configured and supported the VTEL and VCON H.323 videoconferencing system at the network level, and all audio/visual equipment used in the 3 conference rooms here. About me:
• I have been consulting for almost 25 years, which has given me a broad range of knowledge and experience in and with situations and companies, ranging from the Conventional, the Cutting Edge, the Bleeding Edge, to the nearly hemorrhagic. My specialty is but not limited to migration and roll-out security. That is when a company is the most vulnerable, and someone with a Security background in the project is, in my opinion, is needed. A Project Manager is there to do just that, manage the project. Not all, but a good many, have a limited understanding of the implications of how's, what's and what-if's of a migration or an application roll-out, including the existing applications.
• This is not to say this is true in every case. As a contractor, I take the job I am suited and hired for, but I am always flexible enough to adapt to the needs of my client and their individual corporate culture. My experiences have taught me many lessons, some of which I would like to share with you.

Defense in Depth begins between the floor and the keyboard.

An educated user is a safer user. In my past roles as a Certified Ethical Hacker, human nature was and is my best friend. Generally speaking, users who would never dream of clicking on a suspicious attachment or link at home will do so when they are at work, simply because they feel that the higher power of the security infrastructure will protect them. In most cases it does, but in the times it doesn't, it has the potential to wreak havoc, as I have seen first-hand Making your users partners in security is, I believe, a critical component it defending your network.

No matter how smart you are, there is always someone a little bit smarter.

0-Day attacks are a clear example of this. Before your AV, IDS, iDefense or what have you alerts you, someone has to get hit first, and that someone can always be you. Be alert and aware of how some exploit or vulnerability might affect your specific environment. Know and see the big picture.

React, don't over react.

Understand the implications. The goal is Integrity, Confidentiality AND Availability. Be sure of what you are doing to avoid a Resume-Generating Event .

The only difference between working in a Cloud and a fog is altitude.

• Virtualization and Cloud computing are not the end-all answers to security. On the contrary, I believe that while you may be shutting the door, now you must be vigilant to the broadside of the barn. VMWare, Hyper-V, and what have you, come with their own particular set of security concerns. Your sandbox can quickly become a trampoline. Also, many companies find to their shock that some critical applications don't take well to being virtualized. Many international firms find that they must use a Hybrid Cloud to achieve their goals, which raises new worries. Virtualization and Cloud hacking and exploitation are the future new frontier for those who would do you harm. Knowing this, being alert to it and nimble in responding is vital.
• Thank you for taking the time to read this. I hope this gives you some insight into me, and if I am compatible with your company and the position you are looking to fill.