SUMMARY

• Confidential ’s background includes federal and corporate guidance for information security and privacy design, development, and deployment.
• He has over twelve years of experience in program management, security engineering/operations/analysis, incident handling, digital forensics, malware analysis (Cabon Black, Assembly, Python, Yara), pen test (Burp suite, Rapid7 Metasploit, Cenzic Packet storm), HIPAA, NIST\DISA policy implementation, Federal Information Security Management Act (FISMA) compliance & reporting.
• In addition to his background in computer science and IT security, Confidential is a Java/C++/C#, OpenGL programmer since 1998.
• Confidential has recent experience as a subject matter expert in privacy, cloud services (IaaS, PaaS, Saas) reviewing cloud service providers for GSA.
• These include actual review of software and security posture of Microsoft Azure Windows/SQL, Amazon EC2/S3, Virtustream Enomaly ECP, Vmware Vsphere/Vcenter, and Xen Hypervisor.

PROFESSIONAL EXPERIENCE

Lead Sr. Security Analyst

Confidential

As a Sr. Lead Security Analyst at a joint military and intelligence agency, Confidential uses state of the art equipment and military grade security systems. Confidential reviews and loads US Cyber Command, NSA, CIA, FBI, US - CERT, DC3 indicators and other sources. Confidential analyzes advanced foreign and(U) domestic cyber threats. He provides advance penetration testing, solutions, forensics to mitigate risks, vulnerabilities & response to events/incidents in a 24x7 environment. Confidential develops reports and daily briefs for leadership.

Sr. Security Consultant

Confidential, Chantilly, VA

Responsibilities:

As a Sr. Security Consultant in the IA, software and engineering solutions practice, Confidential was responsible for supporting the delivery and expansion of Confidential ’s IA services to the Federal government. He became a Certified Ethical Hacker (CEH). He supported Microsoft for their GSA Cloud and FedRAMP efforts and Dell Services Federal Government (e.g. J2EE security, RSA enVision and development of secure logging and digital forensics capability with EnCase). He advised senior executives and government managers for compliance to OMB, DICAP, and NIST (SP 800-37, 53, 137, 146, etc.) standards. He was well versed in DoD, CND/CNO standards. He used technologies such as Foundstone, Qualys, App Detective, Burp, Rapid7, Nessus and correlation systems such as Splunk, SourceFire, FireEye, NetScout, Carbon Black & ArcSight, to protect large multisite organizations.

Lead Sr. Security Analyst

Confidential

Responsibilities:

As a lead Security Analyst for PENTCIRT IDS team, Confidential utilized and developed scripts/programs for counter hacking and used IT security tools with a broad array of technology, including but not limited to: ArcSight (ESM, loggers, connectors), SourceFire, Niksun, Fidelis, Lancope, Bro, Argus, Bivio, Splunk, FireEye, Net Witness, EnCase Enterprise Edition, Knoppix, Carbon Black, Rapid7 Nexpose/Metaspoilt, Python, Nessus/Foundstone, BackTrack, WireShark, etc. Confidential helped secure Confidential and DoD systems against advanced persistent threats and cyber counter terrorist activities. Confidential would collect flow and PCAP data against indicator and threat data to provide deep insight and forensics. Confidential assisted with penetration testing and malware analysis (PE checks with FireEye and Sandbox environments).

Information Systems Security Officer

Confidential, Fairfax, VA

Responsibilities:

As a subject matter expert contracted by the General Services Administration, Confidential, reviewed and validated the top FedRAMP eligible cloud service providers. He attained a Certificate of Cloud Security Knowledge. He also reviewed vulnerability scans, plan of action and milestone (POA&M) submissions, and evidence for closure.

Head Information Systems Security Officer

Confidential, Washington, DC

Responsibilities:

Confidential served as head of three infrastructure sections (GS-2210-15 step 3, user support, including agency-level help desk, network and servers, and information security). He utilized UML (e.g. Confidential Rational with agile development, use cases and sequence diagrams) to re-write and secure web services while provide automation to various Congressional facing applications and services. He partnered with IT security groups from the Confidential, the House of Representatives, and the Senate to expand Capitol Network security initiatives. He led the Service’s deployment of HP ArcSight ESM 5.x, integrating with existing security tools including HP TippingPoint, EnCase (with Python integration) and SourceFire intrusion prevention systems. He deployed McAfee Host-based Security Systems (HBSS) with Host Intrusion Prevention Systems (HIPS) protecting over 200 Windows 2003 and 2008 R2 servers (domain controllers, file/print servers, SharePoint, SQL, and IIS) and 1,000 workstations. Confidential conducted counterstrikes against multiple Advanced Persistent Threats (APTs). He configured FireEye rules with other advanced IT security tools (e.g. NSA’s Fixmo for mobile device protection, Net Witness to detect beaconing of command-and-control sources, used FTK, EnCase Enterprise and wrote EnScript for court-ready forensics, discovery, and litigation hold cases). He implemented security baselines, based on confidential Security Technical Implementation Guides (STIGs), for Microsoft Windows and RedHat Linux systems. He led his infrastructure sections to provide support for Constitutional Annotated System for the confidential Court and Congressional offices with secure storage virtualization and f5 load balancers. Confidential supervised and managed, trained, and mentored 16 FTEs and 24 contractors to support 800 lawyers, analysts, and administrators. He performed as confidential for infrastructure and software projects.

Lead Security Analyst

Confidential, New York, NY

Responsibilities:

Confidential performed as lead senior security analyst and engineer for ArcSight Enterprise Confidential for global team responsible for over 100,000 financial systems. He built, hardened, designed, and deployed ArcSight ESM and J2EE programs worldwide for a global incident response handling capability. He wrote various programs and scripts to support various security operations and functions to avoiding having to purchase expensive supplementary products. Confidential performed digital forensics (FTK/EnCase) for financial fraud investigations.

Director of Threat Management and Security Engineering

Confidential, Hyattsville, MD

Responsibilities:

• Intrusion Detection System using Enterasys Dragon IDS (host and network), Snort IDS, and Sourcefire
• Network Access Control with Cisco technology. This allowed the bureau to reduce costly downtime and reduce number of help desk tickets. Users could still stay productive on a limited network while systems were being scanned and patched.
• HP ArcSight ESM security event correlation and management, correlation. This allowed the bureau to save money in licensing cost by eliminating redundant products.
• McAfee FoundStone for enterprise-level vulnerability management. Allowed for diversity of scan results to reduce false positives or find true positives missed by another scanner.
• Nessus vulnerability scans. He wrote automated scripts to detect weaknesses in servers, networks. This in turn allowed for weekly night scanning of production subnets without hiring additional nightly support.
• PatchLink Patch management. Reduced the number of infected workstations and servers due to better managed patch deployment.
• WebSense Internet content filtering. Removed the primary root cause of many infections from visiting unsafe sites. After this was applied, the bureau’s network congestion was cut in half.
• IronMail anti-spam solution. Eliminated most spam and removed the secondary root cause of virus infection. Also this lead to about a 20 percent savings in archive space.
• TrendMicro, McAfee, Symantec, and Sophos anti-virus security deployment to nine (9) regional offices. Offices that deal with U.S. overseas transactions mainly in Europe needed Sophos (which is Europe based) because it received anti-virus updates earlier before U.S. based antivirus providers. Offices on the west coast that dealt with Asia-Pacific overseas transactions preferred Japanese-based TrendMicro. While offices that dealt with primarily U.S. based transactions preferred McAfee or Symantec. Consequently, one weakness in an antivirus product never spread beyond a regional office.
• CA TopSecret and Confidential RACF Mainframe Security (s/390 and z Series). Maintained and monitored logs to review for financial fraud for six (6) mainframes that were responsible for printing government checks and envelops to over 20 million recipients.

Program Manager

Confidential, Washington, DC

Responsibilities:

As a program manager at Confidential ’s executive briefing center and Institute for Electronic Government, Confidential supported demonstrations of state-of-the-science security solutions. He programmed Java programs on servers and mainframe (zOS). He used Confidential Rational Rose UML to design customized software from use case diagrams, to sequence diagrams, components, to actual objection oriented Java programs. He served as a technical consultant and project manager for several key e-Government initiatives and demonstrations to critical multi-million dollar contracts. He supported state-of-the-art Homeland Security, TSA, biometrics and wireless e-Government and mobile government demonstrations and projects. This was to assist local and Federal law enforcement integrate their disparate databases with forensic text retrieval such as Templar and dtSearch. He interacted with national and international media press events. He was featured on front-page cover story of USA Today.

Java/C++ Programmer

Confidential, Washington, DC

Responsibilities:

Confidential programmed for Confidential (Committee Reports). He also founded a multi-media division. Programed Java applications and complex scripts for several platforms: UNIX\Linux, Windows and Macintosh. Confidential wrote a large number of shell scripts, C and Java programs for database visualization and OpenGL.