EXPERIENCE:

Confidential, Fort Detrick

Tech Lead/Lead Software Engineer

Lead the technical part of project:

• Check developer's code (code reviews)
• Lead team of up to 13 developers
• Ensure that all aspects of the application are handled, documented (including Bug Tracking, code, requirements...), and tested.
• Ensured FIPS - 140-2 for IIS, .Net Applications. Oracle App Server and 10g Database.
• Work with Information Assurance, Server Support, DBA's, managers and testers.

Testing:

• As part of the Review process, buddy and DevQ testing is performed
• Test code as directed by a manual unit test
• Expand tests to ensure change fixed the issue and did not introduce new issues
• Automated unit tests (.Net) written primarily for code that did not execute calls to the database.
• SQL Injection & XSS Testing
• Injected issues into the database
• Attempted attacks through the UI
• Fortify missed many issues but some were identified.

Code Reviews:

• Automation with Fortify and FxCop
• Informal and Formal Reviews (primarily C#, but many include SQL and Java)
• Document and Track issues during the review process
• Document and recommend changes to code/applications
• Developed Custom controls and Validation Helpers to mitigate XSS vulnerabilities

Examples:

• Control validation: Ensures controls are of the expected type
• Control Escape Helper: Escapes data bound controls and other controls
• ExtendedGridView/GridView is escaped during OnDataBound
• Verification that Attachments (BLOB->ResponseStream) that are displayed inline (gif/jpg,png) are validated against an image object so that an attacker didn’t upload Javascript as an image.
• Develop winforms and web applications using Visual Studio 2005/2008/2010 (.Net 2.0, 3.0, 3.5, 4.0), AJAX.Net, C#, JavaScript, XML

Client/Server Certificate Testing Tool for Web Requests:

• Application Security base solution
• AES, 3DES, RSA, Random Number Generation
• Dynamic or Static Generation of Initialization Vectors and Keys
• 3DES used to add addition layer of Security during BinarySerialization of AES Encrypted XML Serialized objects.
• Obscurity with compression on strings
• SecureString utilized for additional layer of security
• An administrative Winform UI allows for creation of a dynamic secure configuration file (dynamic based on Enums that create objects based on Enum value so the Application can query for a specific Enum configuration to use)
• Out of page Viewstate
• EscapeHelper utilizing the Microsoft AntiXSS library
• SHA1/2 Cryptographic Providers depeninding on platform implementation
• SessionAdapter, RequestApapter, ResponseAdapter and HttpContextAdapter to limit usage of the actual .Net classes to provide a level of security
• LinqPaging; specific implementation deals with WebHealthMonitoringEvents as logs
• Typed Querystring Validation
• Typed Object Validation; specifically for EVENTARGUMENT through a RequestAdapter
• Parameterized query implementation
• Investigation of using ServiceLocator in .Net 4.0 utilizing dynamic objects
• Specifically for determining how to authenticate a user depending on the systems in place (localhost/tumbleweed/AMAgent2.2/AMAgent3.0 etc)
• Computer Information Inventory
• Utilizing a c# Ports and Protocols class

Registry Key checking:

• WBEM exported to XML and transformed with xslt
• Applications developed using multiple Layers (Data, Business, Security, Presentation, Common, Web.UI, Presentation/Web)
• Custom Export to Excel and CSV for Datagrids
• Winform written to run on the Database from an Oracle Job to zip files exported from the Database and send the zip file to a record as a BLOB.
• CUD - Common User Database - Medical Materiel Standardization Tool
• DMLSS, specifically SATool (server administration tool)
• Develop services to run on Web Server and Database Server

IIS6 (secure site setup per STIGs/Checklists) and Windows 2003 Server:

• Involved in two ATOs including IIS, 2003 Server, and Application Checklists with JMIS.
• Assist in the scanning of servers (Golddisk, retina)
• Documented and Provided fixes for security issues for the application and servers.

IIS7 (secure setup):

• usage of web.config to setup site instead of applicationhost
• AMAgent3.0
• SHA2
• Work with Change Management to ensure that software is built and delivered properly
• Provide insight into security enhancements (SSL, Encryption, CAC cards - including CAC authentication and authorization)
• Certificates and CAC enablement (IIS and Oracle Application Server).
• Oracle used as primary database server (10g); tested application on 11g
• Work with Web Services (asmx and services exposed by other DoD agencies)
• Create Software Requirement Documents and write code based on them

Application/Tools Used:

• Visual Studio, FxCop, Foritfy, PL/SQL Developer, Photoshop, Office (including Visio), Fiddler, IE Developer Toolbar, Firefox plugins, WinMerge, Serena VM/SBM, Network/Server Diagnostic Tools (ex: IISDiag, Tnsping, netstat...)

Confidential

Software Engineer

• Develop Web Applications using ASP.Net (VB.Net 1.1 and 2.0)
• Develop, modify and troubleshoot Web Applications in ASP 3.0/VBScript
• Develop and modify, troubleshoot existing web applications to use AJAX
• Created a test taking web site where all students login and have their tests graded instantly using ASP, ASP.Net (VB.Net), AJAX, SQL Server 2000, T-SQL (developed software and database design).
• Configure and populate CMS systems (NovusCMS and SmartSite CMS)
• Install CMS with help of Network Team
• Migrate Existing Site into CMS
• Create ASMX files to be used in the CMS
• emailing form
• mapping of schools using lat. and long. Google maps
• dynamic header - changes based on url for schools
• Support multiple developers code written in ASP, .Net and JavaScript
• Maintain project details in in-house Project Center
• Leverage Office Components for use is web applications (Excel Charting)
• Meet with Security Experts to ensure secure applications
• Used Visio to map out Database relations and documentation
• Modified and Created DTS Packages

Confidential, Eldersburg, MD

President/Webmaster/Programmer

• Project Management
• Analyze client needs and develop documentation and deliverables
• Manage sites on Windows 2000 (server, Advanced server, server family)
• Oversee and manage Internet Design
• Work with clients to develop sites.
• Meet deadlines for developing code and posting material on corporate and client websites
• Mock Up Sites in Photoshop.
• Use SQL Server and Access as Backend databases to web applications.
• Update, Approve, Maintain and Publish Content for the sites
• Program Web-based software applications using ASP 3.0 and ASP.Net (vb.Net)
• Design websites on NT,2000, and XP systems using DreamWeaver, FrontPage, Notepad, CMS, Visual Studio 6.0 and Visual Studio .Net
• Created a small CMS for clients to use
• Wedding/Portrait Photography

Confidential, Westminster, MD

Web Administrator

• Use XML and XSL to produce the Programs of Study on the college website.
• Investigating the use of the XML with InDesign.
• Manage sites on NT, Windows 2000 (server, Advanced server, server family), XP and Windows 2003 Server.
• Oversee and manage intranet and internet redesign

  Use Visio to develop workflows, diagrams, and other IA related documents

• Maintain the Content Management System (ASP, ASP.NET, XML, Crystal Reports, JavaScript, Ektron eWebEditPro+XML, FCKeditor)
• Extend the SmartSite Content Management system using ASP, XML, SQL (stored procedures in MSSQL 2000) and ASP.Net.
• Collaborate with contractors and exchange ideas
• Meet deadlines for posting material on the web
• Design compositions for the intranet web pages
• Work as a team to keep the website up to date and useful to clients
• Use SQL Server, Access and U2 as Backend databases to web applications.
• Use ASP to interface with Active Directory to create a Contacts Directory.
• Update, Approve and Publish Content for the sites
• Program Web-based software applications using ASP 3.0 and ASP.Net (vb.Net)
• Designed websites on NT,2000,2003 server, and XP systems using DreamWeaver, FrontPage, Notepad, CMS, Visual Studio 6.0 and Visual Studio .Net
• Use Site Server to evaluate the status of the websites and search engine

Confidential, Baltimore, MD

Webmaster II

• Manage sites on NT, Windows 2000 (server, Advanced server, server family), and XP
• Oversee and manage intranet and internet redesign
• Converted Cold Fusion applications to ASP 3.0
• Maintain the Content Management System
• Collaborate with contractors and exchange ideas
• Meet deadlines for posting material on the web
• Design compositions for the intranet web pages
• Develop example content management system in ASP for intranet
• Work as a team to keep the website up to date and useful to clients
• Use SQL Server, Access and Oracle as Backend databases to web applications.
• Use Webtrends for analysis of log files
• Update, Approve and Publish Content for the sites
• Program Web-based software applications using ASP 3.0 and ASP.Net (vb.Net)
• Designed websites on NT,2000, and XP systems using DreamWeaver, FrontPage, Notepad, CMS, Visual Studio 6.0 and Visual Studio .Net
• Use Elsop LinkScan to evaluate the status of the websites

Confidential, Westminster, MD

Assistant to the Webmaster

• Developed scripts to run on windows NT and window 2000 servers
• Was promoted after being Student Assistant for 6 months
• Trained faculty on FrontPage, Photoshop, scanning software and Microsoft Office
• Developed ASP application to use Access databases to create dynamic content on the web
• Updated site using FrontPage
• Maintained the internet and intranet
• Created banners and other graphics
• Set up and maintained web cam
• Assisted the Webmaster to prepare for web registration

Confidential, Frederick, MD

Customer Service Manager in Training

• Was promoted after working in the warehouse
• Received employee of the month twice