SUMMARY:

• Currently working CIBC and MSSP
• 15 years experience in information technology, Information Assurance.
• Ability to work independently or within a team environment .
• Working knowledge of SIEM tools such as ArcSight ESM, Logger, Oracle and MySql
• Expertise in Inter - networking implementation of Arcsight and Splunk
• 8 years e xperience with flex connectors using Regex or JSON.
• Skilled in IT enterprise security ex: tracking and shutting down suspicious activity.
• Currently, studying and follow the latest trends in the hacking community.
• Well schooled and groomed in the TCP/IP protocols like DNS, DHCP, FTP, SNMP and SMTP.

PROFESSIONAL EXPERIENCE:

Confidential, Rehoboth Beach, DE

ArcSight SME

Responsibilities:

• ArcSight SME for HP MSSP, CIBC and CMS
• Very good with flex connectors using Regex or JSON
• Installed a 4.5,5.0, and 5.2, 6.0c/6.5c ESM managers and databases
• Performed a 5.X to 6.0c migration and 6.5c upgrade, 6.8/6.11 upgrade.
• Rebuilt loggers to 5.3 and 6.2 to 6.4
• Maintaining 6.5c, 6.8,6.9 and 6.11 CORRE (MySQL), databases
• MySQL DBA experience through CORRE backend
• Configured and currently maintaining numerous connectors
• Consulted on training content tailored to the users’ environment.
• Built numerous reports for the Logger environment and ESM
• Created numerous content for ESM 5.X and 6.0c/6.5c/6.8c/6.9/6.11
• 3 years experience with Splunk (Splunk similar to ArcSight logger)

Confidential, Rehoboth Beach, DE

Security Information Security Engineer

Responsibilities:

• Develop a solution for a large-scale company issue with Enterprise Messaging for Detecting E-mail Campaigns.
• Supported security planning, risk analysis, and risk management for on-going security issues.
• Created numerous Security content for HP/ArcSight ESM 6.5c, 6.8c and 6.9.1
• 2-years’ experience with Splunk administration (field alias, extractions etc.)
• Making Splunk dashboards, alert and reports.
• Identified overall security requirements for the proper handling of Bank data.
• Developed ArcSight training tailored to the Confidential users’ environment.
• Efficient with Regex making parsers for ArcSight flex connectors
• Did In-Depth Data Injection Testing with FireEye, Tipping Point, Blue Coat, and NetWitness
• Working knowledge with FireEye, Tipping Point, Blue Coat, Symantec Cloud and NetWitness
• Currently working with the SOC in developing needed content.

Confidential, Reston, VA

Security Engineer

Responsibilities:

• Configuring ArcSight, ASA firewalls, MARS and Cisco IPS out of box
• In Charge creating content for Arcsight 4.0 ESM.
• Worked DIACAP C & A for the GBS program.
• A full working knowledge of the DIACAP process (focused on the scorecard part for Windows and Unix servers).
• Currently analyzing, Retina results, Incident Response and Disaster Recovery Planning for The GBS Program.
• Assuring that all STIG’s are met by each Enclave involved in the C & A process.
• Consulted on what deliverables should be given to the CA (Certifying Authority).
• Analyzing scanning results from the DISA Gold Disk and the Retina Scanner.
• Hardening Windows 2003 according to Gold Disk requirements.
• Running Vulnerability testing on SCI level servers and computers.
• Performing FISMA audits weekly by VAT testing.
• Currently administrating and monitoring Arcsight.

Confidential, Reston, VA

Security Engineer

Responsibilities:

• Hands-on experience with ArcSight, ISS NIDS and HIDS.
• Creating rules and filters in ArcSight.
• Tracked the activity of many worms by using the ArcSight, ISS NIDS and ISS HIDS.
• Monitor firewall, NIDS and HIDS logs though the use of a SEM tool (ArcSight).
• A full working knowledge of network security secrets and solutions on Windows, Linux and UNIX networks.
• I have discovered many computers doing tcp port sweep, udp port sweep, and brute force attack and shut them down
• Configured policies that were applied to ISS HIDS and NIDS.
• Troubleshooting security incident though use of packets captured by Sourcefire NIDS.
• Monitor and analyze all traffic going though two separate networks.
• Studied and follow the latest trends in the hacking community (know your enemy mentality).
• Keeping up-to-date on the latest security trends and hacker techniques.

Confidential, Alexandria, VA

Lead Security System Engineer

Responsibilities:

• Hands-on experience with Net screen firewalls, Symantec enterprise anti-virus, enterprise IDS and ACL’s.
• Develop password files that were used with lophtcrack to crack\audit passwords for the United States Coast Guard.
• Mastered Sniffing and analyzing network traffic with ethereal.
• Excellent working knowledge achieved though daily usage of McAfee IntruShield IDS’.
• Shutdown infected workstation by contacting the ISSO located in each region of the Coast Guard.
• Security Test and Evaluation (ST&E): Tested vulnerability by using Nessus and GFI Languard.
• I have discovered many computers doing tcp port sweep, udp port sweep, and brute force attack and shut them down.
• Currently, study and follow the latest trend in the hacking community (know your enemy mentality).
• Currently run the CG CIRT website that is built with Apache and PHP and post the most current threats on this website.
• Tracked the activity of many worms, Trojans, and virus by using the Intruvert IDS...
• Pushed out new virus definitions when any new virus that had a category of two or higher were found in the wild.
• Running testing on cracking passwords with john the ripper and Denial of Service scripts on a test network.
• A full working knowledge of network security secrets and solutions on Windows, Linux and UNIX networks.

Confidential, Quantico, VA

Network Security Engineer

Responsibilities:

• Hands-on experience with Netscreen firewalls and vpn’s, Symantec enterprise anti-virus, enterprise IDS and ACL’s
• Spearheaded our computer forensics effort to investigate suspicious activity IE. Virus’ and brute force attacks.
• Mastered NetRanger, SAV, Raptor firewalls, Manhunt, TCPdump and scripts that were used to track network activity.
• Excellent working knowledge achieved though daily usage of network (Shadow) and host based (ITA) IDS’.
• Shutdown infected workstation though blocking the port on the access switch and denying at the outer router.
• Security Test and Evaluation (ST&E): Tested vulnerability by doing broadcast ping attacks from the interior network.
• Discovered the green team doing a tcp port sweep, udp port sweep, and brute force attack and shut them down.
• Made a report after seeing a user had hacker software and other illegal material on his/her computer.
• Independently caught two employees downloading pornographic material with Trojan horses.
• Tracked the activity of the welchia worm by using the TCPdump signature and the Snort built into Manhunt IDS.
• Pushed out new virus definitions when any new virus that had a category of two or higher were found.
• Fixed sendmail issues that occurred because of ACL denials, wrong DNS records, or site exchange boxes down.
• Monitored firewalls for suspicious activity by port number and investigated why a certain site was denied access.

Confidential, Fairfax, VA

Network Engineer

Responsibilities:

• Maintained a NT/2000/HP-Ux secure network and secure VPN connections to remote sites.
• Configured and maintained ACL’s on Cisco Pix Firewalls 501 and 515, Catalyst 2900 switches, and routers 3600.
• Maintained VPN’s and monitored for suspicious traffic from the Internet. (Ex: blaster worm or welchia worm).
• Working knowledge of how SANS works in a high availability cluster in a HP-UX/ Windows environment.
• Maintained a Gauntlet firewall between to secure networks that supported a mission critical application.
• Produced a vb script that pulled data from a paper document and converted into a .txt, .pdf or .doc form.
• Monitored network activity on a worldwide network containing 90 domain controllers.
• Redesigned the system administration web page by adding network Visio diagrams while using HTML and Java
• Designed network architecture for a disk array which included power requirements and network equipment.
• Worked in Active directory maintaining user rights, policies and privileges.

Confidential, Arlington, VA

System Administrator

Responsibilities:

• Worked with Active directory security policies (NMCI and Legacy) on two separate domains.
• Effectively solved software and security issues for customers.
• Closed more tickets than any other technician during the first quarter of 2002.
• Configured virtual directories, shared folder permissions, shared printer’s permissions.
• Configured access permissions for Navy intranet services and web based programs.
• Validated clients by using the ping, ipconfig and arp commands.
• Backup and restored Linux backbone with the tar, unmount and mount commands.
• Partition hard disks on a production Redhat server and a Windows 2000 server production server.
• Troubleshoot name resolution problems by using nbststat, ipconfig, nslookup and netdiag.
• Configured group policy logon scripts and links to group policy with Active Directory
• Managed security daily on two OU’s of high priority for the U.S Navy on the NMCI network.
• Used Winpe and the recovery console to fix numerous blue screens on clients PC’s.
• Used Symantec Ghost 2000 to configure all workstations with C2 security and DOD approved apps.

Confidential, Sterling, VA

Technical Support

Responsibilities:

• Involved in securing hosts and networked systems, Public Key Infrastructure (PKI), centralized Directory Services, and contemporary OS platforms, e.g. Windows NT/2000, UNIX, and Netware.
• Troubleshot and replaced all defective hardware in workstations and servers ( all types: Windows /UNIX)
• Managed and updated all hot fixes, patches, and service packs on Window/Unix boxes.
• Configured and troubleshot all remote access and vpn connections.
• Used security templates to implement security policies and analyze by using the secedit command.
• Installed and configured Windows NT 4.0, 2000, and Linux installs.

Confidential, Vienna, VA

LAN Engineer

Responsibilities:

• Ported over toll free numbers.
• Fielded calls from the sales team.