Profile

• MSM, CISSP, CWASE, Application Security Engineer, Senior Security Consultant
• Software Security/Application Code Review/ Senior Security Engineer/C.E.O/Owner/Ethical
• Hacker.

SUMMARY

• Certified Information Systems Security Professional. CISSP 326814
• Certified Web Application Security Engineer
• Pursuing CSSLP and Global Information Assurance Certification. GIAC for Java Programming Security
• Ten years of professional experience in Security.
• Six years experience in Software and Database Security.
• Eleven Years experience in Information Technology and Programming.
• Held a secret clearance.
• Honorable Discharge United States Air Force Reserves.
• Self employed, Parsons Software Security Consulting, LLC.
• Member of OWASP member number 73N4Q4M27PH.
• Pursuing Certified Physical and Information Security Consultant/converged security c
• References below and available on request.
• Passed Drug Test and Background Check on June 1, 2010, September 15, 2010, January 15, 2012 and June 15, 2012.

PROFESSIONAL EXPERIENCE

Parson Software Security Consulting

Confidential

• Senior Information Security Consultant, Owner, CEO, CIO, CTO, Vice President
• Errors and Omissions Insurance and General Liability Insurance for four million dollars.
• Subject Matter Expert in Payment Card Industry, Data Security Standard compliance, Software and Database security, Network Security, Quantitative Risk Analysis Enterprise Risk Management.
• Created awareness in the Java and .NET developed community by creating a biweekly newsletter for LinkedIn.
• Application Security Engineer for McAfee Global Security Operations, an Intel Company.
• Technical Interviewer for McAfee Global Security Operations
• Java security point of contact and senior security analyst for Aetna insurance Application Development Security Assessment Team .
• .NET security point of contact and senior security analyst for Aetna insurance Application Development Security Assessment Team.
• Web Penetration Tester for Aetna insurance Application Development Security Assessment Team.
• Found keystore password on SAMS membership and Marketing Application.
• Specialized in Java, J2EE and ASP.NET, PHP, Perl, Mainframe, C and C security.
• Board of Directors Dallas OWASP chapter.
• Found Software security vulnerabilities for clients including: SQL injection, XSS, Cross Site Request Forgery and multiple other vulnerabilities.
• PCI compliance remediation for various clients in the Dallas Fort Worth Area.
• Submitted bugs for Google Chrome Project. bug number 37040 buffer overflow, 37042 No Validation, 37043 buffer over flow, 37044 Buffer Over flow.
• Scanned open source software to report software security vulnerabilities with Ounce Labs and full disclosure.
• Clients include: Verizon Telecommunications, Bank of America, Merrill Lynch Bank Suisse companies, Financial Institutions and South West Airlines.
• Implemented and became subject matter expert for Database Hard drive encryption for Harris County Toll Road Authority.
• Training of offshore developers in India, Singapore, Peru, Italy, England, Scotland, Switzerland and Hong Kong, Germany, Brazil at a Large Fortune 100 Financial Institution implementing and teaching Fortify Static Code Analysis tool enterprise wide at World Wide Bank.
• Subject Matter Expert for Contract Land Staff, Houston Texas. Lead security web penetration test of main Right of Way Land application, completed manual and automated source code review. Developed Remediation plan of action.
• Scanning of source code for a large financial Institution using Fortify.
• Doing source code review with Fortify and Ounce Labs to find software security vulnerabilities.
• Found Software security vulnerabilities in open source software including Second Life.
• Website Administration and Development with Various clients.
• Worked with Martindale and Lexus Nexus helping lawyers get a web presence.
• Created and developed basic static code analysis class for Ounce Labs. Ask for presentation.
• PGP and software security consulting with various clients in the Dallas Fort Worth Area including Venray Technology.
• rmation Security Engineer for Enterprise Information Management Enterprise Security Assessment
• Provided security code reviews using the Fortify Source Code Analysis Product and evaluated results for security vulnerabilities for eCommerce applications. Trained, documented and advised application developers for security risks, secure coding best practices, with practical remediation guidance to developers.
• Created Custom Rules matrix.
• Started Malicious Code review program for offshore developers.
• Helped complete the Cyber Security Mandate of a 706 target applications. With team identified 1274 Critical/important issues. Closed 700 at year 's end prior to exploitation.
• Deployed early life cycle service source code scanning to 232 internet facing web applications. Completed 100 percent Bank developed internet apps for 2009.
• Reviewed Source code in .NET, PHP, Internet - Web, J2EE, Java, Java Script.
• Created documentation for bank on software security via private and public Wikipedia.
• Was scribe for Enterprise Security Management meetings.
• Reviewed peers ethical hacking assessments and offered feedback.
• Migrated from finding security problems to finding elegant and effective business security solutions for bank.
• Completed software security assessments of banking applications to meet banking regulatory compliance and to start software security program early in the software security life cycle by on boarding different software development line of business groups from around the country and around the world in the Fortify Self Service scanning. To train developers to write secure code using the OWASP software security testing guide.
• Successfully onboarded and helped implement new software security program at Bank of America. Updated internal wiki and onboarded and trained developers how to write secure code and use the Fortify Static Code Analysis tool and Fortify Manager. Trained Developers in India, England, Switerzland, Singapore and Hong Kong and on the West Coast, Central and East Coast of the United States from my remote office in Fort Worth, Texas.
• The bank ended up with thousands of developers trained in software security and the Fortify Static code analysis tool including Fortify Manager. New processes and ideas were documented for the next generation of software security experts. Helped reduce the attack surface at the bank and limited the number of vulnerabilities, by finding software security bugs early in the development life cycle well before the application was in the public space.

Confidential

Senior Internet Software Security Systems Engineer for Information Technology Application Security

• Security Source Code Java/.NET
• Hired for strategic role in the development and maintenance of extremely complex network security/protection systems and architectures. Provided security solutions that required resolution of complex operational and integration issues associated with networks, data systems, and applications to successfully deploy secure technologies and to enhance existing technologies. Lead computer security incident response activities, conducting technical investigation of security-related incidents and conduct post-incident digital forensics to identify causes and recommend future mitigation strategies.
• Served as the highest level of information security consultant to all internal clients and technical management in all areas of Verizon to ensure conformity with corporate information security standards.
• Comprehended large Enterprise Applications and Source code.
• Responsible for performing security code reviews and application risk assessments for customer facing applications at Verizon. Audited applications written in multiple languages, including Java/JSP, VB.NET, ASP.NET, C, C/C, COBOL, PHP, and Classic ASP. Utilized OWASP and Ounce Labs formal methodology to conduct code reviews and risk assessments.
• Used internal documents at Verizon Business, ultra-edit, and static analysis tools like Ounce Labs and Open Ounce to supplement manual code reviews.
• Worked closely with business units, vendors, and developers onshore and offshore to understand applications, analyze business processes, and identify areas of risk.
• Worked with management to access risk and certify all applications for PCI compliance.
• Responsible for the code review infrastructure at Verizon Business and administered all Windows and Linux servers regarding code review.
• Created custom scripts to take out certain security vulnerabilities.
• Used regular expressions to search for sensitive data, like credit card numbers and social security numbers.
• Developed and documented a software security program.
• Found software security vulnerabilities in 200 million dollar annual revenue Verizon Core application.
• Applications scanned for PCI compliance, Minute Pass, IPM, E-payment, Voice Portal, IP manager, Single Sign On, Speech Services, Epoem.
• Completed Malicious Code Review for offshore developers.
• Developed and implemented malicious code review program for Verizon Business. Created Training for Malicious Code Review, created one hundred question test, for malicious code review training. Developed Power Point Slides that trained thousands of Security analysts to complete Malicious Code Review for Offshore Developers.
• Served as a key member of the Information Technology Application Security Review team and founding member of the code review team of three for all of Verizon Business and Verizon Telecommunications.
• Audited and reviewed 500K LOC of Perl and PHP for configuration management system and Verizon.
• Worked with a team to discuss vulnerabilities, trends and risks and protect Verizon software and information assets.
• Contributed to weekly team meetings by researching new vulnerabilities, security threats and attacks.
• Personally Audited and reviewed eight million lines of source code in Java, .NET, ASP, C, Visual Basic, PHP, Perl, COBOL, C and C .
• Found and helped remediate Software Security Vulnerabilities including credit card numbers and social security numbers, SQL injection, Cross Site scripting, Stored Cross Site Scripting, Buffer Overflows, Improper use of Cryptography, Malicious code and various other vulnerabilities.
• Networx is a 40 million LOC java application and consists of 170 projects. Directly responsible for the security and remediation of 85 projects. Had to build application without help from development staff. Found social security numbers, credit card information and other personal customer information using advanced searches in ultra-edit.
• Created, Deployed, Taught and Developed Software Security Program and Ounce Labs Training Program which consisted of live webinars, teleconferences, Power Point Presentations and multipage internal training documents.
• Worked as a liaison between Ounce Labs and Verizon Business addressing the needs of both parties.
• Lead Remediation efforts of several applications as subject matter expert and reduced the number of software security vulnerabilities in multiple applications. Provided ongoing security advice to developers taking all questions and either answering the question or researching the question to provide the best answer for the developer and the company.
• Web Penetration testing of various vulnerabilities for confirmation. Manual and automated methods for testing XSS, SQL injection and various other Web Security Vulnerabilities listed by OWASP.
• Verizon ended up passing PCI compliance saving the company millions of dollars of fines and brand name damage in 2007, 2008 and 2009.

Confidential

Lockheed Martin is a large multinational aerospace manufacturer and advanced technology company formed in 1995 by the merger of Lockheed with Martin Marietta. It is headquartered in Bethesda, Maryland, in the Washington Metropolitan Area. Lockheed Martin employs 140,000 people worldwide.

Systems Integration Analyst, Enterprise Information Systems

• Secure Coding and Database Auditing Point of Contact POC for Fort Worth, Aeronautics Business Unit and Enterprise Information Systems SD I Fort Worth
• Member of Elite Lockheed Martin Aeronautics, Network Operations Security Center NOS Active Secret Security Clearance
• Kept senior management informed of Information Security Risks, Vulnerabilities and Trends.
• Developed, Started and implemented Software Security Program.
• Performed Network Security Audits in Network Operations Command Center.
• Web Penetration testing to prove Software Security Vulnerabilities with Web Inspect, Burp and manual fuzzing and penetration testing.
• Security reviewed three million LOC in Java, C, VB.NET, and ASP.
• Security Reviewed F-22 application Global Task Management System and certified application to meet customer requirements.
• Certified and Reviewed mission critical code for the infrastructure of Lockheed Martin.
• Developed and trained developers in software security best practices.
• Mentor to Lockheed Martin Network Support Employee in Liverpool, NY.
• Certification and Accreditation of Various internal documents to Department of Defense Policies including: DoD 8550.2.
• Security Engineer, Technical lead and Subject Matter Expert SME on multiple projects.
• CISSP Site coordinator to corporate wide CISSP class.
• Reviewed and found suspicious and malicious code internally and externally.
• Programmed in Java and .NET development environments.
• Worked on International Espionage case working on code forensics.

Confidential

Desktop Support Analyst

• Worked as a System Support Analyst supporting 2300 end users on a team of three as Windows Administrator.
• Completed 20-40 tickets a week through Incident Response and problem resolution and customer support to clients with computer problems.
• Removed viruses and spyware on clients systems.
• Physically destroyed and degaussed hard drives with sensitive company information on them.
• Researched latest security threats, installed latest patches, installed software on clients ' computers.
• Built and deployed computers for clients working at Lockheed Martin
• Performed Network Security Audits on Local Area Network.
• Worked with Microsoft Digital Rights Management on a client server environment.
• Network Administrator, Installing Catalysts and Network Troubleshooting.
• Helped plan and install Voice Over Internet Protocol System. VOIP
• Programmed in VB.NET and C .NET to create scripts to automate tasks.
• Lead an asset reduction program that saved the company thousands of dollars in duplicate PCs.

Confidential

• Customer Service Technician-Contract Solectron
• Increased sales revenue in accessories and enhanced features.
• Incident response and problem resolution.
• Investigated internal fraud of fellow employee.
• Decreased work time on cell phones from four hours to 45 minutes
• Checked account status and activated User Account Management.

Confidential

Information Technology Administrator

• Assisted staff with Information technology including Mac 's and PC 's site administrator.
• Created and administered accounts for local users.
• Administrated and installed Virus Management software.
• Network Administrator.
• Researched Viruses and Security Patches.
• Installed latest security patches on PC 's.
• Programming.
• Instructed employees on the proper use of computing assets.
• Managed Career Services Database as Database Administrator.
• Protected Database and monitored e-mail list-server.

Confidential

Head of Physical Security

• Supervised Security Personnel to ensure that proper security procedures were in place.
• Identified patrons were of the age of 21.
• Physically removed any patrons that were in violation of the Establishments ' code of conduct.
• Established a relationship with local police department and called upon them in emergencies.

Confidential

• Active Secret Clearance May, 2001, E-3 Airman 1st class, Honorable Discharge
• DD-256.
• Studied in military science, leadership development training and professional training activities.
• Acted as General Military Science Advisor.
• Studied the field of Information Science for Detachment at Syracuse University.

Confidential

Computer Receiving Clerk

• Checked in all store goods into grocery store through computer DOS system
• Started this career while in high school. Worked as a cashier, stock clerk and meat department and during summers and weekends while in college. Worked 20-40 hours a week.