To provide expert computerforensic investigations andcyber security solutions that are high-quality, timely, and customer-focused
18 years of hands-on experience in delivering world-class results and solvingreal-world cyber security, digital forensics, and incident response challenges. Lead cybersecurity, incident response, and digital forensics investigations for private and public sector clients and law firms. Design and oversee the day-to-day operations of NetSecurity Forensic Labs. Work with clients in identifying and mitigating advanced cyber threatsin enterprise networks. Protect critical Internet infrastructures with more than 2 billion queries per day and other systems providing services for over 14 million customers. Architect and installed different security technologies into large and complex networks. Successfully installed and supported over 300 firewalls, more than 100 Intrusion Detection/Prevention Systems IDS/IPS , numerous PKI architectures, and hosts of other security products and technologies for different organizations. Lead hands-onvulnerability assessments and penetration testing of systems and work with clients to proactively protect valuable assets.Perform complex Certification and Accreditation C A activities following NIST 800-37 and DoDI 8510.01 guidelines. Oversee the development and delivery of training courses. Proactive in speaking, authoring, or consulting with media outlets on security and forensics topics.
- Security Attacks against PDA and Mobile Devices and Tips for Protection, October 2008
- Building a Forensics Investigation and e-Discovery Readiness Plan, Virginia Lawyers Weekly, July 2009
- Emerging Security Threats and Steps for Staying Ahead of the Game, SecurePC, Aug/Sept 2008
- Responding to a Financial Security Breach, SC Magazine, May 2008
Computer Forensics:EnCase, Forensics Toolkit FTK , ProDiscover, Paraben Device Seizure, P2 Shuttle ,Volatility Framework, DD, Oxygen Forensic Suite, DataPilot Secure View, F-Response, HB Gary, Responder, Helix, FIRE, Write Blockers, Steganography, Anti-Forensics, PDA/Handheld Forensics, Memory Analysis, Malware Analysis, OllyDbg, Reverse Engineering, Windows Registry Viewers, Hex Editors, Virtualization, Incident Response, e-Discovery
Ethical Hacking Tools: Nmap, SARA, ISS, Retina, SAINT, Nessus, Nexpose, Metasploit Framework, Core IMPACT, SAINT, Cenzic Hailstorm, AppScan, WebInspect, Netsparker, AppDetective, Paros Proxy, Burp Suite, WebScarab, THC Hydra, SPIKE Proxy, Nikto, Wikto, Rainbow Crack, Ophcrack, BackTrack, OWASP LiveCD, AirCrack-NG, Rainbow Tables, Google, Cain Abel
Firewalls:SonicWall, NetScreen, Gauntlet, Sidewinder, CheckPoint, Nokia, Netscreen, Cisco PIX/ASA, StoneGate, SmartWall, FWTK
Cryptographic Tools/Protocols/Framework: PGP, VeriSign PKI, Entrust PKI, Digital Certificates, F-Secure, SecurID, CryptoCard, SSH, SSL, VPN, Other PKI, IPSEC, LDAP
Virtual Private Network VPN :Netscreen, Alcatel OmniAccess, Cisco, VPN-1
Intrusion Detection and Prevention Systems:RealSecure, Proventia, Dragon, Snort, SourceFire, TippingPoint
Security Management: Securify's SecurVantage, GuardedNet's NeuSecure, NetForensics, Splunk, ArcSight
Risk Assessment: RiskWatch, SafeOperations
File Integrity: Tripwire, AIDE
Software Development: Full life-cycle development, Secure coding practices, Programming Languages: Ada, C, C , Java, Z, Pascal, Fortran, Cobol, Assembly, Perl, Unix Shell Scripting, Clipper, Visual Basic
Networking Technologies: Routers, Switches, Network Sniffers, Load Balancers, Splunk
Networking Protocols: TCP/IP, LAN/WAN, SMTP, DNS, Sendmail, 802.11
Operating Systems: Solaris, SunOS, HP-UX, UNIX, Linux, AIX, BSD, MS Windows, MAC OS
Database Management Systems: Oracle, MS SQL, Sybase, MySQL
Standards Regulations:ISO-17799, PCI, HIPAA, FISMA, GLBA, SOX, OMB, NIST , DoD
Principal Security/Forensics Consultant
Design, manage, and oversee the state-of-the-art Confidential. Lead and conduct digital forensics investigations for private and public sector clients. Assist customers in establishing and developing incident response capabilities. Identify, investigate, and handle security events and incidents while supportingSecure Network Operations Center SNOC . Work with clients in identifying and mitigating Advanced Persistent Threats APTs in enterprise networks. Identify intrusion by conducting volatile data analysis, registry analysis, memory analysis, and remote network forensics.
Investigate cases relating to network hacking, malware outbreak, illicit pornography, employee misuse of resources, and other advanced cyber attacks. Acquire, duplicate, preserve, and analyze digital evidence for forensics artifact from dead and live hosts. Ensure chain-of-custody forms are completed and secured through the lifetime of each investigation. Perform Windows forensics analysis, including registry analysis and users Internet activities reconstruction. Conduct forensics investigation of UNIX, MAC OS, and Windows systems. Collect and analyze Blackberry, Android, iPhone, iPad, and other mobile devices. Recover files hidden byencryption, Alternate Data Stream ADS , steganography, and malware. Conduct memory data collection and examination. Conduct static and dynamic analyses of malicious code and reverse engineering. Conduct forensics over remote network environments. Recover data from systems with RAID configurations. Develop expert reports that withstand legal scrutiny of opposing counsel. Support clients in electronic discovery e-discovery matters.
Perform hands-onvulnerability assessments and penetration testing against network infrastructure technologies, including: firewalls, IDS/IPS, routers, network servers, VPN gateways, database servers, web-based applications, mainframe, VoIP devices, wireless networks, and mobile devices. Identify vulnerabilities and execute appropriate exploits to compromise target systems, including server penetration, buffer overflows, privilege escalation, password cracking, and social engineering. Conduct WEP, WPA and WPA-2, man-in-the-middle, access point impersonation, and back-end database exploitation attacks. Execute OWASP Top 10 vulnerabilities such as: Injection, Cross Site Scripting, Broken Authentication and Session Management, Security Misconfiguration, etc. against web applications. Leverage IDS/IPS evasion attacks against target systems. Test the vulnerability of emerging mobile devices. Work with clients to implement remediation mechanisms to protect valuable assets proactively. Execute advanced spear phishing attacks as part of social engineering tests against users to simulate susceptibility to advanced cyber threats.
Sr. Manager, Information Security
Hands-on Security Responsibilities:
Performed host and network security design, configuration, and integration. Performed penetration testing, conductedsecurity audits, and reviewed company's information assets to identify vulnerabilities. Performed intrusion detection and response. Evaluated and deployed high availability and load-balancing solutions. Raised security awareness within organization. Monitored various Internet underground sites and device mitigation approaches against new bugs and exploits. Securely integrated remote networks and systems into company's network. Supported massive firewalls, IDS, VPNs, and products deployment. Served as Local Certificate Authority LCA , with responsibilities that included: certificate requests, approval, issuance, revocation, management, and administration. Active member of Change Management CM board responsible for ensuring security inclusion in life cycle processes. Participated in disaster recovery planning DRP and business continuity planning BCP activities. Worked with users and business owners and performed risk assessment of systems and applications prior to deployment and upgrade. Formulated and implemented risk mitigation plans, resulting in proactive security practices. Established computer security incident response team CSIRT , resulting in quickly responding to security incidents. Performed computer forensics examination on corporate systems and provided. Managed and maintained escalation procedures documents. Led internal forensics investigation using FTK, EnCase, ProDiscover, Helix, and many other forensics tools.
Led and established information security business direction. Established, developed, and enforced policies, procedures, guidelines, and processes for carrying out industry best security practices. Protected critical Internet infrastructure with more than 2 billion queries per day, and other systems and applications providing services for over 14 million customers for DNS, WHOIS, Email, and other web identity services. Investigated high-visibility security incidents worked with Legal, PR, HR, senior management, and other business units during these investigations. Established security budget for network operations. Developed project plans and work with other team members on execution.
Principal Security Engineer at Marine Corps Network Operations and Security Command MCNOSC
One of two original architects recruited to provide technical security guidance and leadership to USMC MCNOSC cyber security program. Provided superior contribution, which helped positioned MCNOSC with situational awareness and centralized security control of all USMC egress and ingress points. Proactively defended and led major advanced security projects within Marine Corps Enterprise Network MCEN , with about 120,000 users and thousands of network devices and applications. Architect and deployed security devices including content filtering, load balancing, routers, firewalls, VPN, and IDS/IPS technologies throughout USMC. Investigated advanced adversarial threats and intrusions targeting USMC and other defense targets. Conducted forensics examinations, remote intrusion investigations, and contained cyber security incidents throughout MCEN. Hardened operating systems and applications used by war fighters to defend against cyber adversaries. Conducted red- and blue-team exercises throughout MCEN. Served as a last-line escalation point in resolving complex cyber security issues. Provided adequate hands-on training to first-, second-, and third-tier security engineers and analysts. Researched and evaluated commercial technologies for defending USMC assets. Presented current trends in security and provided feedback and advice to USMC leadership, management, and regional security engineers. Led PKI implementation for MCNOSC. Co-developed optimal mechanism to centrally manage and monitor different security devices that are geographically located. Investigated and contained cyber security incidents targeted towards USMC.
Network Security Consultant
Reviewed and evaluated cryptographic and other network security software. Performed security analysis and survey on different computer networks. Assisted different client companies to develop and implement information security policies. Performed Internet connectivity and vulnerability analysis for clients. Reviewed and tested various cryptosystems. Provided training and technical advice to company managers of client organizations on different computer security tools and methodologies. Trained users/managers on security issues and safeguards, using SmartGate, Gauntlet Firewall family of products, and a host of other security products. Installed over 100 units of Gauntlet and other firewalls at different clients' networks. Wrote statements of work, which result in more than 75 success rate. Integrated latest security products into clients' computing environments. Implement methods to ensure the integrity, confidentiality, and availability of client's information resources, including VPN configuration. Resolved difficult security issues in diverse networks. Frequently briefed network managers/administrators on security threats, vulnerabilities, and implementation measures