Qualification Summary

Over 15 years of experience in many areas of technology including: information assurance, software development, project management, team leadership, quality control and infrastructure with a focus on Security. Experienced in enterprise, startup, waterfall, agile and devops environments. Fluent in both English and French.

Experience Highlights

Information Assurance

• Design, implement, maintain and operate secure systems, policies and procedures
• Solid understanding of risk management and controls with a preference towards preventive technical controls
• Experience working with frameworks such as ISO 27001, Cobit and BSIMM
• Working with regulations such as SOX, GLBA, FTC Standards, PCI, IRC 7216, etc.
• Perform penetration testing manually and with automated tools such as Burp Suite, Netsparker, BackTrack Kali , Nessus, Nexpose, metasploit, ettercap, aircrack-ng and many others tools
• Implementing SSO w/ Federation in a claims based model WS-Trust, WS-Federation, SAML-P, SWT
• Perform static analysis using FxCOP, splint and other tools.
• Perform threat modeling using the Microsoft SDL threat modeling tool
• Perform code reviews for common vulnerabilities OWASP top 10, SANS top 25
• Solid experience in log management and monitoring solutions OSSIM SIEM, Splunk, Logstash, Elasticsearch, Kibana, Syslog, WMI, SNMP
• Perform Fuzz Testing using custom scripts and tools
• Promote and implement secure software development processes
• Implement secure data exchanges, storage, authentication, integrity validation and non-repudiation using symmetric and asymmetric encryption as well as hashing algorithms
• Configure, maintain and monitor intrusion detection systems and web application firewalls Snort, OSSEC, Tripwire, fail2ban, mod security, PHPIDS, IBM Proventia, etc
• Configure and maintain Cisco routers and firewalls Routers, Catalyst Switches and ASA
• Experience with hardening operating systems, services and devices CIS Benchmarks .
• Experience with disaster recovery planning
• Malware/Botnet identification and removal
• Experience managing enterprise endpoint security products Symantec Endpoint Security
• Experienced managing the implementation of backup systems CDP, Dedup, Disk to Disk,Tape based and offsite storage
• Experienced implementing L2TP, PPTP and SSL based VPN Cisco, Windows, FreeSwan, OpenVPN
• Experienced working with file and socket level Encryption PGP, GnuPG, Windows PKI and SSL OpenSSL, stunnel

Software Development

• Strong experience developing cloud applications using the Microsoft Azure platform. Exposure to other platform such as Amazon AWS, Google AppEngine and others
• Extensive experience in the development of enterprise web, client, server and SOA based applications using the C , C and C languages
• Intermediate experience with other languages such as Python and Java
• Expert knowledge of Microsoft Windows, Linux, Solaris, IRIX, MP-RAS and other platforms.
• Strong knowledge of web development technologies HTML, HTTP, ASP.NET Webforms/MVC, PHP, JavaScript, JQuery, JSON, REST and Web Services SOAP/WSDL and WCF
• Fluent in XML based technologies using XML Schema, XPath and XSLT
• Database background with Microsoft SQL Server, MySQL, Informix and Oracle using ADO.NET, ODBC, Embedded SQL and other similar client access technologies
• Architect and implement from the smallest Korn or PowerShell scripts up to large, high volume, cross-platform, scalable, secure and reliable cloud based architectures
• Development of business intelligence solutions using Microsoft Reporting Services
• Skilled in troubleshooting, debugging, profiling and optimization techniques
• Design and Develop systems following best practices, using object oriented design patterns as well as enterprise design patterns
• Test engineering experience conducting load testing, stress testing, scalability testing, code and database profiling, unit testing, code coverage analysis and test automation.
• Experienced using threads managing concurrency issues , regular expressions and network socket programming
• Competent with build technologies such as make, MSBuild, Bamboo and Team Foundation Server.
• Experienced using source code control technologies such as TFS, SourceSafe, Subversion, Git, Mercurial, etc.
• Working with ORM technologies such as LINQ to SQL, Entity Framework and RedBeans

Project Management and Leadership

• Responsible for leading Jackson Hewitt's application security program based on Microsoft SDL, BSIMM and OWASP guidelines.
• Head of startup technology department responsible for software development, IT and security teams' activities and budgets and a team of 10-15 people.
• Produce and deliver project charters, project plans, work breakdown structure WBS documents, technical designs and presentations
• Experience managing agile projects
• Experience in motivating, mentoring, supporting team members

Infrastructure

• Proficient with the administration of various networking and telephony equipment such as proxies, modems, Portmasters, managed switches, wireless access points WAP and PBX VOIP, SIP, RTP
• Background in system administration SMTP, POP, IMAP, Radius, HTTP, FTP, FTP/s, ssh, sftp, Active Directory, LDAP, etc... ,
• Experienced managing web servers IIS, Apache, Tomcat, nginx and others
• Experienced managing email servers Exchange, dovecot, sendmail, postfix and others
• Intermediate database administration experience Oracle, MySQL, Microsoft SQL Server
• Maintained, built, serviced and configured servers and desktop computers Windows, MAC and Unix
• Experience with virtualization technologies VMWare, VSphere, VirtualBox, Xen, KVM, etc
• Working with low level protocol such as Ethernet, IP, TCP and UDP

Employment History

• Confidential Master Application Architect in Security
• Confidential, Director of Technology
• Confidential , Lead Application Developer
• Confidential, CISO
• ConfidentialSystem Administrator, Pentester
• Confidential, ISP Administrator
• Confidential Multimedia Programmer/System Administrator
• Confidential, Multimedia Programmer