IT Specialist Security
- Responsible for analysis of malicious activity and policy violations throughout IRS IT Systems.
- Perform Threat/Risk Analysis on IT Systems using information obtained through Intrusion Detections Systems IDS , NetFlow, BlueCoat weblogs, ArcSight, SAS, and many different security related data sources and products.
- Integrate many different data sources of security related events into a single repository to perform analysis, data mining, and correlations between data sources looking for malicious activity.
- Developed analysis tools in Perl, Java, Python, C , and bash scripting. A few analysis tools include: a Netflow collector that accepts and deciphers 4 different versions of Netflow data, a Java data mining thin client that attempts to optimize query parameters for faster searching of extremely large data sets, and SAS Enterprise Guide projects to perform statistical analysis of data.
- Provide guidance for disaster recovery and business continuity planning for the Cyber Security data warehouse and other IT assets.
- Reverse Engineering Malware with tools like but not limited to OllyDBG, IDA Pro, pdfid, pdf-parser.
- Experience with FISMA standards and policies.
Sr. Technical Analyst Security
- The Technical Lead for application security consulting, vulnerability assessments, penetration testing, and vulnerability mitigation planning for enterprise projects at FedEx. I worked with developers and IT management to develop acceptable security controls based on cost vs risk. I have assisted enterprise projects, foreign and domestic, in developing secure applications throughout their software development life cycle.
- Performed vulnerability assessments and security analysis of all new and emerging technologies before implementation at FedEx. Provided Security recommendations and approved/tested changes before deployment.
- Used the NIST 800-53 publication for defining the FedEx Application Security process for identifying basic security controls, assessing controls and mitigating risk.
- Design and support Tier I, Tier II and Tier III systems to ensure proper load balancing, redundancy and 99.9 uptime.
- Performed penetration testing on client applications, web applications and web services using automated tools, manual testing, and in some cases developing custom tools for fuzzing and scanning. I have extensive knowledge of penetration testing tools both commercial and Open Source.
- Planed and developed IT infrastructure for using HP WebInspect, AMP, and HP QAInspect. Using this infrastructure I was able to ensured that every publicly facing FedEx web application when through vulnerability testing and completed vulnerability remediation before being deployed into production.
- I performed manual and automated source code vulnerability analysis in many different languages including, but not limited to, Java, C /C /C, php, and perl. I developed some of my own scripts for looking for common security vulnerabilities in code.
- Responsible for writing vulnerability reports, classifying risk, presenting remediation solutions, and tracking defects to ensure that issues have been resolved in a timely manner.
- Responsible for researching new and existing technology/frameworks used in the enterprise to ensure that it could be configured and implemented securely. i.e. Apache, WebLogic, Oracle, MySQL, MS SQL Server, Sun One, Oblix, Site Minder, etc
- Helped develop a secure SDLC that integrates common frameworks, coding best practices, and coding guidelines.
- Experienced in meeting regulatory requirements like PCI DSS, HIPAA, and SOX.
- I performed annual PCI vulnerability assessments on key FedEx assets.
- Responsible for evaluation and recommendation of new products and infrastructure, creating RFI's/RFP's, and leading proof of concept scoring with several venders.
- Technical lead for the FedEx encryption and key management/PKI evaluation and proof of concept scoring.
- Technical lead for the static source code scanning product evaluations and worked through the scoring and final decision making process.
- Developed and evangelized secure coding best practices.
- Demonstrated exploitation of vulnerabilities and given presentations all the way up to executive level management.
- Core team member on the FedEx crisis incident response team. Responsible for identifying attacks on the enterprise, triage, determining risk, assembling the core team if needed, and providing prompt resolution.
- Develop and refine the FedEx information security standards, policies, and guidelines.
- Responsible to the design and prototyping of a fully automated unmanned convenience store.
- I designed the client/server inventory recording system in embedded Visual Basic and Delphi to allow warehouse employees to update items in the store wirelessly on a Pocket Pc. This software interfaced with SQL Server 2000 and other computers using Microsoft Message Queue, ADO, and TCP/IP.
- I designed and prototyped the video surveillance systems in C that allows one user to perform video monitoring of four ports in the store, control certain aspects of the store remotely, and talk to the customer using Voice over IP if there is a problem.
- I designed and prototyped hardware electronic circuits that interface with Programmable Logic Controllers PLCs to allow machine control of vending appliances that were not originally intended to be machine controlled and automated.
- Reverse engineered hardware not originally intended to be controlled by external systems to interface with custom software and PLC's.
- I developed RS232 interfaces in Delphi to control bill acceptors, touchscreens, and audio switchers. This software can send and receive messages through COM ports to allow for full control and feedback from many hardware devices.
- I worked in a group as one of the few undergraduates to set up a Digital Signal Processing laboratory at the University of Memphis. I was responsible for setting up the Texas Instruments TMS320C6711 and TMS320C6416 DSP development boards and programming them in C/C . I wrote software that controlled memory management of Flash Ram and peripheral devices like analog to digital processors and digital to analog processors. I performed all the elements of basic digital signal processing. I derived mathematically Finite Impulse Response Filters, Infinite Impulse Response Filters, Adaptive Filters, Amplitude Modulation, and Amplitude Demodulation. I coded algorithms in C and downloaded the programs to the DSP microprocessors. I have extensive experience processing audio signals using mathematical analysis like FFT's, filtering, and probability.
- I used this experience as my senior design project where I implemented a simple voice recognition program in MATLAB. This software was able to distinguish a single user with a single password from other users and different words.
- I wrote a lab manual for undergraduates in Electrical and Computer Engineering to use when taking the University of Memphis' Transforms class. The lab shows students how to use mathematical transformations like the Fourier Transform to perform signal processing. I showed how to derive the algorithms for filtering using differential equations and wrote software in C for the students to complete that would allow them to see the effects in real-time with an oscilloscope and the DSP development boards.
Lead Electronics Technician
- My main responsibility was to troubleshoot problems with electronic equipment sent to Federal Express for repair. I would find new problems and teach each of the technicians how to fix these problems. I would train the technicians how to read diagnostic readings from oscilloscopes, current meters, and voltage meters in order to diagnosis a potential problem.
- I wrote a series of manuals that cover each of the main circuit boards the technicians would see at FedEx Express. Each manual would cover diagnostic readings they should see with oscilloscopes and multimeters as well as a procedure for fixing the problem.
- Developed the schematics and initial hardware prototype for a FedEx Super Tracker flash memory programmer and test for memory read/write errors.
Security Tools: ArcSight, nmap, netcat, Cain and Able, WebScarab, dsniff, hping, Burp Suite, wireshark/ethereal, nikto, Paketto Keiretsu, Kismet, Ettercap, HP WebInspect/QAInspect, w3af, Metasploit, BackTrack, ettercap, Nessus.
Operating Systems: Windows 98, 2000, XP, Vista, Windows 2000 server, Windows 2003 server, Red Hat AS 3.0, SUN Solaris, Ubuntu.
Web Servers: Apache, Glassfish, BEA WebLogic, JBoss, and ISS.