System Administrator, California Institute of Technology.
Pasadena, CA. January 2002 - March 2004.
Led security team at the Center for Advanced Computing Research. Implemented
a network security policy in a supercomputing center. Audited all network
devices including desktops, databases, servers, routers, and switches.
Conducted and analyzed vulnerability tesets using open source security tools
Nessus, Nmap, Netcat, and Nikto. Investigated intrusions and performed
forensic analysis on UNIX and Windows systems. Administered production
Linux and Solaris servers, including webservers, NIS servers, DNS servers,
Nessus scanners, and Syslog servers. Partnered with system administrators on
fixing critical security holes. Educated users with new security software usage. Implemented Secure Shell upgrade and configuration procedures on all UNIX systems to reduce network attacks. Managed Linux Iptables firewall for the department. Implemented a Snort Network Intrusion Detection System (IDS) to help locate various attacks.
Principal Security Consultant, SSH Communications Security, Inc.
Palo Alto, CA. July 1999 - October 2001.
Managed technical support team in assisting both pre-sales and post-sales
customers. Authored white papers to explain how the company's technology
fits into customer's network architecture. Presented SSH Communications
Security's technical strategy at marketing seminars throughout the United
States. Led interoperability testing with IPSec VPNs and Secure Shell products
from various vendors. Developed business model on Secure Shell product.
Contributed to development and marketing regarding product information.
Headed up technical instruction initiative, including authoring and delivering
a three day SSH Secure Shell course for system administrators. Wrote shell
scripts for end-user applications to automate Secure Shell implementation.
Assisted with IT and internal security issues. Developed strong relationship
with members of the press and assisted with product announcements.
Information Security Analyst, VeriSign, Inc.
Mountain View, CA. November 1998 - July 1999.
Designed network, host, and application security architecture and policies
for VeriSign and its affiliates. Created incident response policies and
guidelines for Public Key Infrastructure and Root Ceritificate Authority (CA).
Implemented security tools on production Solaris systems. Led security
assessments at headquarters and satellite offices. Worked closely with
Information Systems Department to ensure a secure computing environment.
Secured remote access as well as host and application. Maintained the
physical security of the network and hosts.
Network Security Engineer, International Network Services.
San Mateo, CA. December 1997 - November 1998.
Architected design projects involving packet level security audits on switches
and routers using network protocols including TCP/IP, DECnet, Netbios, IPX/SPX,
and AppleTalk. Implemented and designed firewall network architectures involving Checkpoint and Eagle Raptor. Guided security policy review and development. Led "tiger team" attacks from the Internet and from the internal networks on routers, UNIX, VMS, and Novell systems. Designed and taught course on "tiger team" methods. Conducted physical, system, and network level security audits at client sites including applications such as finger, telnet, and SMTP. Penetrated security weaknesses using vendor vulnerabilities, poor passwords, and network spoofing. Discovered denial of service attack on OpenVMS using UNIX remote access commands.
Technical Consultant, Hewlett Packard.
Mountain View, CA. July 1996 - March 1997.
Architected and implemented B1 level security UNIX on HP-UX CMW (Virtual
Vault). Integrated Virtual Vault with Windows NT 4.0 Web server, Internet
applications, and data warehousing to provide a secure web solution for a
customer. Assisted in design of secure network implementations involving
the World Wide Web, firewalls, and TCP/IP protocols. Developed and taught
classes on HTML for the administrative staff in the Raleigh office.