Areas of Focus

It is important to be specialized within certain area's of information security. However, information security will not be accomplished without the encompassing knowledge of the specific situation that must be secured. Just like a chain is only as strong as its weakest link, an organization is only as strong as its weakest security implementation. All of my below mentioned specializations work together to provide the highest level of security.

Intrusion Detection and Prevention

Intrusion Detection and PreventionLayered security is essential to information security, and for most companies, that means implementing both intrusion detection systems (IDS) and intrusion prevention systems (IPS). It is not a matter of simply which IPS/IDS to add to your security infrastructure, but how and where to implement in order to provide the most oversight and protection into your infrastructure. In fact, vendors are increasingly combining the two technologies into a single product, or implementing them inside existing devices such as routers and servers. This is viable for businesses on a tight budget as well. Many IDS/IPS offerings are derived from open-source, and can be fit seamlessly into an organizations existing infrastructure. However, an IDS/IPS that is implemented incorrectly can, and often does, cause more problems than it solves.

I have experience installing and maintaining the following IDS and IPS devices:

    Computer Security Consultant
  • Snort IDS
  • Splunk Enterprise
  • Tripwire Enterprise
  • Kiwi Log Server & Viewer
  • Watchguard IDS/IPS
  • Cisco Pix IDS/IPS
  • eEye Iris Traffic Analyzer

File Integrity Monitoring (FIM)

File Integrity Monitoring (FIM)File integrity monitoring is a key tenet of modern IT security. When the Payment Card Industry Data Security Standard (PCI DSS) was introduced in 2004, it elevated file integrity monitoring a to a security best practice. A properly configured FIM implementation will monitor system data, metadata, registry data, and more. However, this information is virtually useless if it is not actively monitored. Due to changing nature of enterprise computing environments, FIM must be customized to meet the environment and security needs of the organization. With proper configuration, a "trusted state" can be configured, that will establish a baseline that provides security assurance and real-time notification of any possible information security incidents.

Penetration Testing and Threat Intelligence

Penetration TestingPenetration testing and threat analysis is the process of actively evaluating your information security measures. There is a strong emphasis on "active" assessment as the information systems will be tested to find any security issues, as opposed to a simple paper audit.

I have experience with the following penetration testing technologies:

  • WildPackets OmniPeek
  • Nmap Port Scanner
  • Tenable Nessus Vulnerability Scanner
  • CAIN Exploit Tools
  • GFI LanGuard
  • Metaspl0it Framework

Regulatory Compliance

Regulatory ComplianceRegulatory compliance is a complex and thorny issue that touches nearly all companies, particularly in the area of information security. Achieving compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), and the Gramm-Leach-Bliley Act (GLBA) requires more than knowing the law itself. You must know the types of information your company processes, transmits, and retains, as well as how this information maps to specific regulations. Failure to show due care leads to large fines and even criminal sentences.

I have experience assisting with the following regulatory obligations:

  • Sarbanes-Oxley (SOX)
  • AICPA SAS 70 (Type I & II)
  • TDIR TAC 202
  • Gramm-Leach-Bliley Act

Physical Access Control

Access ControlA cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. It does not matter how secure your firewall is, or how unbreakable your encryption, if an attacker can walk into your server room door and physically access your equipment, the attacker can access your information. This includes knowledge of CPTED (Crime Prevention Through Environmental Design).

Backup and Recovery

Backup and RecoveryHaving a comprehensive backup strategy is a critical part of any business. It is not a matter of "if" you will need a backup and recovery strategy, but when you will need one. When that time comes, you need to know that your information can be restored quickly and completely.

I have experience with the following information backup and recovery methodologies:

  • Disaster Planning and Recovery
  • Disk-to-Disk, Disk-to-Tape, Hybrid
  • Online Offsite Backup
  • Secure Server & User Data Backup
  • Information Archival Management

Microsoft Systems Administration

Microsoft Systems AdministrationThe enduring strength of Microsoft systems in the market demands IT expertise that recognizes the benefits and challenges of its various implementation and management tactics in a Server 20003 and 2008 environment. This includes security integration at all levels, including baselining and hardening.

Core Skills

  • Information & Network Security
  • Leadership and Teambuilding
  • Interpersonal Communication
  • Business Continuity Planning
  • Cyber Forensics (CIRT)
  • Project Management
  • Penetration Testing
  • Audit and Compliance
  • Incident Investigations
  • Time Management
  • HIPAA Compliance
  • PCI DSS v2 Compliance
  • NIST and FISMA Requirements
  • ISO 27001/2 and 21000
  • IDS and IPS Management
  • Firewall, VPN and Router Design
  • Systems Integrity Monitoring
  • Event Management (SIEM)
  • Access Control Systems
  • Analytical & Problem Solving
  • Malware Reverse Engineering
  • Active Directory and LDAP
  • Patch Management
  • Microsoft Office Suite
  • MS Server 2000, 2003, 2008
  • Windows XP, Win7, Unix
  • Nessus, Nmap, Kismet
  • ArcSight and Splunk
  • HTML, XML, PHP, SharePoint