New York 10965 USA
(000)620-1418
OBJECTIVE
To provide scaleable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enables business functionality. “Security for security sake”, is not my goal. Secure business and fostering business in a secure way: that’s the challenge.
TECHNICAL HIGHLIGHTS
Internet Security and TCP/IP network design. Firewall install, consult, review and maintain. VPN, policy design, IDS, Web server intergration, DMZ.
Firewalls: CheckPoint FW-1 4.1/NG FP3 & AI, Nokia IPSO version(s) 3.1 to 3.8, NetScreen, Cisco PIX, Raptor, IP Filter (Linux), TIS/NAI Gauntlet, WatchGuard Firebox II, FWTK, Microsoft ISA Server
Packet Filters: PF on OpenBSD, Cisco IOS Firewall Feature Set, Cisco IOS (router) Standard and Extended Access Control Lists (ACLs)
VPNs: CheckPoint FW-1, Cisco Router and PIX, Cisco VPN Router 3640, 3660 & 7140, Nortel Contivity Extranet Switch (CES) 1600, 2600, 4600 ; Microsoft IPSec and PPTP, Linux FreeS/WAN
Remote Access: RSA Ace Server/SecurID, RADIUS, CheckPoint FW-1 SecureClient/SecureRemote, CyptoCard, Cisco Secure Access Control Server (ACS) [TACACS+]
High Availability: CheckPoint FW-1 (StoneBeat on Solaris 2.6), Cisco HSRP, Nokia/Alteon VRRP, Cisco CSS-11150 (AKA-ArrowPoint CS-150), Big/IP & 3DNS along with BGP4 and plain old DNS 'round robin'
Network Analyzers: Snoop, tcpdump, WinDump, Ethereal, SnifferPro, WildPackets EX and AiroPeak
Vulnerability Scanning: WebInspect (SPI Dynamics), eEye Retina, Nessues, Nmap, Hping, ISS Security Scanner, CyberCop Scanner, etc.
IDS: ISS RealSecure, Snort, NFR, Shadow
IP Routing: Static Routes, OSPF, RIP ver. 1 & 2, BGP4, EIGRP, GRE
PROFESSIONAL EXPERIENCE
Allianz Ireland Dublin, Ireland |
(October, 2001 - Present) | ||||||||||||||||||||||||||||||||
|
Technical Security Architect
|
|||||||||||||||||||||||||||||||||
|
Evaluation and re-design of three gateways (B2B, Internet facing and 3rd party): external and internal choke routers and firewalls. Evaluation and response to PEN tests. Analysis, of Broker B2B User Management, via LDAP, with an implementation roadmap including: custom code, Web SSO (Securant) RSA ClearTrust and full J2EE Application Server integration (IBM WebSphere) and IBM Host Publisher (J2EE based AS/400 ‘screen scraping’).
I also had responsibility for day to day firewall administration (Gauntlet, SunScreen, and multiple CheckPoint FW-1 boxes), all on Solaris. I served as the overall technical security advisor, consulting on the security aspects of various projects: Credit Card Auth (for phone reps and Web sites),RIM BlackBerry (GPRS wireless PDA), Experian connections, 3rd party data transfers and B2C Web site security (www.fisrtcalldireact.com).
Wrote the following security policies: Firewall Change Control, DMZ Security (paching SLA), Wireless, Firewall Password.
|
|||||||||||||||||||||||||||||||||
 Ireland.com Dublin, Ireland |
(April, 2001 - October, 2001) |
|
Network and Security Administrator
|
|
|
Ireland.com is the bussiest Web site In Ireland, with over 28 million hits per month.
Such a large site, gets about 5K+ security probes a month. Using CheckPoint FW-1 on Solaris along with StoneBeat FullCluster, I maintained a secure infrastructure. My role mostly focused on www.ireland.com, but was functional across the entire Irish Times Group. I drew up E-mail and Web usage policies and outlined overall security architecture to meet BS7799 compliance. Designed resilient network paths to business critical facilities. Designed a leased line test bed to measure typical network traffic patterns of specific applications.
Wrote an RFP for Dublin wide WAN and also an RFP for VPN (Nokia CheckPoint FW-1 appliances). Outlined a secure process for vendor file upload as part of a new service offering. Used Snort on Solaris 2.7 to do IDS.
|
|
 Irish Aviation Authority Dublin, Ireland |
(Jan, 2001 - April, 2001) |
|
Security Consultant
|
|
|
The Irish Aviation Authority is the Irish Government body which manages Irish air space, control towers and flight management systems. I wrote an RFP (Request for Proposal) for a dual CheckPoint FW-1 pair connected with StoneBeat on Solaris, along with a dual ISP connection. I was also part of the RFP response evaluation committee.
This was a good experience as I have answered RFPs in the past, but this time I got to distil a customers needs and requirements into an RFP and then participate in the review of the responses. Also suggested auditing tools (SysLog for Unix, BindView for Novell) based on customer auditing requirements. Troubleshot DNS mail issues and found security issues with managed Cisco’s in seven locations.
|
|
| Trinity Technology | (July, 2000 - Dec., 2000) |
|
Dublin, Ireland Firewall (CheckPoint FW-1) Engineer / Product & Service Intergration Specialist
|
|
|
Six month contract with client who required a complete overview on setting up a firewall managed service: from a technical perspective. I translated my experience working in a managed firewall service environment (PSINet), and advised them, on how to create such a managed firewall service, from a technical support perspective. Technologies used (Cisco routers, CheckPoint FW-1 on Solaris, NT and Nokia).
|
|
Digifone (now O2) Dublin, Ireland |
(March, 2000 - June, 2000) |
|
Networking and Security Systems Engineer
|
|
|
Digifone is a very innovative GSM provider located in Ireland. Digifone
Is “the worlds first GSM operator to offer on-line shopping to customers using their dot digifone on-line (WAP) service.” My focus was looking at the security aspects of some advanced and as yet un-offered WAP services. Also I designed the network & security infrastructure and advised on the creation of an ISP that will run on top of the GSM network. The ISP will be a straight dial-up ‘free’ ISP, that linked to the WAP portal. It was a very dynamic project with the chance to work with some of the industries top professionals from IBM, Netscape (I-Planet) and Sun on some leading edge mobile E-commerce solutions. My background in mission critical Internet solutions and Internet security was applied to these innovative solutions.
|
|
|
|
|
Cognotec Ltd. Dublin, Ireland |
(July, 1999 - Feb. 2000) |
|
Security Officer/ Global IP Network Architect
|
|
|
As Security Officer I worked with the Security groups at the
following banks to explain and integrate Cognotec's AutoDeal FX (Forign Exchange) On-line Tranding
product with the banks network: Credit Suisse First Boston, First Union,
Wells Fargo, Bank One, Swedbank, Soc Gen, West LB, Sanwa (Japan), Royal Bank of Canada.
Also in this capacity I have designed the model of how Cognotec should
connect to banks and worked with WorldCom & Equant system engineers to create standard Cisco router configurations to ease rollout to banks (hardened Cisco IOS config, NAT, HSRP, routing policies, IP asdressing scheme & ACLs).
Oversaw the installation, configuration and migration of four CheckPoint
firewalls from NT to Solaris 2.6 within our datacenter utilising two
StoneBeat High Availability instances.
Oversaw overall Internet security policy, including designing slides
and high level architecture documents that are provided to all Cognotec customers.
|
|
|
|
|
 PSINet Inc. Troy, New York |
(Jan. 1997 - April, 1999) |
|
multiple positions (from 1/97 to 04/99)
|
|
|
Security Planning and Response Team (SPART) (7/98 to 4/99)
Configured and administrated TIS Gauntlet firewalls for PSINet’s Secure Enterprise customers (Gauntlet ver. 3.2 to 4.2 on BSDI ver 3.0 to 3.1). Also responsible for setting up and maintaining Intranets and dynamic packet filters for PSINet’s Managed Service customers. Additional services provided to Managed Service customers included router and CSU/DSU configuration via remote administration and consulting on the creation of an overall Internet security policy based upon organisational needs and resources.
NetWatch Strategic Support Group (4/97 to 7/98)
NetWatch was created to provide PSINet's top 50 strategic customers with a focused level of technical assistance of the type enumerated under ‘Corporate Installations’ below, yet targeted towards high profile customers such as: The White House, TWA, Merrill Lynch & Co., Inc. Goldman Sachs, The Department of Defense, WebTV, Mindspring, Earthlink, PBS, United Airlines, Council on Foreign Relations, RiteAid.
Corporate Installations (1/97 to 4/97)
Supervised and orchestrated the integration of customer LANs with the Internet. Assisted corporate ISDN and leased line (128K-T1,T3,SMDS) customers both through e-mail and over the phone. Specific tasks included troubleshooting mail packages, router and CSU/DSU configurations, LAN/WAN security, connectivity issues, subnetting internal networks and maintaining/troubleshooting DNS zone records for PSINet customer domains. The role required knowledge of TCP/IP, familiarity with multiple software and hardware platforms, and solid network troubleshooting skills.
I created LAN and Leased Line ‘troubleshooting flowcharts’ that where used by other support personnel, and which became part of an important internal support resource. Also, a version of my flowcharts where eventually shipped to every new PSINet customer as part of the “getting started” pack.
|
|
EDUCATION
|
 University at Albany, State University of NY (SUNY) Albany , NY |
1992 |
|
Bachelor of Arts (B.A) in Political Science (Honors)GPA: 3.92
summa cum laude
Started MPA (Masters of Public Admin.) did 1 1/2 years. |
KEYWORD SUMMARY
Understand all aspects of TCP/IP routing including: RIP ver. 1 and ver. 2, OSPF,BGP4, IRGP,EIRGP and static routing
Familer with BS77999, ISO17799 & SAS 70 security organizational standards: security policies, firewall log review processes, Web site privacy policies, change control documents and processes, server & network documentaion, password change processes, education and implementation
Can troubleshoot all LAN/WAN issues involving: leased lines (128K - T1, T3,SMDS), ISDN, Dial-up, SMDS, Frame Relay, Ethernet and Token Ring
Have dealt with issues pertaining to the following Internet protocols: FTP, POP3, IMAP, SSH, HTTP, SNMP, DHCP, DNS and SMTP
Familer with the following Unix programs: Perl/CGI, Sendmail, BIND, Apachie (HTTP/WAP)
Familer with the following Unix tools: sh, Rsync, wget, Ntop (nertwork top), snoop & tcpdump
Familer with Network Monitoring Programs: Cricket, MRTG, RRD (Round Robin Database), Big Brother, NetSaint, What's Up Gold?, CastleRock SNMPc, TNG UniCenter, HP OpenView, BMC Patrol, CiscoWorks, Nortel Optivity
Total grasp of both DNS resolution and delegation
Understand that Internet e-mail (SMTP) is the major Internet application for most companies, as such I can troubleshoot SMTP issues very well. Have setup, configured and administrated MailSwepper and e-Safe (standalone & w/FW-1) e-mail server virus checking technologies
Familiar with the following routers: Ascend, Compatible Systems, Netopia, Xedia, Livingstion, MorningStar, Rockwell, NT RAS (Steelhead now RRAS), Proteon and Cisco
PSINet used Cisco routers on its backbone so I have a lot of experience with the Cisco IOS
I am familiar with Astrocom, Kentrox, AdTran and Paradyne external CSU/DSU’s and the internal CSU/DSU’s inside Cisco (2524), Ascend P130 and Compatible Systems MicroRouter 1250I and 1270I
Familiar with Unix variants: Solaris 2.x, Solaris 8 & 9, BSDI 3.x, Linux, Free BSD 2.8
Can configure, and troubleshoot, TCP/IP on: VMS, IBM AS/400, All Unix variants, Novell 3.11 – 4.x, MS Windows 2000, MS WIN 3.11, WIN95/98/Me and NT 3.51 – 4.0 (server and workstation)
Understand NetBEUI and Microsoft networking very well: NT IP routing, LMhosts, WINS, NetBIOS name resulution locally and over a WAN, PDC/BDC, PPTP, DUN, RRAS, NT domain issues, WIN95/98 peer-to-peer, Win98/Me/2000 Internet Connection Sharing (ICS), MS Exchange 5.5 & 2000, MS Proxy 2.0 and IIS 3/4/5
|
|