EDWARD TURKALY
abkwhk@r.postjobfree.com
QUALIFICATIONS
Eleven + years IT experience. Experienced policy maker and strategic
advisor, specializing in Information Security Incident Response & Handling,
Vulnerability Management, Disaster Recovery, Business Continuity &
Information Assurance for critical infrastructure. Demonstrated customer
facing consulting, engineering & technical support while having "big
picture" knowledge thereby promoting process, policy and stature advising
decision makers. Consultancy experience with executives. Trained in
strategic decision-making. Counters threats to critical infrastructures.
Strengths include strong leadership traits, team player, excellent
knowledge, visionary perspective, and communication skills.
TECHNICAL OVERVIEW
Technologies: Windows Server 2000-2003 install/config/hardening, Active
Directory Domain Security, Metadata Analysis, AD Schema Extensions & Event
log correlation, Identity Management, PKI, Certificate Revocation
Infrastructures, IDS/IPS, TCP/IP protocols and routing; NAT, VPN, RADIUS &
other Internet Authentication Services.
Operating Systems: Windows Server 2003, Vista, XP, 2000, NT, 98 - 3.11.
Nokia Firewall Appliances, Nokia Voyager, Novell 4.11, some Cisco Pix 520,
some Linux (Red Hat 5.2), BEOS R4.
Software: Active Directory, MIIS, VMware, Veritas/KVS Enterprise Vault,
SAP, Check Point FWl-1 & VPN, CISCO PIX & VPN, Guardian Firewall, Real
Secure Network & Host Based Intrusion Detection IIS/IPS, Exchange Server,
Internet Information Server (5.0-3.0), SQL Server, ODBC compliance, Office
Suite(s), DOS, GHOST, Timbuktu, among others.
Security tools: IBM SiteProtector Internet System Scanner (HIDS/NIDS),
McAfee ePO, Tenable, HPWebInspect, dbProtect, Nessus, NMAP, Spector,
Brutus, CyberCop, Eeye, Hyena, Kane, Riskwatch, Serial Cracker, ShadowScan,
SiteScan, SnifferPro, Snmpwalk,.
Protocols: IPSEC, TCP/IP, SSH, VPN, LDAP, RADIUS, HTTP/S, NetBEUI, PPP,
SLIP, NetBIOS, IPX/SPX among others.
Hardware: LAN/WAN, Routers, Switches, Hubs, PIX/Nokia Firewalls, RAID 5,
Fault Redundant NIC's, among others.
Compliance Experience: FISMA, Certification & Accreditation (C&A), Privacy
Impact Assessment (PIA), System Security Plans (SSP), OMB, NIST (800-53),
FIPS (199, STIGS), SOX, HIPPA, NERC CIP 02-09, GLBA, and ISO frameworks.
Government Experience: Air Force, NAVAIR, Pentagon, DISA, CIA, DOI - Bureau
of Reclamation
High Level Skills: Business Development, Proposals, Project Management,
Defense in Depth, Business Impact Assessment (BIA), Disaster
Recovery/Business Continuity, Security Policy, Assessments, Boundary
Protection, Network Administration; Windows Server Administration; Client
Facing, Public Speaking, Consulting & Technical Support.
CERTIFICATIONS
(ISC)2 Certified Information System Security Professional (CISSP) Cert #:
46026
SANS Global Information Assurance Certification (GIAC) Security Essentials
Certification (GSEC)
Microsoft Certified Systems Engineer (MCSE)
NSA INFOSEC Assessment Methodology- IT Security Organization - Critical
Infrastructure Protection
Business Continuity Planning Training Certificate, Sentryx; Oct 2005
KEY PUBLICATIONS & DOCUMENTATIONS
"Securing Certificate Revocation List Infrastructures" published via SANS
at: http://rr.sans.org/encryption/revocation_list.php
IT Disaster Recovery Plan(s) - CoBank & Coors Brewing Company
Information Security Policies (dozens) - Coors Brewing Company
COLLEGE EDUCATION
*Bachelor of Arts in Philosophy; George Mason University, Fairfax,
Virginia. January 1995
SECURITY CLEARANCES
Active DOD Top Secret / Active DHS Secret / Former United States
Postal Service Clearance
DETAILED PROFESSIONAL EXPERIENCE
SAIC: Manager - Security Operations Center/Computer Security Incident
Response Center (SOC/CSIRC)
U.S. Immigration & Customs Enforcement; Dept of Homeland Security -
Broomfield, CO. 12/09 - Current
Awarded DHS ICE SOC/CSIRC manager position after a very successful
performance from previous position as a senior security analyst.
. Reorganized the 24/7 operations into a much more efficient machine by
prioritizing key SOC/CSIRC processes by; level of complexity, primary
shift dependence, primary and desired SME's and remediation time for
future Service Level Agreements.
. Kicked off CIA project from building key trust relationships with ICE
ISO's. Sold our 24/7 monitoring as a service to help protect Critical
Infrastructure Assets (CIA). Gathered infrastructure details; identifying
future placement of HIDS/NIDS and for inclusion of host info into
SOC/CSIRC incident monitoring tools - zeroing in on true security
concerns/alerts.
. Implemented daily customer operation calls (stand up calls); focusing in
on last 24 hours of most significant events, situational awareness and
tool/health concerns. This greatly increased customer involvement, trust,
and understanding of environment.
. Managed staff performance through "process accountability" - a philosophy
of awarding contributing individuals by giving them key process
ownership. Since I had already prioritized our processes this transparent
design made management much easier, removed process ambiguity by
identifying who is in charge, while preventing bad handoffs or "ball
drops".
. Managed 16 individuals in two different time zones, including 3 sub-
contractors. Managed training, leave time, personal issues and
performance reviews. Maintained respect from employees by leading from
example (getting hands dirty), providing a mid-term vision and, most
importantly, from listening.
. Key participant in SAIC RFP writing, particularly over SOC/CSIRC areas.
Advertised new services for ICE; such as CIA project and penetration
testing.
. Managed the FISMA Compliance program for the ICE Enterprise Operations
Center gaining authority to operate (ATO) to include auditing, conducting
and reviewing vulnerability assessments, completion of 800-53, ST&E, PII,
CP and coordinated our Contingency Plan Test.
. Key customer relationship manager between multiple highly political and
sometimes very divided government leads. Provided sound guidance without
damaging political relationships.
MODIS: Consultant - Security Operations Center/Computer Security Incident
Response Center
U.S. Immigration & Customs Enforcement; Dept of Homeland Security -
Broomfield, CO. 6/09 - 12/09
Improved the internal functions of the DHS ICE SOC/CSIRC:
Performed internal audit and process mapping utilizing CERT Coordination
Center (CERT/CC) process mapping methodology for Incident Response
centers to map all "as-is" state processes - enabling examination of
process routers (inputs, outputs, handoffs, roles, responsibilities,
cross organization boundaries, et.). Re-worked poorly defined handoffs,
missing process activity, bottlenecks and single points of failure.
Identified SOC key business functions and further identified the
subprocess supporting these business functions. Categorized subprocess
as high, med and low for better incident response time. This effort
allowed me to then create visual SOP's, known as "swim-lanes", for each
process allowing executive leadership visibility, understanding and a
better commitment for process improvements.
Customer Relationship Manager for a key ICE SOC government counterpart
(a former Government IT Security Director); ensured success of our
operation support; developed key agreed on strategies.; identified and
delivered on changes to policies and process; provided continuous
improvements and good leadership guidance.
Patch Management (Information Security Vulnerability Management) design
improvements; implemented a new process of patch analysis to help build
"business justification" for emergency change management decisions
. Managed all the ICE SOC internal documentation including system
architecture /compliance documentation.. Ensured customer collaboration
by utilizing sharepoint team services. Directly wrote most, if not all,
ICE SOC vulnerability management and incident response and handling
SOP's, PlayBooks, RunBook guidelines and manuals.
. Created a "knowledge management wiki" internal for the ICE SOC, based on
Media Wiki, allowing for "on-the-fly" changes to occur without
interfering with published documentation.
. Identified gap and stimulated effort that lead to the obtainment and
zeroing in of true ICE mission critical systems. Thru our customer was
able to build case and obtain critical infrastructure FIPS I99 lists
from C&A team. Currently working next steps to input IP's into network
and host based intrusion detection tools (Internet System Scanner) and
Vulnerability Management Tools (Tenable).
. Created an Open Source Monitoring process to "jump ICE decision making
forward" before DHS SOC notifications. Developed an algorithm to examine
individual patch CVE numbers and calculate risks, including Common
Vulnerability Scoring Systems (CVSS) base, temporal and environmental
scores; exploitability scores across multiple SME's. Performed in depth
security analysis during MS Patch announcements (October 2009 was the
largest release every from Microsoft).
Improved lost & stolen equipment process by removing "non-security
incidents" out of SOC and into help desk screening.
ICE SOC customer satisfactory scores maxed out during my tenure - the
first time every for ICE SOC.
BUREAU OF RECLAMATION, DOI - Lakewood, CO. 10/08 -
6/09
Information Security Program Manager Consultant: BOU overseas and DAMs
provides the majority of electrical power for the western half of the US.
Managed compliance program for NERC CIP Critical Cyber Asset Controls &
FISMA Certification & Accreditation (C&A) for Electronic Access Control and
Surveillance Systems (EACSS) at National Critical Infrastructure
facilities; Glen Canyon Dam, Grand Coulee Dam, Shasta/Trinity/Keswick Dams,
and PASS - Snake River Area Office and several non-operational regions.
These physical protection systems provide interrelated methods for
detection, delay, and response to alarms, threats, and other adversarial
actors utilizing access control, ground based radar, and video
surveillance.
Utilizing enterprise security risk frameworks (NERC CIP 02-09 - Critical
Cyber Assets and NIST 800-53) identified those controls having specific
applicability, and then further clarified the implementation of those
controls into Industrial Control Systems (ICS).
Mapped common NERC CIP to NIST 800-53 controls to help consolidate
compliance management program. Identified and improved EACSS Physical
Security & Electronic Security Perimeters.
Addressed cyber deficiencies identified in Technical Vulnerability
Assessments and prioritized project around "greatest potential impact" to
implemented NERC CIP and NIST security controls.
Audited each EACSS installation.
Managed preparation for FISMA Certification and Accreditation (C&A)
providing technical solutions per control objectives. This includes Privacy
Impact Assessments (PIA), System Security Plans (SSP), FIPS 199 impact
categorization, & Risk Assessments (RA).
Architected network security layer with CISCO 1841 Integrated Security
Services and redesign of flat IP subnets. Provided Server Hardening per
STIGS, AD Domain Security, audit policies and event logging.
Provides each client technical support/architecture design & consulting to
include; detailed network diagrams per Nessus scans, site specific System
Security Plans & System Restoration Plans, selection/implementation of
Malicious Code Protections & Flaw Remediation, site specific standard
operating procedures & rules of behavior.
Per DHS Privacy workshops, created Video Surveillance Policy and Procedures
for operational EACSS. Provided Privacy Impact Assessment (PIA) for entire
program.
INDEPENDENT POWER SYSTEMS - Boulder, CO, Area.
08/07 - 8/08
Designed, configured, implemented and maintained entire Windows Server IT
network. Implemented external/internal routing with secure VPN
communication between three remote offices. Implemented a new and hardened
Windows Server/Domain to include remote file sharing. Implemented centrally
controllable Symantec Backup Exec and Symantec Anti-Virus. Configured
CyberGuard Firewall Polices. Created IIS FTP server for connections
involving remote Mac's. Provided log analysis of routers, vpn's, servers.
DURANGO ELECTRICAL SERVICES - Durango, CO, USA
Electrical Programmer/Apprentice 10/06 - 05/07
Took a sabbatical from IT to expand background in integrated electrical
systems & residential power control systems. Provided Lutron HomeWorks
programming and high voltage wiring for new residential & commercial
constructions in preparation of NEC compliance. Experience installing
electrical wiring, mechanical equipment & fixtures. Able to isolate defects
in wiring, switches, etc. Prepared and followed electrical blue prints
determining locations of wiring and equip, based on job specs and local
codes.
THINK NETWORK TECHNOLOGIES - Durango, CO, USA
Business Developer, Sales, Network Administration 3/06-9/06
Developed new business opportunities by bringing in new clients from
marketing, technical sales and word of mouth. Managed all aspects of
quote development. Wrote RFP's for security assessments.
Provided daily network/firewall and windows server/active directory
administration, maintenance (reviewing multiple router, application and
system logs) and configuration for numerous windows networks (under 200
seats) such as GeeGuides, Rocky Mountain ATM, RA Architecture, LaPlata
Family Medicine, Town of Ignacio, Bechtolt and Durango Area Association
of Realtors.
CoBANK- Greenwood Village, CO, USA
Disaster Recovery Coordinator 11/05-3/06
Analyzed current CoBank IT Disaster recovery readiness, plans and recovery
strategies. Delivered a new step by step "master disaster recovery plan"
capturing the entire IT "restoration order" (recovery procedures for
people, process and technology) organized in the most logical order of
events - from disaster to recovery - for any "disruption scenario".
Mirrored VMware from production into hot site and warm site DR environment.
Consultant to various business leaders identifying perceived vs. actual
recovery time objectives and resource or financial plans to address any
gaps.
Managed contracts with all third parties; including SunGard Authorization
Profile, Schedule A; Iron Mountain, SunGard, Sprint, VMware).
Created scheduled for several unique DR test plans including staff mock
tests, isolated system tests, and large scale "surprise" DR drills -
testing staff and vendor readiness.
COORS BREWING COMPANY- IT SECURITY GROUP, Golden, CO, USA 10/02-11/05
Working under the Chief IT Security Officer responsible for setting overall
corporate security strategies. Board Member reviewing all proposed IT
changes on Technical Review Board (for new projects) and Change Control
Boards (enhancements). Created IT Security charter and launched the new
Coors Information Security Board.
Created and implemented Microsoft Identity Integration Service (Identity
Management) business case/project; business case proved a major cost
savings for password resets and allow for more security. Experience with
MIIS and AD Schema metadata analysis and re-configuration more clearly
represent organization master data requirements.
Reviews and approves all firewall policies and change requests (Pix &
Checkpoint), for web hosting/app hosting LAN environments. Reviews and
makes recommendations to Vulnerability scan reports/logs. Continually
provided internal assessments, identifying threats to be reviewed
(mitigated, accepted, or transferred) and presented to board.
Served as Disaster Recovery Coordinator. Wrote IT Contingency DR Plan.
Managed DR schedule; which services, servers, components are in recovery
center; SunGard Hot-Site in Philadelphia. Performed yearly DR drills,
identifying IT testing scope (such as proving SAP transaction integrity)
and criticality scorecards. Monitored/Improved DR Service Level Agreement;
drafted Business Continuity Business Case identifying Business Impact
Analysis (BIA)& Maximum Tolerable Downtimes (MTD) for more effective SLA;s.
HIPPA Security Officer, performed internal audit on entire enterprise
identifying all EPHI data and controls in place or lacking. Maintained
remediation plan of action; ensured continual compliance.
Developed RFP for enterprise vaulting strategy due to a legal underage
drinking lawsuit aimed at Coors. Obtained/Implemented Symantec/Veritas
Enterprise Vault & NetBackup product hands on training. Lawsuit provided 50
key words for a number of key employees: our challenge was to collect
enormous/terabit's of data across unique storage platforms (SharePoint,
file servers, email and personal laptops). Created two classification
levels of vaulted data, one internal and one for the lawyers. The first
containing "all data" collected from pst/nsf migrations; file system
archiving; tape backups; share point archiving components. Using discovery
accelerator "abstracted just the results" into another archived/vault thus
ensuring not too much information was provided (or inappropriate -
confidential information) to lawyers. The layers in turn used discovery
accelerator on there end (a separate instance). Created data retention
polices, Storage Lifecycle Polices & backup policies for integration with
NetBackup (from disk archive to tape library) to disk) - for automated
backup of different types of data/retention periods - improving cost
effectiveness.
Drafted all Coors Information Security Policies & Procedures (password;
encryption; contractor; wireless and many more corporate
polices/procedures).
Privacy & compliance advisor for Coors Legal dept.
EDS - INFORMATION ASSURANCE SERVICES, Herndon, VA, USA. 4/00-10/02
Senior Systems Engineer - Client Projects:
Security Engineer: Coors Brewing Company: Provided an independent security
assessment across multiple client facing platforms and vendors, providing
mitigation solutions for Cornerstone Project. Resolved gaps. Participated
in design of 3-teir environment/positioning of firewalls, routers and v-lan
switches. Architect Wireless Networks for encryption (WEP), device
authentication (Mac address) and user authentication with a RADIUS server,
while planning for digital certificates and SAP authentication. Created
Information Security Polices & Standards. The Polices & Standards severed
as the foundation of the Cornerstone Project & formed the platform for
Coors Brewing Company IS department adoption.
Security Design: Cooperative.com: Provided client RFP support then
designed & implemented the Windows Active Directory LDAP Schema and
Namespace for the Cooperative.com portal -- a one-stop website helping
Cooperative.com partners in the new deregulated US energy environment. I
ensured LDAP Active Directory would include, mirror, & replicate user info
to the four current and all future Cooperative partners. Our design
allowed applications to read fully qualified namespaces or flat, non-LDAP
aware, namespaces. By arranging schema extensions under the UserClass, we
allowed for future single-sign-on & targeted user translation, for example,
by allowing content apps such as Eprise to obtain targeted views for
individual users. We designed LDAP to be centrally controllable, to
facilitate major changes, provide replication, to provide a single POC, yet
to allow partners to control their own apps. During online self-
registration, we designed the schema to allow import of existing user data
from a proprietary database (Ablaze) for verification and transition into a
new Active Directory user account. We provided indexing on attributes
requiring web searches. By installing new attributes & classes from LDIF
Script, we completed the schema implementation. Additionally, we ensured
LDAP would provide future secure methods of authentication, such as storage
of digital certificates & directory-enabling a PKI solution.
Security Assessment: USG 400: USG400 Special Applications Group, focusing
on the security assessment, proposal efforts, technical designing &
packet/sniffing analysis (Eeye, SinfferPro) for a new secure HTTP/SSL/SHH
VPN Tunnel called ICE (Intelligent Communication Environment). ICE is
essentially SSH within SSL with "double 128 bit encryption"), a new
technology created within the EDS labs. My packet level security
assessment verified the connection "appeared" just like any typical SSL
transmission. My participation helped ICE receive the potential to become
a new protocol/VPN for use at the CIA. I provided nine proposal
initiatives to the Central Intelligence Agency. Now ICE is under review by
IN-Q-TEL, a private organization supporting the CIA. ICE is a SSH encrypted
and secure shell/tunnel that travels within any SSL at 128 bit encryption,
effectively providing a discrete level of communication, double encryption,
and concealing the SSH packet header, destination & source address. ICE
includes items such as Private Certificate Authorities, NAT and PKI
services. Most importantly, ICE is platform independent, working with any
Internet connectivity device (PDA, WAP, LAPTOP) without requiring any
additional software or hardware.
Security Assessment/Consultant: DISA Field Security Operations: Provided
RFP details, then independently did a security assessment for clients PKI
Certificate Revocation List (CRL) checking tools and solutions, to ensure
each web users session are authenticated against revocation information on
every separate connection made to the DISA Field Security Operations
systems. This assessment will serve to identify the most secure solution
available from vendors such as Entrust, Baltimore, KyberPASS, VeriSign,
CertCo, ValiCert and Microsoft. The findings serve both for DISA/DITSCAP as
well as EDS PKI Information Assurance.
See my SANS publication on this topic:
http://rr.sans.org/encryption/revocation_list.php
Security Implementation: VenServ: Provided RFP then completed CISCO
boundary protection & Windows Server Hardening. Updated a PIX 520
firewall, added another for fail-over redundancy, configured NAT & firewall
policies, and added CISCO VPN 3DES. Migrated all IIS 5.0 web and servers
and Windows 2000 DNS servers from routable IP's to internal private IP's.
Web servers resided in Windows 2000 active directory, configured each for
Internet Authentication Services. CISCO VPN clients now authenticate
through the PIX to the Windows 2000 RADIUS server, allowing remote users to
log in directly using Active Directory. Implemented each server to use
fault-redundant NIC's and configured paths to two separate redundant
switches, and then to the two firewalls, for complete redundancy. Reviewed
Active Directory & DNS Event Logs addressing discrepancies. Finally,
implemented Windows 2000 Server hardening, removing unused services,
applications and ports.
Security Consultant: United States Postal Service: Drafted RFP. Technical
Team leader providing management and technical documentation for Server
hardening; including testing scripts for deployment on NT, Unix, Red Hat &
Solaris servers, included Application Hardening for Internet Information
Server (IIS 4.0), Systems Management Server (SMS) & Netscape Enterprise
Server. Led development for the Security Monitoring Office, Raleigh, NC.
Designing an Intrusion Detection System (IDS) infrastructure including
monitoring & reporting of incidents tied into the Server Hardening
Configuration Audit Process. Used Real Secure Host Based & Network Based
Intrusion Detection (IPS/IDS) on five subnets with over 150 NT and Unix Web
Servers. The SMO included remote management for two CheckPoint Firewall-1
servers. Served as technical POC for all hardware & software purchasing
requirements. {rovided CheckPoint Firewall-1 training for SMO staff.
Obtained a USPS Security Clearance.
COMPUTER BASED SYSTEMS, INC., Fairfax, Virginia, USA 6/98-4/00
Network Engineer/Administrator
WAN/LAN administrator providing security for the CBSI corporate
headquarters.
Responsible for LAN administration, maintenance & log analysis for over 100
in-house users. Duties included configuration management, testing, and
deployment of servers, workstations, printers, & software applications.
Administered & maintained Cisco 7500 router & Guardian & CheckPoint FW-1
firewalls. Managed upgrade to corporate firewall (Check Point Firewall &
VPN) to allow a virtual private connection with CBSI's parent company -
AverStar, for file sharing. In addition, the VPN provides a secure means to
allow employees to browse corporate file servers. The installation included
the assessment of CBSI's corporate Cisco 7500 router for increased network
security.
Administered Windows systems & services including NT Servers, Microsoft
Exchange, MS IIS 4.0-3.0 including FTP & Outlook Web Access services, MS
DNS, DHCP & WINS Services, MS SQL Servers, MS Proxy Server 2.0, MS System
Management Service (SMS) 1.2, and NT Based Fax Server.
o Elimanted Remote Access Server (RAS) costly dial-in connections and
replaced with Outlook Web Access (OWA) over SSL/HTTPS.
o Upgraded the NT 4.0 Servers to include hardware RAID 5 and to
provide a more efficient secure backup strategy for all of the
corporate servers.
Administered Novell NetWare 4.1 accounting server, utilizing protocol
isolation (IPX/SPX) for only those clients requiring access. Fully versed
in DMZ, TCP/IP and IPX communications protocols & network security.
Performed and maintained daily server backups, provides operating
procedures, and participates in the assessment of LAN hardware and software
for the expansion of the network.
Administered over 55 end user windows machines; troubleshooting all
software issues.
EDWARD TURKALY
abkwhk@r.postjobfree.com