abo8ib@r.postjobfree.com
PAUL BATTISTA
* ******* ***. **********, ** 06062
OBJECTIVE:
To maintain a position in information security where I can use my experience and technical knowledge to help secure
information systems and IT infrastructure. To be challenged and pushed to the limits in order to solve complex logic
and technical problems. To perform innovative research and stay on the leading edge of technology, attacks, defenses,
and security intelligence.
PROFESSIONAL EXPERIENCE:
Aetna Inc. Senior Security Engineer, Middletown, CT Oct. 2007-Present
Design and implement security solutions and policies to ensure the protection of Aetna s data. Perform security assessments of internal,
external, and newly acquired companies applications using penetration testing techniques. Assist in investigations and the incident response
process. Perform security research on new technologies for unknown vulnerabilities.
Protiviti Inc. Senior Security Consultant, New York, NY July 2005-Oct. 2007
Responsible for overseeing and participating in penetration testing teams and security reviews for countless Fortune 500 clients in multiple
industries. Engagements include scope such as web applications, infrastructure, wireless, social engineering, physical security, policy,
compliance, incident response and forensics. Designed and built the web application penetration testing methodology and product offering.
Coach junior team members with professional development of technical penetration testing capabilities.
Connecticut Computer Crimes and Electronic Evidence Unit, Ambassador, Meriden, CT May 2004-Aug.2004
Under the supervision of Dolphin Technology Inc., Cyber Science Lab, and Dr. Henry Lee, I experimented with various forensic programs
including the latest versions of EnCase, FTK, and Smart. Set up an undercover computer and assisted in investigations. Helped manage the
network by completing tasks such as configuring the firewall, backup software, and antivirus software.
Computer Forensic Research and Development Center, Dr. George Curtis & Dr. Donald Rebovich, Volunteer
Forensic Consultant/Research Assistant, Utica College, Utica, NY Sept. 2003-Jan. 2005
Assisted in assembly of a new computer forensic lab and made recommendations on forensic hardware and software that should be purchased
within budget. Built systems with various Windows and Linux operating systems and installed appropriate forensic software. Researched
topics involved with economic crime investigation and assisted to compile problems to teach an economic crime investigation class. Taught
classes on net worth analysis fraud investigation techniques and the program Analyst Notebook. The majority of research focused on identity
fraud/theft and network security.
New York State Office of the Attorney General, Intern, Utica, NY Jan.2004-May 2004
Mediated and investigated consumer complaints. Assigned proactive consumer protection cases as well, including critical Internet and
computer security issues.
EDUCATION
Bachelor of Science from Utica College of Syracuse University, Criminal Justice-Economic Crime Investigation,
focusing in Computer Security Sept. 2001-Dec.2004
Graduated Summa Cum Laude with cumulative GPA- 3.81. Completed Utica College s Honors Program. Member of
the National Honors Society.
SANS Training- SEC 504- Hacking Techniques, Exploits and Incident Handling (GIAC certification GCIH), SEC
617 Assessing and Securing Wireless Networks (GIAC certification GAWN) Member of the SANS Advisory Board.
Black Hat Training- Exploit Laboratory: Analyzing Vulnerabilities and Writing Exploits, Automating Exploit
Detection: Cutting-edge Tools and Techniques
OTHER QUALIFICATIONS
Founder of the research group Security Experiment. Regular attendee and speaker at security conferences & professional organizations such as
OWASP, ISSA, HTCIA, ShmooCon, DefCon, ToorCon, SANS, & Blackhat. Given presentations on topics such as Writing Buffer Overflow
Exploits, Metasploit, SQL Injection, Lockpicking & Penetration Testing to ToorCon, OWASP, ISSA, educational institutions, & internal
Protiviti Security Team. Performed research, developed tools or published articles on wireless, handcuff security, blind SQL injection
techniques, social engineering, & malicious code. Other areas of expertise include network surveillance/sniffing, SQL injection, cross site
scripting, password cracking, static binary analysis, IPS evasion, buffer overflows, man in the middle attacks, lock picking, incident
response/forensics, fraud investigation, SOX 404, HIPAA, GLBA, FFIEC, PCI, server hardening, virtual machines, & more.