Howard M. Greenspan
**** ****** *** #*** *** Diego, CA ac1ts5@r.postjobfree.com 678-***-****
Information Technology Security Specialist
Mr. Greenspan is an IT Security Specialist with over 25 years of experience in investigating malware, web vulnerabilities and viruses, quality assurance of security products, penetration testing of networks and websites, and planning and implementation of enterprise information-security solutions. Mr. Greenspan has participated in creating over two dozen software products for software engineering, enterprise, and consumer technology segments. Recently, Mr. Greenspan has extensive experience as a liaison between QA, Engineering, and Support to handle complicated issues with software security product lines (HP WebInspect, AMP, QAInspect, DevInspect ESET ERA and Fortify SCA). Mr. Greenspan has a strong security background originating from his experience on the IBM Internet Security Systems X-force combating malware and disassembling the code red virus. Mr. Greenspan has also worked for Clark Atlanta University, a 5,000 user network consisting of IDS systems, anti-virus and 24/7 SIEM monitoring of anomalies and incidents.
Professional Experience
ESET, San Diego
Malware Agent, Business Agent, Software Developer II 3/24/2015 – Current
Resolved malware infiltrations for large business customers and helped create new detections
Act as a mentor and a liaison to bring team members together technically to work towards a common goal
Created performance tools and log collectors to resolve common issues with our products
Trained new members of the business support team to succeed in their roles
Researched new threats and infiltrations in the wild to keep up to date on customer issues
Created and improved Knowledge base articles for top business support issues
Assisted with ESET MSP, Partners including Labtech and Kaseya specific issues
Helped with front line support teams with training and problem resolution
Speaker at ToorCon San Diego over ransomware protection with whitelisting
Help customers with PCI-DSS compliance
Cyber boot camp instructor helping high school students learn cyber security
Flying Cloud Technologies, Santa Cruz, California / Roswell, Georgia 7/1/2014 – Current
Founder, Product Manager, Penetration Tester
Conduct Penetration tests and report and remediate findings with customers (Nessus, Burp, etc)
Created Security Threat Intel SIEM product the language used is C#
Create Splunk filters and Wireshark add-ons in order to filter large data sets
Provide security policies and countermeasures
PCI and HIPPA compliance checks with clients
Assist with the SDLC security with QA and Development
Hewlett-Packard ASC / Fortify (SPI Dynamics, Inc.), Alpharetta, Georgia 12/12004 – 6/13/2014
WebInspect Sr. QA Analyst, Sr. Information Security Analyst, Tier 3 Vulnerability Remediation Support, QA Manager Security Products
Supervisor Ken Bargeron – 770-***-****
Presented at HP Universe speaking on securing the SDLC from start to finish in a live demo using all our products to remediate a security threat and how to solve it in the source code
Won the Global Support Delivery Fab 5 award in December 2009 for creating the HP secure upload process this was used by 30,000 support engineers
Performed penetration tests for customers with difficult scanning issues and documented these issues into the bug tracking system to improve the product
Recommended security improvements for future releases investigated vulnerabilities and how to detect them with our products Arcsight, Fortify, Tipping Point and Webinspect
SME with creating system architecture recommendations and implementing solutions with customers using our product lines
Taught security and hacking methods and mentored colleagues
Built security lab environment for real customer testing of our products
Helped with PCI and HIPPA compliance with customers
Documented security lab procedures
Documented defects relating to WebInspect, AMP, DevInspect, Secure Objects using Mercury Quality Center and Team Foundation Server
Created a web based security knowledge base running on python/plone Worked through customer scan data to figure out if security vulnerability was exploitable
Advised and created HP support tools in order to reduce the number of support calls
Found XSS/SQL Injection and other vulnerabilities in customer and client web sites which were added to our regressing testing
Performed quality assurance and testing on three product lines (WebInspect, AMP, DevInspect) executing up to 300 tests per sprint
Supported customers with relentless enthusiasm and a goal to have them succeed with our products and our team
Installed and tested IDS/IPS systems and worked with customers to remediate their security issues
Pathfire, Inc., Roswell, Georgia 01/14/2003-12/1/2004
Sr. Systems and Security Administrator
Established an IDS system consisting of ISS Site Protector attached to a ISS Proventia’ G appliance
Established a weekly penetration test to ensure that there was no unknown systems on the network, identified the production environment security position, and provided a detailed report on how to close the system
Established a desktop defense system internally in the event of a front-line or perimeter breach; this system included firewalls, IDS and application MD5 checking, allowing the end-user to continue using the desktop
Created a central logging server that imported the following logs to one location: PIX 520, Linux, Solaris, and Cisco switch traffic, in order to get a high-level view of the issues at hand
Maintained security on over 1,500 production servers at customer sites, including 250 internal workstations
Helped with QA on the Digital Media Gateway to ensure it was released on time
Documented defects using Mercury Quality Center
Maintained and planned NT Exchange 5.5 to 2003 Exchange 2003 migration
Created Internet ethics policy for the company
Created wireless and general system use policy
Audited our product and documented security vulnerabilities and solutions
Clark Atlanta University, Atlanta, Georgia 2/14/2002-1/14/2003
Sr. Information Security Engineer
Advised and implemented solutions in all aspects of Network and Host Based Security
Converted a malfunctioning PIX 520 Firewall to Check Point NG Firewall-1
Established Dial-Up, Wireless, Secure Use, Safe Computer Practice, and Internet Ethics Policies
Developed campus wide Intruder Defense System using Snort, Dragon and ISS Real Secure IDS
Performed and analyzed Penetration Tests
Geared the University towards security by leveraging the benefits and features of a secure well run corporate enterprise
Handled FBI investigations and reports on how and why an incident happened and how to prevent it, likewise called on events that were discovered internally
Audited internal and external machines for security issues then repair them with client services that were responsible for them
Installed and configured Norton CVP anti-virus for gateways and Norton Symantec Web Security content filtering
Installed and configured Norton System Center for 1,800 workstations
Maintained Internet connection for 5,000 people
Changed e-mail remote and internal from no encryption to SSL
Managed 150K budget for security tools and protection
IBM Internet Security Systems, Atlanta, Georgia 2/1/1999-2/102001
X-Force Vulnerabilities Assessment
Completed Check Point RealSecure 5.5-6.0 QA product lifecycle SDLC
Created IDS assessment policies for the Global Threat Operation Center (NOC)
Performed research on all current and past exploits, Trojans, DOS, DDOS, worms, virus, spy ware, IDS products, enterprise, and home firewall systems
Watched for and identified patterns in malicious data with network sniffing software
Tested IDS systems for accuracy
Developed capture files to replay the malicious data for IDS to test and for developers to build into the product
Performed demos to show the effects of vulnerable IIS servers that are deployed (Code Red, Code Blue, Nimda)
Wrote draft security advisories and supplied research for numerous publications to provide information to customers and the general Internet public via http://xforce.iss.net
QA on RealSecure CheckPoint IDS product up to RealSecure 6.0 over 300 implementations of the product with Solaris, NT, and IPSO Nokia based systems each cycle
Used StarTeam and Visual Source Safe to control code and scenarios
Beta tested scenarios and feedback requirements from customers
Evaluated products for purchase
Performed load testing and evaluations of the product under great network stress
Participated in FIRST teams, CERT, Trojan, DDOS, and worm disassembly to educated the public on the capabilities of IDS systems
Developed and reviewed Ethical Hacking training course that ISS offers (Penetration testing, IDS, CGI, IIS)
Education and Credentials
Bachelor of Science Degree in Computer Information Systems 1998
DeVRY University – Decatur, Georgia
Professional Training and Certifications
Check Point Checkpoint Certified Security Administrator (CCSA), RealSecure, Internet Scanner, SAFEsuite Decisions, Navision Academy US 101, Delivering Effective Service, MS SQL 7.0, MS SMS 1.2, MS NT 4.0, XP and 2003 Certified MCP, Management and Leadership, MS Exchange 5.5, QualysGuard Vulnerability Management Certified, WebInspect Certified, Security+, StorageCraft Certified Specialist
Professional Affiliations
Information Security Community, Blackhat, Defcon, ISS Alumni, Security Leaders Group, OWASP
Known/Used software and hardware: CheckPoint, ESET Business Products EndPoint EEA/EES 4.x, 5.x, 6.x, ESET Remote Adminstrator 5.x and 6.x, ESET Mail Security and File Security 4.x and 6.x, Fortify SCA 4.x, Webinspect Enterprise, WebInspect 5.0-10.20, AMP, QAI, DevInspect, CheckPoint Nokia IP440 NG R55, Checkpoint Firewall-1, Checkpoint Firewall NG, Checkpoint Firewall-1 3.0-4.1-NG, Zonealarm, Mcafee, Raptor, Cisco Pix 535 Firewall, Sygate firewall, Corporate Exchange, Firewall-1, Content Vectoring Protocol with Symantec Norton Antivirus, Eeye Retina, Nessus, Nmap, Secure Objects, Internet Security Systems (ISS) Internet Scanner, ISS Database Scanner, Cybercop Scanner, AMP 1.0-9.2, Wireshark, Sniffer Pro, MS Network Monitor, Snoop, Blue Coat Proxy, Netcache Proxy, Microsoft ISA, Kiwi Sawmill, IIS, Apache, Web Sphere, Redhat Linux, Linux, Solaris 2.5.1/2.6/2.7/2.8, Windows 7,8.1, 10,Slackware, Centos 6.x and 7.x,Solaris x86, Mac OS X, BSD (Open 2.8 and Free 4.3), Slackware 14.x, DOS, OS/2 Warp 3.0, Office 98-2013, IP tools sets, Dragon IDS, Snort, Silent Runner, net x-ray, Hyena, SMS, Norton Anti-virus, Winrunner, StarTeam, Ghost, Linux Jumpstart, Navision CCAPs, FTP, PGP, TCPdump, ISS SAFEsuite Decisions, Network ICE Gigabit, Dragon NFR, Server Sensor, Exchange 5.5-2003, NT Server, Win 2000,2003,2008,2012 Server, SQL Admin, MS C++, C#, GNU C, Python, Visual Basic, C++, C, familiar with PERL and shell code, COBOL, Q basic, Visual Studio 2015, Hayes/USR/ISDN Modems, Compaq Servers, Dell Servers, HP Servers, SQL 6.5-2014, Access, Navision Financials, Remote Control Systems, Bomgar, VNC, Visio, WinHex, FileMon, RegMon, TweakUI, Adobe PhotoShop, Splunk SIEM, Arcsight SIEM, Veritas Backup Exec, SAN, Norton System Center, desktop defense, IPX, UDP, TCP, SSL, Rational Rose, JIRA, and Jenkins, Kali-Linux.
Posted Security Advisories Researched:
http://web.archive.org/web/201***********/http://sandiego.toorcon.net/conference/#16
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise91.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise90.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise89.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise88.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise80.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise79.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise78.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise77.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise75.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise74.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise73.html
https://web.archive.org/web/201***********/http://www.iss.net:80/threats/advise65.html