Project Manager
Boris Levit
*** ******* **., ***. ****, Toronto, ON, M2R 3N8, Canada h: (416) ***-****, c: (416) ***-****, skype: bllevit, ac37a4@r.postjobfree.com, ac37a4@r.postjobfree.com, https://www.linkedin.com/in/boris-levit-025a88
Information Systems Security Manager / Architect. CISSP (CN 96686).
20+ years of Security, Unix, Windows, Network, Applications Experience.
EMPLOYMENT HISTORY
InTunnel Monitor, Toronto, Canada. Security Developer / Architect. 09/2017 – current
Develop monitoring of APT (Advanced Persistent Threat), insider and fraud activities.
Use bash, R-language, python, Google Cloud Platform.
Work on SSL covert channel’s revealing project.
Work on User Behavior Analysis project.
HP – HPE - DXC, Toronto, Canada. SOC Security Incident Analyst. 06/2015 – 08/2017
Used GrUD (Inventory Management System), Vigilance (Monitoring and Alerting System), ViTAL (Incident and Change Management), MSS Portal, ArcSight (SmartConnector, Logger, ESM), TippingPoint, Cisco Sourcefire, Pulse Secure, Damballa, kiwi, docker, VMware, Cygwin, OS365, openSUSE, Kali, VB, PowerShell, python, R-language, bash.
Worked with ArcSight Console. Utilized event inspector. Wrote reports, trends, queries, bundle, etc. Configured active channels, filters, tools, etc. Made Use Cases Analysis and Logger search queries, log sanity, other content development.
Made security incident analysis and remediation. Presented recommendations to client's executives.
Made packet analysis (pcap) using Wireshark.
Performed Indicators of Compromise search on client's environment.
Processed JSON output from security sources using jq.
Investigated client's environment, market / technology trends, hacker techniques, etc.
Facilitated Data Behavior Analysis, including User Behavior Analysis and Big Data Analytics.
Worked on DNS queries monitoring to detect DNS covert channel (dns tunneling) and Tor Pluggable Transports.
Developed security incident investigation and other operational procedures. Participated in DevOps Automation efforts. Participated in Threat Risk Assesment, penetration testing and Vulnerability Assessment in our client's environment. Made threat hunting. Worked with Mandiant.
Constantly learned hacker techniques tools and incident handling.
Metsuke, Toronto, Canada. Security Consultant / Architect. Main clients were Deloitte, IBM, TD Bank, Seneca College, CM Inc. 02/2012-05/2015
Performed Vulnerability Assessment.
Designed next generation of SIEM, IAM projects.
Participated in IAM remediation after SOX audit. Audited LOB access systems. Interviewed LOB personnel to find out access management problems. Audit and forensic analysis of DB and applications. Worked with CyberArk, Centrify, Oracle, sqlplus, PL/SQL, MS SQL Studio, SQL Server 2012, WebSphere, SharePoint, AML.
Facilitated hacking incident investigation. Made forensic analysis & remediation, security gap analysis, IT Audit of huge university environment. Interviewed wide range of college personnel (technical workers, professors, college's executives, etc.).
Made monitoring for hardware keyloggers. Built PoC for sufficient defense against USB hardware keylogger threat.
Solved TRA, likelihood, impact, risk evaluation by using harmonized / OWASP risk rating methodology, used ITSG-33, 04.
Operated Vulnerability Assessments, WiFi Wardriving.
Made remediation recommendations (technical and policy including security incident investigation, change management and BYOD).
Designed Qradar and Splunk deployment.
Performed OWASP code analysis.
Investigated mobile and Oracle security.
Analyzed Modbus malicious traffic (SCADA project).
Used Redmine, R, Esper, python, scapy, FIDO, Apache, OpenSUSE, CentOS, Windows, Android, iOS, Novell ZENworks Endpoint Security Management, Xen, KVM, Vmware, Virtualbox, vagrant, packer, Google Compute Engine, lua, botbrew, adb, sqlmap, ruby, perl, sh, eclipse, lapse+, java, IDA Pro.
Worked with USB hardware keyloggers, USBDeview, udev, wireshark, tcpreplay, kbackup, zenmap, nessus, burpsuite, Wigle, Fortinet, rkhunter, Metasploit, Armitage, YaST, Tripwire, Oracle Application Access Controls, NERC, PCI 2 and 3, OSSTMM, OpenID, OAuth, TOGAF, Zachman, SABSA, Websphere.
TD Bank, Toronto, Canada. Sr. Security Specialist, 08/2010 – 09/2011.
Participated in audit and legacy access system remediation after SOX / PCI audit. Resolved integrity and access control problems with server farm configuration. ETL tasks. Programmed on Perl, ksh, awk. Worked with CSV, XML, XSLT, COBIT, COSO.
Supported RSA enVision 4.0 SIEM implementation, analyzed configuration, data collection, SOX / PCI related issues, wrote and analyzed enVision Reports. Provided SIEM RSA enVision results to key stakeholders.
Worked on Suspicious Activity Reports, RBAC, File Integrity.
Repaired OS Hardening; server, storage, private cloud security; security policies / procedures, CyberArk (Privileged Account Security).
Used AIX, HP-UX, Solaris, Windows XP, Vmware, OpenSuSe, Redhat, Remedy.
Avetti.com, Toronto, Canada. Security Consultant / Team Lead, 01/2010- 02/2010.
Restructured ITIL and Company Security systems to accommodate Good Practice standards.
Managed distributed (overseas) sysadmin team.
Worked with Amazon Cloud technology, AWS, AMI, Elasticfox and EC2, SOA.
Conducted E-Commerce risk assessment.
Configured iptables.
Analyzed PCI requirements. Reviewed PCI code / infrastructure (OWASP code review project, ReviewClipse plugin project), performed OWASP web application audit.
Massachusetts data protection regulation project.
Analyzed commercial (Imperva) and opensource tools for WAF project. Installed / configured ModSecurity (with Breach rule set) as a part of PCI Compliance Project.
Built Security awareness program and presented it on team meetings.
Worked with OpenSuSe, CentOS, RedHat, Vmware, Citrix, Xen, Puppet, Chef, MongoDB, java, java swing, jython, git, Ecllipse, perl, shell. Used TOGAF for EPF (Eclipse Process Framework), GoToMeeting.
Dark Matter Development, Toronto, Security Consultant / Architect, 07/2009-12/2009.
Mitigated insider threat.
Redesigned Security / System Architecture, Video Management Solutions.
Wrote security policy.
Performed audit and forensic analysis, Harmonized / OWASP Threat Risk and Vulnerability Assessments. Searched for covert channels.
Analyzed botnet attacks.
Scanned for vulnerabilities by nmap 5, nessus 4 and webinspect, performed OWASP web application audit.
Used Windows Vista / 2008, ScreenOS 5.4 (Juniper), Mac OS X 10.6, iOS, OpenSuSe 11.1 / 11.2, FreeeBSD 7.2, Fedora, Simultaneous Dual-N Band Wireless Router, IP KVM, Brocade, Startech, Foundry Load Balancer, MySQL, Apache, Hadoop Distributed File System (HDFS), Pig, Hive, mediawiki, openldap, Open DS, OpenSSO, postfix, Cyrus imap, OWASP, THC-Hydra, burp suite professional v1.3, autopsy, munin, svn, yafic, dovecot, Time Machine, Xsan, AFP, skype.
Performed PCI compliance analysis, infrastructure / DB / private cloud / code review.
Created anti-spam project. Suggested IronPort+RSA as an anti-spam and DLP decision.
ACL project for FreeBSD and MacOS.
N-Dimension Solutions Inc. (SCADA Security Integration, MSSP), Richmond Hill, Canada. Sr. Security Developer / Architect / Project Manager, 07/2007-2/2009.
Primary responsible for projects management.
Led the design, testing, planning, and implementation of complex projects.
Led the development and implementation of a broad, coordinated set of plans and programs to meet the goals and priorities of the company.
Made the definition of project missions, goals, tasks, and resource requirements; resolve or assist in the resolution of conflicts within and between projects or functional areas; develop methods to monitor project or area progress; and provided corrective supervision if necessary. GO-ITS 24,25.
Participated in outside professional activities to maintain knowledge on developments in the field.
Continuously improved project management toolkits and methodologies.
Was responsible for project staff. Participated in interviewing and hiring process.
Used tools: Fedora c7, Gentoo r6, openSuSe 11, RedHat, Xen, Win2K/XP/Vista/2008, Redmine, System Center Configuration Manager (SCCM), lighttpd, Solaris 10, iptables, MySQL, SCADA, AGA-12, Modbus, DNP3, Perl, sh, bash, PHP, seagull, java, java swing, spring, javascript, flex (lex), bison (yacc), SSL certificates (using openssl), umbrello, gnupg, C, C++, Eclipse, cvs acl, bugzilla, cvs web, syslog-ng, snortalog, Nagios, Android, Nessus, HP WebInspect, N-Stalker, nikto, Paros, OWASP, Pantera, OVAL, SCAP, OpenVAS, SLAD, tiger, nessus plugins development (nasl2), nmap, zenmap, snort (Sourcefire), oinkmaster, ITSA v3.5, Wireshark v0.99.6, Metasploit framework 3.1, ruby, python, Burp Suite 1.1, MoinMoin Wiki, Drupal, Web Content Accessibility Guidelines, lua, NetIQ, Google Mail / Calendar / Talk / Docs, Forensic Toolkit (FTK), etc.
Ruggedized (IEEE 1613 complaint) Platform Project. Used Schneider platform with flash memory drives.
Identity Management Project (AD, OpenSuSe LDAP, Fedora Directory Server, Sun Identity and Access Manager, Novell Identity Manager, WS-Security, SASL). Gentoo and Fedora pam_ldap implementation.
Executed Version Transformation (parsing and lexical analysis).
Wrote Modbus gateway on Android platform.
Participated in cloud computing project.
Performed Ethical Hacking and Vulnerability Scanning Project (Harmonized / OWASP Threat Risk and Vulnerability Assessments) including general purpose and web application vulnerabilities scanning, vulnerabilities analysis, hardening, SELinux. Produced NERC and PCI compliance reports using Nessus, N-Stalker, Webinspect and Burp Suite, performed OWASP web application audit.
Developed Snort SCADA signatures and Nessus vulnerability plugins.
Created Snort enhancement project: EMERALD, SnortSP, SnortSMS.
Contributed to snort reporting and syslog server projects based on complex message filtering, integrating, archiving and visualization made by syslog-ng, snortalog, perl.
Participated in NERC and other industry, Canadian and NIST standards for example ISO 27001/2, COBIT, OSSTMM, Domain Expert Working Groups (further NIST 7628), Compliance projects (OEB / NEB). Security Governance-Risk-Compliance (GRC).
Managed ARP Poisoning project. Wrote SOW, Project phases.
Initiated Security Information Event Management Project (analyzed SRI’s suggestion of EMERALD connected to ArcSight and opensource Squil)
SCADA Audit project.
Assisted in staff development and mentor colleagues as needed.
Used TOGAF, SABSA and Zachman framework.
Participated in Hydro One, Smart Meter / ZigBee / GO-ITS 51, High Availability (HA), HDFS (Hadoop Distributed File System), SDLC Projects.
Used Bugzilla Problem / Change Management. Architected ICT Technical Support Management based on moinmoin wiki.
Security Monitoring.
Third Brigade and OSSEC (Open Source Host Intrusion Detection and Prevention Project – HIDS / IPS)
As a part of projects support I created Network Infrastructure and Servers System Administration (Cisco, OpenSuse, Gentoo, Solaris, Fedora, RedHat, Windows NT/ 2003/ XP/ Vista/2008), Installation, System Configuration, Network and System tuning, hardening, scripting (sh, bash, tcsh, perl), NFS, SMTP, POP3, IMAP, HTTP, HTTPS, DNS, NTP, SNMP, etc.
Research In Motion, Waterloo, Canada. Incident / Security Analyst, 12/2005 - 06/2007
Hummingbird Exceed 7.0, Cygwin, Cygwin-X, KDE, Windows XP, Remedy 5.5, Solaris 8/9/10, AIX, Linux (RedHat, CentOS, LFS, Operator, Novell SuSe, Knoppix, BackTrack, Ubuntu), VMware – installation / configuration / support, Big Brother 1.9e, Mirapoint 4500N (MOS), Sunfire 1600(chassis), B100s (blades), NetApp FAS960 (SAN), Sunfire V210, HP Proliant DL360, IBM BladeCenter XTR14NCE, IBM Blades HS20, RAID management and clustering, Cisco, F5, IronPort AsyncOS 4.7, MS Exchange, PostgreSQL-7.3.4, OpenLDAP 2.1.29, BerkeleyDB 4.2.52p2, Apache 2.0.48, WebSphere, DataPower, Juniper Firewall, syslog-ng, mod_jk 1.2.5, Jakarta Tomcat 3.3.1a, jsdk-1.4, Oracle, Weblogic, Sybase, MS Visio, Axure PR, MS Excel, Evolution, Ethereal, Bluetooth, GPRS, EDGE, EPIC tools, Mars, SolarWinds, Sendmail, SnertSoft, milter, postfix, cloud technology (SAAS), BlackBerry Enterprise Server (BES) Mobile Device Management (MDM), server index query protocol for email reputation and identity project, data flow diagrams, umbrello, SOA.
Service problems resolving. Represented team on CIRT and CM meetings.
Scripting: bash, Perl, PostgreSQL.
SPF (Sender Policy Framework) project.
Security Tools Installation and Configuration: Entrust, chkroot, rkhunter, The Sleuth Kit, Autopsy, EnCase, Cheops, John The Ripper, Nikto, Paros, OWASP, WebScarab, IPTraf, Ettercap, EtherApe, Nessus, HP Fortify 360, Nmap, Kismet, gkismet, Watchfire AppScan, Cenzic Hailstorm, Aircrack-ng, SecureAware, bastard, IDA Pro, ModSecurity, Joomla, Symantec, OpenText, Cisco ACE XML, TippingPoint, WebGUI, SSO, GlobalPlatform SCP02, etc.
Analysed / Redesigned System / Network / Security Architecture.
Enterprise Content Management / Facility Management / Business Objects Assessment Projects.
Anti-Spam Project. Participated in DLP project.
Business Continuity Planning Project.
Security incident response plan.
Forensic Analysis Project. Reverse engineering.
IT Audit. Vulnerability Assessment/Management/Penetration Testing (Threat Risk and Vulnerability Assessments).
Prepared SOW, Project phases, Process Groups for BB Datacenters, etc.
Hacker Technique Investigation (among other stuff learned: Cross Site Scripting, HTTP Response Splitting, Web Cache Poisoning, HTTP Request Smuggling).
Corporate Information Security / Privacy Policy development and enforcement (PIPEDA, FIPPA, PHIPA, HIPAA, CSA Privacy Code, ISO 17799 & 27001/2, CICA 5900, NIST, FISMA, COBIT, PCI regulation, SOX, OSSTMM, Canadian Investor Confidence Rules, Electronic Evidence Act Consultation Paper, OSFI, TOGAF, Zachman, etc.). Policies/Standards Project. EPIC alerts. Development of Mature Security Program.
PCI Infrastructure / DB / code review.
Information security consultative support to all lines of business.
Vendor products evaluation process.
Supported BB e-mail directory service.
Made next projects: Identity Management, Tripwire, Security Governance-Risk-Compliance (GRC), Security Awareness, Security Monitoring Project.
Development an internal information security committee.
WiFi WarDriving Project. Bluetooth Rifle Project. UMTS/EDGE/GPRS WarDriving Project.
Application scanning / firewalling Project including PCI requirements.
0-day Vulnerability Assessment Project. Disk Encryption Project.
PCI Compliance Project.
TRA project, used OCTAVE / OWASP / Microsoft / Harmonized Threat Risk Assessment (TRA) methodologies.
Participated in Business Intelligence audit and development. Worked with Pega.
Participated in Forex Project.
Armor Technologies, Toronto. Sr System/Security Developer.10/2005 - 10/2005
Knoppix 4.02, Armorware – EPIC financial broker tool (secure CD-bootable platform, secure connection, secure server), encfs, ruby, fxruby.
Invision.Com (ISP: B2B and B2C), New York. Unix Group Manager, Project Manager, Information Security Officer. 6/2005 - 9/2005
Worked with next OSes: RedHat ES v4, Fedora, FreeBSD 4.7, Novell Linux (Linux Kernel 2.6.5), Windows XP / 2003, Solaris 10, MacOS 10.3.9, Knoppix 3.9, AS-400
Used:VPN, VmWare Workstation 5, ezmlm 0.53, Qmail, Postfix, InterMapper 4.3, Cisco PIX, BIND, Perl, PHP, Ruby, CDB 0.75, mysql, osCommerce, x, cvs, make, dnscache, ssh, sudo, nmap, Nessus, Kerberos, Apache, Eclipse 3.1, ISO 9000, SAS 70, COBIT, BrightStor, Amanda, mysql, sawmill, LogLogic, LSF, PTS, Quick Base, CRM, Symantec, Active Directory.
Provided Team Management: Team Recruiting and Development, Serving as the primary point of contact and advise, Technology Management (Infrastructure, Desktop / Laptop/ Lab), Service Management (Problem, Change, Service, Configuration Management; 24*7 hours on-call support), Oversight (Interviews, Measurement, Performance), IT Planning (Reports, Project Management, Quality Management).
Coordinated plan to meet SAS 70 compliance.
Managed maintenance and planning IT Infrastructure (around 1000 computer).
Wrote InterMapper Problem Management database / advice system (Perl, cdb).
Resolved Qmail and depended / related software (cdb, supervise, ezmlm, etc.) installation / configuration problems. Installed patches. Made additional configurations, tuning, complex manual lists moving, troubleshooting, anti-spam decision (we moved from SpamAssassin to ProofPoint) configuration, black lists problem resolving, etc. Did it more than 10 times.
Resolved computer upgrade problems.
Made multiplatform laptop run under VmWare – virtual lab.
Made installations, configurations, network management, system / IAM / network / private cloud troubleshooting, test and install new releases, system upgrades.
DNS support.
Made iptables configuration.
IT Audit.
Security Governance-Risk-Compliance (GRC).
Used Avocent KVM over IP solution with DSView.
Made system / network components performance monitoring and capacity planning.
Day to day operations on client sites.
Bluetooth, IEEE 802.11i and RFID security research done for our client (Symbol) barcode reader.
Web site PHP programming.
Interdiction Solutions Inc., Toronto. Consultant. 04/2005 - 05/2005
Tivoli Access Manager design project. Zachman techniques.
ABBI Ontario. Project Architect. 02/2005 - 02/2005
Multiplatform Project. Novell Linux, Windows XP, VmWare, Solaris 10, Solaris Zones, Dtrace. System build, patching, Postfix.
Cisco Systems Inc., Sun Microsystems, Fortuna, San Jose, USA. 01/2005 - 02/2005
Solaris 2.6/2.8, Java, Perl, C, appcert, Tibco, Solaris System/Application upgrade-migration project, reverse engineering, javap, JNI, Inline C, perl XS, SWIG, CPAN. Made interviewing.
Q1 Labs (now IBM), Fredericton, Canada. Security Consultant. 04/2004 – 11/2004
Helped Q1 Labs to add new security feature to their QRadar product (NBAD and SIEM) - IPS.
Made resolvers for their Intrusion Prevention System. Wrote prototypes of TCP Reset, ARP Poisoning, Cisco Switch / PIX Resolvers. Department of Homeland Security liked the product.
Made Vulnerability Assessment Project, TRA.
Made ITIL project (Remedy ARS, ITSM). Used Knowledge - Artificial Intelligence technology designed by UNB.
Security Information and Event Management Project.
Analyzed project components security.
Worked with:
oNessus 2.0.10, Nessus Transfer Protocol, NASL2, NessusWeb 1.0.1
oBRO 0.8, snort.
oVmWare 4.5, SuSe 9.0, Windows 2000/ XP / 2003, Fedora, RedHat, Solaris, AIX, HP-UX
oQRADAR 3.0 installation and configuration
oC, gdb, C++
oPerl 5.8.1
olibpcap, Net::Pcap, Net::PcapUtils, Net::RawIP, libnet, libnids, NetPacket::Ethernet, NetPacket::ARP, NetPacket::IP, Net::Telnet, Net::Ping, Net::Ifconfig::Wrapper, Swing, CPAN.
oiptables 1.2.8, Firewall-1
oMIMIC, IOS 12.1 / 12.2 / 12.3, Catalyst 3550, Mars.
oEclipse 3.1, J2EE, Apache, mod_auth, servlets, JSP, Tomcat, Ant, Junit, JNI, Hibernate, Sun Java System Message Queue Platform Edition 3.5 SP1, java swing, jta 2.0 (Java Telnet/Ssh), Secure iNet Factory (by Jscape), cvs, Fast BugTrack, PostgreSQL, MySQL, SOAP, XML, SAML, JavaScript.
oNetflow, QoS, IPSEC, Managed Object Format, sendmail.
SecuryVision / ADT, Fredericton. 05/2004 – 06/2004
Wireless IP Video Monitoring Project. Satellite Internet connection Project, sendmail, web and other Internet services, digital cable.
Worcsnet Inc., Toronto. IAB Studio, Installation/Testing Project. 03/2004 - 03/2004
j2dk 1.4.2
jboss 3.2.3
Oracle 10g.
EZD Consulting Inc., Consultant. 02/2004 – 03/2004
Web Surfing project:
PHP, C, gdb, Perl, MySQL, HTTP / Mail (sendmail) / Thread / DBI Perl modules, FreeBSD, RedHat.
IT Audit, TRA, reviewed current Security Architecture
Sinsational Intertaiment Inc. (on-line casino, gaming, sport betting) Antigua. Technical Operations Manager, Project Manager, CISO. 10/2003 - 12/2003
Cisco PIX, NetScaler (Application Load Balancing), IIS, SQL Server, Game applications, FreeBSD SMTP, MS Exchange Server, MRTG, WMI scripting, batch, SFU, sendmail, etc.
Planned VPN and VoIP architecture (Avaya) with access controls through RSA tokens (identity management), VoiceXML.
Designed Tivoli Access Manager for Websphere Application Server based portal; enabled granular authentication and authorization through integration with existing LDAP; Single-Sign-On policy; Microsoft security policy.
Reviewed Network / Application / Security Architecture. Made Threat Risk, Vulnerability and Privacy Impact Assessments (TRA / VA / PIA). Identified areas of improvement. Redesigned Security Architecture.
Did Ethical Hacking through encrypted (SSL) channel. Database Security: used SQL Server 2000 security tools (SQL Scan / Check / Critical Update Wizard), checked DB Authorization and Authentication Control. Investigated SQL Injections problem.
Managed IT division.
Planned Business Continuity (Disaster Recovery), made Enterprise Resource Planning (ERP).
Made remote management, patching, software distribution, job scheduling, incident / change management.
McGill University, Montreal, Canada. IT Security Analyst. 05/2003-09/2003
Facilitated next projects: Tripwire v.4, EPIC tools, Cisco PIX Firewall (Cisco 7600), VLAN and VoIP, VmWare, Knoppix project. For these and other projects used next environment: Solaris, Windows XP, Windows 2000, RedHat, HP-UX, AIX
Made Forensic Analysis, collected evidences, made network scanning for vulnerable and infected (hacked) hosts used The Sleuth Kit, SANS Investigative Forensic Toolkit.
Developed Perl program for Computer Statistic Reports.
Participated in Threat Risk and Vulnerability Assessments (TRA / VA).
Worked on Sarbanes-Oxley compliance project.
Used COSO and COBIT methodologies, ISO17799.
Worked on HIPAA, HL7 compliance projects with Medical faculty and Nursing school, used Epic and McKesson Systems.
Mitigated effects of RPC DCOM based exploits, spyware.
Scanned internal network using Retina.
Made McGill Wireless Zone Project.
Participated in Anti-Spam Project, worked with sendmail and mail clients.
Participated in McGill Anti-Virus Project.
Participated in Hitachi SAN Project.
Participated in RSA SecureID Project.
ABBI Ontario, Toronto. Security Consultant. 01/2001-03/2003
Among clients were: Odyssey, IntrusionCheck.com, RT Capital, CIBC, Photon Dynamics, CIBC World Markets, Ministry of Transport, CITC College, Look Communication Wireless Services, Direct Leap Technologies. Made next projects:
Blade System Developing.
Perl CGI blog.
Axis Embedded Linux.
Managed outsourcing development.
Web Robot, IDM, MIME Message Robot Project. Based on shell scripting, sendmail, metamail.
Developed IT Security courses
Public Anti-terror Service Project. Strong Multi-source Biometric for Permanent Authentication.
PGP e-Biz Server v 7.1 on hardened Windows 2000 platform.
Reviewed current Security Architecture.
Identified threats and areas of improvement.
Some clients wished only standard system tools were used (they especially asked don't use any "hacker" technique). Made system review, analyzed results and prepared recommendations. For example I checked DNS (bind), sendmail, NIS+, nsswitch, samba, eeprom, network parameters (ndd), and etc. configuration. Made Threat Risk Assessment according to GLBA 501(b).
Mitigated the effects of the Nimda Virus and Prevented Further Infection. Made special Firewall-1 (Nokia platform) configuration to prevent further infection during browsing infected site.
Made penetration / vulnerability test/analysis using nmap, nessus, saint, tcpdump, snoop, dsniff, openssl, nc, shell scripting.
Facilitated Sunscreen to Firewall-1 migration + firewall hardening using yassp. Solaris
Updated MTA (sendmail, postfix, qmail).
Returned ISP under management control from former employee control.
Circadence Corp., Toronto. Security Specialist, Project Manager. 4/2000-8/2001
Provided security decisions for more than 750 computers located in extremely complex network environment. For example 700 computers were Internet Backbones and we had dynamic DNS resolution depended on user location and request type. Estimated QoS project value was $15 million.
Made security analysis (architecture / protocol / code review), data classification, architecture, design, developing and testing for QoS subprojects (mainly Web applications). Worked with Kerberos. Used purify.
Created Web Application Firewall Project for Conductor QoS.
Tuned QoS performance. IP Measurement Protocol (IPMP). HP OpenView NNM.
Performed SSL analysis for QoS. Investigated features of SSL protocol and possibility to use it in our services. Wrote report about using cryptography hardware. Found explanation why suggested previously SSL implementation would not work properly with a corporate firewalls and made working decision quickly and under pressure. Created special type of root and web certificates configured necessary tools and made test examples using Apache, mod_ssl, OpenSSL. Implemented RSA BSAFE (PKI) software. Worked with PKCS. Debugged and changed "black hat" tools. Developed penetration tools and "ethical exploits" using shell scripting, Perl, C, gdb and assembler. Did "ethical hacking" using nemesis, saint, nessus, tcpdump, ethereal, dig, whisker, nc (netcat), etc. against UNIX and Windows NT/2000 applications. Wrote Linux, Windows and HP-UX shellcodes. My automatic auditing tool (I invented web application 0-day vulnerability scanner) found in two week more bugs than whole QA division in half year and I even got best employee award. This tool was based on buffer overflow and malfunction requests used HTML, SSL, WebDAV and other protocols. Another penetration tests were based on vulnerability identification and exploitation - I crushed whole system sending only one manually crafted packet.
Performed hardening analysis and created hardening procedure for Gateway Conductor Product (Circadence QoS) based on HP-UX 11; nmap and saint cannot recognize OS type of my hardened site. Used tools like tripwire, ssh, tcp-wrapper.
Provided comparative analysis of IDSes (RealSecure ISS, Dragon, etc.), designed and implemented Intrusion Detection System on UNIX and Windows NT platforms.
Performed Risk analysis and designed security for Gateway Conductor Project (Circadence QoS), made Threat Risk Assessment as far as Vulnerability Assessment.
Developed C/C++ license library. Used Harvest.
Made SAP ABAP Evaluation Project.
Wrote security policies.
Did special ssh debugging for trusted HP-UX. Did hacker's techniques investigation. Did penetration tests. Created exploit's library. Did project design: wrote working plan proposals, concept papers, and functional specifications. Participated in network management project using HP Open View, IPSEC, SNMP
Manulife Financial. Toronto. Canada. Senior Technical Specialist/Internet based services, Security Officer, Project Manager, Sun/AIX Administrator. 3/98-4/2000
Supported more than 40 middleware computers and provided Internet support for Manulife users (more than 10000) on UNIX and Windows platforms.
Participated in Change Management Team, Problem Management Team (Manulife Computer Incident Response Team - CIRT) and IT Service Management (ITSM) of the company, supported Manulife ITIL design (based on Remedy Action Request System).
Was responsible for a Firewall/CiscoSecure upgrade project, system/security analysis and isolated problem area, data classification, capacity planning, design, implementation (including hardware assembling and software installation/ configuration/ tuning). Summary value of the project was half million. Made several upgrades using DiskSuite (on first level) and Veritas Volume Manager (on next level) file systems, RAID management and clustering.
Tuned performance, security and hardening.
Made Threat Risk, Vulnerability and Privacy Impact Assessments (TRA / VA / PIA).
Installed and configured Axent Intrusion Detection System.
Ensured "5 nine's availability" of Manulife e-commerce (in a long chain: DNS – firewalls – load balancer – websites - WebSphere Environment - AIX based DB2 - MQ Series – mainframe ETL - Applications - Remedy) including Support, Business Continuity and Disaster Recovery Planning.
Performed System analysis, Solaris 2.6/7/8 Sparc Platform Edition / AIX / Corel Linux / Windows NT / Mac OS X and Solaris 8 Intel Platform Edition server/desktop/laptop installations and configurations.
Managed Manulife firewalls and remote network access (CiscoAccess). Supported e-commerce projects.
Resolved Internet mail problems (like mail avalanche problem, sendmail configuration problems, sendmail errors, virus, spam and relay problems, procmail configuration); OS system problems (like /var system overfull problem when visible files eat only 2% of partition space); firewall problems (like proxy creating, monitoring security).
Worked with FIX Protocol; log monitoring, syslog server configuration; supported web applications, load dispatching, database and financial applications; supported both internal and external DNS (bind) and resolved name resolution problems.
Supported Manulife Internet Steady State for internal and external users (more than 10000) using Action Request System and by phone.
Supported CiscoSecure (used Radius and Tacacs+) and access reports (made by shell, Perl, SQL and PL/SQL), Sybase, Oracle, resolved CiscoSecure problems; supported disaster recovery. Reviewed DB2 UDB Security.
Made System Support for developing groups and business applications (Murex, custom Ingres based Equity Derivatives trade system, etc.). Made password management and systems logging. Made iPlanet Messaging Server and Gauntlet VPN implementations. Supported Sun and AIX and managed product life cycle.
Took
Contact this candidate