Security Architect
Boris Levit
Toronto, h: (416) ***-****, c: (416) ***-****, skype: bllevit, ac5hym@r.postjobfree.com, ac5hym@r.postjobfree.com
Information Systems Security Manager / Architect. CISSP (CN 96686).
20+ years of Security, Unix, Windows, Network, Applications Experience.
EMPLOYMENT HISTORY
InTunnel Monitor, Toronto. Security Developer / Architect. 09/2017 – current
Develop monitoring of APT (Advanced Persistent Threat), insider and fraud activities, TRA.
Use bash, R-language, python, Google Cloud Platform, G Suite, Kubernetes, gcloud, Avanan, Netskope (CASB), OpenSuSe, Tails, Amazon EC2 Bare Metal Instances.
Work on SSL covert channel’s revealing project.
Work on User Behavior Analysis project.
HP – HPE - DXC, Toronto. SOC Security Incident Analyst. 06/2015 – 08/2017
Used GrUD (Inventory Management System), Vigilance (Monitoring and Alerting System), ViTAL (Incident and Change Management), MSS Portal, ArcSight (SmartConnector, Logger, ESM), AD, TippingPoint, Akamai, Cisco Sourcefire, Pulse Secure, Damballa, kiwi, docker, VMware, Cygwin, OS365, openSUSE, Kali, VB, PowerShell, python, R-language, Checkpoint, bash.
Worked with ArcSight Console, Activate Framework. Utilized event inspector. Wrote reports, trends, queries, bundle, etc. Configured active channels, filters, tools, etc. Made Use Cases Analysis and Logger search queries, log sanity, other content development.
Made security incident analysis and remediation. Presented recommendations to client's executives.
Made packet analysis (pcap) using Wireshark.
Performed Indicators of Compromise search on client's environment.
Processed JSON output from security sources using jq.
Investigated client's environment, market / technology trends, hacker techniques, etc.
Facilitated Data Behavior Analysis, including User Behavior Analysis and Big Data Analytic. Used Rattle (R Analytic Tool To Learn Easily) for data mining and classification.
Worked on DNS queries monitoring to detect DNS covert channel (dns tunneling) and Tor Pluggable Transports.
Developed security incident investigation and other operational procedures. Made Root Case Analysis (RCA). Participated in DevOpsSec Automation efforts. Participated in Threat Risk Assesment, penetration testing and Vulnerability Assessment in our client's environment. Made threat hunting. Coperated with Mandiant.
Worked with regulations: SOX, ISO 27001, GDPR, PIPEDA.
Constantly learned hacker techniques tools and incident handling.
Metsuke, Toronto. Security Consultant / Architect. 02/2012-05/2015
Main clients were Deloitte, IBM, TD Bank, Seneca College, CM Inc.
Performed Vulnerability Assessment.
Designed next generation of SIEM, IAM projects.
Participated in IAM remediation after SOX audit. Audited LOB access systems. Interviewed LOB personnel to find out access management problems. Audit and forensic analysis of DB and applications. Worked with CyberArk, Centrify, Oracle, sqlplus, PL/SQL, MS SQL Studio, SQL Server 2012, WebSphere, SharePoint, AML.
Facilitated hacking incident investigation. Made forensic analysis & remediation, security gap analysis, IT Audit of huge university environment. Interviewed wide range of college personnel (technical workers, professors, college's executives, etc.).
Made monitoring for hardware keyloggers. Built PoC for sufficient defense against USB hardware keylogger threat.
Solved TRA, likelihood, impact, risk evaluation by using harmonized / OWASP risk rating methodology, used ITSG-33, 04.
Operated Vulnerability Assessments, WiFi Wardriving.
Made remediation recommendations (technical and policy including security incident investigation, change management and BYOD).
Designed Qradar and Splunk deployment.
Performed OWASP code analysis.
Investigated mobile and Oracle security.
Analyzed Modbus malicious traffic (SCADA project).
Used Redmine, R, Esper, python, scapy, FIDO, Apache, OpenSUSE, CentOS, Windows, Android, iOS, Novell ZENworks Endpoint Security Management, Xen, KVM, Vmware, Virtualbox, vagrant, packer, Google Compute Engine, lua, botbrew, adb, sqlmap, ruby, perl, sh, eclipse, lapse+, java, IDA Pro.
Worked with USB hardware keyloggers, USBDeview, udev, wireshark, tcpreplay, kbackup, zenmap, nessus, burpsuite, Wigle, Fortinet, rkhunter, Metasploit, Armitage, YaST, Tripwire, Oracle Application Access Controls, NERC, PCI 2 and 3, OSSTMM, OpenID, OAuth, TOGAF, Zachman, SABSA, Websphere.
TD Bank, Toronto. Sr. Security Specialist, 08/2010 – 09/2011.
Participated in audit and legacy access system remediation after SOX / PCI audit. Resolved integrity and access control problems with server farm configuration. ETL tasks. Programmed on Perl, ksh, awk. Worked with CSV, XML, XSLT, COBIT, COSO.
Supported RSA enVision 4.0 SIEM implementation, analyzed configuration, data collection, SOX / PCI related issues, wrote and analyzed enVision Reports. Provided SIEM RSA enVision results to key stakeholders.
Worked on Suspicious Activity Reports, RBAC, File Integrity.
Repaired OS Hardening; server, storage, private cloud security; security policies / procedures, CyberArk.
Used AIX, HP-UX, Solaris, Windows XP, Vmware, OpenSuSe, Redhat, Remedy.
Avetti.com, Canada. Security Consultant / Team Lead, 01/2010- 02/2010.
Restructured ITIL and Company Security systems to accommodate Good Practice standards.
Managed distributed (overseas) sysadmin team.
Worked with Amazon Cloud technology, AWS, AMI, Elasticfox and EC2, SOA.
Conducted E-Commerce risk assessment.
Configured iptables.
Analyzed PCI requirements. Reviewed PCI code / infrastructure (OWASP code review project, ReviewClipse plugin project), performed OWASP web application audit.
Massachusetts data protection regulation project.
Analyzed commercial (Imperva) and opensource tools for WAF project. Installed / configured ModSecurity (with Breach rule set) as a part of PCI Compliance Project.
Built Security awareness program and presented it on team meetings.
Worked with OpenSuSe, CentOS, RedHat, Vmware, Citrix, Xen, Puppet, Chef, MongoDB, java, java swing, jython, git, Ecllipse, perl, shell. Used TOGAF for EPF (Eclipse Process Framework), GoToMeeting.
Dark Matter Development, Toronto, Security Consultant, 07/2009-12/2009.
Mitigated insider threat.
Redesigned Security / System Architecture, Video Management Solutions.
Wrote security policy.
Performed audit and forensic analysis, Harmonized / OWASP Threat Risk and Vulnerability Assessments. Searched for covert channels.
Analyzed botnet attacks.
Scanned for vulnerabilities by nmap 5, nessus 4 and webinspect, performed OWASP web application audit.
Used Windows Vista / 2008, ScreenOS 5.4 (Juniper), Mac OS X 10.6, iOS, OpenSuSe 11.1 / 11.2, FreeeBSD 7.2, Fedora, Simultaneous Dual-N Band Wireless Router, IP KVM, Brocade, Startech, Foundry Load Balancer, MySQL, Apache, Hadoop Distributed File System (HDFS), Pig, Hive, mediawiki, openldap, Open DS, OpenSSO, postfix, Cyrus imap, OWASP, THC-Hydra, burp suite professional v1.3, autopsy, munin, svn, yafic, dovecot, Time Machine, Xsan, AFP, skype.
Performed PCI compliance analysis, infrastructure / DB / private cloud / code review.
Created anti-spam project. Suggested IronPort+RSA as an anti-spam and DLP decision.
ACL project for FreeBSD and MacOS.
N-Dimension Solutions Inc., Canada. Sr. Security Architect, 07/2007-2/2009.
Primary responsible for projects management.
Led the design, testing, planning, and implementation of complex projects.
Led the development and implementation of a broad, coordinated set of plans and programs to meet the goals and priorities of the company.
Made the definition of project missions, goals, tasks, and resource requirements; resolve or assist in the resolution of conflicts within and between projects or functional areas; develop methods to monitor project or area progress; and provided corrective supervision if necessary. GO-ITS 24,25.
Participated in outside professional activities to maintain knowledge on developments in the field.
Continuously improved project management toolkits and methodologies.
Was responsible for project staff. Participated in interviewing and hiring process.
Used tools: Fedora c7, Gentoo r6, openSuSe 11, RedHat, Xen, Win2K/XP/Vista/2008, Redmine, System Center Configuration Manager (SCCM), lighttpd, Solaris 10, iptables, MySQL, SCADA, AGA-12, Modbus, DNP3, Perl, sh, bash, PHP, seagull, java, java swing, spring, javascript, flex (lex), bison (yacc), SSL certificates (using openssl), umbrello, gnupg, C, C++, Eclipse, cvs acl, bugzilla, cvs web, syslog-ng, snortalog, Nagios, Android, Nessus, HP WebInspect, N-Stalker, nikto, Paros, OWASP, Pantera, OVAL, SCAP, OpenVAS, SLAD, tiger, nessus plugins development (nasl2), nmap, zenmap, snort (Sourcefire), oinkmaster, ITSA v3.5, Wireshark v0.99.6, Metasploit framework 3.1, ruby, python, Burp Suite 1.1, MoinMoin Wiki, Drupal, Web Content Accessibility Guidelines, lua, NetIQ, Google Mail / Calendar / Talk / Docs, Forensic Toolkit (FTK), etc.
Ruggedized (IEEE 1613 complaint) Platform Project. Used Schneider platform with flash memory drives.
Identity Management Project (AD, OpenSuSe LDAP, Fedora Directory Server, Sun Identity and Access Manager, Novell Identity Manager, WS-Security, SASL). Gentoo and Fedora pam_ldap implementation.
Executed Version Transformation (parsing and lexical analysis).
Wrote Modbus gateway on Android platform.
Participated in cloud computing project.
Performed Ethical Hacking and Vulnerability Scanning Project (Harmonized / OWASP Threat Risk and Vulnerability Assessments) including general purpose and web application vulnerabilities scanning, vulnerabilities analysis, hardening, SELinux. Produced NERC and PCI compliance reports using Nessus, N-Stalker, Webinspect and Burp Suite, performed OWASP web application audit.
Developed Snort SCADA signatures and Nessus vulnerability plugins.
Created Snort enhancement project: EMERALD, SnortSP, SnortSMS.
Contributed to snort reporting and syslog server projects based on complex message filtering, integrating, archiving and visualization made by syslog-ng, snortalog, perl.
Participated in NERC and other industry, Canadian and NIST standards for example ISO 27001/2, COBIT, OSSTMM, Domain Expert Working Groups (further NIST 7628), Compliance projects (OEB / NEB). Security Governance-Risk-Compliance (GRC).
Managed ARP Poisoning project. Wrote SOW, Project phases.
Initiated Security Information Event Management Project (analyzed SRI’s suggestion of EMERALD connected to ArcSight and opensource Squil)
SCADA Audit project.
Assisted in staff development and mentor colleagues as needed.
Used TOGAF, SABSA and Zachman framework.
Participated in Hydro One, Smart Meter / ZigBee / GO-ITS 51, High Availability (HA), HDFS (Hadoop Distributed File System), SDLC Projects.
Used Bugzilla Problem / Change Management. Architected ICT Technical Support Management based on moinmoin wiki.
Security Monitoring.
Third Brigade and OSSEC (Open Source Host Intrusion Detection and Prevention Project – HIDS / IPS)
As a part of projects support I created Network Infrastructure and Servers System Administration (Cisco, OpenSuse, Gentoo, Solaris, Fedora, RedHat, Windows NT/ 2003/ XP/ Vista/2008), Installation, System Configuration, Network and System tuning, hardening, scripting (sh, bash, tcsh, perl), NFS, SMTP, POP3, IMAP, HTTP, HTTPS, DNS, NTP, SNMP, etc.
Research In Motion, Canada. Incident / Security Analyst, 12/2005 - 06/2007
Service problems resolving. Made Root Case Analysis (RCA). Worked with CIRT and CM.
Scripting: bash, Perl, PostgreSQL.
SPF (Sender Policy Framework) project.
Security Tools Installation and Configuration: Entrust, chkroot, rkhunter, The Sleuth Kit, Autopsy, EnCase, Cheops, John The Ripper, Nikto, Paros, OWASP, WebScarab, IPTraf, Ettercap, EtherApe, Nessus, HP Fortify 360, Nmap, Kismet, gkismet, Watchfire AppScan, Cenzic Hailstorm, Aircrack-ng, SecureAware, bastard, IDA Pro, ModSecurity, Joomla, Symantec, OpenText, Cisco ACE XML, TippingPoint, WebGUI, SSO, GlobalPlatform SCP02, etc.
Analysed / Redesigned System / Network / Security Architecture.
Enterprise Content Management / Facility Management / Business Objects Assessment Projects.
Anti-Spam Project. Participated in DLP project.
Business Continuity Planning Project.
Security incident response plan.
Forensic Analysis Project. Reverse engineering.
IT Audit. Vulnerability Assessment/Management/Penetration Testing (Threat Risk and Vulnerability Assessments).
Prepared SOW, Project phases, Process Groups for BB Datacenters, etc.
Information security consultative support to all lines of business.
Vendor products evaluation process.
Supported BB e-mail directory service.
Made next projects: Identity Management, Tripwire, Security Governance-Risk-Compliance (GRC), Security Awareness, Security Monitoring Project.
Development an internal information security committee.
WiFi WarDriving Project. Bluetooth Rifle Project. UMTS/EDGE/GPRS WarDriving Project.
Application scanning / firewalling Project including PCI requirements.
0-day Vulnerability Assessment Project. Disk Encryption Project.
PCI Compliance Project.
TRA project, used OCTAVE / OWASP / Microsoft / Harmonized TRA methodologies.
Armor Technologies, Toronto. Sr System/Security Dev.10/2005 - 10/2005
Invision.Com, New York. Unix Group Manager. 6/2005 - 9/2005
Interdiction Solutions Inc., Toronto. Consultant. 04/2005 - 05/2005
ABBI Ontario. Project Architect. 02/2005 - 02/2005
Cisco Systems Inc., Sun Microsystems, San Jose, USA. 01/2005 - 02/2005
Q1 Labs (now IBM), Fredericton, Canada. Security Consultant. 04/2004 – 11/2004
Helped Q1 Labs to add new security feature to their QRadar product (NBAD and SIEM) - IPS.
Made resolvers for their Intrusion Prevention System. Wrote prototypes of TCP Reset, ARP Poisoning, Cisco Switch / PIX Resolvers. Department of Homeland Security liked the product.
Made Vulnerability Assessment Project, TRA.
Made ITIL project (Remedy ARS, ITSM). Used Knowledge - Artificial Intelligence technology designed by UNB.
Security Information and Event Management Project.
Analyzed project components security.
Different companies in different locations (Canada, Israel, USSR) 1978 – 2004
EDUCATION
1978 Moscow Institute of Electronic Techniques. MS Diploma evaluated by York University
PROFESSIONAL TRAINING in Canada.
April 2018, Learning Kubernetes, LinkedIn
August 2017, DXC, Core Security, Damballa – Network Insight Technical Product Training, Canada.
April 2017, DXC, Tanium – VB, PowerShell and Containment Training, Canada.
November 2016, HPE, Tanium Incident Response Course, Canada.
January 2016, HPE, ArcSight SmartConnector Foundations and ToolKit, Canada.
January 2016, HPE, ArcSight ESM Administrator 6 CORR Engine (AEIA) (No Oracle DB). Toronto, Canada.
September – October 2015, HPE, ISO27001 Training and Awareness. Toronto, Canada.
September 2015, Company Security Officer Training, Outreach Division of Industrial Security Sector of Public Works and Government Services Canada. Toronto, Canada.
July 2015, ArcSight Logger Administration & Operations, ArcSight Console, HP, Canada.
December 2010, O’Reilly, Developing Android Applications with Java. P. 1 and 2
February-March 2008 Management 414 SANS Training Program for the CISSP Certification Exam, Toronto, Canada.
July 2006 IBM CISSP CBK Seminar, Toronto, Canada.
July 2006 Sun Fire X4500 / X4600 servers and Blade 8000 Modular System Seminar, Waterloo, Canada.
March 2006 Business Continuity, Waterloo, Canada.
March 2006 IBM Bladecenter Workshop (XTR14NCE), IBM Education and Training, Canada.
February 2006 Mirapoint E-mail Server, Mirapoint, Waterloo, Canada.
January 2006 Exploring GPRS and EDGE, Award Solutions, Waterloo, Canada.
December 2005 Blackberry Relay / BWC / BIS-X, RIM, Waterloo, Canada.
June 2004 Qradar, Q1 Labs, Fredericton, Canada.
May – June 2002 Business Training, JVS, Toronto, Canada.
June 2000 12th Annual FIRST Conference on Computer Security Incident Handling, Chicago.
February 2000 Sun Systems Fault Analysis Workshop (ST-350), Sun Educational Services, Toronto, Canada.
January 2000 Administering Security for Solaris (SC-300), Sun Educational Services, Toronto.
August 99 Enterprise Java Beans Implementation (Visual Age + WebSphere Environment) IBM Team, Toronto, Canada.
March 99 Solaris System Performance Management (SA-400), Sun Educational Services, Toronto, Canada.
99 Project Management. Manulife Financial, Toronto, Canada.
Nov.98 WebSphere Workshop, IBM WebSphere Developing Team, Toronto, Canada.
Oct.98 DB2 UDB EEE for UNIX Administration Workshop, IBM Education and Training, Toronto, Canada
Sept.98 A Technical Introduction to MQSeries, IBM Education and Training, Toronto, Canada
Apr.98 Gauntlet Administration, NAI, Toronto, Canada.
Contact this candidate