Dan Bastianello

ITIL GREM

Email: acogsg@r.postjobfree.com

Tel.: 613 • 797 • 5594

Profile

I have 15 years of IT working experience in a variety of business and technical environments, including

Federal Government Agencies and Leading IT Industries.

I have gained extensive experience and knowledge in a wide spectrum of IT disciplines, including:

9 years in IT/Network Security;

15 years in Systems Administration, Infrastructure and End User Support;

1 year in Business Analysis and Database Administration;

2 years in Software Programming

Employment

Dec 2014 – Present NEPS – Network End Point Security

Department of National Defense.

Oct 2011 – Nov 2014 FIPC – Network intrusion Analyst

Public Works Government Services Canada.

Sep 2009 – Jun 2010 CCIRC – Malware Reverse Engineer Analyst

Public Safety Canada.

Jun 2008 – Aug 2009 IT Transformation Project – Business Analyst / DBA

The Bank of Canada.

Jun 2005 – May 2008 Security Operations Centre – IT Security Specialist

CGI Group, Inc.

Nov 1999 – Nov 2004 Network and User Support Administrator

Thales Systems Canada.

1

IT/IM Experience

Department of National Defense.

NEPS – NAT End Point Security Dec 2014 – Present

I am currently responsible for developing and testing policies and implementation strategies. Several

technologies are used to provide a layered approach to endpoint security which require duplicating

PROD environments in VM. My main duties are to build VM's replicating all the services that the hosts

provide in PROD and testing out new security products delivering this to the penetration testing team

which provides feedback on the results of their findings.

Duties included:

Building virtual machines replicas of PROD environment hosts.

Developing endpoint security policies.

Testing endpoint implementations against all services within PROD.

Providing UAT environments to end user test groups and penetration testing teams

Occasionally perform malware reverse engineering on samples provided to aid end point security

vendors with analysis to aid in further improving their products

Provide build books and end user documentation.

Provide monthly statistics on incidents and tasks

Provide guidance on deployment of future technologies.

Public Works Government Services Canada.

FIPC – Network intrusion Analyst Oct 2011 – Nov 2014

Currently I am working as part of the Government of Canada's Federal Intrusion Protection Center

(FIPC). My main duty is to research and evaluate threat level and validity of events generated by the

Host Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS) sensors. As

part of the monitoring group I also review and recommend changes to User Defined Signatures (UDS)

implemented on the NIDS system.

Duties included:

Monitoring the FIPC infrastructure security events through HIDS and NIDS event systems.

Monitoring health of FIPC Infrastructure and attempt to troubleshoot if any issues come up.

Update signatures on the FIPC sensors.

Generate tickets providing detailed analysis of occurred events and provide recommendations on the

resolution of the captured event.

Research techniques used when attempts to infiltrate hosts to provide a thorough analysis of intent.

Create User Defined Signatures (UDS) for NIDS.

Generate reports on current or historical events.

Public Safety Canada.

CCIRC – Malware Reverse Engineer Analyst Sep 2009 – Jun 2010

I worked as part of the Government of Canada's computer incident response team (CIRT). My main

duty was to analyze and reverse engineer malicious software submitted from all government of Canada

2

departments allowing a quick repeatable methods to contain any computer virus infection before

causing harm. Other tasks while working on this project was Linux system analyst, data recovery,

secure disk wiping, system design, virtual machines (VM), Internet research, creating technical/design

documentation, scripting and small purpose tools. I was also involved in a weekly security update

teleconference between all government of Canada departments providing advice, research, and

expertise.

Duties included:

Performed malware reverse engineering on physical and virtual environments.

Performed code analysis using real-time and static debuggers (OllyDBG and Ida Pro).

Performed behavioral analysis using several open and closed source tools and loggers.

Generated reports on the findings and analysis performed while reverse engineering the malware

submissions providing back assistance in containing an incident.

Created and developed a standardized malware report template.

Deployed virtual machines and physical hosts to perform malware analysis using disk imaging for

physical hosts and snapshots for virtual hosts.

Provided digital fingerprint values allowing for positive identification of infected systems.

Provided removal procedures to eradicate malware and virus infections.

Performed troubleshooting of CIRT servers and lab environments.

Reviewed system logs for errors and irregularities.

Developed submissions scripts allowing for an easier process also adding the ability of any failed

submissions.

Development of tools to aid in analysis using Java and Python.

Performed data recovery and disk analysis of infected disks and mobile devices

Gathered requirements from government representatives for the next generation ticketing/alert system.

Researched OSSIM as a new out-of-the-box security information management system solution to

replace the antiquated and legacy systems.

Worked on how-to and best practices documentation on features, requirements, implementation and

deployment of a security information management system.

The Bank of Canada.

IT Transformation Project – Business Analyst / DBA Jun 2008 – Aug 2009

I was working as part of the IT Transformation Project I was responsible for several duties over the 14

months from business analyst to Technical architect. While working on this project I was responsible

for data gathering to help with project time line, projections and budget. Involved in reviewing

technical deliverables, design documentations, interviewing clients to gather requirements, correlating

requirement, generating reports and developed testing strategy /QA process.

Duties included:

Developed User to Hardware/Software inventory from Novell eDirectory, Microsoft Active Directory and

PatchLink.

Developed Oracle database CMDB for software to end user to hardware asset licensing and

assignment.

Regularly generated reports from the database to excel/PDF for meetings and management to help in

assess budget requirements.

Data modeling of asset management system used in identification of VM vs Desktop and gap analysis.

Involved in several client, project management and senior management meetings (bilingual) to take

minutes to aid in documenting requirements.

Analyzed and rationalized applications to standardize and reduce the number of supported software in

3

the environment.

Interviewed clients for asset and licensing requirements.

Part of a team that developed Active Directory architecture by designing and customizing Group Policy

Object for a managed user environment through SCCM.

Part of a team that design and development of security implementation using two factor authentication

RSA USB smart FOB.

Provided hardware and software requirements and performed data analysis to develop the QA

environments.

Developed test scenarios for QA of the new platform being rolled out.

Performed software coexistence testing to decide which applications are rationalized.

Performed troubleshooting errors and deviations during failed test scenarios.

Developed migration scripts for deployment purposes.

Lead in the End User Platform deployment execution and next day support.

Assisted in developing a central repository CMDB for all user hardware and software inventory.

CGI Group, Inc.

Security Operations Centre – IT Security Specialist Jun 2005 – May 2008

I was working as part of a dedicated team within the CGI Security Operations Center (SOC),

responsible for supporting IT Security infrastructure, for investigating security related events through

NIDS, and performing online/offline forensics and vulnerability assessments of over 400

Unix/Windows servers.

Duties included:

Monitoring, and analyzing network packets and system activity through firewalls, IDS, IPS, HIPS, HIDS,

detecting and responding to intrusions and security breaches.

Monitored and tracked Penetration Testing audits performed internally.

Determining false/positive events of servers through full investigation (i.e. RDP/SSH to servers and

pulling information from the logs and determining if any changes have occurred, what had been

accessed or changed).

Researching security threats and performing a threat analysis on the systems in place within the

networked environment.

Performing daily system integrity checks on Windows and Unix servers using Tripwire and Power

Broker.

Created weekly and monthly reports for internal and external clients.

Developing internal procedures as new projects are implemented.

Documented problems and security threats using the Remedy ticketing system.

Thales Systems Canada.

Network and User Support Administrator Nov 1999 – Nov 2004

I was responsible for providing client/server and network information system support. Main duties

were routine tape backups, client desktop support, network design/support, client/server

setup/maintenance/patching and end user documentation/training.

Duties included:

Maintained Solaris 8, Novell 4/5/6, Windows NT/2000/XP/2003, MS Exchange 5.x/2000, Novell

GroupWise 5/6, Novell Zenworks, Novell eDirectory, firewall/VPN’s, upgrade rollouts, security audits,

and RAID configurations within the server environments.

4

Installed and maintained Microsoft Windows, MS Office, Accpac System, Pervasive SQL, Adobe

productivity tools, installing hardware peripherals and troubleshooting software/hardware problems.

Responsible for developing cross platform database driven web pages using HTML/ASP and

maintaining the intranet and Internet web servers (IIS and Apache implementations).

Involved in setting up and integrating the systems used and network design/configurations for the

Mediolis (an Internet based tele-medicine) project for demonstration in North America.

Supported an Oracle 8/web driven configuration management database called CMStat.

Regular performance checks, implementing SSL encryption for web component of CM tool, IIS security

implementations, tape backups and performed server/client side upgrade rollouts.

Implemented several LAMP setups for projects and intranets.

Provided technical expertise to the development team mostly Linux systems analyst support

Provided technical consulting for Thales on the Canadian Military’s Athena Tactical Station (ATS).

Traveled routine trips to remote sites for upgrades, system integration, documentation, training, technical

consulting, maintenance and demonstrations using Compaq Proliant NT4/2000/Exchange network

domain.

Created product training manuals such as GroupWise, MS Office, Internet Explorer, PGP encryption and

VPN connection setups.

Responsible for setting up and maintaining Solaris 8 based systems for an HF email system/software for

the Canadian military.

Regularly performed internal network security audits using various tools (i.e. LANGuard, NMap and

snort).

Created scheduled disk images of notebook, workstations and servers for backups and testing purposes

using Norton Ghost.

Provided engineers with technical specifications and test environment configurations which included real

time systems, experimental military hardware, VOIP systems, and digital phone switching equipment.

Carleton University, Software Engineering.

Software Programmer Sep 2011 – Present

I have gained 1.5 years of C and 6 months of Java while studying at Carleton:

First year: C(A+), Java(A-)

Second year: C(A+), Matlab(B+)

School Projects:

As a network intrusion security analyst I often require to analyze captured packets that are obfuscated

using ASCII or Unicode values which slows down the process of analysis. Having recently taken a Java

course I decided to write myself a tool to aid in de-obfuscation. The tool called Multicon started as a

Java console tool and eventually evolved into a multi-platform (Windows and Linux) Python GUI tool.

Having read good things about python and wanting to learn more OOP languages I decided to go

through all 52 lessons from learnpythonthehardway.org. This and my previous Java class taught me

enough OOP to create a very useful text parsing/conversion tool.

A second personal project I have worked on was getting my special 3 part back-light keyboard to work

under Linux by writing a USB driver. Luckily there was already a partially working project that was written

in go Language. I had to modify sections of this code to allow for command line switches to be added to

a compiled binary allowing me to launch this drive on desktop login

(http://www.msi.com/product/nb/GX60-3CC-Destroyer.html).

5

Education/Training/Skills

Software Engineering, BSc (Part-Time) Sep 2011 – Present

Carleton University, Ottawa, ON

GIAC Reverse Engineering Malware (GREM) Certification Jul 2009 – Jul 2009

The SANS Institute, Ottawa, ON

ITIL Certification Mar 2007 – Mar 2007

Loyalist College, Belleville, ON

Computer Networks Engineering Technology Diplomas Sep 1997 – Sep 1998

RCC Institute of Technology, Toronto, ON

Electronics Engineering Technician Diplomas Mar 1996 – Mar 1997

RCC Institute of Technology, Toronto, ON

Skills and Tools

HARDWARE Development Tools

Sonicwall IBM Eclipse

Sun Microsystems JetBrains IntelliJ IDEA Community Edition

Cisco JetBrains PyCharm

Intel Oracle Netbeans

AMD/ATI Code::Blocks IDE

OEMs (Dell/HP) CodeLite

NAS Notepad ++

RAID (Hardware and Software) Any text editor with language based highlighting

OS

COTS

Microsoft Windows all Client/Server versions

Microsoft Office, Exchange, AD, GPO and SCCM.

Debian/Ubuntu

OpenSource (LibreOffice, Apache, LAMP, Gimp)

Redhat/CentOS

Virtual Machines (VMWare, VirtualBox, QEMU)

Android

Anti-virus Symantec and McAfee

Solaris/Sun OS

Disc encryption (McAfee)

IBM AIX

Data recovery (RipLinux, Ontrack, Gparted, R-

Studios)

HIDS/NIDS (HP Arcsight, McAfee NSM, Trend

Micro DSM, Cisco, Checkpoint, Enterasys, snort)

Languages

Debuggers (OllyDBG, Ida Pro)

C/C++

Java

Python

Cloud Systems

goLang

Ubuntu MAAS

Docker/LXC

Mirantis OS

Reference

Available upon request

6

Contact this candidate