Security Project
Resume:
Dan Bastianello
ITIL GREM
Email: ************@*****.***
Tel.: 613 • 797 • 5594
Profile
I have 15 years of IT working experience in a variety of business and technical environments, including
Federal Government Agencies and Leading IT Industries.
I have gained extensive experience and knowledge in a wide spectrum of IT disciplines, including:
9 years in IT/Network Security;
15 years in Systems Administration, Infrastructure and End User Support;
1 year in Business Analysis and Database Administration;
2 years in Software Programming
Employment
Dec 2014 – Present NEPS – Network End Point Security
Department of National Defense.
Oct 2011 – Nov 2014 FIPC – Network intrusion Analyst
Public Works Government Services Canada.
Sep 2009 – Jun 2010 CCIRC – Malware Reverse Engineer Analyst
Public Safety Canada.
Jun 2008 – Aug 2009 IT Transformation Project – Business Analyst / DBA
The Bank of Canada.
Jun 2005 – May 2008 Security Operations Centre – IT Security Specialist
CGI Group, Inc.
Nov 1999 – Nov 2004 Network and User Support Administrator
Thales Systems Canada.
1
IT/IM Experience
Department of National Defense.
NEPS – NAT End Point Security Dec 2014 – Present
I am currently responsible for developing and testing policies and implementation strategies. Several
technologies are used to provide a layered approach to endpoint security which require duplicating
PROD environments in VM. My main duties are to build VM's replicating all the services that the hosts
provide in PROD and testing out new security products delivering this to the penetration testing team
which provides feedback on the results of their findings.
Duties included:
Building virtual machines replicas of PROD environment hosts.
Developing endpoint security policies.
Testing endpoint implementations against all services within PROD.
Providing UAT environments to end user test groups and penetration testing teams
Occasionally perform malware reverse engineering on samples provided to aid end point security
vendors with analysis to aid in further improving their products
Provide build books and end user documentation.
Provide monthly statistics on incidents and tasks
Provide guidance on deployment of future technologies.
Public Works Government Services Canada.
FIPC – Network intrusion Analyst Oct 2011 – Nov 2014
Currently I am working as part of the Government of Canada's Federal Intrusion Protection Center
(FIPC). My main duty is to research and evaluate threat level and validity of events generated by the
Host Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS) sensors. As
part of the monitoring group I also review and recommend changes to User Defined Signatures (UDS)
implemented on the NIDS system.
Duties included:
Monitoring the FIPC infrastructure security events through HIDS and NIDS event systems.
Monitoring health of FIPC Infrastructure and attempt to troubleshoot if any issues come up.
Update signatures on the FIPC sensors.
Generate tickets providing detailed analysis of occurred events and provide recommendations on the
resolution of the captured event.
Research techniques used when attempts to infiltrate hosts to provide a thorough analysis of intent.
Create User Defined Signatures (UDS) for NIDS.
Generate reports on current or historical events.
Public Safety Canada.
CCIRC – Malware Reverse Engineer Analyst Sep 2009 – Jun 2010
I worked as part of the Government of Canada's computer incident response team (CIRT). My main
duty was to analyze and reverse engineer malicious software submitted from all government of Canada
2
departments allowing a quick repeatable methods to contain any computer virus infection before
causing harm. Other tasks while working on this project was Linux system analyst, data recovery,
secure disk wiping, system design, virtual machines (VM), Internet research, creating technical/design
documentation, scripting and small purpose tools. I was also involved in a weekly security update
teleconference between all government of Canada departments providing advice, research, and
expertise.
Duties included:
Performed malware reverse engineering on physical and virtual environments.
Performed code analysis using real-time and static debuggers (OllyDBG and Ida Pro).
Performed behavioral analysis using several open and closed source tools and loggers.
Generated reports on the findings and analysis performed while reverse engineering the malware
submissions providing back assistance in containing an incident.
Created and developed a standardized malware report template.
Deployed virtual machines and physical hosts to perform malware analysis using disk imaging for
physical hosts and snapshots for virtual hosts.
Provided digital fingerprint values allowing for positive identification of infected systems.
Provided removal procedures to eradicate malware and virus infections.
Performed troubleshooting of CIRT servers and lab environments.
Reviewed system logs for errors and irregularities.
Developed submissions scripts allowing for an easier process also adding the ability of any failed
submissions.
Development of tools to aid in analysis using Java and Python.
Performed data recovery and disk analysis of infected disks and mobile devices
Gathered requirements from government representatives for the next generation ticketing/alert system.
Researched OSSIM as a new out-of-the-box security information management system solution to
replace the antiquated and legacy systems.
Worked on how-to and best practices documentation on features, requirements, implementation and
deployment of a security information management system.
The Bank of Canada.
IT Transformation Project – Business Analyst / DBA Jun 2008 – Aug 2009
I was working as part of the IT Transformation Project I was responsible for several duties over the 14
months from business analyst to Technical architect. While working on this project I was responsible
for data gathering to help with project time line, projections and budget. Involved in reviewing
technical deliverables, design documentations, interviewing clients to gather requirements, correlating
requirement, generating reports and developed testing strategy /QA process.
Duties included:
Developed User to Hardware/Software inventory from Novell eDirectory, Microsoft Active Directory and
PatchLink.
Developed Oracle database CMDB for software to end user to hardware asset licensing and
assignment.
Regularly generated reports from the database to excel/PDF for meetings and management to help in
assess budget requirements.
Data modeling of asset management system used in identification of VM vs Desktop and gap analysis.
Involved in several client, project management and senior management meetings (bilingual) to take
minutes to aid in documenting requirements.
Analyzed and rationalized applications to standardize and reduce the number of supported software in
3
the environment.
Interviewed clients for asset and licensing requirements.
Part of a team that developed Active Directory architecture by designing and customizing Group Policy
Object for a managed user environment through SCCM.
Part of a team that design and development of security implementation using two factor authentication
RSA USB smart FOB.
Provided hardware and software requirements and performed data analysis to develop the QA
environments.
Developed test scenarios for QA of the new platform being rolled out.
Performed software coexistence testing to decide which applications are rationalized.
Performed troubleshooting errors and deviations during failed test scenarios.
Developed migration scripts for deployment purposes.
Lead in the End User Platform deployment execution and next day support.
Assisted in developing a central repository CMDB for all user hardware and software inventory.
CGI Group, Inc.
Security Operations Centre – IT Security Specialist Jun 2005 – May 2008
I was working as part of a dedicated team within the CGI Security Operations Center (SOC),
responsible for supporting IT Security infrastructure, for investigating security related events through
NIDS, and performing online/offline forensics and vulnerability assessments of over 400
Unix/Windows servers.
Duties included:
Monitoring, and analyzing network packets and system activity through firewalls, IDS, IPS, HIPS, HIDS,
detecting and responding to intrusions and security breaches.
Monitored and tracked Penetration Testing audits performed internally.
Determining false/positive events of servers through full investigation (i.e. RDP/SSH to servers and
pulling information from the logs and determining if any changes have occurred, what had been
accessed or changed).
Researching security threats and performing a threat analysis on the systems in place within the
networked environment.
Performing daily system integrity checks on Windows and Unix servers using Tripwire and Power
Broker.
Created weekly and monthly reports for internal and external clients.
Developing internal procedures as new projects are implemented.
Documented problems and security threats using the Remedy ticketing system.
Thales Systems Canada.
Network and User Support Administrator Nov 1999 – Nov 2004
I was responsible for providing client/server and network information system support. Main duties
were routine tape backups, client desktop support, network design/support, client/server
setup/maintenance/patching and end user documentation/training.
Duties included:
Maintained Solaris 8, Novell 4/5/6, Windows NT/2000/XP/2003, MS Exchange 5.x/2000, Novell
GroupWise 5/6, Novell Zenworks, Novell eDirectory, firewall/VPN’s, upgrade rollouts, security audits,
and RAID configurations within the server environments.
4
Installed and maintained Microsoft Windows, MS Office, Accpac System, Pervasive SQL, Adobe
productivity tools, installing hardware peripherals and troubleshooting software/hardware problems.
Responsible for developing cross platform database driven web pages using HTML/ASP and
maintaining the intranet and Internet web servers (IIS and Apache implementations).
Involved in setting up and integrating the systems used and network design/configurations for the
Mediolis (an Internet based tele-medicine) project for demonstration in North America.
Supported an Oracle 8/web driven configuration management database called CMStat.
Regular performance checks, implementing SSL encryption for web component of CM tool, IIS security
implementations, tape backups and performed server/client side upgrade rollouts.
Implemented several LAMP setups for projects and intranets.
Provided technical expertise to the development team mostly Linux systems analyst support
Provided technical consulting for Thales on the Canadian Military’s Athena Tactical Station (ATS).
Traveled routine trips to remote sites for upgrades, system integration, documentation, training, technical
consulting, maintenance and demonstrations using Compaq Proliant NT4/2000/Exchange network
domain.
Created product training manuals such as GroupWise, MS Office, Internet Explorer, PGP encryption and
VPN connection setups.
Responsible for setting up and maintaining Solaris 8 based systems for an HF email system/software for
the Canadian military.
Regularly performed internal network security audits using various tools (i.e. LANGuard, NMap and
snort).
Created scheduled disk images of notebook, workstations and servers for backups and testing purposes
using Norton Ghost.
Provided engineers with technical specifications and test environment configurations which included real
time systems, experimental military hardware, VOIP systems, and digital phone switching equipment.
Carleton University, Software Engineering.
Software Programmer Sep 2011 – Present
I have gained 1.5 years of C and 6 months of Java while studying at Carleton:
First year: C(A+), Java(A-)
Second year: C(A+), Matlab(B+)
School Projects:
As a network intrusion security analyst I often require to analyze captured packets that are obfuscated
using ASCII or Unicode values which slows down the process of analysis. Having recently taken a Java
course I decided to write myself a tool to aid in de-obfuscation. The tool called Multicon started as a
Java console tool and eventually evolved into a multi-platform (Windows and Linux) Python GUI tool.
Having read good things about python and wanting to learn more OOP languages I decided to go
through all 52 lessons from learnpythonthehardway.org. This and my previous Java class taught me
enough OOP to create a very useful text parsing/conversion tool.
A second personal project I have worked on was getting my special 3 part back-light keyboard to work
under Linux by writing a USB driver. Luckily there was already a partially working project that was written
in go Language. I had to modify sections of this code to allow for command line switches to be added to
a compiled binary allowing me to launch this drive on desktop login
(http://www.msi.com/product/nb/GX60-3CC-Destroyer.html).
5
Education/Training/Skills
Software Engineering, BSc (Part-Time) Sep 2011 – Present
Carleton University, Ottawa, ON
GIAC Reverse Engineering Malware (GREM) Certification Jul 2009 – Jul 2009
The SANS Institute, Ottawa, ON
ITIL Certification Mar 2007 – Mar 2007
Loyalist College, Belleville, ON
Computer Networks Engineering Technology Diplomas Sep 1997 – Sep 1998
RCC Institute of Technology, Toronto, ON
Electronics Engineering Technician Diplomas Mar 1996 – Mar 1997
RCC Institute of Technology, Toronto, ON
Skills and Tools
HARDWARE Development Tools
Sonicwall IBM Eclipse
Sun Microsystems JetBrains IntelliJ IDEA Community Edition
Cisco JetBrains PyCharm
Intel Oracle Netbeans
AMD/ATI Code::Blocks IDE
OEMs (Dell/HP) CodeLite
NAS Notepad ++
RAID (Hardware and Software) Any text editor with language based highlighting
OS
COTS
Microsoft Windows all Client/Server versions
Microsoft Office, Exchange, AD, GPO and SCCM.
Debian/Ubuntu
OpenSource (LibreOffice, Apache, LAMP, Gimp)
Redhat/CentOS
Virtual Machines (VMWare, VirtualBox, QEMU)
Android
Anti-virus Symantec and McAfee
Solaris/Sun OS
Disc encryption (McAfee)
IBM AIX
Data recovery (RipLinux, Ontrack, Gparted, R-
Studios)
HIDS/NIDS (HP Arcsight, McAfee NSM, Trend
Micro DSM, Cisco, Checkpoint, Enterasys, snort)
Languages
Debuggers (OllyDBG, Ida Pro)
C/C++
Java
Python
Cloud Systems
goLang
Ubuntu MAAS
Docker/LXC
Mirantis OS
Reference
Available upon request
6
Contact this candidate