Mark Herman
acr519@r.postjobfree.com Denver, CO 303-***-**** C
LinkedIn URL: https://www.linkedin.com/in/MarkEHerman 303-***-**** H
SENIOR-LEVEL UNIX OS SECURITY PROFESSIONAL
Proven skills in the secure design and automated management of large distributed heterogeneous UNIX computing environments. Excellent track record for resolving complex problems, which produce unique long-term engineered solutions. Sought after UNIX SME that mentors others, providing concise documentation, direct training and assisted problem solving, guiding all toward achieving mutual value and goals.
PROFESSIONAL EXPERIENCE:
IBM (contracted to CenturyLink) Denver, CO (2003 - 2015)
IT OS Security Specialist (2007 - 2015)
Lead the Solaris Infrastructure Team as subject-matter expert (SME) for all new Oracle (Sun) Solaris systems and technologies seeking a goal of a solid return on their investment. Technical lead for all architectural and engineering design efforts for the secure system integration, configuration, testing of new system architectures and ongoing security of Oracle systems. SME for migration of 1000’s of older antiquated physical systems into secure virtual equivalents to achieve millions in cost savings.
Implementation of new Oracle SPARC T5-x systems with the latest Solaris 11.2 OS, VM Control Domains and unique Guest Domains to re-host the older systems as Branded Zone virtual configurations.
Configuring Enterprise OpsCenter 12c to manage server pools of resources in the Solaris infrastructure to provide for seamless VM domain migration among the peer systems.
Author all local documentation for the new Solaris technologies establishing Standard Operating Environment (SOE) procedures, implementation, mentoring and training.
Track daily CERT, CVE and Oracle Solaris alerts for harmful vulnerabilities and zero-day exploits. Work with customer and vendor teams on security and performance issues.
Expert in creating very sophisticated procedural scripts to automate administrative and Cyber security processes.
Senior SME assisting with: project architectural designs; on-call duties; difficult troubleshooting investigations; root cause determination resulting in solid remediation recommendations.
Created the processes for migrating older systems to new: OS releases; ZFS file systems; updated current security standards; current packages and operation procedures.
Sr. Systems Management Integration Professional (2003 - 2007)
Directed Solaris Infrastructure team challenged with integrating various Sun/Solaris processes from many diverse groups into one coherent set of operating processes to provide a common service level agreement. Generated innovations using consistent methodologies and continuous process improvements leading to increased productivity and efficiencies. SME that lead by example to properly introduce new changes and assist others with new technology directions.
Created a unique multi-tiered JumpStart framework to support the hands-off provisioning and unique management requirements of various teams. Directed firewall teams on ACL changes for automated hands-off JumpStart provisioning access via firewall systems.
Partnered with corporate security on SOX/PCI audit requirements and hardening requirements. Provided secure hardening of client’s mail gateway servers.
Introduced the new ZFS technologies providing integration testing, documentation and training for peers.
Introduced the site-wide usage of ssh, including presentations, documentation, scripts, examples, and training.
Document (with examples) the association of various file system types for use on non-global zone clients.
SME investigating: Solaris provisioning or patching problems; system performance issues; identify problem areas; performance bottlenecks; system recoveries; find root-cause resolutions and recommend tuning opportunities.
SME assistance to cross-team project efforts creating method of procedure (MOP) documents to ensure complicated project successes.
US West / DEX/ QWEST Information Technologies (1990 - 2003)
Telecommunication RBOC supporting 14 western states.
Developed hardened OS design for the US West E-commerce presence on the Internet. Challenges included: OS security for the envisioned architecture of 70+ systems; security for the web presence on the Internet (which was not protected by today’s fast firewall systems); security of content; and the automated management of the environment.
Designed a unique Solaris JumpStart framework for the complete management of the Solaris systems throughout the system life cycle from an unadulterated image base to a fully ready up-to-date disaster recovery platform.
Automated hands-off configuration included: disk formatting; OS installation; OS patch installation; application installation/patching/configuration; local accounts & home directories; and full security hardening.
Each JumpStart provisioned system was fully secure to firewall standards and in FULL operation (applications and all) on the first boot.
Created redundant systems with secure subnets serving (R/O content) with multi-tiered security built into each layer providing a hardened design, including: minimized OS installation; ssh authorized key access; IP filtering; file hash signatures; etc.
Provide system administration support for the US West DEX telephone directory division including: architecture design; system engineering; security hardening; disk volume management; script writing; backup design; toolset programming; performance analysis and tuning. Designed the secure Solaris systems architecture that provided the first Internet presence for the US West DEX Yellow Pages.
Worked with DBA teams to optimize the OS and distribution of database table redistribution across disk controllers and RAID disk volumes.
Created very sophisticated perl programs for converting White Pages data from different external sources to a local format that detected and corrected known errors, and provided properly convert of mixed upper/lower case data.
Responsible for the design of the Programming and Engineering Development facility (the largest of the 5 labs) for the US West Advanced Technologies campus. The design included: systems resource analysis and planning; configuration of local area network design; configuring/tuning of operating systems; printer configuration; modem configuration; electronic-mail configuration; systems security procedures; disk utilization analysis; systems backup procedures; and introduced new technologies from academia such as ssh and Tripwire utilities.
Taught classes to peers on UNIX and nawk features and provided technical support to many projects, including: Advanced Architecture Lab; Cellular Project; Wireless Ethernet evaluation and programming assistance to US WEST Communications in design of Denver International Airport communications infrastructure.
ADVANCED EDUCATION:
Masters of Computer Information Systems University of Denver
Thesis Title: Creating Systems that are “BORN” Secure
Masters of Telecommunications Systems University of Denver
Graduate Level Computer Science Courses University of Colorado
Bachelor of Civil Engineering Degree Colorado State University
(5 year curriculum in Civil and Structural Engineering Major; Computer Sciences Minor)
ADDENDUM:
Solaris: Thorough knowledge of all versions including current OS 11.2 and accompanying technologies:
SPARC Systems
VM Enterprise Manager (LDOMs)
Current Oracle OpsCenter 12c
JumpStart & AI
ZFS/NFS/iSCSI
SVM (Volume Manager)
SMF (Management Facility)
Zone administration
Post-installation scripting
Virtual Networks
Link Aggregation
Containers
Performance and Tuning
DTrace
UNIX system utilities
Process State Commands
Live Upgrade
OS Security: Survivable systems design strategies:
Defense-in-depth design
OS System Hardening to Firewall Standards
OS Minimization
Built-in Disaster Recovery
SSH access
Immutable OS Design
Message Digest (hash) validation
IP Filter
Tripwire
chroot sandboxing
Other security technologies.
Administration: Master Knowledge of UNIX System Administration:
Systems Analysis and Engineering
Automated Configurations
Installations
Life-cycle Management
UNIX commands
UNIX Utility utilization.
Scripting: Master Knowledge of UNIX Shell Scripting:
Bourne
bash
csh
tcsh
zsh
awk/nawk/gawk
perl
Python
More Scripting: UNIX Shell Scripting examples:
Automated system provisioning
Current patch installation
Local account creation
Local package installations
Security hardening compliance
OS Health-check requirements
Peer systems synchronization
Design for disaster recovery
Secure administration
Open port reporting
Correct file truncation
ZFS patching
Many Others
SOE: Standard Operating Environment (SOE) documentation:
Architectural design
Configuration design
Full installation instructions
Local post-installation
Secure hardening
Service Processor configurations
Operational procedures
Administrative procedures; migrations
Backup processes
Disaster recovery solutions
Troubleshooting suggestions
System tuning opportunities
ZFS usage [snapshots/cloning, etc.
Live Upgrade
OS 11 Boot Environments
VM [LDOM] technologies
Non-global zones
Solaris patching procedures
JumpStart: Framework to support hands-off provisioning, security and life-cycle management:
Central OS image repository
Central OS patch repositories
Solaris OS 10 support
Non-Global zones
OS hardening
Minimized OS images
LINUX Kickstart support
System configurations
IBM GSD331 security
Tool implementations,
Audit ready posture
Disaster Recovery readiness
Patching: Thorough knowledge of Solaris OS 10 Patch and OS 11 SRU Repository creation:
Patch techniques
Create local bundles
Custom scripts
Custom procedures
OS Generation support
Local documentation.
UNIX Proficiencies:
Regular Expressions (egrep, regex engines)
LINUX
KickStart
cron
sendmail
rsync
TCP/IP Tuning
SAN
iSCSI
NFS
Veritas VxFS
Veritas VCS
sar
daemon management
Other:
Adobe Photoshop
Apple Macintosh
Microsoft (Word/Excel/etc.)
C-programming
JAVA