Information/System/Network Security Engineer
Deyu Xian
E-mail: ******@*****.***
SUMMARY
Over 17 years experience in the security industry, broad knowledge of hardware, software, networking and security technologies, providing powerful combination of architecture, analysis, security, and implementation.. Strengths include threat and Vulnerability Management,penetration testing and Security standards,solution design etc.
OBJECTIVE
Threat and Vulnerability Management,issue resolution, penetration testing and defense,POC, network/system security,threat control, development content filtering and SPAM prevention, Spam control Identity and Access Management, Implement and Operate Security Controls, troubleshoots, Incident Response,solution design,
EXPERIENCE
05/2010 – 08/2016
Ultrapower Software Corp.
Senior Security Engineer
Responsibility for protecting over 300+ online systems,3800+ servers.and more than 10 billion users and 3 million simultaneous access in a second. Building security strategies, Security Operations, policy development, incident response,Vulnerability and Threat Management, analysis,attack track, troubleshoots, design defense system or features,SDLC
.As the leader of the security program. As the mentor to train. I found over 100+ vulnerabilities in 2012
03/2008 – 05/2010
Pioneer
Engineer, manager
manager/Technical
Start-up my own business. Provide prefessional system&network security services,Many projects were fulfilled during those years,including ACID2009, Olympic2008, National Sports Game security support.
08/2003 – 02/2008
Bankunion Tech Company
Engineer, manager
Manager of the operation and maintenance department– manager/Technical
Recommended preventive, mitigating, and compensating control to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. risk management, IT systems security, solution design and so on. Assisted in the development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working. Assisted in incident response and recommend corrective actions. Consulting with personnel about potential threats to the work environment. Participated in forensic recovery and analysis. Participated in development and maintenance of global information security policy.
11/1999 – 08/2003
Peking Jadebird Corp.
beijing, china
Security Engineer, Development
I have done many security projects during the last 4 years. As you know,Jadebird, which is created by Yang Fuqing(Academy of Sciences) have many government resources and background,So I had many chances to participate in the building,many operation system of many companies, Responsibility for security emergency Incident Response, penetration testing,development of firewall /ids device, design and creating the automated exploit framework.
10/1998 - 07/1999
University Network Center
Systems Administrator, Website Development
Wrote many web sites by use notepad & html code Servicingr for the college.
EDUCATION
07/1997-07/1999
Shandong Agriculture University
Project Experience
05/2010 – 06/2016
Fetion project
This system has 10 billion users and 3 million simultaneous access My responsibility is threat and vulnerability management,penetration testing.solution design,SDLC,security requirements-develop,Spam control advice related to all security issue,workflow-making and standard-making
08/2014-05/2016
Vulnerability automated discovery and alters tools
Tools creator,designer, programme,Using my code to find&analysis high risk and sending alters to our team.For assets,this system can give the risk status in real-time from different dimensions
07/2014
Anti-fraud components
inventor and creator,desiger,features can find fraud malicious access and block identified potential bad guys,phone Numbers or userid,etc
06/2014
Security baseline check system
creator,designer, programmer,project manager,quickly check baseline security status in thousands servers,and giving suggestion about how to control the risk guidance and advice related to all information security issue
02/2014-05/2014
Cyber space threats automated analysis system
creator,designer, programmer,analysising potential attack or threat from Cyber space attack or hacker team
01/2014
Cyber threat alert tools
Tools inventor and creator,designer, programmer
12/2011-06/2016
High risk vulnerabilities auto check tools(POCs)
creator,designer, programmer, developing exploit code,use this tools to check the new vulnerable weather or not effects the business system,
07/2013-12/2013
Malicious URL remote check tool
inventor and creator,check malicious URL in the website or other content, can use in many safety system or components
02/2012-05/2012
Vulnerability management system
Desiger,programmer, a website for Vulnerability and Threat Management Make workfl to deal with vulnerable, automation of tasks
01/2012
Malicious device identification SDK
inventor and creator,desiger,automatic identification malicious access and device online.
06/2011-12/2011
Fast precision IP library
inventor and creator,there are many chage in China Ip to really address.this system can identification the ip real address in second
05/2010-06/2012
Malicious URL fast identification system
inventor and creator.project manager,auto identification malicious URL in the content that in the mail /website /sms or other business system
06/2010-07/2011
Specific keywords online fast detection system
creator,designer, programmer,fast identification/filter malicious content message that in the mail /website /sms/messages/IM or other business system
05/2010-05/2015
Over 100+ website pentest
Use fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Acunetix,Core Impact and manual techniques to exploit vulnerabilities, I write many POCs code
04/2009 – 04/2010
Security service for Shandong mobile communication company
Threat and Vulnerability Managemen,risk control,penetration test.solution design
02/2008 – 05/2009
National Sports Game
Threat and Vulnerability Managemen,Threat solution valuation,penetration test
04/2009 –
ACID2009
core technical of CTF china team,defense solution design, threat modelling,network package analysis,log analysis, Malware analysis
12/2008 –
Gansu Telecom Corp.
vulnerability assessment,Risk analysis,solution design,PCI.
08/2009
Olympic China
Solution Design,risk analysis defense, Implement and Operate Security Controls
many projects no give more detail in below list
Shandong National Tax security vulnerability assessment and penetration testing,SOX
Shandong rent risk assessment Safety Assessment Shandong Bureau of Statistics
Shandong Communications Authority, long-term support troubleshooting,emergency incident response Security Bureau in Jinan City,
long-term technical support Ministry of Labor and Social Security Penetration Testing Ministry of Education, Hancock penetration testing
Hebei Province Public Security Bureau, “Population and Human Resource System” Penetration Testing
Hebei Province Public Security Bureau “was looted vehicle system,” Penetration Testing
Fujian province’s postal system safety assessment
Hengyang Securities Security Assessment Century Internet Data Center Security Integration
Ministry of Public Security Network Automated-attack platform Linyi Netcom Security Integration
A game server room on-site emergency anti-ddos Shandong Unicom, Security Emergency incident Response (one-year service)
Shandong Mobile, incident Response, .solution design, log correlation and analysis, vulnerability assessment
Jinan Iron and Steel Group, an integrated security system
Jinan silver mesh and the deployment of a firewall (using the secondary development of open source software)
Jinan Silver Net joint website of anti-ddos (to provide a simple and effective self-developed products)
People’s Bank Security Integration
South Korean factories in Shandong, a game room of a network failure (multi-line re-use)
Shandong trendy long-term technical advisor and technical director (security company)
Chinese Ministry of Railways to deploy security products TV stations in Heilongjiang Province, the deployment of security products
Haidian broadcasting emergency response, security, integration
The deployment of security products across the province Ningxia Hui Autonomous Region
High-tech Development Zone, Jinan City, the building of the NEC area networks (from no to yes, the export gateway routing lines, etc. and the website)
Shandong Province Public Security Bureau Website
Weihai Municipal Tobacco Monopoly Bureau to deploy a firewall
Ningbo, an organ in the deployment of security products,
Of an organ in the deployment of security products in Guangzhou
Jinan Qilu Software Park, network construction Shandong, China Construction Bank network transformation
Weifang institutions of excellence on campus as a whole network construction
and There are a lot of others…
PATENTS
Malicious URL identification method and system (CN 201*********)
A method and device for generating cipher code (CN 201*********)
Pending:
fast IP library construction method and system
video automated identification method and system
identifying and track malicious device method and system
User abnormal behavior recognition method and system
Method and device for predicting safety risk
SKILL
Skill Name
Skill Level
Experience
OS:Unix,Linux,FreeBSD,windows Linux
Expert
18years
OS:sco unix,HPUX, AIX, Solaris,qnux,
Beginner
2 years
Security tools – fiddler,burpsuite,Ethereal, tcpdump,nmap,,wireshark, Kali Linux ntop,wiresharp,nc,metasploit,nmap,nikto,nessus,sqlmap,awvs,vim, web,xss,webshell,wireless hack,APP, Kismet, Netsparker, WebInspect, AppScan, Nexpose, Core Impact and manual techniques to exploit vulnerabilities
Expert
16 years
Team manager,project manager
Beginner
8 years
Penetration Testing – red team
Expert
15 years
programepython,HTML,XML,PHP,Nodejs,javascript,perl,lua,ruby,shell,delphi,vb,java,asp,c#,batch
Intermediate
5 years
Framwork 27001,27002,ITSEC,CC, NIST 800 series, FFIEC,ITIL, and COBIT 17799,SOX,PCI,WASC,OWASP,etc
Expert
12 years
Apache,DNS,http,squid,smb,Asterisk, DHCP, Exim, Munin,sendmail, Postfix, SAMBA, SSH,ftp
Expert
12 years
Network (router,switch,firewall,gateway,vpn,proxy,UTM,SOC,IDS,IPS,F5,ACLs,TAC+/Tacacs,dhcpWAN/LAN)
Intermediate
10 years
Andirod security,ios security,mobile security
Beginner
2 years
Cloud base
Intermediate
15 year
DB database MySQL,PgSQL,sqlserver,oracle,redis,SQLite,PostgreSQL
Beginner
3 year
IOT security
Beginner
2 year
Microsoft Office
Expert
16 years