Fork Lift Security Analyst
Resume:
Dave Patterson
Centerton, Arkansas 72719
Cell: 408-***-****
Email: *********@*****.***
Objective: I am a seasoned IT professional with a diverse background in technical and business experience in Operations and Information Security. If you are seeking a motivated, detail oriented team-player, willing to learn and share new technology, I am currently seeking a position within your organization.
Specialties: Application development, process improvement and automation (physical and electronic), architecture design, access provisioning, vulnerability management, security incident analysis and remediation, threat hunter, disaster resiliency and recovery, project management, problem solving, cross-functional communicating, writing, mentoring, team building, Teaching/Training, Public speaking, ERP, finance reporting, client relations, customer service, technical jargon translator
Technical Experience:
Security Analyst - Allegiant Airlines
January 2014 Las Vegas, Nevada Area
Performed installation of MovIt by Ipswitch (AKA Progress) for securing file transfers. This application is used for the crew to communicate in a secure manner. Stewards could reliably place orders via a mobile device for foods aboard the aircraft. This was in order to comply with PCI, HIPAA, CCPA as well as GDPR and SOX governance requirements.
Security PCI Program Coordinator (TEK Systems) / Caesars Entertainment Corporation
March 2012 – January 2014 Las Vegas, Nevada Area
Organization of Data Digital Security team activities and individual projects for the PCI Security Program
Monitor and report PCI Program project progress
Vulnerability Management - Perform vulnerability scans, define and reported insecure compliance issues within the cloud infrastructure.
Incident Response - Respond to security incidents reported via SIEM applications, through successful resolution
Investigate and remediate: Virus Infections, elevated privileges, Cisco ASA PIX FW issues, load failure/terminated/missing AV definitions, etc.
Write and Critique - Security Policies, guidelines, standards, procedures and best practices.
Develop Team communications web pages through SharePoint that included FAQ, Knowledge base, individual, team and organizational information, project Gantt charts, calendars and security updates
Deploy 2-factor Symantec VIP token authentication for VPN
Design and develop the internal department web site to formally exchange required information to the enterprise and to produce seamless online engagement for providing expedient client services regarding security matters. Programming in HTML, JavaScript and CSS.
Information Security Investigator / Analyst - Cisco Systems
March 2002– July 2011 (9 years 6 months) Remote Position
Information security incident diagnosis and remediation, process improvement and automation, intrusion detection, application and system vulnerability assessments, Security Tiger Team leader/facilitator, provided case-by-case incident metrics, Multi-Project Manager, Windows Security Team Lead, Southern Nevada InfraGard member
CSIRT and Infrastructure Security Teams, personally handled ~800 individual security incident cases on a yearly basis that included malware, botnet, spam, phishing, email spoofing, compromised access, copyright infringement, and other issues requiring remediation.
Investigations were performed with the use of SPLUNK, Netforensics, Wireshark and other tools, along with network commands to gather and validate pertinent information relative to each case.
Performed application PCI risk assessments to enforce compliance of security policies for SOX and ISO standards
Performed penetration tests. Random exploits to demonstrate accessibility to vulnerable systems (Metasploit)
Communicated information security awareness to enterprise cliental via presentations, white papers, memos and videos
Enforced security compliance by notifying and instructing sys/app owners of the latest vulnerabilities and remediation
Maintained the Host Security web site and documentation (procedures, governance initiatives, policies, upgrades, etc.)
Worked with many administrators to improve/streamline the various operating systems and applications patch processes.
Apache vulnerability remediation project to migrate 10k+ global web servers to a secure version or decommissioned.
Identified and investigated unregistered generic accounts and saw them through to legitimate registration or removal.
Implemented upgrade migration of Remedy7 problem ticketing system for Information Security
Developed automated internal/external incident engagement process, decommissioned obsolete manual process
Created a case reduction initiative through process improvement and policy communication
Completed implementation for; cleaning up /etc/group UNIX files, email account creation, tracking and disabling unused UNIX accounts, identifying and disabling unused accounts.
Completed cross-functional project to validate and resolve the UNIX dba group access on all critical business systems
Removed insecure r*commands from Unix hosts (like rlogin) and services such as ftp, login, telnet, shell & exec and replaced with more secure services.
Managed the Netflow global deployment project to collect ingress/egress network traffic for SIEM integration.
Secure Shell (SSH) implementation replacing telnet and mapping Reflections to be user intuitive.
Eliminated excessive root access gained through the Sudoers elevated access privilege program
Managed the Vulnerability Alert Manager application project implementation – Security vulnerability alert database and installed original CVSS (common vulnerability scoring system) on board
Automated host security vulnerabilities detection and prevention process
Managed Lab security audits and compliance initiative for over 2000 Cisco internal labs located globally
Member of Anti Phishing Work Group (APWG), SANS and Forum of Incident Response Security Teams (FIRST)
Global Access Team Lead / Cisco Systems
March 1997– March 2002 (5 years 1 month)
Managed a global team consisting of 5 U.S based, 3 Europe and 4 located in Sydney.
Developed and implementation of OnRamp - Access provisioning web application.
Managed several application development projects through PLC (develop, test, implement) for newly introduced applications for automated account provisioning processes
Access Team representative, gave informative presentations to other departments whenever required.
Met with internal and external auditors on a regular basis to ensure SOX compliance on all levels and validating role-based access privileges
Team and individual meetings through phone, email and in person,
Regularly updated executive management team with information and business impacting data.
Performed and average of 14 acquisitions per year. Assimilating new employees without productivity loss
Managed employee and client relation issues at the team-lead level. Wrote, updated, edited and critiqued procedures.
Delegated, scheduled On-Call duty and provide coverage whenever needed.
Maintained department statistics and wrote quarterly executive summaries.
Created charts and graphs from statistics for reporting case load and performance data
Performed recruiting, interviewing, hiring, training (or delegate training), exit interviews
Continually strived to make improvements to the existing processes and workflow for the team.
Listened carefully to client survey feedback and make adjustments based on relative complaints and suggestions to improve and maintain high customer satisfaction.
Created accounts whenever there was a need such as covering queues, escalations or unusual access requests.
Created and setup programs that reduced steps for processes that could not be fully automated
TRAINING: Made visits to Raleigh, Amsterdam & Sydney. Met with TRC and Access in both regions and gave seminar forum presentations on all aspects of accounts ranging from security to interaction with various departments and clients. I trained additional team members in Sydney to handle the Asia Pacific region access requests.
SCM Team Lead / Cisco Systems/Operations
March 1999– March 2000 (1 year 1 month)
Managed a team of 4 individuals to deploy and maintain the enterprise application and database lifecycle version control system 'Apps-Integrity' (Chain Link)
Duties: Met with team members on group and individual basis. Engaged with internal clients for new development and implementation discussions. Maintained application performance records. Created and communicated version control policies and standards with clients.
Operations Analyst/Contractor - Cisco Systems/IT
March 1994 – March 1997 (3 years 1 month) Santa Clara, San Jose
Managed backups, produced system performance reports, maintained maximum system uptime through routine and out of cycle maintenance, managed weekly, monthly, quarterly MRP reporting via Minx (Later Oracle).
Developed many scripts and programs to automate the variety of processes that had many manual steps formerly that are still in use today
Developed and implemented the Emergency termination program to expedite the off-boarding process.
Track Lead in Oracle business system conversion project "Operation Backslash" for access provisioning.
Education:
University of Phoenix, BSB/EB, Electronic Business / 2000 – 2006
San Jose City College, Automotive Technology / 1974 - 1976
Networking (De Anza College) 1990
QualysGuard Certified Administrator – Policy compliance and vulnerability assessments
Completed 10 Security Domains course at SANS with Dr. Eric Cole. Preparing for CISSP examination
Counterterrorism (DHS)
Computer Systems Operations (HP)
Clear Writing Techniques (HP)
CFR49 & IATA hazardous materials certified in Logistics
Management and Supervision (San Jose Vocational School)
Certified California Fork Lift Driver (10 years active)
Lincoln High, Stockton, CA
Skills:
Pen test, UNIX/Linux, CSM, Qualys, Netflow, SPLUNK, netForensics, CSMars, Nagios, Nessus, Wireshark, Metasploit, Solutionary ActiveGuard, Symantec SEP, DLP, Cloud AWS, VIP, Perl, LDAP, BGP, Apache, Tibco, HTML, Javascript, CSS,TCP/IP, XML, C, C++, KSH, CSH, BASH, TCP/IP, VoIP, Alliance7(Remedy BMC), Business Objects, Cloud, SaaS, Bugzilla, Change Management, VPN, DHCP, DNS, Safeword (AAA), Softoken, RSA, Microsoft - Excel, Word, Access, Outlook, SharePoint, Dreamweaver, Interwoven, Wiki, Photoshop, Visio, Unix, Linux, Reflections2, Putty, MPEX, Windows98, WIN7, WIN10, Vista, Exchange, Outlook, Active Directory, Meeting Maker, MySQL, Oracle 9,12i, Minx, ERP, Mac OS, Lotus, Clarify, Ariba, DART (XTCM), EcoSign, Ipswitch, MOVEit, Crack, CPR certified
Additional Honors & Awards:
Cisco Systems ERP Team Award - February 1995
Strategic Services Key Contributor - February 1997
Cisco Systems IS Q3 FY97 Quarterly Outstanding Contractor Award - May 1997
Cisco Systems IT Q2 FY99 Quarterly Global Player Award - Access Team - March 1999
Cisco Systems IT Q2 FY01 Quarterly Outstanding Team Award "Access Team" - February 2001
Websites:
- Personal - http://www.employees.org/~dpatters
- Public Linkedin Profile - http://www.linkedin.com/in/dpatters
Contact this candidate