Security SOC Analyst - Vigilance Incident Response

Boris Levit

Toronto, ON, M*R *N*, Canada h: 416-***-****, c: 416-***-****, *****.*****@*****.***, *********@********.***, https://www.linkedin.com/in/boris-levit-025a88

Enterprise / Security / Data / AI / DevSecOps Architect, CISSP (CN 96686).

EMPLOYMENT HISTORY

InTunnel Monitor, Canada. Enterprise / Security / Data / AI Architect, DevSecOps Lead. The end clients were OSFI, GC DND, SunPower Corp. (now TotalEnergies), OSC, Metsuke. 09/2017 – current

Led architecture, implementation, and advisory engagements focused on cybersecurity modernization, network security, AI/ML-driven SecOps, and cloud-native security platforms across federal and provincial public sector clients, including OSFI, GC DND, and Ontario Securities Commission (OSC).

Designed and operationalized zero-trust security architectures and SSE/SASE solutions integrating CASB, SWG, FWaaS, and ZTNA across hybrid and multi-cloud environments (Azure, AWS, GCP).

Integrated Security Orchestration, Automation, and Response (SOAR) platforms with EDR/XDR/DLP, SIEM (ArcSight, Splunk, LogRhythm, Elasticsearch, Sentinel, QRadar, Datadog), and threat intelligence systems to enable agentic AI-driven automation for phishing mitigation, access control, and vulnerability response.

Developed strategic technology roadmaps and cybersecurity capability assessments, aligning client controls to NIST CSF v2, CIS Controls v8, MAESTRO, STRIDE, PASTA, MITRE ATT&CK, ATLAS, D3FEND, OWASP Threat Modeling Process, Risk Rating Methodology, and sector-specific standards. Made Threat Risk Assessments.

Advised federal departments on data residency, privacy by design, and governance, risk, and compliance (GRC), incorporating compliance with Bill C-27, MFIPPA, and international privacy laws (e.g., GDPR, EU AI).

Implemented DevSecOps practices for secure CI/CD pipelines, container security (ECR Scan, ecr-scan-image, Kubernetes, Docker), and integrated vulnerability scanning tools (Nmap, Nessus(Tenable), terrascan, Burp Suite, Qualys, Netsparker, Postman, Selenium, Sonarqube, Checkmarx, CircleCI) to ensure continuous compliance and rapid response.

Supported hybrid MSSP transitions, developing governance frameworks for co-managed SOC operations and defining performance SLAs, metrics telemetry, and reporting mechanisms.

Delivered executive-level briefings, risk registers, and board-level recommendations; provided hands-on training to internal teams and stakeholder groups on secure cloud adoption and automated security operations.

Experienced delivering secure, scalable enterprise solutions across public and private sectors. Proven track record in cloud-based development and system integration, with AWS / GCP / Azure architecture using tools like Lambda / Fargate, Cloud Run / Functions, API Gateway, S3, Glue, Connect, DynamoDB, IAM, RDS, and Kinesis, etc.

Strong DevSecOps leader with deep hands-on experience in CI/CD (Jenkins, Maven, GitLab, GtiHub), infrastructure as code (CloudFormation, Terraform), containerization (Docker), and cloud monitoring (CloudWatch, CloudTrail).

Expert in enterprise security, privacy compliance, and large-scale government IT transformation initiatives.

Facilitate Large Language Models (LLM) and Small Language Models (SLM) Security project. Handling Flaky Tests, Agent Observability & Evaluations project, Jailbreak Prevention. Work with Google AI Studio, Vertex AI, LM Studio, Dataiku DSS, BigQuery, Purview, Unity Catalog, SageMaker, Databricks, Medallion Architecture, Azure AI Foundry, EU AI Act, Google’s Secure AI Framework (SAIF), AWS Bedrock, NIST AI Risk Management Framework (AI RMF), NIST IR 8596, Informatica, CLAIRE AI, Framework for AI Cybersecurity Practices (FAICP), OWASP Top 10 for LLM and NHI, AI TRiSM, LangChain tools, Colab, Jupyter Notebook, NotebookLM, Cursor, OpenAI, HuggingFace, LangChain, LangSmith, LangGraph, RAG, NVIDIA NeMo Guardrails, Garak, JailbreakBench (jailbreak datasets), AI-SPM, Snowflake, Model Context Protocol (MCP), A2A, Claude Desktop, ChatGPT, Perplexity, Comet, lakehouse, Medallion Architecture, Amazon Neptune Graph Data, MAESTRO Threat Modeling Framework, Pinecone, CSA Artificial Intelligence Controls Matrix (AICM), NIST Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile), Reinforcement Learning from Human Feedback (RLHF), Direct Preference Optimization (DPO).

Participating in GC Data Hub (data management / warehouse) System CONOPS / Authorization to Operate (ATO) / Security Governance Risk Compliance Controls / MLOps project. Support Technology Review Board (TRB). Microsoft Purview, Synapse, and Fabric. Insider Risk Settings / Adversarial attacks (like poisoning).

Data Collection Modernization (DCM) Project.

Works on Non-Human Identities (NHIs) as a part of Oracle Fusion Applications (Oracle IAM, Oracle Identity Manager - OIM).

Worked with Qualiware, ArchiMate, Visio, UML, created operational programs, business / service / security architecture / design, Business Architecture Documentation (BAD), reference architecture, Domain-Driven Design (DDD) and Event-Driven Architecture (EDA), data flow diagrams, business process diagrams, Views (common, strategic, capability, operational, system, technical, information, security) and Subviews, and architectural engineering process.

Developed Security Orchestration Automation and Response (SOAR) Tools for APT (Advanced Persistent Threat so known as Cyber Kill Chain), insider and fraud activities, made TRA, Risk Management.

Use bash, R-language, python, golang, GoCLOUD, groovy, json, yaml, java, .NET, G Suite, Kubernetes, Docker, Windows 11, WSL, Virtualbox, Kali, Ubuntu, Android, OpenSuSe, Tails, OS365, Azure, AWS, GCP, Microsoft 365 E5, Microsoft Dynamics 365.

Worked on SSL covert channel’s revealing project, developed eDiscovery tool, transmit security.

Wrote DevSecOps roadmap document. Made AWS, GCP, Azure DevSecOps Architecture for CNAPP. Participated in on-premises / cloud to cloud migration / integration.

Participated in Agile (Kanban, Scrrum), SDLC, CI/CD practice improvement and ITIL change management.

DevSecOps Security Testing, CIS Controls, MCSB, CSA Cloud Controls Matrix (CCM), NIST Cybersecurity Framework (CSF), KPI and KRI - SAST, DAST (Penetration Testing and Vulnerability Assessment - VA and PT), SCA, MAST. I used redeveloped opensource gotestwaf tool to get WAF score. The detailed report was checked with WAF logs (used AWS CloudTrail / CloudWatch / Antena log facilities) to strengthen the WAF. GCP and AWS WAF scores increased from an initial 40% (of 100 well known attacks, 60 were missed) to more than 90% using different WAF technics. Containerized tools were inserted into AWS Fargate serverless scripted task to generate Security KPI. The same work was done with GCP Cloud Run serverless env. The task was part of groovy based CI / CD pipeline (Terraform pipeline in Jenkins). Participated in the log analysis and SIEM project.

Facilitated log4j mitigation project.

Worked on static code analyzer for Infrastructure As a Code (IaC) / Security As a Code (SaC) / Policy As a Code (PaC) project, used terrascan.

Supported IoT project including MQTT and Equinox.

Facilitated Vulnerability Management for Cloud Workloads.

Redesigned Security Event Management, Security Incident Investigation Process and other Security Operations Center (SOC) procedures – Tier 3. Made security incident analysis, remediation and operational resilience.

Worked with regulations and best practice: DND Reference Architecture, Technology Review Board (TRB), Developed DevSecOps / AWS / Azure / Agile Architecture, Used SSE (Strong, Secure, Engaged) defense policy, Government of Canada Cyber Security Event Management Plan (GC CSEMP) 2019, CMMC, CPCSC, SOX, FIPPA, CCPA, ISO 27001 / 27701 / 42001, GDPR, PIPEDA, Bill 194, GO-ITS 25, GO-ITS 200PRS, HITRUST, ISO /SAE 21434, ITSG-33, DORA, FINRA, BIAN, PCI, TSYS TS2, FedRAMP, AODA, NERC, FISMA, FFIEC IFRS, HL7, FHIR, SaMD, MDDS, IEC 62304, ISO 14971, PHIPA.

Developed, supported, and sustained solutions for Operation Team.

Provided Vulnerability Management for OSC using Qualys. Made Burp Suite project to penetrate OSC Okta solution.

Made PIA following OPC Guide to the Privacy Impact Assessment Process.

Executed CyberArk migration projects involving on-premises to cloud transitions and multi-tenant deployments, optimizing performance and compliance across AWS, Azure, and GCP environments. Worked with CyberArk components, including Vault, Password Vault Web Access (PVWA), Central Policy Manager (CPM), Privileged Session Manager (PSM), Privileged Threat Analytics (PTA), Central Credential Provider (CCP), and Web Session Management, to enforce least-privilege access and monitor high-risk administrative activities.

Supported identity governance and integration between CyberArk, SailPoint, and Microsoft Entra ID, enabling centralized policy enforcement, access review automation, and lifecycle management of privileged identities

Worked on SaaS, IaaS, PaaS, User Behavior Analysis (AI) - including Threat Metrics, OpenText ECM, ArcSight, LogRhythm, Elasticsearch, Splunk, Sentinel, KQL, Palo Alto, Cortex, Prisma Cloud, AWS WAF, CloudTrail, Kinesis, Kafka, CloudWatch, CloudFormation, AWS ECR, AWS Config, AWS IAM, AWS Fargate, AWS Secrets Manager, AWS CloudShell, task definition, AWS GuardDuty, Amazon Inspector, AWS Security Hub, AWS Macie, OCI WAF, Amazon Textract (OCR technology), Terraform (HashiCorp), Github, Github Copilot (AI), Qodo, Bitbucket, Open Policy Agent, Visual Studio, GitLens, git, gitlab, Jenkins, CircleCI, Google Cloud Armor, Container Registry, Artifact Registry, GCP IAM, Kubernetes, AKS, RBAC, VPC, Cloud Run, Chronicle, aws and gcloud cli, ECR Scan, ecr-scan-image, gotestwaf, waf-testing-framework, CloudGoat, Pivotal Tracker, Confluence, Jira, SBOM, Pandas, Slack, Datadog, Akamai, CrowdStrike, Web Application Testing toolkits, Qualys, Netsparker, Postman, Burp Suite, WSUS, Sonarqube, Checkmarx, Node.js, Pega, CIAM Okta, Centrify, Active Directory, SAML 2, SASE, Duo, Pulse Secure, Oracle (11G and 12C), DB2, SQL Server, PostgreSQL, Apache, Airflow, Redis, Azure (Microsoft Entra ID ) and AWS and GCP IAM and PAM like CyberArk (Vault, Web Session Management, Password Vault Web Access, Privileged Session Manage, Central Policy Manager, Privileged Threat Analytics, Central Credential Provider) and Centrify, Cisco SD-WAN, IBM Security Guardium (including OCI deployment), ForgeRock, DataPower, Checkpoint, TOGAF, Reference Architecture, Zachman, Symantec Endpoint Detection and Response (EDR) / DLP, Microsoft Defender XDR/DLP, Netskope, Enterprise Asset Management, Kanban, Scrum, SAFe, Zero Trust Data Access, Atlassian, ServiceNow, REST API, NIST CSF, HTRA, COBIT, OSA, McAfee, Nmap, Nessus(Tenable), VMware, Microsoft Power BI, Bring Your Own Data, Streamlit, Excel, PowerPoint, CVE, MITRE ATT&CK framework, Archer.

HP – HPE - DXC, Toronto, Canada. SOC (MSSP) Security Incident Analyst – Tier 2 / 3. Clients were financial org. and provincial government. 06/2015 – 08/2017

Led security incident response and remediation for cloud-hosted CRM and enterprise platforms, supporting secure delivery and hosting environments in line with public sector standards.

Utilized ArcSight, Cisco Sourcefire IDS, TippingPoint WAF, and Akamai CDN/WAF for threat detection, triage, and response in hybrid environments; created use case content and wrote SIEM queries to monitor cloud-based contact center environments.

Supported CI/CD automation and DevSecOps practices: scripted with Python, Bash, R, and used Jenkins, Git to support continuous monitoring, and alerting.

Conducted cloud infrastructure hardening, log analysis, and compliance alignment with SOX, ISO 27001, NIST 800-53, and Canadian privacy regulations (PIPEDA, FIPPA).

Created technical documentation, playbooks, and RCA reports; worked closely with public sector clients to implement contact center policy and compliance frameworks.

Conducted packet analysis and threat modeling (MITRE ATT&CK), feeding into SIEM and threat hunting pipelines across financial and provincial systems.

Used GrUD (Inventory Management System) / SBOM, Vigilance (Monitoring and Alerting System), ViTAL (Incident and Change Management), MSS Portal, ArcSight (SmartConnector, Logger, ESM), AD, TippingPoint (IPS/WAF), Akamai (WAF/ WWW proxy/ CDN), Cisco Sourcefire (IDS), Juniper Pulse Secure, Damballa, F5, Securonix (ArcSight UBA), kiwi, docker, VMware, Cygwin, OS365, Active Directory, openSUSE, Kali, HP, Windows, Solaris, VB, PowerShell, python, R-language, RStudio, Enterprise Asset Management, Checkpoint, Fortinet, Palo Alto, Exstream, Oracle Internet Directory, Oracle Unified Method (OUM), Microsoft AD, PAM (CyberArk and Centrify), bash (including on Windows 10), Ceph, Helm.

Worked with ArcSight Console, Activate Framework. Utilized event inspector. Wrote reports, trends, queries, bundle, etc. Configured active channels, filters, tools, etc. Made Use Cases Analysis and Logger search queries, log sanity, SIGMA, other content development, PaaS, SaaS.

Made security incident analysis, remediation and operational resilience. Created and maintained tickets and incident response playbooks. Presented recommendations to client's executives. Participated in Client Risk Management. Made presales support.

Acted as a lead and mentor for our Tier 1 Event Analysts Team and client's professionals.

Made packet analysis (pcap) using Wireshark as a part of network forensic process.

Facilitated eDiscovery. Performed Indicators of Compromise search on client's environment.

Processed JSON output from security sources using jq, as a part of Cyber Threat Intelligence (CTI) / MITRE framework, created IoC uploaded to SIEM filters. Worked with STIX. Used several CTI sources including HP Threat Portal, FireEye, Shodan, Vulners (used REST API, jq), CVE, etc.

Participated in HPE / Redhat Openshift project.

Developed Automated Sandbox Procedure.

Facilitated Data Behavior Analysis, including User Behavior Analysis (AI/ML) / MLOps, Threat Metrics. Used python, R, NumPy, PyTorch, TensorFlow, PySpark, Rattle (R Analytic Tool To Learn Easily) for data analysis, data mining and classification.

Worked on DNS queries monitoring to detect DNS covert channel (dns tunneling) and Tor Pluggable Transports.

Developed security incident investigation and other operational procedures. Made Root Case Analysis (RCA) for several alerts in parallel. Participated in DevSecOps Automation efforts. Participated in Threat Risk Assessment, penetration testing and Vulnerability Assessment in our clients' environment. Investigated client's env., market / technology trends, hacker techniques, etc. Was responsible for some KPI, CIS Controls. Made threat hunting. Worked with red team Mandiant.

Made PIA following OPC Guide to the Privacy Impact Assessment Process.

Worked with regulations: SOX, ISO 27001, GDPR, PIPEDA, AODA, NIST CSF, 800-53, 800-61, COBIT, FedRAMP.

Constantly learned hacker techniques tools and incident handling. Made educational presentations for team members. Worked with Network / Web Application Testing toolkits.

Supported banking software (T24), AML, KYC. Resolved Akamai configuration problems. Supported Tanium end point protection solution / DLP.

Metsuke, Toronto, Canada. Security Consultant / Architect. Main clients were Deloitte, IBM, TD Bank, Seneca College, CM Inc. 02/2012-05/2015

Led security architecture design and remediation projects for large enterprise and public sector clients, including CRM platform assessments and compliance-aligned implementations.

Conducted DevSecOps reviews and IAM remediation post-audit (SOX, PCI), providing secure system integration across infrastructure and application layers.

Developed and implemented secure CI/CD practices using Jenkins, Git, and scripting languages (Python, Bash, PowerShell), enhancing deployment pipelines.

Delivered risk assessments and vulnerability analysis for CRM and contact center environments, producing PIAs, TRAs, and compliance reports aligned to FIPPA, ITSG-33, and ISO 27001.

Advised on integration strategies for hybrid cloud environments (AWS, Azure), supporting data flow security, API security, and secure onboarding of third-party systems.

Conducted threat modelling, forensic investigation, and security incident response across client infrastructures; wrote SOPs and technical documentation supporting SOC and hosting teams.

Facilitated secure adoption of tools such as CyberArk, Centrify (CIAM), Active Directory, Oracle, and IBM WebSphere DataPower, used for authentication and secure API access.

Led monitoring and logging implementation initiatives to support availability, performance, and operational resilience for customer-facing services, including CRM modules.

Performed Vulnerability Assessment.

Designed next generation of SIEM, IAM projects.

Participated in IAM remediation after SOX audit. Audited LOB access systems, provisioning and de-provisioning. Interviewed LOB personnel to find out access management problems. Audit and forensic analysis of DB and applications. Worked with CyberArk, CIAM Centrify, Oracle, sqlplus, PL/SQL, MS SQL Studio, SQL Server 2012, IBM WebSphere DataPower, SharePoint, AML. Our client (TD Bank) used Centrify to integrate UNIX / Linux systems with Microsoft Active Directory (AD).

Facilitated hacking incident investigation. Made forensic analysis & remediation, security gap analysis, IT Audit of huge university environment. Interviewed wide range of college personnel (technical workers, professors, college's executives, etc.).

Made monitoring for hardware keyloggers. Built PoC for sufficient defense against USB hardware keylogger threat.

Solved TRA, likelihood, impact, risk evaluation by using Harmonized – HTRA / OWASP risk rating methodology, used ITSG-33, 04. Data Loss Prevention (DLP) project.

Operated Vulnerability Assessments, WiFi Wardriving.

Made remediation recommendations (technical and policy including security incident investigation, change management and BYOD) as a part of Risk Management.

Designed Qradar and Splunk deployment.

Performed OWASP code analysis.

Investigated mobile and Oracle security.

Analyzed Modbus malicious traffic (SCADA project). Made Malware Reverse engineering.

Used Redmine, R, Esper, python, scapy, FIDO, Apache, OpenSUSE, CentOS, Solaris 10/11, Windows, Android, iOS, Novell ZENworks Endpoint Security Management, Xen, KVM, Vmware, Virtualbox, vagrant, packer, Ansible, AWS, Google Compute Engine, G Suite, Azure, TITUS Data Classification, lua, botbrew, adb, sqlmap, ruby, perl, sh, eclipse, jenkins, logstash, lapse+, WebInspect, Fortify, java, node.js, .NET, IDA Pro, TIBCO, VoIP, Confluence, JIRA, NIST CSF.

Worked with Network / Web Application Testing toolkits, USB hardware keyloggers, USBDeview, udev, wireshark, tcpreplay, kbackup, zenmap, nessus, burpsuite, Wigle, Fortinet, rkhunter, Metasploit, Armitage, YaST, Tripwire, Oracle Application Access Controls, NERC, PCI 2 and 3, OSSTMM, OpenID, OAuth, TOGAF, Zachman, SABSA, BIANT, Visio, UML, Websphere, RSA Archer eGRC, COBIT, MFIPPA, PIPEDA, FIPPA, PHIPA.

TD Bank, Toronto, Canada. Sr. Security Specialist, 08/2010 – 09/2011.

Led remediation efforts for legacy systems following SOX and PCI audits, including secure system design and implementation across access control, logging, and authentication layers.

Supported secure CRM and enterprise application environments by enforcing RBAC, OS hardening, and audit trails across both on-premises and early hybrid cloud systems.

Developed ETL scripts and automation tools using Perl, ksh, and awk to support secure data handling, log normalization, and integrity validation.

Conducted forensic analysis and eDiscovery investigations to support compliance reporting and fraud analysis; developed and presented technical reports to internal stakeholders.

Supported RSA enVision SIEM deployment, customizing monitoring dashboards and compliance alerts for high-availability enterprise infrastructure, supporting CRM and customer data pipelines.

Implemented access controls, encryption standards, and privileged access management (CyberArk) solutions aligned with enterprise security policies and identity governance models.

Created and updated technical security documentation, including PIA artifacts, incident handling procedures, and infrastructure hardening guides, in accordance with enterprise standards and industry best practices (COBIT, ISO 27001).

Collaborated with infrastructure, audit, and compliance teams to align IT security controls with FIPPA, PIPEDA, and SOX regulatory requirements.

Resolved integrity and access control problems with server farm configuration. ETL tasks. Programmed on Perl, ksh, awk. Worked with Informatica, CSV, XML, XSLT, COBIT, COSO, BIANT, Visio, UML.

Supported RSA enVision 4.0 SIEM implementation, analyzed configuration, data collection, SOX / PCI related issues, wrote and analyzed enVision Reports. Provided SIEM RSA enVision results to key stakeholders.

Facilitated eDiscovery. Worked on Suspicious Activity Reports, RBAC, File Integrity.

Repaired OS Hardening, server, storage, private cloud security, security policies / procedures, CyberArk (Privileged Account Security).

Used AIX, HP-UX, Solaris, Windows XP, Vmware, OpenSuSe, Redhat, Remedy, Archer.

Avetti.com, Toronto, Canada. Security Consultant / Team Lead, 01/2010- 02/2010.

Led IT security and DevSecOps restructuring for a global e-commerce platform, aligning infrastructure and application controls with ITIL and PCI-DSS best practices.

Conducted cloud readiness and compliance assessment of CRM/e-commerce systems hosted on AWS EC2 and AMI images; utilized Elasticfox for environment provisioning.

Performed OWASP-based code reviews and web application vulnerability assessments using tools like WebInspect, ReviewClipse plugin, and lapse+ SAST, remediating security gaps in payment and customer data flows.

Designed and implemented ModSecurity WAF with Breach ruleset as part of PCI compliance initiative to protect web-facing APIs and customer interfaces.

Created and presented a Security Awareness Program to internal development and operations teams, enhancing secure coding, DevOps hygiene, and change control.

Managed a distributed sysadmin team and coordinated vulnerability remediation across global environments using scripted automation (Perl, Shell) and open-source toolchains.

Supported SaaS/PaaS-based deployment models and reviewed AWS IAM, firewall, and access control configurations to align with PCI and secure cloud hosting patterns.

Restructured ITIL and Company Security systems to accommodate Good Practice standards.

Managed distributed (overseas) sysadmin team.

Configured iptables.

Worked with SaaS, PaaS, OpenSuSe, CentOS, RedHat, Vmware, Citrix, Xen, Puppet, Chef, MongoDB, java, java swing, jython, git, Eclipse, Hudson, Selenium, perl, shell. Used TOGAF for EPF (Eclipse Process Framework), GoToMeeting.

Dark Matter Development, Toronto, Security Consultant / Architect, 07/2009-12/2009.

Mitigated insider threat.

Led the redesign of enterprise security and systems architecture for secure hosting environments supporting CRM and video management platforms.

Reconfigured organization-wide SSH access systems to improve privileged access management and remote control security for distributed infrastructure.

Authored formal security policy and incident response procedures in alignment with OWASP, PCI-DSS, and ISO 27001 standards, strengthening hosting governance practices.

Conducted penetration testing, forensic investigations, and root cause analysis (RCA) on insider threat activity; provided remediation guidance and improved detection controls.

Deployed and customized OWASP testing tools including WebInspect, Burp Suite, nmap, and Nessus for vulnerability assessments of web-based and backend systems.

Identified and mitigated covert channel threats and botnet communications using network monitoring and traffic analysis techniques, contributing to overall system hardening strategy.

Assisted in defining secure system configurations across Linux (OpenSuSE, Fedora), Mac OS, FreeBSD, and Windows environments, enhancing multi-platform hosting resilience.

Facilitated companywide ssh access system reconfiguration.

Redesigned Security / System Architecture, Video Management Solutions.

Wrote security policy.

Analyzed botnet attacks.

Used Windows Vista / 2008, ScreenOS 5.4 (Juniper), Mac OS X 10.6, iOS, OpenSuSe 11.1 / 11.2, FreeeBSD 7.2, Fedora, Simultaneous Dual-N Band Wireless Router, IP KVM, Brocade, Startech, Foundry Load Balancer, MySQL, Apache, Hadoop Distributed File System (HDFS), Pig, Hive, mediawiki, openldap, Open DS, OpenSSO, postfix, Cyrus imap, OWASP, THC-Hydra, burp suite professional v1.3, autopsy, munin, svn, yafic, dovecot, Time Machine, Xsan, AFP, skype.

Performed PCI compliance analysis, infrastructure / DB / private cloud / code review – lapse+ SAST.

Created anti-spam project. Suggested IronPort+RSA as an anti-spam and DLP decision.

ACL project for FreeBSD and MacOS.

N-Dimension Solutions Inc. (SCADA Security Integration, MSSP), Richmond Hill, Canada. Sr. Security Developer / Architect / Project Manager, 07/2007-2/2009.

Led the architecture and project management of complex, secure hosting solutions for SCADA, identity management, and enterprise systems, supporting critical infrastructure in the public and utilities sectors.

Designed and implemented DevSecOps automation pipelines using Hudson (predecessor to Jenkins), shell scripting, Perl, Java, and PHP, improving deployment and remediation cycles across regulated environments.

Developed secure gateway and IAM solutions (OpenLDAP, Sun IAM, Novell IDM) for highly available, identity-governed platforms, laying groundwork for later cloud-based CIAM models.

Conducted ethical hacking, vulnerability scanning, and full lifecycle Threat Risk Assessments (TRA/HTRA) aligned with NERC, PCI, OWASP, and ITSG-33 standards.

Implemented Infrastructure-as-Code principles using tools like Puppet, Xen, and iptables to provision and harden secure, high-availability environments for data processing and customer access.

Built and deployed secure, ruggedized platforms for real-time data ingestion and telemetry integration using Modbus, DNP3, and secure Linux-based operating systems.

Participated in cloud computing pilot projects, integrating secure open-source frameworks and containerization strategies in early SaaS/PaaS deployments.

Delivered documentation and governance artifacts aligned with TOGAF, SABSA, and Zachman frameworks to support enterprise architecture and compliance readiness.

Supported and mentored technical staff; developed project documentation including SOWs, milestones, and compliance checklists for SCADA, IAM, and GRC solutions.

Had primary responsibility for projects management.

Led the design, testing, planning, and implementation of complex projects.

Led the development and implementation of a broad, coordinated set of plans and programs to meet the goals and priorities of the company.

Made the definition of project missions, goals, tasks, and resource requirements; assisted in the resolution of conflicts between projects or functional areas; developed methods to monitor project or area progress; and provided corrective supervision if necessary. GO-ITS 24,25.

Participated in outside professional activities to maintain knowledge on developments in the field.

Continuously improved project management toolkits and methodologies.

Was responsible for project staff. Participated in interviewing and hiring process.

Used tools: PaaS, Fedora c7, Gentoo r6, openSuSe 11, RedHat, Xen, Win2K/XP/Vista/2008, Redmine, System Center Configuration Manager (SCCM), lighttpd, Solaris, iptables, MySQL, SCADA, AGA-12, Modbus, DNP3, Perl, sh, bash, PHP, seagull, java, java swing, spring, javascript, APM, flex (lex), bison (yacc), SSL certificates (using openssl), umbrello, gnupg, C, C++, Eclipse, Hudson, cvs acl, bugzilla, cvs web, syslog-ng, snortalog, Nagios, Android, Nessus, HP WebInspect, N-Stalker, nikto, Paros, OWASP, Pantera, OVAL, SCAP, OpenVAS, SLAD, tiger, nessus plugins development (nasl2), nmap, zenmap, snort (Sourcefire), oinkmaster, ITSA v3.5, Wireshark v0.99.6, Metasploit framework 3.1, ruby, python, Burp Suite 1.1, MoinMoin Wiki, Drupal, Web Content Accessibility Guidelines, lua, NetIQ, Google Mail / Calendar / Docs, Forensic Toolkit (FTK), etc.

Ruggedized (IEEE 1613 complaint) Platform Project. Used Schneider platform with flash memory drives.

Identity Management Project (AD, OpenSuSe LDAP, Fedora Directory Server, Sun (now Oracle) Identity and Access Manager, Novell Identity Manager, WS-Security, SASL). Gentoo and Fedora pam_ldap implementation.

Executed Version Transformation (parsing and lexical analysis).

Wrote Modbus gateway on Android platform.

I participated in cloud computing project.

Performed Ethical Hacking and Vulnerability Scanning Project (Harmonized – HTRA / OWASP Threat Risk and Vulnerability Assessments) including general purpose and web application vulnerabilities scanning, vulnerabilities analysis, hardening, SELinux. Produced NERC and PCI compliance reports using Nessus, N-Stalker, Webinspect and Burp Suite, performed OWASP web application audit. I participated in Risk Management.

Developed Snort SCADA signatures and Nessus vulnerability plugins.

Created Snort enhancement project: EMERALD, SnortSP, SnortSMS.

Contributed to snort reporting and syslog server projects based on complex message filtering, integrating, archiving and visualization made by syslog-ng, snortalog, perl. Facilitated eDiscovery.

Participated in NERC and other industry, Canadian and NIST standards for example ISO 27001/2, COBIT, OSSTMM, Domain Expert Working Groups (further NIST 7628), Compliance projects (OEB / NEB).

Contact this candidate