Security Manager
Resume:
Martin Anthony Cicalla Jr.
CEH, CISSP, GIAC (GSNA)
Oakland, CA 94611
*******.*******@*****.***
Objective: To work at a position where I may apply what I have learned in regards to penetration testing and Information Security over the last 7 years. As well as reduce the risk overall for the company the knowledge I have learned regarding network security and penetration testing.
Profile: I’m a highly energetic and outgoing person who is able to work independent or with a professional team, I like to get the job done correctly and efficiently the first time. I also believe that there is always something to be learned.
Skills:
Knowledge of the nature and sources web application and database vulnerabilities, how to identify and exploit them,
Knowledge of the nature and sources network and host application vulnerabilities,
Knowledge of the nature and sources of computer viral infestations,
Develop and present educational programs and/or workshops.
Assist clients in remediating vulnerabilities on their network or web application.
Maintain and modify data and physical security guidelines and procedures,
Work effectively with peers and cross-functionally within the organization.
Install, troubleshoot, and maintain information security software and software enhancements.
Stay current with technological developments/trends in area of expertise.
Vast knowledge in computer security issues, requirements and trends,
Develop policy and procedure documentation and identify, then eliminate computer system intrusions and/ or security breaches.
Devise solutions to computer virus problems.
Understand firewall and VPN solutions.
Design secure networks, conducting network and security audits.
KPMG
Sr. Associate – Advisory
October 2010 – Date
Job Responsibilities:
•Oversee and conduct vulnerability assessments and penetration testing/ethical hacking
•Oversee and perform the review and analysis of security vulnerability data to identify applicability and false positives
•Prepare and distribute security assessment reports to customers
•Research and develop testing tools, techniques, and process improvements
•Perform additional incidental duties as assigned
TECHNICAL KNOWLEDGE & SKILLS
- Proficiency in utilization of information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect and Nikto, Metasploit, and manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited too cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems
- Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
- 10+ years hands on experience in one or more of the following Operating Systems: Windows Server 2003/2000/NT, Linux and UNIX
- A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures
- Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools
- Knowledge of information system architecture and security controls (i.e. firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures)
- Payment Card Industry (PCI) project experience
Sapphire Technologies
Certified Information Systems Security Consultant - Telecommute
Bank of America, Enterprise Information Management
December 2008 to May 2009
Certified Information Systems Security Consultant - Telecommute
Bank of America, Enterprise Information Management
Worked with consulting group as an expert consulting on information security migration projects related to the Merrill Lynch and Countrywide acquisitions. Reviewed the project charters and related documentation to make sure the designs meet the bank’s policies and standards. I recommend alternative solutions to maintain compliance. When compliance was not possible I documented this information in their audit exceptions database for follow up audits related to the exceptions.
NASA
Certified Information Systems Security Consultant
Santa Clara, California
December 2008 to March 2009
Consulted NASA on the Algae Omega Project
NASA AMES, Moffett Field
Provided a Power Point presentation regarding security and information security for the Algae Omega project as part of the green initiative and presented the steak holders of the project as well as answered questions regarding security policy and possible solutions for the project’s challenges.
McAfee, Inc. Research Scientist
Santa Clara, California
April 2006 to December 2008
Tested for SQL injection both error-based and blind, Cross site scripting, Persistent Cross site scripting, remote file include vulnerabilities, session hijacking, full database exploitation.
Proficient in Nmap, Nessus, Nikto, Amap, Netcat, cURL, Burp proxy, Paros Proxy, SQLix, Tamper IE, and other tools and utilities to identify and verify the existence of both network and web application vulnerabilities.
Assisted enterprise sales as a subject matter expert in closing sales for the McafeeSecure daily scanning service for PCI compliance.
Monitored various industry mailing lists such as full disclosure, pentest, bugtraq, focus ms, focus linux, focus apple for cutting edge releases of new vulnerabilities disclosed to the community.
Trained to follow the OSSTMM and OWASP methodologies when performing engagements.
Scanalert Penetration Tester – acquired by McAfee
Presently use Nmap, Nessus, Nikto, Amap, Netcat, cURL, Burp proxy, Paros Proxy, SQLix, Tamper IE, and other tools and utilities to identify and verify the existence of both network and web application vulnerabilities. I monitor various industry mailing lists such as full disclosure, Pentest, Bugtraq, focus ms, focus Linux, focus apple for cutting edge releases of new vulnerabilities disclosed to the community. I am trained to follow the OSSTMM in performing any engagements. I also performed forensic investigations through reviewing logs and web servers that had been hacked for the vector used permitted the client had proper auditing in place. We would also work with the client to educate them in better ways to secure, monitor and audit their systems.
Bankserv, Sr. Security Engineer / Auditor
San Francisco, California
November 2005 to April 2006
My position involves working as an Intrusion Detection Analyst, as well as an Information Systems Auditor. I use Nessus, Nmap, Snort, Samhain and other tools to test and verify the integrity, confidentiality and availability of the network resources.
• .Participate in development and implementation of information security policies and procedures; recommends hardware, software, security guidelines, and safe practices, for corporate wide computing and networking systems.
• Makes recommendations for resolution of incidents of security breach, to include system intrusions and abuse.
• Investigates and identifies solutions to viral infestation and damage; administers the antiviral program, and works with peers to select and coordinate the support of virus protection software for common platforms in use across the organization.
• Develops, facilitates, and presents information security awareness and security training within the organization as required.
• Reviews and updates data security practices within the organization; tests for exposures to ensure adherence to guidelines and procedures, and works with CIO and Network Manager to implement remedial measures as appropriate.
• Participates in special projects concerning information security, including testing and implementation of security software enhancements, scheduled SAS70, and other internal or external audits or projects as required.
• Maintains a broad knowledge of state-of-the-art technology, equipment, and/or systems.
• Ensures strict confidentiality of client and corporate information.
• Establishes regular schedule for auditing and monitoring of System and Network security; reports results and recommendations to CIO and Network Manager.
• Provides Production Support during business hours and is available for non-business hour production support as required.
Works effectively with peers in All Departments: Networking, Security, Development, and System Administration.
• Assist in Disaster Recovery and Scalability planning as required.
• Submit bi-weekly timesheets to the COO, CIO, and Network Manager.
• Performs miscellaneous job-related duties as assigned.
Langtech, Systems Consultant / Sales Engineer
San Francisco, California.
July 2004 – November 2005
Managed eight clients for Langtech taking ownership of the entire IT infrastructure for each of the clients from the desktops to the firewalls.
Education:
• Attending Colorado Technical University Online
• University Of Memphis – Credits towards my degree
Certifications:
Certified Ethical Hacker
Certified Information Systems Security Professional # 68963
Symantec Certified Technology Architect
Microsoft Certified Professional
SANS GIAC (GSNA) Systems and Network Auditor
Certified Novell Administrator 4.11
Attended SANS training for the SANS GIAC (GSOC) Securing Oracle presently studying for the exam
Areas of knowledge:
• IT Audits, Penetration Testing, Vulnerability assessments for regulatory compliance.
• Amap, Nmap, Nessus, Nikto, SQLix, Retina, cURL, Paros, Burp Suite, Webscarab, Spike, Achilles "fault injection", TamperIE, Whax, Backtrack 2-4, Knoppix STD, Netcat, Watchfire's AppScan, SPI Dynamics' WebInspect, Application Security Inc.'s AppDetective, Whisker and many other tools.
• Knowledge of databases, and web applications and how to test and identify vulnerabilities and exploit them.
• HTML, ASP, PHP, XML, CSS, SOAP, Perl, JavaScript, VBscript
• Windows XP, NT 4.0, Workstation, Server, and Terminal editions, 2000, 2003 Professional and Advanced Server, Exchange 5.5, and 2000 and 2003, SQL 7.0, 2000 and 2005, IIS 4.0, 5.0, and 6.0, Front page, Interdev 6.0, Visual Studio 6.0
• Linux / Solaris, FreeBSD
• Citrix MetaFrame 1.8,
• Ethernet, Token Ring, LAN, WAN, Intranets, Internets, Extranets, VPN, RAS, RSA SecureID
• Cisco PIX, Checkpoint, Sonicwall
• Cisco, Nortel routers, switches and extranets, Nortel PBX with Meridian Mail, Avaya VOIP
• Norton Ghost 7.0, 2003, 2004 enterprise edition, Symantec Client Security and Antivirus Technology Architect.
• Novell Netware 3.x, 4.x, 5.x, GroupWise, ZENworks
Groups and Associations and Memberships:
• Certified Information Systems Security Professionals
• Council of Registered Ethical Security Testers
• ECSA – LPT and penetration testing professionals
• Homeland Security Professional
• Information Security Community
• Information Secuirty Magazine – Information Security Community
• Mcafee Professionals
• Nessus Users
• Nmap Security Scanner Users
• PCI PenTesting
• Redteam: Association of Penetration Testers
• Security Leaders Group
• WiFi Penetration Testers
Contact this candidate