A sercurity Resume
Resume:
Michael C. Brooks
************@*****.***
Security Clearance
DOI Public Trust,
Key Skills and Knowledge :
CISSP candidate 6/09
Sans Intrusion Detection Analyst Training(GCIA) Course.
Cisco Certified Network Associate (CCNA),
Microsoft Certified System Engineer (MCSE 2000)
Domain Expertise & Solutions
Managed Mixed Domain Novell and windows NT & 2000, Unicenter TNG, Veritas Backup Exec/ BrightStor ARCserve/
Novell Directory Services/ Microsoft Active Directory
Project and Program Management
Communication and Networking
802.11a/b/g Network Standards, AppleTalk, DHCP, DNS, Ethernet, Fast Ethernet, FTP, Gigabit Ethernet, H.320/323, HTTP/S, IMAP, IP, IPX/SPX, NAT, NetBEUI, NetBIOS, PPP, PPTP, RIP, RS-232, SCSI, SNMP, SSH/SSH2, TCP/IP, VPN, X.25, X.400. Apache, Cold Fusion MX, IIS, Microsoft Active Server Pages, Microsoft Exchange Server
Hardware
RSA Token and Smart Card Technology, Dell PERC3 RAID Controller, Apple Equipment, Compaq Drive Array, Compaq Servers, Dell Server & Workstation Equipment, NetServer, Exabyte Equipment, Intel based PCs, Macintosh
Operating Systems
Snort, Linux, Windows Server,Windows XP, Windows 2000 Server/Advanced Server, Novell 4.x/5.x/6.x,
Software/System Architecture
CheckPoint IPS, Base IDS, NCase, Ncircle, RSA SecureID,RSA Ace, Perrigrine, Tenable Nessus, Symantec Endpoint SecurityManager, Exchange 2000, Lotus Notes(Domino Server), Cisco Works,
Skills Summary
Strong record of innovative achievement in overall IT Business environments: System Configuration, System deployment, Network Intrusion Detection, Network Security, Information Assurance and Incident Management.
Ability to develop and implement policies and procedures, Manage large scale projects, and manage a team of multi-level engineers.
Highly adaptable to any business or environment, fast learner, enthusiastic, ability to work well with others, and self-starter
Project Experience:
1/2008 to Present Sava Corporation/Bureau of Indian Affairs(DOI)
Intrusion Detection Engineer/Security Analyst
Description:
• Monitor network traffic and report incidents through the IDS
• Analyze network traffic against known signatures
• Report incidents and execute appropriate countermeasures
• Maintain intrusion detection systems and monitor the network for malicious/unusual traffic; evaluate the type and severity of incoming events and take the appropriate corrective action or escalation procedure.
• knowledge of threat identification and incident response principles
• Interpret and prioritize threats through use of IDS/IPS systems as well as firewalls and other boundary protection devices.
• Using Snort and CounterAct to identify potential, successful and unsuccessful intrusion attempts and compromises.
• Performs unobtrusive FBI/SANS Top 20 Nessus scans in accordance with DOI/BIA directives
• Assists in security incident investigation and forensics.
• Analyzed relevant event detail and summary information provided by monitoring systems to determine threat level and false positives.
• Experience reviewing information security documentation requirements as they apply to, systems and network security engineering best practices, government compliance with NIST 800 Documents and general reporting requirements for Federal Information Security Management Act (FISMA)
• Periodically perform on-demand system audits and vulnerability assessments.
• Utilized basic knowledge of Linux to review SysLog as well as Snort command line network monitoring.
• Install and maintain security infrastructure, including IPS, IDS, log management, and security assessment systems.
• Functional Knowledge of Snort, Peregrine, Foundstone, NessusTenable, Base, EnCase, and packet sniffing technologies.
• Established alert and incident escalation process.
2/2006 to 1/2008 Nortel Corporation /GAO
Information Security Enigneer /RSA SecureID Administrator
Description:
• Monitored IDS sensors to maintain network security and integrity.
• Monitor network traffic and report incidents.
• Analyze network traffic against known signatures
• Report incidents and execute appropriate countermeasures
• Updated Snort Sensors with latest RSA Signatures.
• Installed and configuration for Symantec End Point Security Environment . Distrubed clients created Policies Rules and Workstation Exceptions.
• Resolved all Server and Client issues that applied to end point environment and supporting devices.
• Responsible for support of existing security policies and procedures, as well as creation and implementation of new security procedures.
• Assess threats, risks, and vulnerabilities from emerging security issues.
• Used knowledge of NIST 800 Documentation to apply security Harding standards to Windows 2003 servers.
• Maintained security of User Log in via 2(RSA/Novell/Citrix) form authentication. Monitored and maintained physical and logical security and access to systems.
• Responsible for the requirements gathering, requirements analysis, design, installation, integration testing, documentation and enterprise wide compliance to information security standards of the RSA ACE and RSA Keon authentication servers .
• Conducted technical audit of all server functions and network hardware within the company and for customers.
• Functioned as Level 3 user support to assist Helpdesk staff in resolving user Token authentication.
• Achievements include completing SecureID/RSA ACE 6.1 upgrade and user as well as server migrations.
• Knowledge of CERT procedures and NOC operations
•
11/2003 – 2/2006 Unisys / Transportation Security Administration (TSA)
Security Watch Officer/Incident Response Analyst
Description:
• Responsible for responding to security and network incidents on the TSA/DHS network. As an Incident Response Analyst I responded to computer security incidents and escalated when necessary as well as coordinated responses to computer security incidents
• Serves as initial POC for Network/Security Events. Coordinated the incident escalation process and created call tree for internal and external entities.
• Compile supporting information and reports necessary for incident response.
• Assisted with and responsible for providing real-time network monitoring of TSA sites to determine site status
• Ensured all NOCC/SOCC monitoring and reporting tools are functioning and reporting properly.
• Managed solutions and personnel to resolved network and security incidents.
• Managed relationships with the customer’s engineering, audit, sourcing and management teams
• Managed and recorded all action taken by Incident response team and System owners to resolve network anomalies.
• Coordinate product development and project management for Unisys on the Transportation Security Administration (TSA) Contract.
• Proactively identify opportunities to contribute to the growth of the environment and eliminate unnecessary infrastructure policies and procedures wherever possible with in TSA.
• Maintain the role of subject matter expert for all business functions within the assigned business unit and related system processes. Act as a liaison between Business Units, Information Technology, and Operations groups.
• Generate trend reports, project status, project results, and other reports needed to manage the implementation of approved projects.
• Identify scope of projects for approval and manage the implementation of such initiatives.
• Communicate findings and project status to operations manager and TSA Operation. Identify and communicate risks and issues requiring action and make recommendations toward resolution.
• Assist management of in preparing implementation plans/change management activities associated with new and /or revised processes and procedures.
• Maintain a strong working relationship with senior management and key representatives within the various departments. Facilitate engineering groups and communicate between vendors and affected sites and or departments, as needed.
9/2000- 10/2003 Apogen / U.S. Customs Service Springfield, VA.
Team Lead/ Senior Network Field Engineer
• Migrated and consolidated Novell servers for the INS network and US. Customs network into single Novell server to service both departments.
• Installation of Windows 2000 servers in a mixed environment(Novell\ Microsoft)
• Developed and tested standards and procedures for the installation of typical USCBP Windows2000 and Novell 6.5 servers.
• Assess and repair security vulnerabilities on Windows 2000 servers, routers and switches.
• Proposed, Installed and configured US Customs Field Support team test Lab as well as trained Junior Engineers on the installation and configuration of Novell server, Windows 2000 servers, Exchange (servers, user’s admin, and client configuration), Cisco Router/switch Installation.
• Implementation of Security policies to secure network Integrity at US Air/Land/Sea Port of Entries.
• Configure a wide area network consisting of Frame Relay, T1, circuits linked by Cisco Systems routers hardware architecture.
• Cisco switch and router installation and configuration; equipment purchase and vendor relations.
• Plan WAN site organize and executing network system.
• Troubleshoot problem installation and hardware architecture support; identify and solve operational problems in an on-line environment involving local and remote equipment.
• Redefined an implemented backup and disaster recovery procedure to insure fault tolerance and recovery of Network Data using Arcserve 2000 Enterprise.
• Upgrade of server Hardware to Dell series servers.
• Installed barometric verification devices at all the Land, Sea and Airports in the United States, Guam and Puerto Rico.
• Lead Engineer in the U.S. Visit project to place Finger print scanners and cameras in all International Airports in the United States for the purpose of cataloging future travels and possible terrorist threats in the US.
• Worked with architects and building engineers to devise best case scenarios for LAN installation in new office throughout the United States.
• Installed service patches and Directory Services upgrades to novel 5.1/6.5 services in the field.
• Design and analyze a nationwide technical infrastructure composed of workstations running Windows NT 4.0, local area networks, and associated file and print servers running Novel 5.1, and Lotus Notes.
1/1998 to 2/2000 Porter Novelli LLC Washington, D.C.
Senior Network Engineer
Lead Member of networking team responsible for upgrading Lotus Notes 4 to Notes R5 to domestic and international offices. DHCP configuration and installation. Multi-tree/Multi-Domain environment administration of 1000 in house and remote access users. Installed and configured the Cisco catalyst 2900 switch. Administration and troubleshooting of any Network connectivity interruptions. NT server Domain Administration
Implemented Group Policies to secure user workstation as well as network interest as recommended by IT committee. Used Novell Zen Works to maintained database of more than 500 applications. Responsible for supporting the Lotus Notes Infrastructure which includes: Server Monitoring, Server administration, Security check, E-mail messaging administration and support, Monitoring for internal applications, Develop integration plans and schedules, lotus notes upgrades and on going system refinements, and documentation creation.
11/1993 to 12/1997 Crowell and Moring LLC Washington, D.C.
Network Administrator
• Lead Administrator in the Task of Migrating GroupWise 4.1a to GroupWise 5.5.Server as member of 3 engineers assigned to migrate Netware 3.12 to 4.11.Engineer assigned the task of troubleshooting any GroupWise related problems . Administered DHCP server . Administration of Novell/NT mixed mode environment consisting of 800 users. Administered frame relay links to international offices. Implemented Citrix Met frame 1.7 to replace PcAnywhere dial in host. Monitor file server for errors and perform troubleshooting procedures.
Education /Training
Northern Virginia Community College
Degree: Associate Degree candidate (2009)
Major: Information Systems Security
Sans Institute:
Focus: Intrusion Detection Analyst Advanced Training.
Diploma: Certificate of Accomplishment Sans GCIA
Knowlogy Corporation Bethesda, MD
Diploma: Microsoft Implementing and Administering Exchange 2000 Server
Professional Certification
October 2008
Certified Information Systems Security Professional(CISSP)
January 2009
Cisco Certified Network Associate (CCNA)
January 2002
Microsoft Certified System Engineer 2000
May 2002
Contact this candidate