CHRISTOPHER W. ROMMEL
OS All versions of Microsoft Windows and Linux, UNIX (AIX, Solaris, HP-UX, BSD)
Languages C, C++, Perl, Sed & Awk, HTML, SQL, UNIX Shell Programming (BASH)
Tools Nmap, Nessus, Metasploit, BeEF, Tripwire, Netcat, Snort, Wireshark, tcpdump, Hping2, OWASP Webscarab, Paros Proxy, Burp Suite, Microsoft SysInternals Suite, Nikto, sqlmap, sqlninja
RDBMS Oracle, MySQL, MS SQL
Protocols TCP/IP, UDP, Ethernet, IPX/SPX, NetBEUI, NetBIOS, DNS, WINS, VPN, HTTP, SMTP, FTP, BGP
Software Cisco Security Manager (CSM), Intersect Alliance SNARE, Foglight FST, Microsoft Office System (Word, Excel, PowerPoint, Access, Outlook), McAfee Foundstone, IBM AppScan, DBprotect
Hardware Cisco MARS, IDS, and NAC, BIG-IP F5 WAF, Packeteer, Imperva MX/Gateway
Towson University – Office of Technology Services (OTS), Towson, Maryland July 2010 – Present
Information Security Analyst
Researched, monitored, identified, and analyzed threats and intrusions to information systems, coordinated implementation of effective security countermeasures, responded to information security (INFOSEC) incidents and coordinated corrective actions, assisted Towson University’s Chief Information Security Officer (CISO) in performing risk assessments, security analysis, trend analysis, and recommended appropriate strategies for improving security, advised on risk management and best security practices, researched, planned, and coordinated implementation of campus-wide information assurance methodologies and technologies as directed by the CISO, recommended and implemented changes in security policies and practices in compliance with federal and state laws, standards, and guidelines, performed audit of existing systems, acted as project manager for security projects as defined by the CISO, documented INFOSEC incidents, procedures, and records as directed by the CISO in preparation for USM and legislative audits, assisted CISO in developing and maintaining an effective information assurance program for the university, led training and briefings for staff and security students for campus security awareness.
AT&T Hosting & Application Services – Annapolis, Maryland July 2008 – May 2010
Chief Security Office (CSO) – Security Center of Excellence
Technology Security Manager
Managed risk and compliance for the entire AT&T Hosting & Application Services customer base, conducted daily, monthly, and annual network vulnerability assessments using McAfee Foundstone and Nessus, developed shell scripts in Perl for OS hardening per CIS/NIST/NSA standards, guidelines, and AT&T ASPR policy, served as project manager by planning and scoping the entire third-party annual audit for SAS No. 70 and PCI compliance, managed and supported the SSL certificate team, served as application security subject matter expert to address related questions and concerns for cross-site scripting, SQL injection, and other web attacks, attended customer solution review meetings to address security questions and concerns, attended AT&T Threat Management meetings to discuss security advisories, vulnerabilities, and patch management, provided 24x7 on-call support for IDS and firewall change management, responded to security incidents, reviewed and approved/denied security exceptions, worked alongside the AT&T Ethical Hacking team and conducted penetration testing against customer development and staging environments.
USinternetworking (USi), an AT&T Company – Annapolis, Maryland August 2007 – June 2008
Information Security Analyst
Performed as Information Security Analyst for an International Internet Services company that provided Managed Hosting, Software Application, and Professional Services to over 150 enterprise clients, provided operational support involving daily/monthly/annual vulnerability assessments, firewall change control review and approval, security vulnerability engagement process (SVEP), IDS incident response, on-call 24x7 support, RSA SecurID support, SSL certificate support, attended client kick-off and solution review meetings to discuss security concerns and to mitigate risk for many client environments, implemented Perl scripts to automate security tasks and procedures, developed security procedures and guidelines in Confluence, conducted penetration testing against staging and dev client environments to illustrate the true value of security as well as recommended methods of remediation.
Towson University – Office of Technology Services (OTS), Towson, Maryland 2005 – 2007
Junior Security Engineer
Prepared and analyzed daily system log reports, managed and configured implementation of Cisco’s Monitoring Analysis and Response System (MARS), assisted with coordinating security projects, conducted vulnerability, risk, and security self-assessments, responded to security incidents, configured and implemented Honeynet project for Towson University.
As subject matter expert on MARS, led training and briefings for staff and security students.
Installed and configured highly complex security event management system, resulting in the main security event management system for the organization.
Assisted and prepared for several security audits, resulting in the organization improving its security posture.
Conducted penetration testing on vulnerable production servers and recommended solutions to patch the systems, resulting in the organization improving its systems security.
LAFARGE NORTH AMERICA, Sparrows Point, Maryland 2002 – 2005
Information Systems Specialists Internship
Performed full back-ups on Local Area Network server’s daily, resolved employee technical related issues on a daily basis, performed network diagnostics to restore network connectivity, installed security software on company workstations, maintained and repaired company workstations.
Bachelor of Science in Computer Science with a track in Computer Security – May 23, 2007
TOWSON UNIVERSITY – Towson, Maryland
Associate of Applied Science (A.A.S) in Network Technology (Cisco CCNA Concentration) – August 31, 2004
COMMUNITY COLLEGE OF BALTIMORE COUNTY – Baltimore, Maryland
PROFESSIONAL TRAINING AND CERTIFICATIONS
GIAC Web Application Penetration Tester (GWAPT) - Valid from 9/16/2010 thru 9/30/2014
CompTIA A+ Certified Professional – Certified for Life
CompTIA Network+ Certified Professional - Certified for Life
CompTIA Security+ Certified Professional - Certified for Life
Database Security and Compliance (DBS) 7.5 for Imperva – Valid as of January 14, 2011
National Science Foundation (NSF) Workshop in Wireless Monitoring, Hacking and Cracking
AVAILABLE UPON REQUEST