CHRISTOPHER W. ROMMEL

** ********** ***** ************, ******** 21030 zdxjud@r.postjobfree.com 410-***-****

SKILLS

OS All versions of Microsoft Windows and Linux, UNIX (AIX, Solaris, HP-UX, BSD)

Languages C, C++, Perl, Sed & Awk, HTML, SQL, UNIX Shell Programming (BASH)

Tools Nmap, Nessus, Metasploit, BeEF, Tripwire, Netcat, Snort, Wireshark, tcpdump, Hping2, OWASP Webscarab, Paros Proxy, Burp Suite, Microsoft SysInternals Suite, Nikto, sqlmap, sqlninja

RDBMS Oracle, MySQL, MS SQL

Protocols TCP/IP, UDP, Ethernet, IPX/SPX, NetBEUI, NetBIOS, DNS, WINS, VPN, HTTP, SMTP, FTP, BGP

Software Cisco Security Manager (CSM), Intersect Alliance SNARE, Foglight FST, Microsoft Office System (Word, Excel, PowerPoint, Access, Outlook), McAfee Foundstone, IBM AppScan, DBprotect

Hardware Cisco MARS, IDS, and NAC, BIG-IP F5 WAF, Packeteer, Imperva MX/Gateway

PROFESSIONAL EXPERIENCE

Towson University – Office of Technology Services (OTS), Towson, Maryland July 2010 – Present

Information Security Analyst

Researched, monitored, identified, and analyzed threats and intrusions to information systems, coordinated implementation of effective security countermeasures, responded to information security (INFOSEC) incidents and coordinated corrective actions, assisted Towson University’s Chief Information Security Officer (CISO) in performing risk assessments, security analysis, trend analysis, and recommended appropriate strategies for improving security, advised on risk management and best security practices, researched, planned, and coordinated implementation of campus-wide information assurance methodologies and technologies as directed by the CISO, recommended and implemented changes in security policies and practices in compliance with federal and state laws, standards, and guidelines, performed audit of existing systems, acted as project manager for security projects as defined by the CISO, documented INFOSEC incidents, procedures, and records as directed by the CISO in preparation for USM and legislative audits, assisted CISO in developing and maintaining an effective information assurance program for the university, led training and briefings for staff and security students for campus security awareness.

AT&T Hosting & Application Services – Annapolis, Maryland July 2008 – May 2010

Chief Security Office (CSO) – Security Center of Excellence

Technology Security Manager

Managed risk and compliance for the entire AT&T Hosting & Application Services customer base, conducted daily, monthly, and annual network vulnerability assessments using McAfee Foundstone and Nessus, developed shell scripts in Perl for OS hardening per CIS/NIST/NSA standards, guidelines, and AT&T ASPR policy, served as project manager by planning and scoping the entire third-party annual audit for SAS No. 70 and PCI compliance, managed and supported the SSL certificate team, served as application security subject matter expert to address related questions and concerns for cross-site scripting, SQL injection, and other web attacks, attended customer solution review meetings to address security questions and concerns, attended AT&T Threat Management meetings to discuss security advisories, vulnerabilities, and patch management, provided 24x7 on-call support for IDS and firewall change management, responded to security incidents, reviewed and approved/denied security exceptions, worked alongside the AT&T Ethical Hacking team and conducted penetration testing against customer development and staging environments.

USinternetworking (USi), an AT&T Company – Annapolis, Maryland August 2007 – June 2008

Information Security Analyst

Performed as Information Security Analyst for an International Internet Services company that provided Managed Hosting, Software Application, and Professional Services to over 150 enterprise clients, provided operational support involving daily/monthly/annual vulnerability assessments, firewall change control review and approval, security vulnerability engagement process (SVEP), IDS incident response, on-call 24x7 support, RSA SecurID support, SSL certificate support, attended client kick-off and solution review meetings to discuss security concerns and to mitigate risk for many client environments, implemented Perl scripts to automate security tasks and procedures, developed security procedures and guidelines in Confluence, conducted penetration testing against staging and dev client environments to illustrate the true value of security as well as recommended methods of remediation.

Towson University – Office of Technology Services (OTS), Towson, Maryland 2005 – 2007

Junior Security Engineer

Prepared and analyzed daily system log reports, managed and configured implementation of Cisco’s Monitoring Analysis and Response System (MARS), assisted with coordinating security projects, conducted vulnerability, risk, and security self-assessments, responded to security incidents, configured and implemented Honeynet project for Towson University.

Key Contributions:

As subject matter expert on MARS, led training and briefings for staff and security students.

Installed and configured highly complex security event management system, resulting in the main security event management system for the organization.

Assisted and prepared for several security audits, resulting in the organization improving its security posture.

Conducted penetration testing on vulnerable production servers and recommended solutions to patch the systems, resulting in the organization improving its systems security.

LAFARGE NORTH AMERICA, Sparrows Point, Maryland 2002 – 2005

Information Systems Specialists Internship

Performed full back-ups on Local Area Network server’s daily, resolved employee technical related issues on a daily basis, performed network diagnostics to restore network connectivity, installed security software on company workstations, maintained and repaired company workstations.

EDUCATION

Bachelor of Science in Computer Science with a track in Computer Security – May 23, 2007

TOWSON UNIVERSITY – Towson, Maryland

Associate of Applied Science (A.A.S) in Network Technology (Cisco CCNA Concentration) – August 31, 2004

COMMUNITY COLLEGE OF BALTIMORE COUNTY – Baltimore, Maryland

PROFESSIONAL TRAINING AND CERTIFICATIONS

GIAC Web Application Penetration Tester (GWAPT) - Valid from 9/16/2010 thru 9/30/2014

CompTIA A+ Certified Professional – Certified for Life

CompTIA Network+ Certified Professional - Certified for Life

CompTIA Security+ Certified Professional - Certified for Life

Database Security and Compliance (DBS) 7.5 for Imperva – Valid as of January 14, 2011

National Science Foundation (NSF) Workshop in Wireless Monitoring, Hacking and Cracking

PROFESSIONAL REFERENCES

AVAILABLE UPON REQUEST

Contact this candidate