CISSP / CISA, Sr. Security Architect looking for opportunity

From: security specialist <securecatalyst(at)hotmail.com>
Date: Tue Apr 15 2003 - 22:33:22 EDT

Folks,

I am currently looking for a job here in Bay area, anywhere in west coast or east coast.

I am attaching a text resume below.

If you have any interest please let me know.

Cheers,
M-

--------------cut here for resume -------------------------

Summary of Qualifications

	Excellent Project Management skills.
	Strong interpersonal communication skills w/ senior management and peers
	Ability to think about solutions to address the situation and drive the 
necessary solution in a timely and efficient manner.
	Adaptive team player, excellent self-starting and motivational skills, 
willing to take on new challenges
	Strong sense of humor, upbeat and energetic personality
	Full leadership responsibility to guide the team to successful operations
	Strong understanding of network and system security technologies, issues 
and players.
	Good business sense and a strong network of contacts in the internet 
security industry.
	Deep technical knowledge & Hands-on experience of penetrations tests, 

hacking methods, security audits,
firewalls, H/NIDS solutions, security architectures.

        Outstanding presentation and negotiation skills

Educational Background

	1994-1999 Bosphorus Unv   BSc ,Computer Science
	Istanbul, Turkey,  www.cmpe.boun.edu.tr
	It is regarded as the best engineering and business school in Turkey. I was 

ranked in the top 50 students taken university placement exam among 1 million students.

	Related Courses Taken :
	C/C++ Programming.  /   Data Structures And Algorithms I & II / 

Introduction To Object Oriented Programming / System Programming / Introduction to Databases Systems / Database Systems /Analysis of Programming Languages /Cryptography / Advanced Cryptography / Operations Research 1 & 2 /Operating Systems And Their Use / Operating System Design / Analysis Of Algorithms / Computer Organization / Formal Languages And Automata Theory /Computer Systems Simulation/Microprocessor-based System Design / Introduction To Computer Architecture / Information Systems Security / Parallel Processing / Internet Programming / Computer Performance Evaluation / Computer Networks 1 & 2 / Distributed Systems / Software Engineering

Professional Experience

April 2001- Major Security Company, Santa Clara, CA

              February 2002 Sr. Security Architect & Business Development Analyst

        Closely worked with Business Development Team and SW engineering to define IDS / IDP / HIDS / SIM product and marketing requirements and specifications.

        Involved in the acquisitions of major HIDS ($120 million), IDP ($100 million), AntiSPAM ($3,5 million) and Tracksys Infinistream network forensic technologies.

        Worked in close concert with SW development units, R&D group to define the next generation solutions for the corporate products.

        Came up and presented a new security product idea to McAfee engineering. It is still currently being examined for possible stand-alone development / integration scenarios.

        Benchmarking of IDS solutions for business development and internal deployment. (SNORT, Intruvert, Tipping Point, Sourcefire, NFR, ISS RealSecure,
Recourse Manhunt (now Symantec), OneSecure now Netscreen). Test results were used for both strategic acquisition decisions and internal IT deployment. Lead and facilitate the relations with the vendors, organized the meetings, conducted the technical evaluations and prepared GAP analysis reports for prospective acquisitions, mergers and OEMs.

        Benchmarking Evaluation of HIDS systems for internal IT security usage and business development. Prepared test scenarios for local system compromise and remote system compromise attacks. Specifically created vulnerable UNIX, SQL, Web, Windows servers. Performed local and remote system attacks and monitor
the behavior of the system both with and without HIDS deployed. Lead the deployment of the HIDS all around the global corporate network. Some of the tested
HIDS products were Entercept HIDS, SecureIIS, Tripwire, Okena.

        Responsible with assessing the technology and solutions of security companies, analyzing industry and market trends, while tracking business results
and adapting product strategy to market and business changes, and providing input to business planning activities

        Worked with engineering, marketing, operations, and sales to ensure the overall success of the NAI strategic relationships. (NAI@NAI, provided internal
IT as customer showcase)

        Lead and facilitate the strategic projects in the event correlation market space. Conducted the market research, contacted the vendors, performed in-house technical product evaluation tests for majors vendors. (ArcSight, NetForensics, Intellitactics, Guardednet, Micromouse, e-security inc.)

        Set up a small in-house MSSP environment with the deployment of ArcSight event correlation solution, consolidating the events from HIDS, IDS, IP, Firewall, syslogs, event and application logs. Defined Incident Response Policy and Standards for internal usage, organized the security team for ownership.

        Prepared armoring, secure built and deployment standards for UNIX (Solaris, AIX, Linux) and Windows Servers, Applications (IIS, MS SQL, DB2, CRM, CMS (content management systems), Apache, SunONE web servers), Wireless Networks and CISCO switch & routers.

            April 2001 - February 2002 Sr. Security Engineer

        Re-design of the global corporate network and security infrastructure including DMZ, partner, local and public networks, and integration of office-to-office
VPNs and RAS servers.

        Participated in redesign of FTP & Web traffic around the global NW with using DNS, F5-BigIP and F5- 3DNS load balancing. Redirected spike bandwidth to an
external NW provider. (we saved 4 million USD annually with the new approach).

        Re-crafted publicly available exploits, proof-of-concept codes, for internal usage in penetration tests. Developed a piece of code which on remote Windows
vulnerability gives a complete remote system compromise with a remote-shell.   Rewritten the exploits for both UNIX and Windows systems on x86 architectures.

        Performed risk assessment and penetration tests to corporate network, UNIX & Windows servers, MYSQL, MSSQL, Oracle servers and all other applications, both internally and externally using publicly available tools and exploits, as well as commercial tools. Conduct web assessment, SQL injection, wireless network identification and war-driving techniques. Prepared monthly, quarterly reports for upper-level management.

	Managed Gauntlet FW and VPN across the company
	Participated in FW & VPN benchmark tests. After careful examination, came 

up with CheckPoint on NOKIA among Gauntlet, CheckPoint, NetScreen and SonicWall. Deployed CheckPoint FW & VPN.

        Deployed 15 SNORT IDS agents temporarily (for a year) around the NW running on Solaris servers with MySQL DB and stunnel encrypted agent traffic. Deployed a central monitoring station with ACID.

        1999 August - January 2001 Computer Associates, Istanbul, Turkey; London, UK

        Sr. Security Specialist (Consultant)

	Involved actively pre-sales and post-sales activities.
	Set-up bullet-proof hacking service around the Europe and Middle East.
	Design, implement, and troubleshoot highly available, secure computer 

networks, to include the use of automated intrusion detection and response systems, redundant firewalls, proxy servers, strong certificate based encryption, network protocol analyzers, and router and switch access control lists.

        Defined the methodologies for NT/2K, IIS, UNIX hacking for penetration and attack services. Provided policies and wrote procedures to handle future security breaches.

        Provided eTrust Security products (intrusion detection, firewall, Access Control, VPN, PKI, Admin etc.) and security services such as penetration and attack tests, security architecture design and so on.

        Senior member of security SWAT team, As member of this team, provided highly skilled technical expertise to big enterprise costumers.

	Teaching security classes for CA security professionals
	Worked with government agencies (police department, navy, air force and 

military), financial institutions; provided customer specific, security solutions

     July 1998 - August 1999 Pronetwork,  Istanbul,Turkey
      Internet & Network Security Specialist

	Designed security architectures and responsible for penetration and attack 

tests. For this service (PenTest), we were mainly working with NAI’s
(Network Associates) security experts.

        Installed and configured Rad Guard Firewall, VPN and Rad Ware Fireproof
(load balancing unit). Also, dealt with Session Wall and Cisco PIX
firewalls.

	Firewall / DMZ infrastructure design and implementation.
	IDS design and implementation for internal network (LAN) and DMZ.
Don't know where to look next?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
	VPN, PKI design and implementation.
	PGP implementation for corporate e-mail system security.

	Professional Certifications / Trainings

	Project Management Training, internal to NAI, given by RMC Project 
Management (Santa Clara, May 2002)
	CheckPoint FW-1 NG  & NOKIA Training (Dallas, January 2002)
	Gauntlet FW & VPN Training, technical details. (February 2002 Dallas, TX)
	Cisco PIX FW, hands-on workshop for 3 days. at CISCO campus. (November 2001 
San Jose, CA)
	Recourse ManHunt and ManTrap hands on workshop at Recourse Office. 


(November 2001 Redwood City, CA)


	BlackHat Computer and Network Security Conference- www.blackhat.com  (Las 
Vegas, July2001, July 2000 and July 1999)
	DefCon7-8  www.defcon.org  (Las Vegas, July2001, July 2000 and July 1999)
	Code Based Vulnerabilities (How to write and find buffer overflows )- by 

Dominique Breziski at Blackhat pre-conference training (Las Vegas, July 2000)

        Forensic Analysis (Intruder Discovery / Tracking and Compromise Analysis)-by Dominique Breziski, Dave Ditrich at Blackhat pre-conference training
(Las Vegas, July 2000)

        NT Network Intrusion Workshop- by Greg Hougland (www.rootkit.com), JD Glaser (www.foundstone.com) at Blackhat pre-conference training (Las Vegas, July 2000)

        SeOS by Plat?n?um Tech. or eTrust Access Control, (September 2000, Los Angeles)

	Information Risk Assesment (CA Sarasota, Florida, June 2000)
	Intrusion Detection Softwares (CA Sarasota, Florida, June 2000)
	Ultimate Hacking, hands-on (Boston, May 2000 from Foundstone Inc. 


(www.foundstone.com))


	X.500 Directory Services (CA London, May 2000)
	Dealing with Hackers, Neupart & Munkedal Inc. (CA-World 2000 NewOrleans , 
conference)
	Hacking Exposed Live, Foundstone Inc. (CA-World 2000 NewOrleans , 
conference)
	SA237 Sun Solaris System Administration 1 & 2   (November 1999 from Koc 
System (www.kocsistem.com.tr))
	Linux Network Administration (March 2000 from Gelecek AS 


(www.gelecek.com.tr))


	Security Auditing Workshop (June 1999 from NAI (Network Associates) 

security specialists)

--------------end of resume ---------------------------




_________________________________________________________________

The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Received on Wed Apr 16 13:18:38 2003