Expert in Security Event Management (as well as other things)- Resume

From: Jimmy Alderson <blue0ne(at)digitalguardian.net>
Date: Thu Jun 26 2003 - 18:38:46 EDT

('binary' encoding is not supported, stored as-is)

Disclaimer: There is no "fluff" in this resume

Jimmy L. Alderson
Address Available on Request
678-591-2532 (HOME)
jimmy@digitalguardian.net (E-MAIL)

OBJECTIVE To continue to manage the design of security event correlation engines using cutting edge technology and theories in the information security space in order to provide analysis solutions to enterprise wide problems caused by volumes of disparate security data.

EXPERIENCE • Senior Security Engineer, MSSP, (CSC) 01/03 –05/03 (CONTRACT) CSC specializes in outsourced network security solutions for large government agencies and commercial corporations. CSC provides 24x7x365 monitoring/analysis capability along with Incident Response assistance. I joined CSC's MSSP organization in an attempt to check the pulse of the industry which is the consumer of Security Event Management products. My responsibilities and accomplishments included but were not limited to, the following:

• Developed the training curriculum for new security monitors and analysts (Tier 1 and 2 respectively).
• Designed and developed a network architecture composed of several “home-grown” products to affect a correlation capacity internal to and between client data feeds.

•	Designed and developed scripts to automate report generation.
•	Performed Tier 3 level analysis of security events and trending 
analysis for client networks.
•	Mentoring of monitors and analysts.
•	Account management of service subscribers




•	Director, Satellite Labs, eSecurity, Inc., 04/00 – 12/02

eSecurity is a software company that provides a Security Event Management enterprise application. Having had written one for USInternetworking, I felt this a perfect fit. Satellite Labs is the six person R&D arm of security professionals responsible for researching, designing, and in some cases developing new product angles. SatLabs served as a internal consulting arm to the CTO, Product Management, and Development teams. My responsibilities and accomplishments included, but were not limited to, the following:

• Direct support to the CTO in the areas of Secuity Event Analysis and Event Correlation.
• Direct support to the Product Management team in the areas of Secuity Event Analysis and Event Correlation. • Direct support to the Development team in the areas of Security Event Analysis and Event Correlation.
• Researched and designed algorithms for detecting emergent patterns in network event data.
• Researched and designed algorithms for performing memetic surveillance of network events to allow for predictive analysis. • Assisted in the design of the communications mechanism for e-  4.0.
• Designed a security event automatic analysis process for e- Sentinel 4.0.
• Designed and developed the e-Security Advisor. This system brings data from Security Focus into a form where the linkages between attack code and vulnerability code can be leveraged to allow for better correlation of potential risk during post-analytical reports as well as real-time.
• Designed and developed a Time Based Event Correlation Engine that utilizes polymorphic pattern matching (This is commercially known as Real Time Alert Correlator RTAC®).
• Designed and developed API for the RTAC® to enable the ability to access it as an object programmatically. • Designed and developed the ability for the RTAC® to utilize configuration files to allow for the addition or subtraction of features without a development effort.
• Designed and developed a standard for Agent development that enables the normalization of data from disparate vendors and applications into a standard format or meta data.
• Designed and developed a data parsing engine to parse the afore mentioned meta data into an Oracle DB.
• Designed and developed a shell based wrappers like authentication script.
• Designing and Developing agents that reside remotely and monitor security based products for current information. • Project Team lead and mentor for several design and development efforts.
• Spending time on customer sites to ensure the technical success of product sales.

• Director, Centers of Excellence, META Security Group (METASES), 03/99 – 04/00
META Security Group (an affiliate of META Group Analyst Firm) offers security consulting services and hands-on operational support services including threats and vulnerability assessments, policy and standards development, network monitoring services and technical research and development. My responsibilities and accomplishments included, but were not limited to, the following:

• Director of the Center of Excellence for Network Monitoring and Intrusion Detection.
• Developing standards and processes in regards to intrusion detection being deployed over a wide area network (WAN). These processes drastically reduce the Total Cost of Ownership (TOC) of any commercial or opensource Intrusion Detection System. http://online.securityfocus.com/library/3023   

•	Director of Emerging Technologies (R and D). 
•	Designed and Developed Business Case/Technical Specs for 

automated delivery of vulnerability issues and solutions to clients based on their current infrastructure requirements (This project was productized and is still being sold).
• Researched and developed new vulnerabilities as they relate to computer and network security.

• Project Manager for national consulting in the field of network security for a wide range of industries, including financial, telecommunications, manufacturing, and government agencies. • Managed the technical and logistical support of consultants in the field.
• Managed, developed, and implemented the training of new consultants in regards to network security. • Conducted Security reviews of clients' perimeters and internal networks.

• Senior Security Analyst, USInternetworking (USI), 08/98 – 03/99 USinternetworking Inc. (NASDAQ: USIX) is the leading Application Service Provider (ASP), outsourcing business applications over the Internet for a flat monthly fee. USi's full range of services allow companies to quickly deploy enterprise applications without the associated cost and burden of owning, managing or supporting the applications or underlying infrastructure. My responsibilities and accomplishments included, but were not limited to, the following:

• Designed network architectures that allow for enterprise wide Intrusion Detection on switched or redundant networks while minimizing cost by 75%. (See Papers)
• Designed and developed the security policy for Intrusion Detection systems across a worldwide network. • Integrated Intrusion Detection alerts into the current Tivoli network management infrastructure.
• Designed, developed, and maintained a system that consolidates all Intrusion Detection log and alert information from different commercial platforms including Firewall data, into one SQL database for event correlation and real time analysis. • Developed a GUI console to view Intrusion Detection data from different commercial products in a real time format. • Developed a web interface to allow different customers in a managed service with their servers located on the same logical network to view only their Intrusion Detection data in a real time format.

•	Provided 3rd level support to a 24x7x365 operations staff.
•	Conducted security reviews of in house developed applications.
•	Conducted network security tests against USi networks to identify 
and mitigate security vulnerabilities.
•	Developed and maintained operating system security hardening 

documents.

• Internet Senior Security Specialist/Consultant, Internet Security Systems (ISS), 11/97 – 08/98
Internet Security Systems, Inc. (NASDAQ: ISSX), is the pioneer and leading supplier of adaptive security management systems, providing enterprise-wide information protection software. ISS is also a worldwide innovator of security solutions designed to augment the security performance of existing systems by complementing security safeguards such as firewalls, authentication and encryption. My responsibilities included, but were not limited to, the following:

• Designed, developed and managed the 2nd generation training department and coursework.
• Provided consulting nationally in the field of network security for a wide range of industries, including financial, telecommunications, manufacturing, and government agencies.
• Working closely with clients on implementing intrusion detection systems (RealSecure) into a current infrastructure. • Developing standards and processes in regards to intrusion detection being deployed over a wide are network (WAN). • Working closely with clients on strategically conducting penetration tests against their networks using Internet Scanner. • Conducting enterprise security audits and evaluations plus network security vulnerability assessment projects. • Producing security reports for technical to upper management level clients, which present security vulnerability findings. • Developing database tools to assist in streamlining customized reports for clients.
• Conducting “pilot programs” for customers to help show the effectiveness of security measures on their networks.

•	Developing certified courseware for the entire ISS product suite.
•	Developing test labs to be used at corporate headquarters.
•	Working closely with X-Force (R&D) to assist in maintaining ISS’s 

awareness of new security threats and vulnerabilities.

• Computer/Internet security specialist, United States Navy FIWC
(Fleet Information Warfare Center), 2/96 – 10/97
The NAVCIRT (Naval Computer Incident Response Team) is a subdivision of FIWC and is responsible for providing assistance and support to the U.S Naval fleet in all events of information warfare. My duties as a security specialist include the following: • Configuring Sun SPARC workstations as network intrusion detection systems developed by Lawrence-Livermore Labs. • Training naval personnel to install, configure, use and monitor intrusion detection systems.
• Researching vulnerabilities for a wide variety of operating systems and software.
• Performing on-line surveys of remote systems to determine vulnerabilities.
• Developing Graphical User Interfaces (GUI) to assist end-users in the speed and accuracy of delivering vulnerability reports to customers. • Delivering non-technical, yet explanatory briefs to high-ranking personnel concerning the potential impact of found vulnerabilities. • Assisting technicians and system administrators in repairing found vulnerabilities.
• Developed standard operating procedures concerning the execution of on-line surveys for naval systems.
• Maintaining a database of virus infections for use by end-users to assist in repairing damage as well as determining trends. • Examining viruses written in Assembly, C, WordBasic and Visual Basic to determine method of infection and simplify detection. • Assisted as a consultant to Naval Criminal Investigative Service/Federal Bureau of Investigation personnel during the investigation of computer crime incidents. • Given presentations to investigative audiences from agencies such as the Department of Justice and National Security Agency, concerning "hacker profiling" and what steps to take in tracking such an individual.

• Assistant Automated Data Processing Security Officer, VAW-124, 9/94 - 2/96VAW-124 is a carrier based early warning squadron. My duties included the following:
• Maintaining a current and accurate list of all registered software and hardware within the squadron. • Maintaining configuration control and electronic/physical security of sixty personal computers.

•	Troubleshooting and repair of these systems.
•	Implemented an Intranet based e-mail system.

COMMUNITY INVOLVEMENT Along with mentoring several of the industry’s brightest security experts, I also serve as a current member of the CVE Editorial board.

• http://cve.mitre.org

Regarding the fields of Emergence and Stratification Theory I am a founding member of the Behavioral Computational Neuroscience Group

• http://www.bcngroup.org

PRESS ACTIVITY • January 14, 2000 Info World "$12.1 billion reportedly spent to ward off computer viruses in 1999"

• December 28, 1999 Info World

• December 13, 1999 front cover of Info World

• December 10, 1999 Voice Interview on InternetNewsRadio.com
(Available upon request)

PAPERS • Intrusion Detection: Deploying the Shomiti Century Tap http://online.securityfocus.com/library/3023

• How-To Guide: Implementing a Network Based Intrusion Detection System in a Switched Environment
http://www.cis.udel.edu/~zhi/www.docshow.net/ids/switched.zip

REMOTE WORK • I have worked in a 100% remote capacity for four years.

COMPUTER SKILLS   • OPERATING SYSTEMS - UNIX(Sun OS 4.1.x, IRIX 6.x, Solaris 2.6, 7 & 8, AIX, BSD, and HP-UX), Linux (Debian, Redhat) Windows 2000/XP, Windows NT 4.0, Windows 95, Windows98, Windows for Workgroups 3.11, Windows 3.1, XWindows, FVWM, Openview, HP-VUE, DOS 6.2, CPM and Novell

• Programming Experience - Perl, JAVA, C, C++, Visual C++, Visual Basic, VBA, VBScript, sh, csh, ksh, bash, ColdFusion, sed, awk, Expect, HTML, CGI, PHP, ASP, XML, BASIC, SQL, BEEP, Motorolla 6502 Assembly. Posix Regular Expressions, Task Automation, Socket Programming, Protocol Emulation, Network Scanners, Database Design and Access, Data Normalization and Analysis, Intrusion Detection Systems (IDS),Third Party Integration, Role-based Authentication, OpenSSL.

• Protocols – HTTP, SMTP, Telnet, POP, SSH, FTP, DNS, NNTP, SNMP, TCP/IP • SOFTWARE – All Major IDS (ISS Real Secure/Site Protector, Intrusion.com, Cisco Netranger, Dragon, NFR, Snort, ASIM, Shadow), Scanners (ISS Scanner, NAI Cybercop, nmap, nessus, and home grown tools) Virus(Symantec, Trend Micro, McAfee), Firewall (Checkpoint, Gauntlet, Pix, Raptor, IPTables) , Security Event Managers ( e-Security, Intellitactics), Server protocols and Applications (IIS, Apache, Sendmail, True North, Netscape Enterprise), Databases (Oracle, MS SqlServer, MySQL, Access, Dbase), Graphical design suite (Flash, Fireworks, Photoshop, Visio, Powerpoint, etc)

• HARDWARE – Network Appliance file server, Sun SPARC Workstations, HP-UX based platforms, SGI and Personal Computers, CISCO routers and switches, Covad routers, bay routers, Shomiti Taps.

EDUCATION
July 1991 Graduated Tri-Village High School, New Madison OH Received on Thu Jun 26 20:26:57 2003