pgp key

---

• Booz Allen Hamilton; 6/08 to present; Security Testing Lead, Western Region


• Raytheon / Photon Research Associates; 3/05 to 5/08; IT Security Manager
• implemented computer security policy, programs, and solutions
• regulatory compliance associated with public ownership and classified processing
• liaison with corporate compliance office and government
• anti-spam, firewall, IPSEC, and SSL VPN remote access management
• intrusion detection and content filtering solution development and rollout
• patch management and periodic internal security assessments
• managed whole disk and client-independent e-mail encryption rollout
• implemented unified Active Directory-based authentication on Macs, SGIs, and Linux


• Consolvant; 3/02 to 6/08; Founder and Chief Technology Officer
• expert witness in intellectectual property, patent infringement, and computer intrusion cases
• product evaluation, due diligence, penetration testing, and forensic analysis
• enterprise-scale network architecture and security design
• regulatory compliance, policy, and procedure implementation
• freelance technology and security writing and editing
• member of board of advisors for Brownstone Publishers
• organizer and director of marketing for Toorcon information security conference


• Science Applications International Corporation; 8/97 to 3/02; Technical Director
  • developed risk analysis and incident response pieces of an enterprise security consultancy
  • developed and proctored training courses and certifications for all levels of ability
  • program management, business development, technical marketing, and sales
  • head architect and developer for integrated cryptographic corporate security solutions
  • over one hundred penetration tests and forensic incident responses
  
  
• Millennianet; 11/95 to 8/97; Lead System Administrator / Customer Service Manager
  • in charge of customer service and implementation for medium-sized ISP
  • supervised help desk, including training and project management
  • UNIX administration: Irix, Solaris, SunOS, Linux, and FreeBSD
  • network administration: IOS, BGPv4, T1, ISDN, and dialup pools
  • implemented DNS, mail, NNTP news, web, and secure e-commerce services
  
  
• UTPA Computer Science Department; 10/93 to 4/94 and 1/95 to 5/95; Research Assistant
  • student evaluations, lecturing and tutoring in mathematics and computer science
  • revised and edited artificial intelligence research for presentation and publication
  
  
• University of Texas Police Department; 4/94 to 1/95; Network Administrator
  • network, database, and workstation system administration
  • implemented, maintained, and provided training for citation management system
  • developed and provided training for web, mail, and internet services

Skills

• risk and vulnerability analysis
• project, proposal, and vendor management
• due diligence, market analysis, and technical writing
• hands-on training course development and instruction
• mapping tools, packet sniffers, and exploit code
• security program implementation, regulatory compliance, and policy development
• enterprise network, security, and client/server architecture, administration, and management
• familiar with security and network products of all kinds from all major vendors
• intrusion detection, monitoring, firewalls, anti-spam, content filtering, remote access, SSO
• Cisco (IOS/PIX/VPN/IDS), Juniper/Netscreen, HP, Ascend, Bay, 3Com, ISS, Squid, Snort
• Unix: Solaris, SunOS, IRIX, AIX, HP/UX, Tru64, BSD/OS, DG/UX, UnixWare, OpenServer
• open source Unix: Linux, FreeBSD, OpenBSD, NetBSD, and Darwin
• PCs: Windows NT/2000/XP/2003/Vista, Mac OS X, and classic Mac OS
• authentication domain management with Active Directory and Open Directory
• experienced with all proprietary workstation and PC hardware architectures, diagnosis, and repair
• programming: C, C++, assembly (x86 and SPARC), and UNIX shell scripting

Education and Certifications

• Future Goals: CCIE, to return to school for a Masters in Business Administration (MBA)
• OSSTMM Professional Security Analyst (OPSA), 7/04
• OSSTMM Professional Security Tester (OPST), 1/04
• Cisco Certified Network Associate (CCNA), 12/99
• San Diego State University, San Diego, CA; 8/95 to 6/97; B.S. in Computer Science
• University of Texas Pan American, Edinburg, TX; 8/93 to 5/95; majored in Computer Science
• University of California Los Angeles, Los Angeles, CA; 9/91 to 6/93; majored in English
• North Hollywood High School, North Hollywood, CA; gradudated 6/91

Talks, Media, and Projects

• University of California Los Angeles Extensions, "The Anatomy of Security Holes," 12/05
• Toorcon 2003, "Cost-Effective Enterprise Security Management," 9/03
• Toorcon 2002, "The Requiem Project", 9/02
• Information Systems Audit and Control Association, "Leveraging Hacker Know-How," 3/02
• Toorcon 2001, "The Bugginess Equation & the Hitchhiker's Guide to Computer Security," 9/01
• Information Systems Security Association San Diego Chapter, "White Collar Hacking," 8/01
• MAC Spoofing on the Mac, forging source addresses in ethernet headers on Mac OS X
• The OpenBSD on Virtual PC Project, Unix in emulation on Mac OS
• The T Sector Magazine, "Spy vs. Spy: Hackers Go Corporate," 1/01
• Toorcon Security Expo '99, San Diego, CA, Security Panel on Ethical Hacking, 9/99
• University of California Los Angeles Extensions, "The Anatomy of Security Holes," 6/99
• University of California Los Angeles Extensions, "Challenges in Implementing PKI," 6/98