-----BEGIN PGP SIGNED MESSAGE-----
Hello folks,
Due to a total restructuring at OneSecure (where I served as
Senior Security Consultant), there was a large-scale RIF and I was laid
off right in the midst of BlackHat/Defcon. With that in mind, I'm back on
the market looking for either full-time or contract work in the security
field.
I am looking for work in the Los Angeles area. Work-related
travel is not an issue, but I am not presently available to relocate (my
fiancee's work is in the defense industry and they've invested a good deal
of resources in her career and her clearances). Telecommuting with visits
to headquarters is a viable option as I was doing such quite successfully
with OneSecure until the RIF came.
The following is my most current cirriculum vitae. If any
interested parties should have any questions, I can be reached at this
e-mail address. Thanks very much for your time.
Sincerely,
Jay D. Dyson
- -----BEGIN CIRRICULUM VITAE-----
Jay D. Dyson -- Curriculum Vitae
HIGHLIGHTS OF Operating Systems:
QUALIFICATIONS Linux, SunOS, Solaris (Sparc & x86), HPUX, AIX,
IRIX, FreeBSD, DGUX, DR-DOS, MS-DOS, Windows 3.x,
Win95, Win98, WinME.
System Administration:
Proficiency in installing and configuring Secure
Shell, Qmail, Sendmail, BIND, DJBDNS, Apache, and
other popular services. Proficient in setting
up, maintaining and upgrading enterprise-scale
server systems. Extensive experience in daily
system administration in the areas of user and
service administration, system troubleshooting,
patching and upgrades. Extensive experience in
training users and administrators on effective
security policies and procedures.
Security:
Controlled System Penetration; Task Automation;
Network Risk Analysis; Network and System Audit;
Disaster Recovery practices, Security Policy and
procedures creation; Vulnerability Analysis and
Exploitation Research; and Social Engineering
Strategies and Techniques.
Forensics:
Examination of federal discovery on behalf of
JPL/NASA; file content analysis; logfile analysis
and recreation of sequence of events; technical
liason to Institutional Computer Information
Services (ICIS); technical advisor to NASA Office
of the Inspector General and JPL Security
Investigative Services.
EMPLOYMENT HISTORY 04/2000 to 07/2001
Employed as Senior Security Consultant for
OneSecure, Inc. Served as technical advisor to
OneSecure customers and Security Operations Center
(SOC) in formulation of security policies and
procedures. Technical advisor to sales and
marketing staff on work opportunity scoping.
Provided security risk assessment and penetration
testing services to OneSecure customers. Reviewed
and evaluated technologies and product security
advisories and vulnerabilities as announced.
Performed due diligence security audits for OneSecure
and its customers. Created and maintained penetration
"attack" database for use in customer penetration
assessments and evaluations. Provided technical
assistance in installing, securing, auditing and
maintaining customer and SOC systems. Position
eliminated following company restructuring and
large-scale Reduction In Force.
11/1995 to Present
Employed by User Technology Associates as a
Computer Systems Specialist contractor to the
NASA Jet Propulsion Laboratory. Retained on part-
time basis as Security Advisor to JPL Knowledge
Management following my April, 2000 departure to
work for OneSecure. Tasks originally involved
in efforts to automate and implement online
database system to house and supersede JPL/NASA
legacy documents (policies, procedures, lessons
learned, et cetera). Contributed to creation and
implementation of PERL translation engine to
convert SGML data to HTML. Assumed control of
the NASA JPL Technical Report Server (TRS); ported
system from Windows NT to Sun Solaris. Created and
implemented automated update systems for JPL TRS
database and associated abstracts, citations and
full text technical reports.
Currently utilized by many and varied sections
across JPL for creation and implementation of
automated and network-based security solutions.
Duties expanded to include a wide range of system
and security advising, including vulnerability
analysis; security policy development and
implementation; coordination of security advisory
releases with vendors and NASIRC. Most recent
project involved enforcement of International
Traffic in Arms Regulations (ITAR) and Export
Administration Regulations (EAR) through proposal,
planning, selection and implementation of firewall
technology on the JPL/NASA Knowledge Management
Web Portal.
Previous tasks included providing security
assessment, general security consulting; training
users and administrators in secure computing
practices; initiating and reporting discovery of
vulnerable mail transport agents (MTAs) with
specific regard to third-party mail relay;
maintenance of DNS-centric, JPL-specific open
relay blocking system; contributor to NASA-wide
postmaster policies and procedures; technical
advisor to JPL Security Investigative Services
and NASA Office of the Inspector General (OIG);
assist in ongoing computer crime investigations;
perform quarterly surveys of the entire JPL
network (~20,000 systems); primary contact for
Network Abuse reports and outstanding issues
(abuseat_private); technical advisor to JPL
Electronic Communications Tiger Team, New
Millenium Program (NMP), Propagation Studies,
Documentation Review Services, Enterprise
Information Services, and Computer and Network
Security; daily administration of various systems
including SunOS 4.x, Solaris, and Linux.
09/1992 to Present
Independent Computer System and Security Consultant.
Provide security risk assessment and penetration
testing services to various customers. Review and
evaluate security solutions per customer requirements.
Perform due diligence security audits for customers.
Created and maintained penetration "attack" database
for use in customer penetration assessments and
evaluations. Provide technical assistance in
installing, securing, auditing and maintaining customer
systems.
OTHER SKILLS Internet site setup, development and maintenance.
I currently assist in administration of the
Attrition.Org site, colocated on a T3. I also
maintain the systems and network of Treachery
Unlimited (http://www.treachery.net/), a network
and computer security information site. I also
serve as a member of the core transition team for
PacketstormSecurity.Org.
Ongoing attendance at a wide range of security
conferences and seminars.
SPEAKING Wide variety of speaking engagements at JPL and
other NASA centers on topics such as: creation
and implementation of the JPL Technical Report
Server system utilizing freeWAIS; recommended
utilization of Web-based applications; security
implications of network-based printers;
recommendations for implementation of Pretty Good
Privacy across the agency; security implications
of FTP and HTTP data dissemination with respect
to International Traffic in Arms Regulations
(ITAR) and Export Administration Regulations
(EAR). Regular speaker with JPL/NASA System
Administrator's Guild (SAGE) on a variety of
computer and network security-related topics.
tooRcon '99 - September 3-4, San Diego, CA
"Secure Remote Communications" (Sep. 3)
"The State of Hacking Today" (Sep. 4)
BlackHat 2001 - July 11-12, Las Vegas, NV
"Mirror::Image - Lessons Learned by
Attrition.Org" (Jul. 12)
Scheduled talks include "Installing and
configuring IPFilter" slated for August 2001
with JPL/NASA SAGE as well as "Why Security
Through Obscurity Isn't" slated for September
2001 tooRcon.
WRITING Author of advisories regarding Hewlett-Packard
Network Printer security issues (as reported by
the NASA Automated Systems Incident Response
Capability (NASIRC)); security implications due
to implementation flaws with NAI PGP and
Microsoft Exchange and Qualcomm Eudora Mail User
Agents (as reported on Bugtraq and NTBugtraq);
and bug discovery in Apache 1.3.x default
installations.
Author and contributor to a wide variety of
articles on computer security issues in today's
IT field. Articles can be found on Attrition,
SecurityFocus, SunWorld and more. Author of
white paper on Secure Remote Communications
system prototype.
Author of definitions, policies and procedures
regarding use and misuse of networked
technologies.
Author of attack methodologies chapter for
"Hack-Proofing Your Web Applications" by
Syngress Publishing.
REFERENCES Available upon request.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iQCVAwUBO1St59CClfiU/BIVAQHC3gP9F8FdNrNxKJMmZTskPeuu6EE+ccX0ttgG
ffuDMixRqM53BnMJdv9QMxw1cCmWv2yWdu7y6Td7R3yKx/BefQOdjBpbye3A8LMz
OUBk0DesdNTfBH+TJUq4/rcVqAE7ewtDLLW2NW5ce0E62LxjaXLyJlxtkr6gkYY8
tAQDwhhsQac=
=V7eg
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzmOibMAAAEEAM1Aicq6fDxId0T5iQFJL8BKIaYdQEt6jpicfh9QdanJ5d/A
b9vBoivrgW1g/RV7af1OMNjomWnxulP84J4aS3bmb6Q4jHmL/0qzJ2FmAZeWzltt
hKHMhxVyN5mT84kEmsU6sYuslUC58vGoR/FqaMk5RZxhzN4vOdCClfiU/BIVAAUR
tCNKYXkgRC4gRHlzb24gPGpkeXNvbkB0cmVhY2hlcnkubmV0PokAlQMFEDmOij7Q
gpX4lPwSFQEB9SwD/2mx6FCYEP4UdbgrCi6U9yq9oDiUyjM8FbtgT+VjKXuLa13H
V56CwZAhsysvVzwGasN7C7UfREVaQxpqb5FWeQS0IyasdffpDHvasliALzxsyDph
xlLvi6DlDxKA36EPlJn8ujEf7sTec4MaelU2nih3OPs9oXlI591ZRhgycho2
=HFTe
-----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 15:47:35 PDT