-----BEGIN PGP SIGNED MESSAGE----- Hello folks, Due to a total restructuring at OneSecure (where I served as Senior Security Consultant), there was a large-scale RIF and I was laid off right in the midst of BlackHat/Defcon. With that in mind, I'm back on the market looking for either full-time or contract work in the security field. I am looking for work in the Los Angeles area. Work-related travel is not an issue, but I am not presently available to relocate (my fiancee's work is in the defense industry and they've invested a good deal of resources in her career and her clearances). Telecommuting with visits to headquarters is a viable option as I was doing such quite successfully with OneSecure until the RIF came. The following is my most current cirriculum vitae. If any interested parties should have any questions, I can be reached at this e-mail address. Thanks very much for your time. Sincerely, Jay D. Dyson - -----BEGIN CIRRICULUM VITAE----- Jay D. Dyson -- Curriculum Vitae HIGHLIGHTS OF Operating Systems: QUALIFICATIONS Linux, SunOS, Solaris (Sparc & x86), HPUX, AIX, IRIX, FreeBSD, DGUX, DR-DOS, MS-DOS, Windows 3.x, Win95, Win98, WinME. System Administration: Proficiency in installing and configuring Secure Shell, Qmail, Sendmail, BIND, DJBDNS, Apache, and other popular services. Proficient in setting up, maintaining and upgrading enterprise-scale server systems. Extensive experience in daily system administration in the areas of user and service administration, system troubleshooting, patching and upgrades. Extensive experience in training users and administrators on effective security policies and procedures. Security: Controlled System Penetration; Task Automation; Network Risk Analysis; Network and System Audit; Disaster Recovery practices, Security Policy and procedures creation; Vulnerability Analysis and Exploitation Research; and Social Engineering Strategies and Techniques. Forensics: Examination of federal discovery on behalf of JPL/NASA; file content analysis; logfile analysis and recreation of sequence of events; technical liason to Institutional Computer Information Services (ICIS); technical advisor to NASA Office of the Inspector General and JPL Security Investigative Services. EMPLOYMENT HISTORY 04/2000 to 07/2001 Employed as Senior Security Consultant for OneSecure, Inc. Served as technical advisor to OneSecure customers and Security Operations Center (SOC) in formulation of security policies and procedures. Technical advisor to sales and marketing staff on work opportunity scoping. Provided security risk assessment and penetration testing services to OneSecure customers. Reviewed and evaluated technologies and product security advisories and vulnerabilities as announced. Performed due diligence security audits for OneSecure and its customers. Created and maintained penetration "attack" database for use in customer penetration assessments and evaluations. Provided technical assistance in installing, securing, auditing and maintaining customer and SOC systems. Position eliminated following company restructuring and large-scale Reduction In Force. 11/1995 to Present Employed by User Technology Associates as a Computer Systems Specialist contractor to the NASA Jet Propulsion Laboratory. Retained on part- time basis as Security Advisor to JPL Knowledge Management following my April, 2000 departure to work for OneSecure. Tasks originally involved in efforts to automate and implement online database system to house and supersede JPL/NASA legacy documents (policies, procedures, lessons learned, et cetera). Contributed to creation and implementation of PERL translation engine to convert SGML data to HTML. Assumed control of the NASA JPL Technical Report Server (TRS); ported system from Windows NT to Sun Solaris. Created and implemented automated update systems for JPL TRS database and associated abstracts, citations and full text technical reports. Currently utilized by many and varied sections across JPL for creation and implementation of automated and network-based security solutions. Duties expanded to include a wide range of system and security advising, including vulnerability analysis; security policy development and implementation; coordination of security advisory releases with vendors and NASIRC. Most recent project involved enforcement of International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) through proposal, planning, selection and implementation of firewall technology on the JPL/NASA Knowledge Management Web Portal. Previous tasks included providing security assessment, general security consulting; training users and administrators in secure computing practices; initiating and reporting discovery of vulnerable mail transport agents (MTAs) with specific regard to third-party mail relay; maintenance of DNS-centric, JPL-specific open relay blocking system; contributor to NASA-wide postmaster policies and procedures; technical advisor to JPL Security Investigative Services and NASA Office of the Inspector General (OIG); assist in ongoing computer crime investigations; perform quarterly surveys of the entire JPL network (~20,000 systems); primary contact for Network Abuse reports and outstanding issues (abuseat_private); technical advisor to JPL Electronic Communications Tiger Team, New Millenium Program (NMP), Propagation Studies, Documentation Review Services, Enterprise Information Services, and Computer and Network Security; daily administration of various systems including SunOS 4.x, Solaris, and Linux. 09/1992 to Present Independent Computer System and Security Consultant. Provide security risk assessment and penetration testing services to various customers. Review and evaluate security solutions per customer requirements. Perform due diligence security audits for customers. Created and maintained penetration "attack" database for use in customer penetration assessments and evaluations. Provide technical assistance in installing, securing, auditing and maintaining customer systems. OTHER SKILLS Internet site setup, development and maintenance. I currently assist in administration of the Attrition.Org site, colocated on a T3. I also maintain the systems and network of Treachery Unlimited (http://www.treachery.net/), a network and computer security information site. I also serve as a member of the core transition team for PacketstormSecurity.Org. Ongoing attendance at a wide range of security conferences and seminars. SPEAKING Wide variety of speaking engagements at JPL and other NASA centers on topics such as: creation and implementation of the JPL Technical Report Server system utilizing freeWAIS; recommended utilization of Web-based applications; security implications of network-based printers; recommendations for implementation of Pretty Good Privacy across the agency; security implications of FTP and HTTP data dissemination with respect to International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Regular speaker with JPL/NASA System Administrator's Guild (SAGE) on a variety of computer and network security-related topics. tooRcon '99 - September 3-4, San Diego, CA "Secure Remote Communications" (Sep. 3) "The State of Hacking Today" (Sep. 4) BlackHat 2001 - July 11-12, Las Vegas, NV "Mirror::Image - Lessons Learned by Attrition.Org" (Jul. 12) Scheduled talks include "Installing and configuring IPFilter" slated for August 2001 with JPL/NASA SAGE as well as "Why Security Through Obscurity Isn't" slated for September 2001 tooRcon. WRITING Author of advisories regarding Hewlett-Packard Network Printer security issues (as reported by the NASA Automated Systems Incident Response Capability (NASIRC)); security implications due to implementation flaws with NAI PGP and Microsoft Exchange and Qualcomm Eudora Mail User Agents (as reported on Bugtraq and NTBugtraq); and bug discovery in Apache 1.3.x default installations. Author and contributor to a wide variety of articles on computer security issues in today's IT field. Articles can be found on Attrition, SecurityFocus, SunWorld and more. Author of white paper on Secure Remote Communications system prototype. Author of definitions, policies and procedures regarding use and misuse of networked technologies. Author of attack methodologies chapter for "Hack-Proofing Your Web Applications" by Syngress Publishing. REFERENCES Available upon request. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO1St59CClfiU/BIVAQHC3gP9F8FdNrNxKJMmZTskPeuu6EE+ccX0ttgG ffuDMixRqM53BnMJdv9QMxw1cCmWv2yWdu7y6Td7R3yKx/BefQOdjBpbye3A8LMz OUBk0DesdNTfBH+TJUq4/rcVqAE7ewtDLLW2NW5ce0E62LxjaXLyJlxtkr6gkYY8 tAQDwhhsQac= =V7eg -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzmOibMAAAEEAM1Aicq6fDxId0T5iQFJL8BKIaYdQEt6jpicfh9QdanJ5d/A b9vBoivrgW1g/RV7af1OMNjomWnxulP84J4aS3bmb6Q4jHmL/0qzJ2FmAZeWzltt hKHMhxVyN5mT84kEmsU6sYuslUC58vGoR/FqaMk5RZxhzN4vOdCClfiU/BIVAAUR tCNKYXkgRC4gRHlzb24gPGpkeXNvbkB0cmVhY2hlcnkubmV0PokAlQMFEDmOij7Q gpX4lPwSFQEB9SwD/2mx6FCYEP4UdbgrCi6U9yq9oDiUyjM8FbtgT+VjKXuLa13H V56CwZAhsysvVzwGasN7C7UfREVaQxpqb5FWeQS0IyasdffpDHvasliALzxsyDph xlLvi6DlDxKA36EPlJn8ujEf7sTec4MaelU2nih3OPs9oXlI591ZRhgycho2 =HFTe -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 15:47:35 PDT