I am looking for an infosec position in the DC Metro area or South Florida. My most recent position is Sr. Engineer in support of managed security services. My greatest proficiency is with Checkpoint Firewall-1 and the Nokia IP platform, to include reverse engineering their files for process automation and value-add services. I am proficient in data mining of log files and complex packet-level troubleshooting, and I can apply this to Intrusion Detection platforms such as Snort. Besides serving as the lead technical escalation for managed firewalls, I continually work with management towards improving efficiency and level of service. Prior to this, I worked in CACI's Information Assurance department, providing infosec consulting, assessments and technical documents to commercial and government clients. Please see my resume below. Sincerely, Eric J. Bragger infosecat_private ____________________________________________________________________________ Eric John Bragger (CCSA/CCSE) infosecat_private ____________________________________________________________________________ 167 Crossbow Ln. Phone: (301) 963-3525 Gaithersburg, MD 20878 Fax: (301) 924-9337 ____________________________________________________________________________ OBJECTIVE To support excellence in the field of information security by combining broad technical ability and continuous research with initiative, creativity, strong verbal/written communication skills and business proficiency. ____________________________________________________________________________ POSITIONS HELD Sr. Engineer III, IP Security Engineer II, IP Security Systems Security Analyst I ____________________________________________________________________________ INFORMATION TECHNOLOGY - CHECKPOINT FIREWALL-1 --- ADMINISTRATION Provider-1 - Standalone - Field Firewalls High Availability - Gateway Clusters VPNs ISAKMP (IKE) - IPSEC - FWZ - SKIP - PPTP Tunneling SECURECLIENT IKE - FWZ - UDP Encapsulation - IKE over TCP IP Pooling - Single / Multiple Entry Points NAT Internal-to-Internal (Dual Hide) - Multi-Interface NAT of Inbound VPNs - NAT of Inbound SecureClient AUTHENTICATION User, Client, Session - RADIUS - LDAP - S/Key - IKE RESOURCES/PROXIES Kernel URL Logging - UFP - CVP - Connect Control HTTP, SMTP, FTP Security Servers CRASH FORENSICS "ELG" Analysis - Core Analysis Daemon Stats - Module Debug AUDITING Rulebase Security Audits - Log Audits Integration - Performance Tuning REVERSE ENGINEERING Rulebases (compiled/uncompiled) - Objects File - NOKIA IP APPLIANCE / IPSO OPERATING SYSTEM --- ADMINISTRATION Voyager Configuration High-Availability (VRRP Monitored Circuits) ADVANCED ADMIN. "iclid" - "ipsctl" - "ipsofwd" Firewall Flows - Performance Tuning CRASH FORENSICS Core Analysis - Module Memory Usage Subsystem Health (CPU/Disk/Memory) REVERSE ENGINEERING IPSO Database - NETWORKING --- GENERAL SKILLS Security Analysis - Segmentation - Architecture Testing - Routing - Switching TROUBLESHOOTING Packet Sniffing/Decode (tcpdump, snoop, Ethereal) Session Analysis - Route Verification PROTOCOLS IP - TCP - UDP - ICMP - ESP - IPX - GRE - NetBIOS - INFORMATION SECURITY --- GENERAL SKILLS Assessment - Penetration - Fortification Network Mapping - Functional & Performance Testing Technical Writing - War Dialing - OS Hardening ENCRYPTION SSH - PKI (PGP) - RSA Keys - DES/3DES ISAKMP - IPsec - FWZ - SKIP - TICKETING SYSTEMS --- DESIGN Interface - Logic - Field Elements - Metrics Relational Database Structure - SOFTWARE --- FIREWALLS Checkpoint FW-1 v4.0-4.1 - Axent Raptor 5-6.0 Cisco PIX - NAI Gauntlet 4.2-5 SCRIPTING sh / bash (Bourne Shell) - Parsing Regular Expressions - HTML OPERATING SYSTEMS Nokia IPSO - Solaris - Linux - BSD - SunOS Digital Unix - IBM AIX - XWindows environments Windows NT/98/95/3.1 - OS/2 2.1-3.0 - DOS SECURITY TOOLS ISS Internet Scanner 5-6.x - NAI CyberCop Scanner Satan - Saint - Sara - Nessus - COPS Snort - TripWire - ToneLOC - TCP Wrappers PRODUCTIVITY Microsoft Office 95-2000: Word - Excel - Outlook - Powerpoint - Frontpage Microsoft Project - Webtrends - Visio 4.0-2000 Wordperfect 4.2-8.0 - Lotus 123 E-MAIL Outlook - Pine - Lotus Notes 4.x - Eudora Pro GRAPHICS Adobe Photoshop 3.0-6.0 - Bryce - 3D Studio 3.0-Max ____________________________________________________________________________ WORK EXPERIENCE 2001-Present SR. ENGINEER III, IP SECURITY Allegiance Telecom / Intermedia Business Internet Security Management Center - Serving as lead engineer for managed firewalls in the field. On-call escalation point for 2nd and other 3rd tier engineers. Principal coordinator of vendor support. Daily contact with domestic and international customers, to include government agencies. - Created a script that inputs an IP address portion and displays the objects and NATs that match it, in addition to the groups those objects are in. Handles infinite nested groups. - Designed the structure, interface and article templates for a flexible, enterprise-class knowledgebase. Authored the majority of its articles. - Developed requirements for ticketing system migration from Cold Fusion to Remedy. Revised and re-organized ticket categories in support of data mining and metrics. 2000-2001 SR. ENGINEER III, IP SECURITY Intermedia Business Internet Security Management Center - Served as 3rd-Tier engineer for managed firewalls in the field. On-call escalation point for 2nd-Tier engineers. Daily contact with domestic and international customers, to include government agencies. - Reverse-engineered significant portions of the Checkpoint rulebase files, Checkpoint objects file and Nokia IPSO database. Applied this knowledge to automated scripts and day-to-day operations. - Designed a major overhaul to the structure and interface of a Cold Fusion-based ticketing system in support of efficiency and metrics. This included HTML prototypes of schemas and a complex logical diagram created in Visio 2000. - Authored official procedures for topics such as crash forensics and troubleshooting. - Informed Checkpoint of a deficiency with their workaround to the RDP tunneling vulnerability and escalated within Checkpoint until a proper patch was released. - Maintained a list of documented and undocumented bugs in Checkpoint Firewall-1 and the Nokia IPSO operating system. - Wrote a script to automatically diagnose discrepancies between firewalls in a high-availability configuration and verify proper settings. 1999-2000 ENGINEER II, IP SECURITY Intermedia Business Internet / Digex Security Management Center - Served as 2nd-Tier engineer for managed firewalls in Digex server farms and in the field. Escalation point for 1st-Tier engineers. Daily contact with domestic and international customers, to include government agencies. - Principal contributor in executive-level meetings with the Director of Product Management, the Manager of Security Products Sales and the VP of Business Process Solutions. - One of three employees selected to participate in a revision of internal processes and job requirements. Designed changes to the internal ticketing system in support of these revisions. - Created a modular scripting system which logs into a list of firewalls and runs commands. Each script module can contain settings that offer highly customized execution. - Created a script that automates incremental backups of files each time they are modified. - Maintained monthly firewall licenses on approximately 300 firewalls. Negotiated with Checkpoint for a less-restrictive, 6-month license. 1998-1999 SYSTEMS SECURITY ANALYST I CACI Inc. Information Assurance Dept. - Created the department's benchmark technical proposal for security assessment contracts. - Responsible for project timeline creation, client interaction, strategic planning, technical analysis and documentation for a long-term Navy network reconfiguration. - Conducted a comprehensive assessment of the features and technical aspects of thirteen major Intrusion Detection Systems. - Composed a document combining load analysis, network simulation and firewall implementation procedures for a Navy client. This document received commendation from the client. - Responsible for the installation, configuration and accreditation of a mission-critical firewall. - Created comprehensive configuration documents for conversion from a Checkpoint firewall to a proxy-based Raptor firewall, to include hardening the Solaris operating system. - Technical lead for a quarterly County network assessment that included external/internal vulnerability analyses, analog phone scanning, threat monitoring and custom reporting. - Evaluated the security and utility of a distributed networking infrastructure for a mission-critical, international deployment of satellite communications. - Performed a comprehensive sector analysis of a foreign government's technology incubator program. ____________________________________________________________________________ CERTIFICATIONS / TRAINING 2001 Checkpoint Certified Security Administrator (CCSA) Checkpoint Certified Security Expert (CCSE) 2000 Nokia IP Security and High-Availability Training Checkpoint CP2000 Training Axent NetProwler IDS Training 1999 ISS Certified for Internet Scanner and SafeSuite Products CACI Inc. Certified in Project Management ____________________________________________________________________________ EDUCATION 1994-1998 University of Florida Gainesville, FL BBA in Management, Warrington College of Business Administration
This archive was generated by hypermail 2b30 : Sun Mar 24 2002 - 22:40:38 PST