('binary' encoding is not supported, stored as-is) I am now available for Information Security Advisor positions, Summary of Past experience. With 7 years security experience, I have developed into a specialised Information Security Advisor. I can, with adequate ability, offer you a dedicated solution to any security related challenge. I am single and am prepared to relocate worldwide, to serve this purpose. I have a sound understanding and knowledge of Network Infrastructures and Information Security, including the supporting products, personnel, documentation and procedures which are required to minimize the risks to business continuity, the loss of corporate reputation and/or the loss of revenue. Skillset and Product Familiarity (Excellent = 1; Good = 2; Design = 3; Advise = 4) Firewall; Gauntlet VPN (1), Gauntlet E-ppliance (2), Nokia/Checkpoint firewall (3) Penetration testing; Cybercop (1), Iss Internet scanner (2), Netrecon (2), Nessus, NMAP Encryption; VPN (1), PGP (1) Access Control; Biometrics (1), Ikey and smart cards, SafeBoot, SecurID (3), Cisco taccacs (1), SecurID (1), RADIUS (1) Content analysers; Sniffer Pro (2), MimeSweeper suite (1), Websweeper (1), WebSence (3) Anti-virus; Network Associates (1) Intrusion detection; Cybercop monitor (1), Sting (2), RealSecure IDS (2), Audit / policy; Bs7799 (2), Data protection act (2), Computer misuse act (4) Security policy; Cobra Risk Consultant (2) Backups; Backup Exec (1), Arcserve (2) Operating systems; Cisco IOS (1), Nt4 server/workstation (1), Windows 9x (1), Novell (2), Solaris (4), Windows 2000, Applications; Microsoft project (2), Microsoft IIS (1), Microsoft office 2000 (1), Microsoft exchange (1), Microsoft SQL Server (2), Act (2), Magic helpdesk. (4) Qualifications ISO 17799/ BS7799 Lead Auditor Microsoft Certified Systems Engineer (MCSE) ID 1443594 Microsoft Certified Professional + Internet (MCP + I) MSC IT Security (Graduation 11/02) Education 2001-2002 University of Westminster - London Masters Degree in Information Technology Security Graduate - 11/02 1991 - 1993 Technical College Pretoria South Africa National higher diploma - nature conservation 1989 - 1990 South African police Pretoria Counter Insurgency Threat Identification Penetration Testing Surveillance and Social Engineering 1984 - 1985 capital college Pretoria South Africa National senior certificate - (A-levels) English Afrikaans Mathematics Biology Geography Physical science Employment 2001 - 2002 Nortel Networks EMEA Solutions Architect/ Security Consultant I am responsible for the review, design, project management and implementation of security solutions for Nortel Networks clientele within the EMEA region. The areas I cover within my duties include, Developing Security Policies and Procedures, ISMS (Information Security Management Systems), Security Auditing according to the ISO 17799 standard, Penetration Testing, Network Architectural Design, Verification Testing, Disaster Recovery Planning, Vulnerability Assessments including physical, logical, procedural and personnel security, Risk analysis, network design. I perform the roles of CSO for new companies, Project Management or team leader on security projects for Nortel Networks’ clientele. I communicate comfortably at all levels within an organisation, in a formal and informal environment.. 1999 - 2001 Priority Data (UK) Ltd Hemel Hempstead Director of Technical Services I am responsible for the day-to-day management of IT Security Consultant team. Project management of IT Security policies for various customers in the UK, including finance institutions, government sector, and multi-national corporations. Staff development and training program designed for security consultants. Working with board level executives, in designing and implementing business focused security solutions for their companies. Penetration Testing with automated tools, and recommending action based on the results. IT Security advisor for company mergers, including a complete migration and integration strategy developed for the client. Independent evaluations and impact assessment of security products on the business function of the client Audit/Risk Assessment and Security Policy Consultancy 1997 - 1999 Epson (UK) ltd Hemel Hempstead It Support Manager Security Consultancy for the EMEA, offices for Epson (UK), including the design and implementation of a secure wide area network. This included the policy development for Firewall, Internet, Email and anti-virus security policy. Provide training of users and support staff in the maintenance and use of these security products. Management role for the EMEA (Europe, middle east and Africa) support division for Epson, Remote WAN infrastructure and business continuity contingency planning Penetration testing, firewall installations, VPN configuration, PKI role out. The day to day running of the IT support department consisting of 8 engineers worldwide, technical knowledge assessment and internal training for support staff and 300 internal users in the United Kingdom. Introduce Board-level technical forums on present and future IT infrastructures and security. Prime function of IT security, but my title includes an added management responsibility for the technical support team. Perimeter and Secure computer/server room development, including fire prevention and off-site disaster recovery planning. 1996 - 1997 B&T Connections Milton Keynes Senior Network Engineer Migration Engineer responsible for migrating Novell and CCMail to NT4 and Exchange 1995 - 1996 Kingswood IT Centre Cromer Norfolk IT Manager Management of an IT training centre with 15 staff and 80+ pc’s Establishing training structure and courses for students. Budget and purchases, health and safety, personnel and finance management 1989 - 1990 South African Police Pretoria South Africa Rank: Lance Sergeant Technical Supplements to CV -Martyn Gessey - March 2002 1. ISP - 3 months The design, project management and hands on delivery of a secure remote access point for support and management of the network sub-systems. The end-result included multiple, redundant access methods, namely, ISDN, Modem and Internet access. Internet security was achieved by utilising IPSEC compliant VPN hardware and software. Radius profiles integrated with RSA SecurID hardware tokens were used to enhance Accountability and strengthen Authentication. Centralised access passed through a redundant Nokia/Checkpoint Firewall Solution giving access to 8 DMZ’s, segmented by the classification of the risks involved. Each DMZ and the Private network segment included RealSecure Intrusion Detection probes to enhance the reaction time to a breach in security. All the platforms were hardened according to Vendor recommendations, CERT, SANS and Bugtraq/Security Focus (see 3 below). 2. ISP/ASP 4 month Network security & Operating System Hardening - (see 3 below) This role included the hands on repair and verification to the security of an ISP/ASP which had inherent security flaws in the design. I was responsible for a team of 5 engineers, my responsibility included coordinating the Operating System Hardening and add high level network design input. The same principles to the security of the infrastructure were applied as in point 3 below. The creation of policies for the management of the servers, including recommended standards according to ISO 17799 on the system use, access , backup and security policies for the management of the servers. 3. ISP- 2 month contract Network Security My responsibility was to provide advise to the network design team on the correct positioning of Firewalls, and Demilitarised Zones (DMZ’s) within the core infrastructure of the network to enhance the security of the network. Input into the creation of VLAN’s to segregate Management, Back- end and User traffic across the network. Input into the design of the IP address scheme to ensure that correct sub-netting and use of limited public addresses enhanced security of the network. The design & implementation of IPSEC compliant VPN’s to be used across the internet, (a secure method of communication without the need for separate fixed lines between offices). Input into the protection of a Backup and Restore network including capacity planning for firewall throughput. Operating System Hardening Unix Hardening I created shell scripts used to audit the Sun Solaris 2.6,7 & 8 operating system, in order to ensure conformity across all platforms. Input into the hardware design, installation requirements, and modifications of the core products in order to enhance the security of the platforms. I deployed JASS (Jumpstart and Security Scripts) as a minimum level of security as recommended by SUN, as well as applied all recommended security patches to ensure the operating system was up to date. I installed SSH (secure shell) to enhance the security of network traffic from/to the servers, the risks associated with clear text usernames and passwords associated with FTP, Telnet, rsh and rlogin, are thus eliminated. I deployed fix-modes scripts to servers, this reduces the number of files/directories which are vulnerable to access and changes. Checked various vulnerability websites and applied recommendations based on Industry Best Practice. The following attributes were covered during the hardening process. File Systems and Local Security Console Security OpenBoot PROM Security Disabling Keyboard Abort File system: Adjusting File Permissions, set-user-ID and set-group-ID files Volume Management Accounts: Managing System Accounts, cron and at Security, The init System: System Default Umask, Disabling unnecessary Services; Log Files: Log Files Managed by syslog, Application Log File; Miscellaneous Configuration: IP Stack tuning, NIS Network Service Security Telnet; Remote Access Services: rsh, rlogin, rcp; Remote Execution Service: rexec FTP; Disabling inetd Managed Services; RPC Services; NFS Server Settings; Automount; Sendmail; IP Forwarding; Network Routing; Multicast Routing; Reducing inetsvc; Modifying Network Service Banners. Windows 2000 Hardening: The Windows 2000 servers were secured with the following areas of concern checked either by batch files or utilising the “Security Configuration and Analysis MMC snap-in”: Accounts, Local Policies, Event Logs, Restricted Groups, System Services, Registry settings, File permissions, and numerous miscellaneous application security settings. Due to the poor quality of the “Snap-In” provided, many of the changes were done manually to the system, to ensure accuracy. __________________________________ I can explain these activities for non technical audiences. __________________________________ Information Risk Management Specialist £725-00 per day, >40 day contract £650-00 per day from 41>180 day contract References on request Kind regards Martyn Gessey martyngesseyat_private
This archive was generated by hypermail 2b30 : Sun Jul 07 2002 - 14:59:12 PDT