To all, I am searching for a management or auditing position in the following areas: Stamford - Shelton, CT Boca Raton, FL Tampa, FL Jacksonville, FL Orlando, FL Chicago, IL Austin, TX California Arizona South Carolina Georgia Overseas... My experience includes management of 3 B2B web sites, operations of a New York site and security throughout the enterprise. I have established security programs (to include policies and procedures), operating system hardening standards, and have built/secured B2B web sites. During my time in the USAF, I maintained the certification and accreditation of a secure facility. My auditing background is solid, with experience in both commercial and military organizations. I have audited entire organizations, large corporate data centers, and hosting providers and secure facilities. I work against audit findings with prioritized issues lists, followed by new policies, procedures and standards. I have also been exposed to numerous methodologies (DoD certification and accreditation, DITSCAP, ISO 17799 and the Common Criteria). Thanks for your time. I appreciate it. Gideon Gideon Rasmussen, CISSP 4 Morningside Place Norwalk, CT 06854 gideonat_private 203-857-4442 SUMMARY OF QUALIFICATIONS CISSP with 8 years of experience in fortune 500 and military organizations. Background consists primarily of infrastructure, security and operations focus. A history of rapid promotions led to a Director level position, with full responsibility for implementation and support of mission critical systems. Possesses a solid auditing background, with experience in both commercial and military organizations. Has audited entire organizations, large corporate data centers, hosting providers and USAF secure facilities. Methodologies include ISO 17799, the Common Criteria, DoD certification and accreditation and the DITSCAP. Utilizes an effective combination of management expertise and hands-on technical skills. Conducts thorough on-site information security audits and manages resolution of the findings. Has proven problem solving, analytical, project management, interpersonal, multi-tasking and communication skills. A proven security advocate, effects cultural change. Focused on security, high availability, monitoring, and continuity. PROFESSIONAL EXPERIENCE International Creative Management, Inc., New York City February 2002 - August 2002 Director, Technical Operations Responsible for the operations of the New York office and information security throughout the entire organization. Conducted information security audits of the New York office and a hosting provider. Established security awareness program. Executes external vulnerability scans. Manages resolution of findings through issues lists. Established Solaris and Win2K configuration/hardening standards. Ensures operating systems are routinely upgraded and patched. Manages outsourced firewalls. Replaced firewall hardware throughout the enterprise. Specified best practices configurations of firewalls, switches and routers. Drafted security policies. Conducted business continuity exercise with emergency action plans. Distributes INFOSEC advisories and ensures the vulnerabilities are addressed. Trains personnel in operations procedures and documentation. Established standby program with 24/7 response team, recall roster, and incident reporting. Established layered monitoring program with URL monitoring service, custom scripts, centralized syslog (Sun, Cisco, AIX and Red Hat), log monitoring software and notification to e-mail/pagers via Exchange distribution lists with public folders. Stores and distributes passwords securely. Maintains continuity through operations guides, build documentation, change logs, network diagrams and hardware-software inventories. Ensures effective communication through weekly reports, task lists, and meetings. Established host naming convention. Specified enterprise backup solution and Sun development and production infrastructure. Software: Cisco Works, Whats Up Gold, Compaq Insight Manager, MRTG, Ecora Configuration Auditor, ISS Real Secure, Websense, LogSentry, SSH, eWallet, SANS SNMPing, MS Baseline Security Analyzer, CIS Router, Win2K and Solaris benchmarking tools. Services: Vigilante SecureScan and Dot-Com Monitor. American International Group, New York City November 2000 - February 2002 Infrastructure Security Manager (Independent Consultant) Responsible for the security and operations of 3 B2B websites. Stabilized and transitioned externally hosted web site. Created new DEV, UAT and production web environments in the New York office and corporate data center. Established and enforced policies and procedures to maintain secure, highly available operations. Supervised system and application administrators. Contributed heavily to the AIG Solaris hardening standard. Managed firewalls of external hosting provider. Addressed production issues with the hosting provider, data center, vendors, consultants, and development team. Ensured redundancy throughout applications, hosts, networks, power, and HVAC systems. Conducted high availability and monitoring testing. Established standby program with 24/7 response team, escalation plan, recall roster and incident reporting. Maintained continuity through operations guides, configuration standards, build documentation, change logs, network diagrams and hardware/software inventories. Ensured effective communication through weekly reports, task lists, and meetings. Established layered monitoring program. System monitoring included URLs, commercial and custom applications, logs, hosts, networks, and HVAC. Security monitoring consisted of intrusion detection and vulnerability assessment. Responsibilities also included disaster recovery, traffic statistics, scheduling of activities during maintenance windows, hardware/software purchases, and support contracts. Accomplished security configurations (hardening) of operating systems and applications. Liaised between security firms and underwriters. Conducted on-site security assessments of NOCs, SOCs, hosting providers, and corporate data centers using ISO 17799 as a standard (formerly BS 7799). Evaluated security services and software. Reviewed security audits and assesses risk of issuing hacking/cyber extortion insurance to potential clients. Software: Solaris, VCS, Netegrity Site Minder, I-Planet Web Server, I-Planet Application Server, I-Planet Directory Server, Jrun Application Server, Oracle, Sybase, Maxamine Process Analyst, Webtrends, BMC Patrol, CA Unicenter TNG, LogCheck, Password Safe, SSH, Axent ITA, Tripwire, CIS Solaris Benchmarking Tool and Sun Jass Toolkit. Services: Vigilante SecureScan, Freshwater Site Seer and Dot-Com Monitor. McGowan Consulting Group, Inc December 1999 - October 2000 UNIX System Administrator (Clients - Sikorsky Aircraft and American Skandia) Responsible for security on the Sun servers. Multi-site support. Centralized Syslog and used Swatch to send notification via e-mail. Created change process. Logged changes. Installed and secured Netscape Enterprise Server. Installed Weblogic Server. Built secondary DNS server. Divided development environments into test and staging. Generated custom web site statistics in html tables. Gave presentations. Drafted purchase justifications. Vendor liaison. Strong influence on purchasing process. Hardware: SunE450 (10), Ultra2 (2), Ultra5, SPARC 2 - 10, Additional Software: Veritas/Sun Volume Manager 2.4 - 3.0, Big Brother, Apache Webserver, SE Toolkit, Crack, Sudo, Samba, NFS and Sendmail. Operating Systems: Solaris 2.5.1 - 2.7 (Supported Oracle) News America Marketing June 1999 - December 1999 UNIX System Administrator Company's sole UNIX System Administrator. Administered 2 Enterprise and 7 mid range servers. Significantly increased server security. Created all local UNIX documentation. Created standardized program of Sun server configurations, documentation and scripts. Scripts include security and system monitoring with notification via e-mail. Performed Y2K upgrades on all UNIX servers. Centralized Syslog. Supervised numerous consultants. Created standby/response program. Gave presentations. Drafted purchase justifications. Vendor liaison. Strong influence on purchasing process. Hardware: SunE5000, SunE5500, SunE450, Ultra60, Ultra10, Ultra2, Ultra1, Periphonics IVR servers, SPARC 5 - 20, Software: Sun Volume Manager 2.4 - 2.6, Roadrunner, NetBackup, Sendmail, NFS, Epage, Computron, Jetadmin, Network Queuing System, EZ Spooler. Operating Systems: Solaris 2.4 - 2.7 (Supported Oracle) United States Air Force July 1995 - June 1999 Information Systems Security Officer (ISSO) August 1996 - June 1999 Performed security testing of U.S.A.F. systems for certification and accreditation. Maintained system accreditation. Provided operators feedback on basic/in-depth INFOSEC tools/concepts; contributed to contingency planning and zero-tolerance security posture. UNIX System Administrator August 1996 - June 1999 Installed and configured system software. Isolated faults, determined causes, and recovers from malfunctions due to hardware, software, and communications failures. Developed and maintained system/shop standard operating procedures. Conducted life cycle management. Had a focus on system usability, reliability and the user. Hardware: DEC Alpha 2100 Software: DEC OSF/1 4.0 and Solaris 2.5.1. EDUCATION A.A. Information Systems Technology, Community College of the Air Force A.A. Business Administration, Norwalk Community - Technical College CERTIFICATION Certified Information Systems Security Professional [CISSP] - (ISC)2 TRAINING Solaris TCP/IP Network Administration - Sun Microsystems Sun StorEdge Volume Manager Administration - Sun Microsystems Solaris System Administration II - Sun Microsystems Solaris System Administration I - Sun Microsystems UNIX Systems Administration Certificate - Advantec Institute UNIX Shell Programming Certificate - Advantec Institute UNIX Fundamentals Certificate - Advantec Institute Internetworking with TCP/IP Certificate - Advantec Institute Microsoft Exchange Certificate - Computer Learning Center INFOSEC for ISSOs and ISSMs - Department of Defense INFOSEC Training Facility (DoD ITF) Operational Information Systems Security - DoD ITF Department of Defense Certification & Accreditation Process - DoD ITF USAF Communications - Computer Systems Operator Certificate (Honor Graduate) Automated Message Handling System Administrators Course - Boeing Corporation USAF Trainer Certificate
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 10:42:53 PST