Please accept my resume for your review . Best, -M -------------------------------------------------------------- Summary of Qualifications * Over 7 years experience in the IT Security Industry * Excellent Project Management skills. * Strong interpersonal communication skills w/ senior management and peers * Ability to think about solutions to address the situation and drive the necessary solution in a timely and efficient manner. * Adaptive team player, excellent self-starting and motivational skills * Proactive, inquisitive, team player, and willing to take on new challenges * Strong sense of humour * Full leadership responsibility to guide the security teams to successful operations * Strong understanding of network security technologies, issues and players * Good business sense and a strong network of contacts in the internet security industry. * Deep technical knowledge & Hands-on experience of penetrations tests, hacker tools, security audits, firewalls, H/NIDS solutions, security architectures. Professional Certifications/Trainings * Project Management Training, internal to , given by RMC Project Management (Santa Clara, May 2002) * Gauntlet FW & VPN Training, technical details. (February 2002 Dallas, TX) * Cisco PIX FW, hands-on workshop for 3 days. at CISCO campus. (November 2001 San Jose, CA) * Recourse ManHunt and ManTrap hands on workshop at Recourse Office. (November 2001 Redwood City, CA) * BlackHat Computer and Network Security Conference- www.blackhat.com (Las Vegas, July2001, July 2000 and July 1999) * DefCon7-8 www.defcon.org (Las Vegas, July2001, July 2000 and July 1999) * Code Based Vulnerabilities (How to write and find buffer overflows )– by Dominique Breziski at Blackhat pre-conference training (Las Vegas, July 2000) * Forensic Analysis (Intruder Discovery / Tracking and Compromise Analysis)-by Dominique Breziski, Dave Ditrich at Blackhat pre-conference training (Las Vegas, July 2000) * NT Network Intrusion Workshop- by Greg Hougland (www.rootkit.com), JD Glaser (www.foundstone.com) at Blackhat pre-conference training (Las Vegas, July 2000) * SeOS by Plat?n?um Tech. or eTrust Access Control, (September 2000, Los Angeles) * Information Risk Assesment (CA Sarasota, Florida, June 2000) * Intrusion Detection Softwares (CA Sarasota, Florida, June 2000) * Ultimate Hacking, hands-on (Boston, May 2000 from Foundstone Inc. (www.foundstone.com)) * X.500 Directory Services (CA London, May 2000) * Dealing with Hackers, Neupart & Munkedal Inc. (CA-World 2000 NewOrleans , conference) * Hacking Exposed Live, Foundstone Inc. (CA-World 2000 NewOrleans , conference) * SA237 Sun Solaris System Administration 1 & 2 (November 1999 from Koc System (www.kocsistem.com.tr)) * Linux Network Administration (March 2000 from Gelecek AS (www.gelecek.com.tr)) * Security Auditing Workshop (June 1999 from NAI (Network Associates) security specialists) Professional Experience April 2001- Major Security Company***, Santa Clara, CA Sr. Security Architect * Re-design of the global corporate network and security infrastructure including DMZ, partner, local and public networks, and integration of office-to-office VPNs and RAS servers. Re-design of FTP & Web servers in such a cost-effective way (we saved 4 million USD annually with the new approach). Integrated 3-factor authentication. Added new network and Host based IDS solutions with incident correlation technologies and sniffers around the global corporate network. * Prepared the security policy of global network infrastructure, including all 3-tier architecture, DMZ, internal, external, partner-site networks. Defined new trust relationships between the different segments of network, integrated this relationships with firewall and router ACLs, N/HIDS rules, sniffer filters. * Security testing of SQL servers, namely, ORACLE, MS SQL and MYSQL servers, Conducted penetration tests and armored the servers. * Defined and setup a new policy for new vulnerabilities, establish a procedure such that, new vulnerabilities are validated in a test environment, results and details are documented for internal usage, patch procedures are set and then responsible parties are informed with the details. This procedures also follows-up the deployment. * Re-crafted publicly available exploits, proof-of-concept codes, for internal usage in penetration tests. Developed a piece of code which on remote Windows vulnerability gives a complete remote system compromise with a remote-shell. Rewritten the exploits for both UNIX and Windows systems on x86 architectures. * Lead the benchmark of Incident Correlation engines for both business development team and internal security team. Defined the test criteria’s with respect to both internal security team usage and business development team concerns. Set up a test lab, prepared the test tools and techniques and conducted the test. Take leadership in the deployment of the incident correlation engines all around the corporate global network. Tested products were NetForensics, Intellitactics and ArcSight, excluding the other products which did not meet the expectations for the final test. * Wireless security testing of corporate network and branch offices, deployment of wireless security scanners around the network to monitor corporate network for unwanted security compromises. Deployed wireless-sniffer, wireless security scanner and some publicly available tools for this service. Also take some initiatives and responsibilities for product testing of wireless sniffer before the market release. * Security testing, auditing & Armoring UNIX servers. Specifically the Sun Solaris servers, prepared secure deployment procedure for the Sun Solaris servers. * Benchmarking and evaluation of NIDS products for both Business Development team and internal IT Security deployment. Partnered with the other team member to define the test criteria, product requirements, prepared the ids evaluation tools (fragroute, whisker, libwhisker, hping, nmap, ADMutate, cybercop CASL), used some ids-evasion techniques and tools, re-crafted some publicly available exploits for the test, used synthetically generated traffic (using Smartbit) to stress test the products with overloaded network, and conducted the test. The products tested were Intruvert, OneSecure, ISS Real Secure, Recourse ManHunt, Snort, TippingPoint and Sourcefire (commercial Snort). * Evaluation of HIDS systems for internal IT security usage. Prepared test scenarios for local system compromise and remote system compromise attacks. Specifically created vulnerable UNIX, SQL, Web, Windows servers. Performed local and remote system attacks and monitor the behavior of the system both with and without HIDS deployed. Presented the test results. Lead the deployment of the HIDS all around the global corporate network. Some of the tested HIDS products were Entercept HIDS, SecureIIS and tripwire. * Managed Gauntlet FWs accross the company NW running on Sun Enterprise 250/420/450 servers. * Participated in firewall benchmark, test, choice and deployment project. Take responsibilities in CheckPoint NG FW2&3 deployment and replacement across the NW. Deployment of Nokia-CP firewalls globally around the main data centers for public networks and user networks with high availability. Deployment of CP firewalls running on Sun Enterprise servers for office-to-office VPNs * Lead the deployment of Snort IDS around the global infrastructure of the company, including DMZs, Internal Networks and so on. This was a pilot project which last 9 months. Before the commercial NIDS deployment we used snort. Later we kept some of them to use in conjunction with other flavors of IDS solutions. As snort is a publicly available GNU product with many different deployment options, here is details I performed. Design Deployment over UNIX Servers running on SUN SOLARIS 2.8 with Netra T1 & Enterprise 450 Central Database deployment to consolidate logs, with MySQL. All the servers (Apache, MySQL) were bound to localhost, only public listening server was SSH and Stunnel (for MySQL). Facilitated port- redirection and port-forwarding to access other listening servers with security in mind. Encrypted traffic between IDS sensors to central IDS (management console) via stunnel. Write scripts for fail-over. (if central goes down, they will start logging to local DB.) Deployed Apache web server for displaying IDS alerts with the help of ACID. Take an active role to facilitate the 24x7 monitoring of IDS systems & Network MRTG reports. (awarded for the achievement of this project) * Take an active role in the development of *Incident Response Plan* for the company. * Performed bullet-proof penetration testing to company web $ sql servers using “sql insertion techniques” and other web&sql hacking techniques. * Deployment of gateway to gateway VPN with Gauntlet FW. Deployment of client to gateway VPN with PGP and Gauntlet FW. Gauntlets were later replaced with CheckPoint NG FW 2&3 * Forensics Analysis for some UNIX and NT/2K servers, which was suspected to be hacked. * Penetration testing to different DMZs. * Prepared NT/2K hardening and secure deployment procedures. Documented a well-detailed paper about the WIn NT/2K security * Deployed Honey Pots with CyberCop Sting. * Played an active role, in the migrating of corporate FTP&Web servers to an external vendor NW, and assessed the physical security, OS security, security plans for migration. Deployed VPN connection between uploading servers and staging server on the vendor site. (Awarded for the achievement of this project. This project saved company around 4 million USD annually) 1999 August – January 2001 Computer Associates, Istanbul, Turkey Sr. Security Specialist Member of CA Security SWAT Team * Set-up bullet-proof hacking service around the Europe and middle east. * Design, implement, and troubleshoot highly available, secure computer networks, to include the use of automated intrusion detection and response systems, redundant firewalls, proxy servers, strong certificate based encryption, network protocol analyzers, and router and switch access control lists. * Defined the methodologies for NT/2K, IIS, UNIX hacking for penetration and attack services. Provided policies and wrote procedures to handle future security breaches. * Provided eTrust Security products (intrusion detection, firewall, Access Control, VPN, PKI, Admin etc.) and security services such as penetration and attack tests, security architecture design and so on. * Senior member of security SWAT team, composed of 20 people globally in Computer Associates. * Teaching security classes for CA security professionals * Worked with government agencies (police department, navy, army and others), financial institutions July 1998 – August 1999 Pronetwork, Istanbul,Turkey Internet & Network Security Specialist * Designed security architectures and responsible for penetration and attack tests. For this service (PenTest), we were mainly working with NAI’s (Network Associates) security experts. * Installed and configured Rad Guard Firewall, VPN and Rad Ware Fireproof (load balancing unit). Also, dealt with Session Wall and Cisco PIX firewalls. * Firewall / DMZ infrastructure design and implementation. * IDS design and implementation for internal network (LAN) and DMZ. * VPN, PKI design and implementation. * PGP implementation for corporate e-mail system security. Educational Background * 1994-1999 Bosphorus Unv BSc ,Computer Science –Bachelor Degree Istanbul, Turkey, www.boun.edu.tr Regarded as the best university in Turkey. I was ranked in the top 50 students taken university placement exam among 1 million students. References Will be furnished upon request _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 11:49:14 PST