Please accept my resume for your review .
Best,
-M
--------------------------------------------------------------
Summary of Qualifications
* Over 7 years experience in the IT Security Industry
* Excellent Project Management skills.
* Strong interpersonal communication skills w/ senior management and peers
* Ability to think about solutions to address the situation and drive the
necessary solution in a timely and efficient manner.
* Adaptive team player, excellent self-starting and motivational skills
* Proactive, inquisitive, team player, and willing to take on new challenges
* Strong sense of humour
* Full leadership responsibility to guide the security teams to successful
operations
* Strong understanding of network security technologies, issues and players
* Good business sense and a strong network of contacts in the internet
security industry.
* Deep technical knowledge & Hands-on experience of penetrations tests,
hacker tools, security audits, firewalls, H/NIDS solutions, security
architectures.
Professional Certifications/Trainings
* Project Management Training, internal to , given by RMC Project Management
(Santa Clara, May 2002)
* Gauntlet FW & VPN Training, technical details. (February 2002 Dallas, TX)
* Cisco PIX FW, hands-on workshop for 3 days. at CISCO campus. (November
2001 San Jose, CA)
* Recourse ManHunt and ManTrap hands on workshop at Recourse Office.
(November 2001 Redwood City, CA)
* BlackHat Computer and Network Security Conference- www.blackhat.com (Las
Vegas, July2001, July 2000 and July 1999)
* DefCon7-8 www.defcon.org (Las Vegas, July2001, July 2000 and July 1999)
* Code Based Vulnerabilities (How to write and find buffer overflows )– by
Dominique Breziski at Blackhat pre-conference training (Las Vegas, July
2000)
* Forensic Analysis (Intruder Discovery / Tracking and Compromise
Analysis)-by Dominique Breziski, Dave Ditrich at Blackhat pre-conference
training (Las Vegas, July 2000)
* NT Network Intrusion Workshop- by Greg Hougland (www.rootkit.com), JD
Glaser (www.foundstone.com) at Blackhat pre-conference training (Las Vegas,
July 2000)
* SeOS by Plat?n?um Tech. or eTrust Access Control, (September 2000, Los
Angeles)
* Information Risk Assesment (CA Sarasota, Florida, June 2000)
* Intrusion Detection Softwares (CA Sarasota, Florida, June 2000)
* Ultimate Hacking, hands-on (Boston, May 2000 from Foundstone Inc.
(www.foundstone.com))
* X.500 Directory Services (CA London, May 2000)
* Dealing with Hackers, Neupart & Munkedal Inc. (CA-World 2000 NewOrleans ,
conference)
* Hacking Exposed Live, Foundstone Inc. (CA-World 2000 NewOrleans ,
conference)
* SA237 Sun Solaris System Administration 1 & 2 (November 1999 from Koc
System (www.kocsistem.com.tr))
* Linux Network Administration (March 2000 from Gelecek AS
(www.gelecek.com.tr))
* Security Auditing Workshop (June 1999 from NAI (Network Associates)
security specialists)
Professional Experience
April 2001- Major Security Company***, Santa Clara, CA
Sr. Security Architect
* Re-design of the global corporate network and security infrastructure
including DMZ, partner, local and public networks, and integration of
office-to-office VPNs and RAS servers. Re-design of FTP & Web servers in
such a cost-effective way (we saved 4 million USD annually with the new
approach). Integrated 3-factor authentication. Added new network and Host
based IDS solutions with incident correlation technologies and sniffers
around the global corporate network.
* Prepared the security policy of global network infrastructure, including
all 3-tier architecture, DMZ, internal, external, partner-site networks.
Defined new trust relationships between the different segments of network,
integrated this relationships with firewall and router ACLs, N/HIDS rules,
sniffer filters.
* Security testing of SQL servers, namely, ORACLE, MS SQL and MYSQL servers,
Conducted penetration tests and armored the servers.
* Defined and setup a new policy for new vulnerabilities, establish a
procedure such that, new vulnerabilities are validated in a test
environment, results and details are documented for internal usage, patch
procedures are set and then responsible parties are informed with the
details. This procedures also follows-up the deployment.
* Re-crafted publicly available exploits, proof-of-concept codes, for
internal usage in penetration tests. Developed a piece of code which on
remote Windows vulnerability gives a complete remote system compromise with
a remote-shell. Rewritten the exploits for both UNIX and Windows systems on
x86 architectures.
* Lead the benchmark of Incident Correlation engines for both business
development team and internal security team. Defined the test criteria’s
with respect to both internal security team usage and business development
team concerns. Set up a test lab, prepared the test tools and techniques and
conducted the test. Take leadership in the deployment of the incident
correlation engines all around the corporate global network. Tested products
were NetForensics, Intellitactics and ArcSight, excluding the other products
which did not meet the expectations for the final test.
* Wireless security testing of corporate network and branch offices,
deployment of wireless security scanners around the network to monitor
corporate network for unwanted security compromises. Deployed
wireless-sniffer, wireless security scanner and some publicly available
tools for this service. Also take some initiatives and responsibilities for
product testing of wireless sniffer before the market release.
* Security testing, auditing & Armoring UNIX servers. Specifically the Sun
Solaris servers, prepared secure deployment procedure for the Sun Solaris
servers.
* Benchmarking and evaluation of NIDS products for both Business Development
team and internal IT Security deployment. Partnered with the other team
member to define the test criteria, product requirements, prepared the ids
evaluation tools (fragroute, whisker, libwhisker, hping, nmap, ADMutate,
cybercop CASL), used some ids-evasion techniques and tools, re-crafted some
publicly available exploits for the test, used synthetically generated
traffic (using Smartbit) to stress test the products with overloaded
network, and conducted the test. The products tested were Intruvert,
OneSecure, ISS Real Secure, Recourse ManHunt, Snort, TippingPoint and
Sourcefire (commercial Snort).
* Evaluation of HIDS systems for internal IT security usage. Prepared test
scenarios for local system compromise and remote system compromise attacks.
Specifically created vulnerable UNIX, SQL, Web, Windows servers. Performed
local and remote system attacks and monitor the behavior of the system both
with and without HIDS deployed. Presented the test results. Lead the
deployment of the HIDS all around the global corporate network. Some of the
tested HIDS products were Entercept HIDS, SecureIIS and tripwire.
* Managed Gauntlet FWs accross the company NW running on Sun Enterprise
250/420/450 servers.
* Participated in firewall benchmark, test, choice and deployment project.
Take responsibilities in CheckPoint NG FW2&3 deployment and replacement
across the NW.
Deployment of Nokia-CP firewalls globally around the main data centers
for public networks and user networks with high availability.
Deployment of CP firewalls running on Sun Enterprise servers for
office-to-office VPNs
* Lead the deployment of Snort IDS around the global infrastructure of the
company, including DMZs, Internal Networks and so on. This was a pilot
project which last 9 months. Before the commercial NIDS deployment we used
snort. Later we kept some of them to use in conjunction with other flavors
of IDS solutions. As snort is a publicly available GNU product with many
different deployment options, here is details I performed.
Design
Deployment over UNIX Servers running on SUN SOLARIS 2.8 with
Netra T1 & Enterprise 450
Central Database deployment to consolidate logs, with
MySQL.
All the servers (Apache, MySQL) were bound to localhost, only public
listening server was SSH and Stunnel (for MySQL). Facilitated
port- redirection and port-forwarding to access other listening servers
with security in mind.
Encrypted traffic between IDS sensors to central IDS
(management console) via stunnel.
Write scripts for fail-over. (if central goes down, they
will start logging to local DB.)
Deployed Apache web server for displaying IDS alerts with
the help of ACID.
Take an active role to facilitate the 24x7 monitoring of
IDS systems & Network MRTG reports.
(awarded for the achievement of this project)
* Take an active role in the development of *Incident Response Plan* for the
company.
* Performed bullet-proof penetration testing to company web $ sql servers
using “sql insertion techniques” and other web&sql hacking techniques.
* Deployment of gateway to gateway VPN with Gauntlet FW. Deployment of
client to gateway VPN with PGP and Gauntlet FW. Gauntlets were later
replaced with CheckPoint NG FW 2&3
* Forensics Analysis for some UNIX and NT/2K servers, which was suspected to
be hacked.
* Penetration testing to different DMZs.
* Prepared NT/2K hardening and secure deployment procedures. Documented a
well-detailed paper about the WIn NT/2K security
* Deployed Honey Pots with CyberCop Sting.
* Played an active role, in the migrating of corporate FTP&Web servers to an
external vendor NW, and assessed the physical security, OS security,
security plans for migration. Deployed VPN connection between uploading
servers and staging server on the vendor site. (Awarded for the achievement
of this project. This project saved company around 4 million USD annually)
1999 August – January 2001 Computer Associates, Istanbul, Turkey
Sr. Security Specialist
Member of CA Security SWAT Team
* Set-up bullet-proof hacking service around the Europe and middle east.
* Design, implement, and troubleshoot highly available, secure computer
networks, to include the use of automated intrusion detection and response
systems, redundant firewalls, proxy servers, strong certificate based
encryption, network protocol analyzers, and router and switch access control
lists.
* Defined the methodologies for NT/2K, IIS, UNIX hacking for penetration and
attack services. Provided policies and wrote procedures to handle future
security breaches.
* Provided eTrust Security products (intrusion detection, firewall, Access
Control, VPN, PKI, Admin etc.) and security services such as penetration and
attack tests, security architecture design and so on.
* Senior member of security SWAT team, composed of 20 people globally in
Computer Associates.
* Teaching security classes for CA security professionals
* Worked with government agencies (police department, navy, army and
others), financial institutions
July 1998 – August 1999 Pronetwork, Istanbul,Turkey
Internet & Network Security Specialist
* Designed security architectures and responsible for penetration and attack
tests. For this service (PenTest), we were mainly working with NAI’s
(Network Associates) security experts.
* Installed and configured Rad Guard Firewall, VPN and Rad Ware Fireproof
(load balancing unit). Also, dealt with Session Wall and Cisco PIX
firewalls.
* Firewall / DMZ infrastructure design and implementation.
* IDS design and implementation for internal network (LAN) and DMZ.
* VPN, PKI design and implementation.
* PGP implementation for corporate e-mail system security.
Educational Background
* 1994-1999 Bosphorus Unv BSc ,Computer Science –Bachelor Degree
Istanbul, Turkey, www.boun.edu.tr
Regarded as the best university in Turkey. I was ranked in the top 50
students taken university placement exam among 1 million students.
References
Will be furnished upon request
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 11:49:14 PST