William Tarkington E-Mail: akin2truthat_private -- Telephone: 408-730-5343 825 E. Evelyn Avenue, Apt 115 Sunnyvale, CA? 94086 SUMMARY * Highly experienced Internet and Network Security Architect/Engineer * 9+ years of technical expertise * Instructor at North Virginia Community College teaching Security Policies and Procedures * Certified Information Systems Security Professional (CISSP) * Checkpoint Certified Security Engineer (CCSE) (expired) * SonicWall Certified Security Administrator (CSA) TECHNOLOGY Security Applications: Firewall 1, Provider 1, Raptor, Netscreen, Gauntlet, Gnat, SSH, SSL (Secure Sockets Layer), Netscape Secure Server, TCP/Wrappers, Tripwire, COPS, Satan, ISS (Internet Security Scanner), ACL, Nokia, Dragon IDS, ISS (Real Secure IDS), CyberCop, Snort, Nessus, Hundreds of hacking tools, Nmap, Tacacs, Secure ID, Radius, Websense, various crackers, various sniffers, PGP, and Cisco?s IOS Firewall. Software: HP Openview, Lotus Notes, Optivity, Pm Vision, X Windows, Netsys, Netflow, What?s Up Gold, Netsys Designer, McAfee Secure Suite, Reflection X, Humming Bird, Novell, Netscape Proxy, Squid Proxy, and Apache Web Server. O/S: Microsoft platforms, Solaris 2.X, System 7, various open source UNIX platforms, and Novell. Topologies: Ethernet (10baseT, 100baseT, Thin-net), Token Ring, FDDI, HSSI, ATM, Frame-Relay, SMDS, PPP, ISDN, ADSL, and HDLC. Routing: BGP, OSPF, RIP, RIP 2, ISIS, EGRP, IGRP and HSRP. EXPERIENCE Conxion September 2002 ? April 2003 Sunnyvale, CA Sr. Network Security Engineer / CIRT/CERT Team Lead Utilizing extensive experience in CIRT/CERT team building and leadership designed and instituted both a Computer Incident Response Team as well as a Computer Emergency Response Team. Designed in part to work with corporate security and also as a resold service these teams were responsible for responding to all computer related incidents and emergencies customer or company specific. Working within the Security? Support structure to ensure proper understanding of day to day operations provided key strategic and tactical information and resources to the front line support staff. * Designed and deployed a multi-tiered?scalable IDS solution for both Corporate and Managed Services including Integrity and Virus protection to multi-platformed environment. * Responsible for all data forensics within the corporation as well investigating all internal incidents relating to confidential material. * Responsible for redesigning core I.T. Services for greater reliability and security including, but not limited to, Mail, File Servers, Confidential Information Management. * Tasked with integrating vulnerability assessments with an automated patching system to ensure lowest possible exposure. * Responsible for Tool assessments and budget requirements for additional security across the new fiscal year. * Created detailed vulnerability exposure explanations for recently announced exploits for high profile customers. * Helped establish new product offerings and a technical direction for Security Group. Clean Communications Feb 2001 ? Sept 2002 Fairfax, VA Chief Security Architect / Director of CERT (Computer Emergency Response Team) Provide strong security architecture skills in designing, deploying, and maintaining new managed security services. Utilized as highest technical point of escalation on most product offerings. Design and deploy multiple managed IDS solutions. Create policies and procedures for CERT, Operations Team, and Corporate Security.? Produced several initial design and cost proposals for additional services including PKI, Radius, and Vulnerability Assessments. * Designed, deployed, maintained a managed intrusion detection service offering. Assessed various products for manageability and technical feasibility. Selected three major IDS platforms, created deployment strategies, operations procedures, and response procedures. * Developed and assigned roles and responsibilities for Clean Communications CERT. Created procedures for Escalation, Incident Handling, and External Facing documentation. * Wrote several white papers about intrusion detection as well as product descriptions. Trained internal staff on incident response. Trained sales force to properly sell new managed security products. * Designed and deployed a limited release of an internal cryptology scheme using a combination of PGP and Microsoft Certificate server. * Created several central authentication schemas for executive approval that spanned multiple vendors and platforms. * Advised on U.S. law in regards to incident liability and encryption exportation. * Designed two processes and products that are up for patent review for Clean Communications. * Developed and deployed content filtering as a new product using Websense. Siemens Corporation Feb 2000 - Feb 2001 Dearborn, MI Network Security Officer Acquired specifically for a skill set that could both redesign the extranet core architecture and bring a strong security background into the Extranet Security and Planning Organization inside of Ford Motor Company.? Functioned as technical expert in the areas of PKI, Encryption, Policy Structure, VPN, Risk Assessment and Acquisition Mergers. Provided input for various joint venture options for Ford Motor Company. In parallel, worked as Siemens Principle Security Officer when dealing with Professional Services. * Technical expert for Extranet Core redesign which consisted of Dealer Access, ANX, Remote Executives, Remote Employees, Acquisitions, Mergers, Public Internet, and VPN access. Designed and tested network infrastructure supporting both network and firewall redundancy. Used Cisco Systems Catalyst 6500?s and StoneBeat software with Firewall-1. * Appointed as the groups PKI representative for the Ford PKI initiatives. The duties within this were to assess impact of PKI implementation within Extranet and the larger Ford entity. Specifically dealt with remote access and authentication as well as cross certification for outside entities.? Also helped to identify market trends for Smart Cards and Smart Card readers for next phase PKI deployment. * Siemens Network Security Officer. Designated as the first Network Security Officer within the Siemens Professional services team.? Duties ranged from acquisition investigation to training profiles for internal advancement. Reviewed prospective employees for possible hire. Often required to arrive on customer sites for high profile and large clients to help generate revenue and increase customer base.? This usually included presentations as well as speaking to a medium to large size audience.? * Created complete presentation and documentation for Extranet Project 2000 code-named ?The Next Generation Extranet?.? This included several maps of proposed changes and resource lists for high-level executives detailing the request for a multi-million dollar budget. * Created a presentation and attended the Ford ATAD, an IT meeting of all the vice presidents and several direct reports that detailed the current projected trend in relative departments. For most of the presentations, functioned as sole Ford member present as well as the first Siemens employee ever to attend. National Tech Team Dec 1998-Feb 2000 (Contracted to DaimlerChrysler) Center Line, MI Sr. Systems Analyst DaimlerChrysler created a new department called Network Security Architecture and Planning.? Within this department, utilized networking and enterprise wide deployment design skills to assist in DaimlerChrysler?s new integration and security needs. Lead Technician on several projects, which included enterprise deployment of encryption, redesign of HTML proxy access, and assessment of security risks in the merging of the two corporations. * Project Manager for Message Level Encryption. This required platform independent encryption exportable worldwide. Evaluated competing software and integration into corporate directory and PKI strategy. * Redesigned HTTP Proxy system to support 110,000 users. This involved identifying software, resources, infrastructure and usage. Developed a complex plan tracking average user quotient and a usage base pricing structure for internal budget tracking. * Identified as lead authority on all encryption related evaluations for DaimlerChrysler. * Worked on assessing the design aspects of a new radius implementation for remote dial-in users worldwide.? * Focused on host-based security, evaluating many of the popular security suites and products. Focused primarily on UNIX, NT, Novell platforms and cross platform reporting. * Gateway Anti-Virus scanning evaluation. Served as Project Manager and Lead Technician on Anti-Viral scanning located on the mail entry points. Methods included in stream and store-and-forward methods for NT and UNIX platform mail relays. Verio Apr 1998 - Oct 1998 Livonia, MI Local Operations Engineer Hired to bring network integration skills to the dynamic environment of Verio?s aggressive acquisition policy. Duties included, but were not limited to, Network Maintenance, Network Architecture, and Documentation of their growing infrastructure. * Project Manager for regional sized network integration. This included research of current topology and new topology design to maximize new technology and security features. Managed complex transitions that included E-mail, DNS, HTTP, Internet Access, and security. Last level escalation for the soon to be integrated network for Verio. Created all of the documentation and polices regarding the existing infrastructure and planned implementation. * Designated as local security liaison. Constructed all of the security polices for router access. Designed and implemented all security related offerings to clientele.? Assessed local security flaws and designated plans to correct the problems. Wrote security policy documentation that was referenced region wide. * Constructed several servers for the purpose of testing varying networking software. These included Netsys by Cisco and MRTG. Netrex Inc. Dec 1996 - Apr 1998 Southfield, MI Network Security Engineer Hired to complete the engineering knowledge base on Data Circuitry and WAN design. This included offering opinions on all current designs and future implementation of any wide area networks. * A complete network redesign of the NSN (Netrex Secure Network). This project involved assessing current network needs as well as applying a new level of security for the customers and Netrex itself. Implemented a region-wide policy based routing schema that was used not only for Netrex, but affiliate companies as well. * Designated network maintainer for the NSN. Duties included maintaining 60+ routers, diagnosing and implementing all routing within the network, configuring OSPF and BGP and working outwards to eliminate legacy protocols such as RIP. Also structured all of the external peering, RADB entries, filter lists, and backup routing procedures. * One of two engineers assigned to replicate the NSN for a sister company. This involved ordering the equipment, configuration, transporting, and implementation. The exact replica was then tested for errors and security breaches. * Performed on-site consulting for various clients involving WAN technologies. * Designed, tested, and implemented security for two regional sized retail chains.? This included architecting the original security design, which had to be fully redundant; creating a two-firewall schema with the ability to transfer transparently from one to the other; creating and maintaining a test lab with the new design running for a period of two weeks; documenting errors, bugs and flaws; reviewing new products to assist in the implementation of this design; and supporting the design after implementation along with training local engineers for 24/7 support. * Trained to support several clientele architectures that included some nationally held telecommunications firms. Assisted in troubleshooting as well as new implementation on several of the ?POPs? (Points of Presence) to be placed inside the United States. AGIS (Apex Global Information Systems) Feb 1996 - Dec 1996 Dearborn, MI Senior Network Technician Hired and placed initially in a support situation for a national network. Various duties were performed including network troubleshooting, physical implementation, customer support of a client base exceeding 500, and varied protocols throughout the network ATM, SMDS, Frame-Relay, FDDI, HSSI, Fast-Frame, PPP, and HDLC. * Spearheaded the project of a national integration of two national backbones. The project took several months and included the moving of circuits from access to one network over to another.? Hot cuts were preformed to minimize network down time. The process was quite complex and involved precise timing over a broad spectrum of people, products, and companies. Commended on several occasions for the move of entire cities in one day?s time. These usually rendered old equipment off production. * Promoted to Senior Network Technician. New duties included being a NOC shift supervisor and providing second level support. Helped with the turn up queue. Supported the network including many different clients and protocols. Became familiar with many of the top industry used protocols on Optical Carrier (OC) level circuits and below.? * Appointed project leader for connecting internally to remote offices. This included the use of microwave technology and Windows NT bridging capability. University of Michigan / Merit Networks Dec 1996 - Jan 1995 Ann Arbor, MI Site Consultant Level II Fulfilled various site administration duties. Provided second level technical knowledge on major university applications. Maintained the largest university computer lab with over 400 computers. * Designed a new student tracking system to facilitate quick and easy access and authentication to university resources.? Assigned to the university?s virus reaction team. Helped identify virus threats, contamination agents, and contain virus outbreaks.? Gave training classes on how to reduce risk of virus contamination. * Participated in student data recovery projects. Provided front line support by recovering corrupted data with on site computer lab resources.? Managed multiple employees and maintained an active hourly schedule to provide the minimum of two consultants working each shift of a 24/7 operation. * Assigned to Merit Networks to transition dial-up customers to new charge for usage policy. Assisted in answering emails as well as answering trouble calls to troubleshoot and assist dial-up customers of Merit Networks. Baure Associates Feb 1994 - Jan 1995 Ann Arbor, MI Computer Tester / Analyst Tested proprietary software designed to test robotic assembly equipment for automotive manufacturers. Built test control chassis for deployment to customers.