DEREK A. CHAMORRO CISSP, CCNP Austin, TX Website: therandomsecurityguy.com Twitter: @theredinthesky



Similar documents
Cisco Certified Security Professional (CCSP)

Chapter 1 The Principles of Auditing 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Implementing Cisco IOS Network Security v2.0 (IINS)

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Securing Cisco Network Devices (SND)

Achieving PCI-Compliance through Cyberoam

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

(d-5273) CCIE Security v3.0 Written Exam Topics

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Cisco Certified Network Expert (CCNE)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Information Technology Cluster

Internet Content Provider Safeguards Customer Networks and Services

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Technology Consultant Security Specialist High Profile Organisations Overview and Core Competencies

H.I.P.A.A. Compliance Made Easy Products and Services

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

IINS Implementing Cisco Network Security 3.0 (IINS)

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

INFORMATION TECHNOLOGY ENGINEER V

Securing Networks with PIX and ASA

Joshua Beeman University Information Security Officer October 17, 2011

TABLE OF CONTENTS NETWORK SECURITY 2...1

Managing Enterprise Security with Cisco Security Manager

Implementing Core Cisco ASA Security (SASAC)

Implementing Cisco IOS Network Security

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Network Virtualization Network Admission Control Deployment Guide

Network Security Administrator

Recommended IP Telephony Architecture

custom hosting for how you do business

SonicWALL PCI 1.1 Implementation Guide

RuggedCom Solutions for

Cisco Secure Access Control Server 4.2 for Windows

IT Networking and Security

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

CISCO IOS NETWORK SECURITY (IINS)

CCIE Security Written Exam ( ) version 4.0

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Professional Profile Company Experience & Biography SixNet Consulting Group .SixNetConsulting

MANAGED SECURITY SERVICES

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

CCNA Security 2.0 Scope and Sequence

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

74% 96 Action Items. Compliance

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

- Introduction to PIX/ASA Firewalls -

Select IT Consulting Services RFP Technical and Network Support Specialist Services (Lot Group C)

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Firewalls. Chapter 3

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Palo Alto Networks. Security Models in the Software Defined Data Center

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

CompTIA Security+ (Exam SY0-410)

Security + Certification (ITSY 1076) Syllabus

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE

MUHAMMAD USMAN SHARIF

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Fortigate Features & Demo

Chapter 9 Firewalls and Intrusion Prevention Systems

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

MCSE. 50 Cragwood Rd, Suite 350 South Plainfield, NJ Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724

CCNP: Implementing Secure Converged Wide-area Networks

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Application Security Best Practices. Matt Tavis Principal Solutions Architect

VPN_2: Deploying Cisco ASA VPN Solutions

Securing Networks with Cisco Routers and Switches ( )

Click here to submit your resume

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

Computer Network Engineering

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cisco Advanced Services for Network Security

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Security Technology: Firewalls and VPNs

How To Pass A Credit Course At Florida State College At Jacksonville

RESUME. Multiple years of hands on experience design, analyze, implement, and setup with OSPF, ISIS, EIGRP, BGP and RIP.

TABLE OF CONTENTS NETWORK SECURITY 1...1

MICROS Customer Support

NETWORK SYSTEMS ENGINEER II

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Opengear Technical Note

INTRODUCTION TO FIREWALL SECURITY

Print4 Solutions fully comply with all HIPAA regulations

Unified Threat Management, Managed Security, and the Cloud Services Model

IP Telephony Management

Microsoft Exchange Server 2007, Upgrade from Exchange 2000/2003 ( /5049/5050) Course KC Days OVERVIEW COURSE OBJECTIVES AUDIENCE

State of Texas. TEX-AN Next Generation. NNI Plan

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Transcription:

DEREK A. CHAMORRO CISSP, CCNP Website: therandomsecurityguy.com Twitter: @theredinthesky SUMMARY OF QUALIFICATIONS Expertise in performing vulnerability assessments and penetration testing (white, black, and blind box testing) Expertise with routers (Cisco, Juniper, ALU), Layer 2 and 3 switches, firewalls (ASA/PIX, Netscreen, Juniper SRX) Elements and applications: SIM, firewalls, IPS/IDS, AAA (RSA SecurID, RADIUS, TACACS+), PKI, IPSec, OS and app hardening. Extensive experience in Solaris/Linux administration including bash/python scripting, code compiling and cron. Extensive experience in DDOS mitigation techniques (BGP blackholing/sinkholing, flow detection, TCP sanitization) Extensive experience in abstracted computing (SDN, Openflow, NFV, EVI) Experience in building secure cloud framework architectures (OpenStack, Amazon AWS, Cloudstack) Ground-up build out of security and network architecture, SOC, Operations Support Systems (OSS). Process creation: Audit, Incident Response, Credential Management, Vulnerability Assessment, AV/Patch Management. Extensive experience in designing multi-tiered security architectures. Possess superior communication, interpersonal, and organizational skills. Ability to work in a team environment, as well as, assume leadership roles. Execute high-level technical customer service. Fluent Spanish speaker. EDUCATION & CREDENTIALS Ashworth College Norcross, GA Business Administration program John Adams High School Received diploma Miami, FL Technical Certifications CISSP #114423 CCNP current MCSE Windows 2000 MCSA Windows 2000 EMPLOYMENT Cisco Systems

Technology Leader - Engineering Present Engineering leader, responsible for building the low level architecture within Cisco Cloud Services. Responsibilities involve both network and security architecture, covering both physical and virtual networks. Technologies covered: - OpenStack builds. - Firewall Architecture - VXLAN and evpn - SDN Integration - LBaaS - DDOS Mitigation - Automation (Ansible/Python) HPCloud Senior Network Security Engineer 2013-2015 - Designed and re-architected DDOS mitigation program for HPCS. Technologies included are: Large scale Arbor Peakflow and TMS deployments, destination-based BGP blackholing, and source-based BGP sinkholing. - Built flow-based detection framework for stateless ACL building. - Managed routing protocol security - Designed high-bandwidth production-grade open-source firewall solution - Researched and tested different SDN applications for network management and overlay implementation. - Audited existing systems and network infrastructure. ebay Senior Security Engineer 2013 - Designed and managed DDOS mitigation program for X.commerce domains. Technologies included are: Behavioral DDOS detection/mitigation, SYN cookies, flowbased detection, and BGP sinkholing. - Managed security architecture of Openstack Folsom network. - Researched, evaluated, tested, recommended, and implemented new security solutions. - Audited existing systems and network infrastructure. HomeAway Senior Security Engineer

2012-2013 - Responsible for designing and implementing dynamic security controls. - Architected network access control solution for L2/L3VPN environments. - Designed MS Server 2012 PKI infrastructure. - Managed ISS IPS deployments including custom signature development. - Managed firewall, ACL and VPN policies (ASA 8.4, Nexus7k, DMVPN) - Audited network security controls for PCI compliance. Bioware Network Security Engineer 2012 - Responsible for designing and implementing Arbor Threat Management System for DDOS traffic scrubbing. - Architected Tippingpoint IDS deployment for passive, signature-based threat detection. Tuned and created custom signatures. - Managed distributed Nessus deployment, scheduling and tuning scans for various environments. - Managed firewall and ACL policies. - Audited network security controls. Time Warner Cable Senior Network Security Engineer 2008-2012 - Responsible for analyzing and administering security controls for regional engineering and transport network. - Designed safeguards for public networks against unauthorized infiltration, modification, destruction and disclosure. - Researched, evaluated, tested, recommended, implemented new security software and devices. - Created and developed security policies and procedures. - Worked closely with systems engineers to design and implement security controls. Creative Breakthroughs Inc. Troy, MI Senior Security Analyst 2007-2012 Senior Security Analyst and consultant for Symantec and Juniper partner. Provided security consulting services for US Army and many Fortune 500 companies.

Services included: - Vulnerability Assessments - Penetration Testing (Internal/External) using commercial and open source tools - Technology Audits (Wireless, IDS/IPS, BlueTooth) - Social Engineering (Remote, Onsite) - Physical Security Audits - Compliance Framework Implementation (CobiT, ITIL) and auditing (PCI, HIPAA, SOX) - Business Impact Analysis - Security Awareness Training Synacor Network Engineer 2007 Responsibilities included: - Designed and tested a Cisco NAC appliance framework, building redundant clean access servers, traffic shaping and anti-virus policies. - Developed a disaster recovery plan in conjunction with Synacor s plans for building a redundancy NOC. - Responsible for design, administration, and troubleshoot of Synacor s multi-cluster networks. - Assisted in designing and implementing new secure Cisco wireless deployment, utilizing WPA2 encryption. - Member of Synacor s Security Team Inergex Senior Security Consultant 2006 2007 Provided part-time security consulting services to the following: Healthnow/BCBS: - Designed a centralized access control system through Cisco ACS for TACACS authentication, authorization, and auditing of all layer 2 and layer 3 network devices. Created 3 administration groups through Active Directory to allow for more granular control. - Performed firewall auditing. Cleaned up configurations, removed stagnant access lists, and consolidated multiple firewalls onto one firewall appliance. - Installed and configured a Juniper Netscreen SA4000 SSL VPN appliance for clientless remote access. - Drafted multiple security policies to create baseline standards for encryption, router security, wired and wireless LAN communication, and remote access. This was to help comply with HIPAA and SAS70 requirements.

- VPN administration through existing Cisco series VPN Concentrator. Responsible for OS upgrades, session administration, and group creation. - Responsible for troubleshooting connectivity problems through deep packet inspection using TCP analysis tools. - Designed a virtualized PKI in a test lab, developing a proof of concept for portable device encryption. The Travel Team: - Performed a vulnerability assessment. Scans uncovered open ports, unsecured web and DNS servers. First Niagara Financial Group: - Built a statement of work, detailing the vulnerability assessment that was to be used as a pre-audit assessment on FNFG s AD infrastructure. Comcast Communications Philadelphia, PA Network Security Engineer 2006 Member of Comcast s Network Security Assurance team Responsibilities included: - Designed and administered Radius RSA SecurID servers for two factor authentication for all network devices and servers for Comcast s national IP network. Applied configurations on all networks devices and UNIX/Linux servers. - VPN administration through Cisco series VPN Concentrators. Designed current VPN cluster solution, load balancing all remote access sessions. Policy management through rules, filters, and Radius authentication. - Designed PGP PKI infrastructure for securing interdepartmental mail. Managed PGP servers and public key distribution. - Administered and deployed IDS appliances from Enterasys Systems. Managed IDS sensors through Enterasys Dragon console, identifying attacks and vulnerabilities through deep packet inspection on signature-based IDS. - Administered and deployed Netscreen firewalls. Managed appliances through the Netscreen Security Manager, collecting logs and pushing configurations. - Audited all changes on production assets under existing operating model to ensure the security policy was not compromised or negatively affected. Adelphia Communications West Seneca, NY Network Security Engineer 2003 2006 Member of Adelphia s Network Security Operations at their West Seneca Data Center. Responsibilities included:

- Maintaining multi-area OSPF areas connecting Adelphia local systems across the country. - VPN administration through Cisco series VPN Concentrator. Responsible for designing, administering, and troubleshooting LAN to LAN VPN tunnels and remote access sessions. Policy management through filters, rules, NAT and IPSec Security Associations. - Assisted in writing and developing security policies in accordance with Sarbanes Oxley, SAS 70, and HIPAA regulations. - Maintained edge network security through Cisco PIX firewalls. Designed access lists, static NAT and PAT, IP routing, and LAN to LAN tunnels. - Designed, implemented, and administered IPS solution through Internet Security Systems (ISS) Site Protector and Proventia G appliances. - Designed, implemented, and administered web proxy cluster solution using Microsoft ISA 2004 in conjunction with ISS Web Filter. - Designed and administered an HP Openview Network Node Manager solution for monitoring on corporate network nodes. Created traps and alarms for RMON events and data collection and reporting through SQL. - Incorporated Cisco ACS to use TACACS for centralized authentication on all network devices. - Performed day-to-day routine administration and support tasks associated with Windows 2000/2003 network systems infrastructure including policy implementation through Active Directory and DNS, NAT, subnetting, and IP routing. Adelphia Communications Network Support Engineer 2000 2003 - Extensive troubleshooting through Cisco 2600, 3600 and 7000 series routers, Catalyst switches and UNIX backend servers. - Secure provisioning of DOCSIS compliant cable modems through Nortel Networks NetID/CPS2000, Arris, Cisco CNR, and ALOPA Metaserv DHCP servers. - Maintained IP and serial database connectivity through local LAN and WAN connections. - Troubleshot network, hubs, broadband modems, and asynchronous connections. References available upon request

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information