SUMMARY OF QUALIFICATIONS:

IT Security and Networking Professional with excellent written and oral communication skills. Thorough understanding of Networking, Information Assurance and Cybersecurity disciplines to include open-source information gathering, threat and vulnerability assessments, penetration testing and techniques, and network defense. I have over twelve year of hands on experience in IT Security specializing in penetration testing. I am an accomplished security engineer, malware analyst, and incident responder. I recently attained certification as an Offensive Security Certified Professional OSCP .

AREAS OF EXPERTISE:

• Network Analysis Physical Security Threat and Vulnerability Research Analysis, Incident Handling and Response speaking two languages: English and Russian. CERTIFICATIONS
• Certified Ethical Hacker C EH , 2010
• Cisco Certified Network Associate, 2010 CompTIA Security , 2010
• Microsoft Certified Technology Specialist MCTS , 2010
• EC-Council Certified Security Analyst E CSA , 2011
• Offensive Security Certified Professional OSCP , 2013
• Offensive Security Certified Expert OSCE , 2014

EXPERIENCE

Confidential

Sr. Penetration Tester

• Lead Security Engineer of an Assessment Team doing full vulnerability assessments of the US Courts national systems
• Conduct network/host penetration tests and web application penetration tests using
• Assist the information security risk assessment program by identifying risks in the current security posture. Conduct risk assessment using NIST SP 800-53 v4 Operational, Management and Technical controls
• Perform network security analysis and risk management for designated systems
• Develop test cases to test web application according to OWASP and mapped every test case to NIST controls
• Assess and evaluated risk based on threats, vulnerabilities, and shortfalls uncovered in testing
• Develop CVSS calculator to rate risks for vulnerabilities found in assessments
• Examine assets to determine if vulnerabilities exist and, if vulnerabilities are found, proposes remediation strategies that can be applied to mitigate them
• Assist in vulnerability remediation efforts across various projects by proposing remediation strategies and engaging key stakeholders utilizing Plan of Actions and Milestones PO AM risk management process
• Key contributor for developing templates such as Security Assessment Plan, Security Assessment Report, Rules of Engagement, Security Assessment Questionnaire, Kick-Off and Exit Brief

Confidential

Sr. Information Security Engineer/Penetration Tester

• Member of the Computer Security Information Response Center CSIRC participating in incident analysis, response and threat assessment on a daily basis.
• Deployed Fire Eye, Symantec DLP, Symantec Web Gateway and Splunk
• Performed firewall reviews and tuning
• Conducted Penetration Test of the United States Mint's non-Commerce web site and related infrastructure, including web servers, application and database servers. Weaknesses discovered resulted in a multi-phase remediation and upgrade effort to resolve flaws.
• Conducted PCI required Penetration Test of the eCommerce System which resulted in minor findings requiring remediation and furthered the PCI compliance effort for the system.
• Conducted PCI required Penetration Test of the outsourced call center and fulfillment operation serving the ecommerce line of business. Findings resulted in a multi-phase remediation effort.
• Performed wireless scans using Kismet, KisMac, and the Aircrack-ng suite
• Participated in the development of the tailored security baselines for servers and networking equipment
• Built, configured and deployed Snort IDS appliances to monitor Manufacturing department SCADA and industrial control assets.
• Developed custom written malware to evade anti-virus systems as a demonstration for non-Commerce website stakeholders and United States Mint management. This resulted in the cancellation of a project to receive file submissions from the public on non-hardened infrastructure.
• Performed evasions of Symantec and Sophos antivirus suites using various techniques to deliver payloads in PDF and executable files
• Conducted social engineering test exercises coordinated with Treasury GSOC to determine level of infiltration possible using remote command and control frameworks.
• Developed custom written Python scripts to generate weekly vulnerability dashboards used by technical and management staff.
• PHP and Cold Fusion source code analysis to reveal vulnerabilities

Confidential

Penetration Tester/Courseware writer

• Performed open-source intelligence OSINT gathering for target customers in preparation for security assessments
• Performed Network and Web Application Penetration tests within the parameters defined by rules of engagement coordinated with the client.
• Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
• Developed training materials for Strategic Security Online courses on the following subjects:
• Network Penetration Testing
• Web Application Penetration Testing
• Network/Host Forensics
• Maintained the Strategic Security Online target lab network comprised of the following Operating Systems:
• Red Hat/Ubuntu
• Windows 2000/XP/Vista/Windows 7
• Vulnerable Web Applications on the following platforms:
• ASP/MSSQL2000
• ASP.NET/MSSQL2005
• PHP/MySQL
• C, PHP and Cold Fusion source code analysis to reveal vulnerabilities

Confidential

Network Administrator Assistant/Security Analyst

• Developed and maintained installation and configuration procedures for a project at Dulles International Airport. Performed system monitoring to verify the integrity and availability of hardware, server resources and systems security on a proactive basis
• Assisted in creation of a Network Security website for both administrators and end users to access proper configuration templates, safe internet surfing
• Monitored network intrusion attempts using Snort IDS
• Installed, upgraded and diagnosed software issues
• Performed network scanning using Nessus to identify weaknesses
• Demonstrated exploits on vulnerable assets to prove weakness by using Metasploit and Nmap
• Conducted remediation activities to close vulnerabilities
• TECHNICAL EXPERIENCE: General Technical Skills:
• Scripting Languages: Shell scripting, Python, Java, C
• Operating Systems: Windows 95/98/NT/2000/XP/Vista/7/2003/2008, Mac OS X, Linux/Unix Red Hat Enterprise Linux, Debian, Ubuntu, Fedora, Backtrack 2/3/4/5
• Software Applications: Symantec/Norton/McAfee Antivirus/AntiSpyWare/Antispam products, Microsoft Office 2003/2007, Microsoft Office Mac 2008, Apache, Microsoft IIS, Virtual Box, VMware Fusion/Workstation/Server, Tenable Security Center, FireEye, Symantec Web Gateway.
• Security Skills/Tools:
• Network Enumeration: Maltego, Google Hacking, DNS, SMB, LDAP, SNMP
• Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine NSE , Hping 2/3, Netcat, Nessus
• Sniffing/Man-in-the-Middle: Wireshark, Ettercap, Cain
• Web Application Vulnerability Scanning: Acunetix tool similar to WebInspect/AppScan ,NTOSPider

Exploitation:

• Reversing: Malware analysis and source code analysis to find vulnerabilities in software
• Exploit development: Windows based exploits such as Stack/Buffer overflows and Linux/Unix based exploits such as Stack/Buffer overflows.
• Server/Client-Side Exploitation: Metasploit, Social Engineering Toolkit SET ,
• Core Impact/Insight
• Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper
• Web Application: Manual SQL Injection, Manual Cross Site Scritping, SQLmap
• Debuggers: Ollydbg, Immunity Debugger, WinDBG, GDB
• Wireless: Kismet, Aircrack-NG Suite
• TRAINING EC-Council Certified Ethical Hacker CEH Training, University of Maryland UMBC , 2010
• Networking, RTEK2000, Baltimore,
• CompTIA Security , University of Maryland UMBC ,
• Offensive Security Certified Professional, Offensive Security,
• Offensive Security Certified Expert, Offensive Security,