OBJECTIVE:

• To secure a position as Information Technology Systems Security Consultant in

SUMMARY:

• General System Security Skills: I have the experience and knowledge to analyze, assess and identify network and application security needs and requirements, with the ability to determine sources and objects of network and application security vulnerabilities, breaches and potential threats, as well as be able to assess and recommend security configuration solutions, preventive strategies and measures to strengthen organizational network and application architecture.
• I have extensive experience in the domain of Information Technology Security as it relates to both Network and Application Security responsibilities, with previous Developer background.
• I can perform Security Vulnerability Analysis, Assessments, Penetration Testing, Applications Hardening, Operating System Baseline enhancements, provide Recommendations and Reporting, Hacker Attack Intervention and Intrusion Detection services.
• I am able to set up a security enterprise using the Security Systems Development Life Cycle (SSDLC) methodology.
• I can simulate and test a Security Threat Model to emulate potential intrusion vulnerabilities.
• I can perform Application Vulnerability Code Analysis and Manual Code Reviews using security tools to uncover network and application vulnerabilities in C#, ASP.NET, JavaScript, VBScript, language in .Net Framework environments.
• I am experienced with various standardized and Regulatory security best practices including OWASP, WASC, ISO 9000, ISO 27000, COBIT, SOX, FIPS, ITIL, GLBA, HIPAA, CFAA, COPPA, Patriot Act and Title 18 System Access Controls.
• My security experience areas include prevention of unauthorized Penetration and Access Control, TCP/IP and TCP/UDP Port Addressing, XSS/CSS and SQL Injection Attacks and Remedies, Access Authentication and Authorization, Firewall Security and Programming, 802.1x Wireless Environment Security, Cryptographic and Encryption data protection, s and Digital Signatures, Physical and Biometric Security, Social Engineering and Work Area Protection, Network Security for Routers, Switches and related firmware, Network and Application programs hardening.
• I am experienced with Web and Internet access services and security manipulation and interface of network and web application service protocols including the OSI Model, DNS, FTP/WFTP, HTTP/HTTPS, SSL, SSH, SMTP, POP3 and Active Directory security, Wireless Network Configurations, Protocols, Practices and Security in direct or cashed proxy server environments.
• I am capable of identifying possible source code vulnerabilities including SQL Injection and Cross Site Scripting vulnerabilities through the use of Automated Security tools and Command Line utilities.
• My Application Security experience is backed by many years of Application Programming and Development experience with HTML, Microsoft C#, Visual Basic.NET, VBScript, ASP.NET, JavaScript, Microsoft IIS, and web services source codes using SQL - DML to Access, Windows, MS-DOS, Linux and UNIX Command.
• I have experience with Database Development using MS-SQL Databases, MySQL and Oracle databases and table with greater familiarities with database access methods like Transact-SQL and PL/SQL.
• I have used various IDS Network, Application, and Ethical Hacking tools and Command Line Utilities including:
• NMap, Netcat, Wireshark, Punch Pro, ARIN, Sam Spade, NSLookup, DNSLookup, Superscan4, AppScan, Snort, DNSStuff.com, Kerberos, Fortify-SCA, Splunk, GFI Log Analyzer, SQLi Helper, SmartWhoIs, TraceRoute, VisualTrace, ArcSight, VisualRoute, VisuaRout, MailTracker, Dumpsec, NBTScan, Solarwinds, GetAdmin, NTINfoscan, Legion, WebInspect, TCPDump, WinDump, Ethereal and more.

PROFESSIONAL EXPERIENCE:

Confidential, Swedesboro, NJ

Responsibilities:

• I have had extensive experience working in the Information Technology industry starting as Programmer Analyst and Developer to my current specialization in the Information Technology Security Consulting domain.

Confidential, Bridgewater, NJ

Security Penetration Tester Consultant

Responsibilities:

• Contract involved performing Intrusion Analysis and Penetration Testing against the organizations’ Network Firewalls, sub networks and web application systems. Resulting information was documented in formatted reporting structure with recommendations for remediation solutions. Various proprietary tools were used for the project for Network and Firewall penetration testers and scanners including Wireshack, TCPDump, Metasploit, SuperScan 4, as well as use of many Command line utilities.

Confidential, Bridgewater, NJ

Information Technology Security Consultant

Responsibilities:

• Overall contract assignment involved major network and applications hardening project including application and web security modifications and semi SDLC integration, processing application programs Code Reviews, Database structure enhancements against injection vulnerabilities against the SQL databases across the system, processing program code reviews to mitigate Cross Site Scripting vulnerabilities and Hacker intrusion. In each case, various testing methodologies were utilized before final application implementation.
• The overall project responsibilities ranged from the initial network wide intrusion vulnerability analysis and assessments to the process program and web applications assessments for source code vulnerabilities. Reports were created of the vulnerabilities found, and the suggested remediation recommendations were provided to the organization’s IT Manager for action. Subsequently, authorization for application code analysis and modifications to implement the recommended code modifications and enhancements.

Confidential, Wayne, PA

Information Technology Security Consultant

Responsibilities:

• Performed various intrusion penetration vulnerability analysis and assessments in the various Network and Subnet segments of the organization’s system. Various web and database programs were analyzed and code reviews done to identify code vulnerabilities which would then be fixed as per recommended code modification procedures. Resource auditing and boundary interface vulnerabilities were also analyzed and recommendations made of possible remediation possibilities and mitigation efforts were implemented.
• Multiple testing mechanisms were applied to ensure that the application and network modifications were securely applied. All modifications were done by organization’s in-house staff and the testing, reports and recommendations were done by me remotely using the organization resources.

Confidential, Stanford, CT

Information Technology Security

Responsibilities:

• Systems Development Life Cycle (SDLC) and specifications for the Government of Confidential Corporation Project (SCIC) under a USAID Program. This was a project that was for bidding by various Information Technology consulting organizations around the world. I was part of the RFP write-up on behalf of Confidential . The organization was eliminated in the third round RFP bidding proposal.

Confidential, Jersey City, NJ

Information Technology Consultant

Responsibilities:

• The analysis, assessment and identification of network and application systems vulnerabilities across various network and sub network segments.
• Perform Application Vulnerability Code Analysis and Manual Code Reviews using security tools to uncover network and application vulnerabilities in C#, ASP.NET, JavaScript, VBScript, language in .Net Framework environments.
• Establish and test a Security Threat Model to emulate potential intrusion vulnerabilities.
• Monitor, identify and isolate Active Security Threats using Automated tools and Command Line utilities.
• Database and application programs were identified for code analysis, modification and hardening. Various types of tools and command line methods were utilized across the project timeline including: NMap, Wireshark, DNSLookup, Superscan4, AppScan, Snort, Kerberos, ArcSight, Fortify, VisualTrace, VisualRoute, MailTracker, Dumpsec, NBTScan, WebInspect, WinDump and Ethereal.
• I was involved in various consulting assignment with various organizations for both long term and short term contracts involving systems analysis, development and implementation, Information Security services.

Confidential, Plymouth Meeting, PA

Principal Software Engineer

Responsibilities:

• Insurance: I worked as Principal Software Engineer providing systems development, modification and maintenance services. I was part of a group of Programmer Analysts and Developers responsible for a major system conversion, modification and enhancement to integrate Mainframe and PC Client Server systems to integrate the systems from the new Corporate acquisitions of Wausau Insurance and Peerless Insurance companies. I was specifically responsible for application programs and data were converted from Mainframe to PC Client Server systems including system security integration responsibilities.

Confidential, Teterboro, NJ

IT Programmer Consultant

Responsibilities:

• Medical & Health Systems Services: This is a healthcare organization that involved working on their Y2K modification and upgrading of their Confidential t billing and collection system for physicians, corporations and the government. Work involved modification to application programs for Y2K readiness as well as migration to PC Client Server Systems.

Confidential

Information Technology Consultant

Responsibilities:

• Brokerage Organizations Consulting: I provided Information Technology services for various stock brokerage houses using Mainframe and PC Client Server systems. My responsibilities included working to modify and maintain application programs and database systems for both PCs and mainframe systems for: