High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Josh More -
Multiple Roles in Small Business
Certifications: CISSP, GIAC-GSLC Gold, GIAC-GCIH, RHCE, NCLP, ACE
web:
http://www.starmind.org
Profile
➢
Fifteen years technical experience consisting of twelve years in security and ten years in operations.
➢
Expertise in assessing technology, business requirements and security threats.
➢
Experience presenting to people at all levels of technical skill and business responsibility.
➢
Detailed knowledge and experience with system analysis, architecture and operations.
➢
Dedication to continual self-driven improvement of professional skills.
Experience
November 2004 – presentAlliance Technologies
Senior Security Consultant: Focus on Business Process and System/Network Security
➢
Performed technical assessments for companies of all sizes and industry verticals.
•
Conducted network, local and web-focused vulnerability scans.
•
Developed and implemented network segmentation to reduce scope of attacks.
•
Researched public data to detect data leaks and prepare for penetration tests.
•
Reviewed user permission levels to reduce privilege creep and identify orphans.
•
Wrote custom reporting system to save $25,000 yearly in licensing costs.
➢
Devised plans for both short-term emergency issue mitigation and long-term business strategy.
➢
Proactively monitored security events and responded or notified affected parties.
•
Reviewed patches and updates: Windows, Linux, Solaris and third party applications.
•
Reviewed threat and attack trends, developed mitigation and awareness strategies.
•
Drafted reports to a wide variety of audiences – technicians, sales people, customers, help desk
➢
Incident Response Lead – managed isolation, determination and correction of security incidents.
•
Average thefts from malware and identify theft commonly exceeded $500,000.
•
Developed response plans to the termination of internal employees.
•
Devised technical responses and communication strategies to data loss and defacement incidents.
•
Performed forensic analysis on corrupted and deliberated deleted data for lawsuits up to $20,000,000.
➢
Reviewed, analyzed and wrote security policies for companies of all sizes and industry verticals.
➢
Analyzed technologies, recommended vendors and built products to address specific threat vectors:
•
Disk and Data Encryption – protecting against physical theft and improper access
•
Intrusion Detection – protecting against bad network traffic, unusual traffic and access patterns
•
Anti-Malware – protecting against malicious software and providing deep network control
•
Perimeter Protection – controlling in- and out-bound traffic by port, protocol and destination
•
Email Control – preventing spam, allowing legitimate email and providing encryption
•
Web Filtering – limiting access to and monitoring of employee Internet usage
•
Web Application Firewall – providing protection to unmaintainable legacy web applications
•
Collaborative Documentation – enabling documentation of various systems and processes
•
Patch Management – maintaining OS and third party patch levels for workstations and servers
•
Training – identifying and addressing internal knowledge gaps that impact organization's security
➢
Consulted for compliance with PCI-DSS, HIPAA/HITECH, FDIC, SOX and the FTC Red Flag Rules.
➢
Consolidated legacy systems to modern and hardened systems using development/production mirroring.
•
Email, Web, Database, DNS, and DHCP servers – affecting most of the pre-existing infrastructure
•
Migrated to modern Linux systems, for improved reliability, flexibility and supportability
➢
Implemented network-wide monitoring system of all operational servers and network equipment.
➢
Streamlined secure internal operations: change requests, source control, license management.
➢
Performed highly complex data and contract analysis of multi-party code escrow dispute.
➢
Designed system to securely transfer large files between businesses in a user-friendly manner.
➢
Provided outsourced Information Security Officer duties for medium businesses and enterprises.
•
Determined long term strategies and managed projects to achieve security goals within budgets.
•
Handled incident exploration, containment and mitigation.
➢
Developed multi-layer protection for Linux-based Web and FTP hosting and Java application servers.
➢
Developed security awareness and pre-sales presentations for numerous audiences.
➢
Drafted strategy to guide the development of a new security division.
Sales Engineer: Focus on Needs Assessment, Report Writing and Presentation
➢
Developed sales presentations for state-wide tours raising awareness of security issues and solutions.
➢
Developed sales strategy and tools to identify solutions by business size and industry vertical.
➢
Developed marketing material for prospects and clients on each solution sold.
➢
Developed rapid assessment system for sales staff to use to uncover hidden opportunities.
➢
Analyzed public data breaches to create common stories for use in presentations and sales calls.
➢
Traveled with sales person to prospects to conduct pre-sales opportunity analysis.
➢
Developed rapid reporting template to be used when conducting pre-sales opportunity analysis.
➢
Engaged in Internet-based marketing: blogging, forums, mailing lists, twitter, image creation
➢
Devised multi-year improvement plans and match solutions to client budget cycles
➢
Managed partnerships with security vendors: Sophos, Astaro, Solutionary, Thawte, Google, TestudoData
➢
Managed partnerships with technical vendors: Microsoft, Novell, Syncsort
➢
Served as account- and project-manager to clients requiring ongoing security/infrastructure improvement.
➢
Attended business networking events, representing the company and seeking leads.
➢
Performed technical and business reviews preceding acquisitions.
➢
Identified buyer and assisted sale of unprofitable portion of our business.
➢
Served as technical lead in group of consultative business leaders, tying together numerous industries.
➢
Served as technical and security lead on RFP response teams for large companies and governments.
➢
Devised strategy for providing managed service for synchronizing mobile devices.
Operations Management: Focus on Projects and Internal Improvement
➢
Improved operations through a mix of technologies and process changes.
•
Collaborative documentation system improved employee communication and process documentation.
•
Version control system increased speed and reliably of software development.
•
David Allen's
Getting Things Done
methodology improved efficiency.
•
Network monitoring systems served to move the company in a more proactive direction.
•
Asset management system reduced deployment time and increased licensing compliance.
•
Overhauled email system significantly reduced both delivery and troubleshooting times.
➢
Overhauled and organized internal office spaces:
•
Hardware Inventory – determined standards for what to keep, organize remaining stock.
•
Data Center – organized layout of Data Center to maximize emergency repair efficiency.
•
Software Inventory – identified and organized software for media control and license maintenance.
➢
Managed numerous projects for security, compliance, process improvement and reducing costs.
➢
Led company-wide documentation effort focusing on client and data center infrastructure.
➢
Overhauled business models and revamped products:
•
Web hosting – focus on services-provided rather than bundling and guesswork
•
Email hosting – outsourced to business partner running Communigate Pro, migrated existing
•
Anti-Spam – transitioned from Postini to Google to TestudoData management, migrated existing
•
Anti-Malware – added service levels, implemented new solution, migrated existing
•
SSL Certificates – simplified offering, saving several thousand dollars annually
➢
Designed imaging and configuration management solution for the banking industry.
➢
Managed on-call schedule for all network technicians.
➢
Overhauled configuration of RADIUS to streamline operations and simplify billing.
➢
Managed shared data for entire company: data analysis, expiration, archiving and centralization.
➢
Maintained complex set of Solaris servers and zones for stability and security.
System Architect and Administrator: Focus on Security and Open Source Technologies
➢
Designed and implemented new server standards for core business services.
➢
Documented all server configurations, histories, and contracts as part of standardizing operations.
➢
Analyzed and implemented security patches on 40+ systems monthly.
➢
Developed Linux-based small business server and services, focus on security and email.
➢
Designed and led ground-up re-implementation of multi-platform email system:
•
Saved $80,000 yearly through reduced personnel requirements for troubleshooting and maintenance.
•
Reduced call volume by 90% and spam volume by 95%.
•
Removed numerous mail loops resulting in faster and more reliable email delivery.
➢
Led the migration, deprecation and centralization of legacy systems.
•
Migrated legacy and unsupported Linux to modern Enterprise-quality Linux.
•
Migrated numerous IIS-sites to a newly built, standardized and secured IIS system.
•
Migrated various databases to secured and recent versions of MySQL and Oracle.
•
Developed standards for PHP, Ruby, Drupal, Joomla, Moodle and Wordpress hosting.
•
Built Ruby on Rails self-managed hosting platform.
•
Overhauled client-focused web statistics system for accuracy, speed and support of new technologies.
➢
Performed complete reimplementation of genetics processing system, focus on security and stability.
➢
Assisted with re-implementation of DNS and DHCP system, improving resilience and stability.
➢
Migrated SCO OpenServer installations to both VMWare and new hardware for archival purposes.
➢
Created emergency disaster recovery servers for failing but critical clients' legacy servers.
➢
Configured custom monitoring solution for troubleshooting trend analysis and alerting.
➢
Rebuilt PGP-based encryption system for FTP transfers of HIPAA-controlled information.
➢
Set up traffic shaping and multi-routing on Linux-based network appliance.
January 2008 – presentSANS and GIAC
Question Author and Reviewer: GIAC certification exams based on SANS course material
➢
Wrote and reviewed for the GWEB certification, focusing on web-based security issues.
SANS Instructor (Mentor Level): Management 414 – CISSP Mentor Session
➢
Taught students the ten domains of Information Security to prepare them for the CISSP exam.
➢
Emphasized practical security concerns within their respective professional environments.
➢
Added additional teaching of test taking, studying and memorization techniques.
December 2005 – PresentPearson Educational, O'Reilly Press, Syngress
Technical Reviewer: Focus on Security and Applicability to the Market
➢
Reviewed numerous book proposals and recommended for or against publication
Technical Editor and Proofer: Focus on Security and Technical Accuracy
➢
Proofed
Security+ Review Guide
➢
Edited
Novell Cluster Services for Linux and NetWare
➢
Edited
FreeBSD 6 Unleashed
➢
Edited
X Power Tools
➢
Edited
Linux in a Nutshell
May 1999 – November 2004Clement Claibourne LC / Mail Services LC
Web Developer / Product Manager
➢
Migrated workstations to open standards, then to Linux systems, reducing licensing liability.
➢
Designed, implemented and administered Linux based products and solutions, providing:
•
Web interfaces for the on-line viewing, editing, and printing of statements and letters.
•
Ability to pay on-line via existing e-commerce vendors.
•
Optional inclusion of content-aware banner advertisements.
•
Extensive customizations to allow clients and clients' customers to re-brand systems.
•
Simple creation of buttons and banners for system branding.
•
Web-based management console.
➢
Dramatically improved security via strong authentication and seamless logins.
➢
Designed websites for Clement Claibourne, Mail Services and several clients.
Security Analyst
➢
Dramatically improved security through strong authentication and system standards.
➢
Ensured products' technical compliance with the Graham-Leach-Bliley Privacy Act and HIPAA.
➢
Devised password, role, and data management policies for improved security and privacy.
➢
Determined firewall, VPN and routing rule sets for various clients' needs.
➢
Designed, implemented and administered Linux-based products and solutions, providing:
•
Secure authentication for varied user levels with seamless connection to third party systems.
•
Automatic synchronization to backup systems for redundancy and disaster recovery.
•
“Self Aware” systems to help automate security maintenance.
Add a Comment