/  4
 
Josh More -
Security
Roles in Small Business
Certifications: CISSP, GIAC-GSLC Gold, GIAC-GCIH, RHCE, NCLP, ACE
web:
http://www.starmind.org
Profile
Fifteen years technical experience consisting of twelve years in security and ten years in operations.
Expertise in assessing technology, business requirements and security threats.
Experience presenting to people at all levels of technical skill and business responsibility.
Detailed knowledge and experience with system analysis, architecture and operations.
Dedication to continual self-driven improvement of professional skills.
Experience
 November 2004 presentAlliance Technologies
Senior Security Consultant: Focus on Business Process and System/Network Security
Performed technical assessments for companies of all sizes and industry verticals.
Conducted network, local and web-focused vulnerability scans.
Developed and implemented network segmentation to reduce scope of attacks.
Researched public data to detect data leaks and prepare for penetration tests.
Reviewed user permission levels to reduce privilege creep and identify orphans.
Wrote custom reporting system to save $25,000 yearly in licensing costs.
Devised plans for both short-term emergency issue mitigation and long-term business strategy.
Proactively monitored security events and responded or notified affected parties.
Reviewed patches and updates: Windows, Linux, Solaris and third party applications.
Reviewed threat and attack trends, developed mitigation and awareness strategies.
Drafted reports to a wide variety of audiences – technicians, sales people, customers, help desk 
Incident Response Lead – managed isolation, determination and correction of security incidents.
Average thefts from malware and identify theft commonly exceeded $500,000.
Developed response plans to the termination of internal employees.
Devised technical responses and communication strategies to data loss and defacement incidents.
Performed forensic analysis on corrupted and deliberated deleted data for law suits up to $20,000,000.
Reviewed, analyzed and wrote security policies for companies of all sizes and industry verticals.
Analyzed technologies, recommended vendors and built products to address specific threat vectors:
Disk and Data Encryption – protecting against physical theft and improper access
Intrusion Detection – protecting against bad network traffic, unusual traffic and access patterns
Anti-Malware – protecting against malicious software and providing deep network control
Perimeter Protection – controlling in- and out-bound traffic by port, protocol and destination
Email Control – preventing spam, allowing legitimate email and providing encryption
Web Filtering – limiting access to and monitoring of employee Internet usage
Web Application Firewall – providing protection to unmaintainable legacy web applications
Collaborative Documentation – enabling documentation of various systems and processes
Patch Management – maintaining OS and third party patch levels for workstations and servers
Training – identifying and addressing internal knowledge gaps that impact organization's security
Consulted for compliance with PCI-DSS, HIPAA/HITECH, FDIC, SOX and the FTC Red Flag Rules.
Consolidated legacy systems to modern and hardened systems using development/production mirroring.
Email, Web, Database, DNS, and DHCP servers – affecting most of the pre-existing infrastructure
Migrated to modern Linux systems, for improved reliability, flexibility and supportability
Implemented network-wide monitoring system of all operational servers and network equipment.
Streamlined secure internal operations: change requests, source control, license management.
Performed highly complex data and contract analysis of multi-party code escrow dispute.
Designed system to securely transfer large files between businesses in a user-friendly manner.
Provided outsourced Information Security Officer duties for medium businesses and enterprises.
Determined long term strategies and managed projects to achieve security goals within budgets.
Handled incident exploration, containment and mitigation.
Developed multi-layer protection for Linux-based Web and FTP hosting and Java application servers.
Developed security awareness and pre-sales presentations for numerous audiences.
Drafted strategy to guide the development of a new security division.
 
Sales Engineer: Focus on Needs Assessment, Report Writing and Presentation
Developed sales presentations for state-wide tours raising awareness of security issues and solutions.
Developed sales strategy and tools to identify solutions by business size and industry vertical.
Developed marketing material for prospects and clients on each solution sold.
Developed rapid assessment system for sales staff to use to uncover hidden opportunities.
Analyzed public data breaches to create common stories for use in presentations and sales calls.
Traveled with sales person to prospects to conduct pre-sales opportunity analysis.
Developed rapid reporting template to be used when conducting pre-sales opportunity analysis.
Engaged in Internet-based marketing: blogging, forums, mailing lists, twitter, image creation
Devised multi-year improvement plans and match solutions to client budget cycles
Managed partnerships with security vendors: Sophos, Astaro, Solutionary, Thawte, Google, TestudoData
Managed partnerships with technical vendors: Microsoft, Novell, Syncsort
Served as account- and project-manager to clients requiring ongoing security/infrastructure improvement.
Attended business networking events, representing the company and seeking leads.
Performed technical and business reviews preceding acquisitions.
Identified buyer and assisted sale of unprofitable portion of our business.
Served as technical lead in group of consultative business leaders, tying together numerous industries.
Served as technical and security lead on RFP response teams for large companies and governments.
Devised strategy for providing managed service for synchronizing mobile devices.
January 2008 presentSANS and GIAC
Question Author and Reviewer: GIAC certification exams based on SANS course material
Wrote and reviewed for the GWEB certification, focusing on web-based security issues.
SANS Instructor (Mentor Level): Management 414 – CISSP Mentor Session
Taught students the ten domains of Information Security to prepare them for the CISSP exam.
Emphasized practical security concerns within their respective professional environments.
Added additional teaching of test taking, studying and memorization techniques.
December 2005 PresentPearson Educational, O'Reilly Press, Syngress
Technical Reviewer: Focus on Security and Applicability to the Market
Reviewed numerous book proposals and recommended for or against publication
Technical Editor and Proofer: Focus on Security and Technical Accuracy
Proofed
Security+ Review Guide
Edited
 Novell Cluster Services for Linux and NetWare
Edited
 FreeBSD 6 Unleashed 
Edited
 X Power Tools
Edited
 Linux in a Nutshell 
May 1999 – November 2004Clement Claibourne LC / Mail Services LC
Security Analyst
Dramatically improved security through strong authentication and system standards.
Ensured products' technical compliance with the Graham-Leach-Bliley Privacy Act and HIPAA.
Devised password, role, and data management policies for improved security and privacy.
Determined firewall, VPN and routing rule sets for various clients' needs.
Designed, implemented and administered Linux-based products and solutions, providing:
Secure authentication for varied user levels with seamless connection to third party systems.
Automatic synchronization to backup systems for redundancy and disaster recovery.
“Self Aware” systems to help automate security maintenance.
Designed and oversaw development of multi-platform and multi-algorithm encryption system.
Drafted policies for the secure handling of sensitive customer data.
Pre-sales Support
Developed proof-of-concept systems for sales endeavors. Production systems build after close of sale.
Developed traveling demonstration systems for sales people to use at trade shows.
 
Accompanied Sales to demonstrate systems and answer technical questions.
Community Involvement
Security and Open Source Community Leadership:
Head of Cyber division of Iowa Infragard: an FBI-vetted business/government collaboration.
Ran annual conference focused on security communication and education.
Founded local Virtualization Users' Group and Des Moines Security Group.
Hosted and ran meetings as President of the local Linux Users' Group.
Attend local meetings as a security and technical community representative:
Agile Users Group, Iowa Bloggers, ISSA, Cyber Defense Competition at Iowa State University
Consulted to the State of Iowa Department of Homeland Security Information Technology Group.
Active on numerous international security-focused mailing lists and IRC channels.
Security and Open Source Community Presentations:
2011: Virtual Desktop Security – technologies and issues involved with the security of virtual desktops
2011: Senior Scams – issues impacting senior citizens and those that care for them
2011: Malware and Identify Theft – short-form presentation on big issues effecting businesses
2011: Sales – internal presentation educating sales staff on security strategy and prospecting
2010-2011: General – common security issues impacting businesses
2010-2011: Finance – financial malware impacting banks and credit unions
2010-2011: PCI – compliance issues for small businesses accepting credit cards
2010-2011: HIPAA – compliance issues for medical clinics, insurance agents and hospitals
2010-2011: Malware – financial malware impacting general business and non-profit groups
2010: Communication – network-level issues impacting telephone companies and data centers
2009: Disaster Recovery – technical issue overview for the Iowa Contingency Planners
2009: GroupWise 8 – features of the new email and calendaring system for an internal audience
2009: Web Application Security – general security issues for the Des Moines Web Geeks
2009: Virtualization Security – security issues surrounding virtualization for ISSA
2009: Linux Security – security issues specific to Linux for Infragard and CIALUG
2006-2009: MediaWiki – features and use cases for wikis as collaboration systems
2008: Security Policies – overview of security policy issues for ISACA
2008: OSX Security – overview of security on Apple computers for Des Moines Mac Users Group
2008: SQLi and XSS – overview of web-based attacks for the Iowa Ruby Users Group
2008: Information Warfare – review of public data attacks and defense for Iowa Infragard
2005-2008: Certification – recommendations for certification paths and testing tips
2007-2008: Web 2.0 – business uses of emerging web technologies
2007: Barcamp – ran sessions on Linux, monitoring, job searches and self-promotion
2006: Guest Lecture – lecture on Linux in business for the DMACC Linux Administration Class
2006: Technology for Entrepreneurs – using technology to grow startup businesses
2005: Linux in schools – how open source technology can improve education
Media Interviews:
2011: RFID security and credit cards
2010: Buena Vista University data loss incident
2008: Workplace Productivity
 Nov. 1996 May 1999Grinnell College
Technical Support: User Consultant / Help Desk Technician
Analyzed applications for network inclusion, with a focus on stability and security.
Audited existing applications for adherence to security requirements.
Secured Windows and Macintosh systems against unauthorized users and malicious applications.
May 1998 Aug. 1998University of Notre Dame
Academic Research: Intern in High Energy Physics
Programmed system to aid high-energy particle analysis.
Trained other interns in the use of the Unix operating systems.

Share & Embed

More from this user

Add a Comment

Characters: ...

kcrecruiterleft a comment

Are you looking for a new position to utilize your security specialities? Please contact me at lwible@adaptivesg.com to discuss! Thanks!