High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Josh More -
Security
Roles in Small Business
Certifications: CISSP, GIAC-GSLC Gold, GIAC-GCIH, RHCE, NCLP, ACE
web:
http://www.starmind.org
Profile
➢
Fifteen years technical experience consisting of twelve years in security and ten years in operations.
➢
Expertise in assessing technology, business requirements and security threats.
➢
Experience presenting to people at all levels of technical skill and business responsibility.
➢
Detailed knowledge and experience with system analysis, architecture and operations.
➢
Dedication to continual self-driven improvement of professional skills.
Experience
November 2004 – presentAlliance Technologies
Senior Security Consultant: Focus on Business Process and System/Network Security
➢
Performed technical assessments for companies of all sizes and industry verticals.
•
Conducted network, local and web-focused vulnerability scans.
•
Developed and implemented network segmentation to reduce scope of attacks.
•
Researched public data to detect data leaks and prepare for penetration tests.
•
Reviewed user permission levels to reduce privilege creep and identify orphans.
•
Wrote custom reporting system to save $25,000 yearly in licensing costs.
➢
Devised plans for both short-term emergency issue mitigation and long-term business strategy.
➢
Proactively monitored security events and responded or notified affected parties.
•
Reviewed patches and updates: Windows, Linux, Solaris and third party applications.
•
Reviewed threat and attack trends, developed mitigation and awareness strategies.
•
Drafted reports to a wide variety of audiences – technicians, sales people, customers, help desk
➢
Incident Response Lead – managed isolation, determination and correction of security incidents.
•
Average thefts from malware and identify theft commonly exceeded $500,000.
•
Developed response plans to the termination of internal employees.
•
Devised technical responses and communication strategies to data loss and defacement incidents.
•
Performed forensic analysis on corrupted and deliberated deleted data for law suits up to $20,000,000.
➢
Reviewed, analyzed and wrote security policies for companies of all sizes and industry verticals.
➢
Analyzed technologies, recommended vendors and built products to address specific threat vectors:
•
Disk and Data Encryption – protecting against physical theft and improper access
•
Intrusion Detection – protecting against bad network traffic, unusual traffic and access patterns
•
Anti-Malware – protecting against malicious software and providing deep network control
•
Perimeter Protection – controlling in- and out-bound traffic by port, protocol and destination
•
Email Control – preventing spam, allowing legitimate email and providing encryption
•
Web Filtering – limiting access to and monitoring of employee Internet usage
•
Web Application Firewall – providing protection to unmaintainable legacy web applications
•
Collaborative Documentation – enabling documentation of various systems and processes
•
Patch Management – maintaining OS and third party patch levels for workstations and servers
•
Training – identifying and addressing internal knowledge gaps that impact organization's security
➢
Consulted for compliance with PCI-DSS, HIPAA/HITECH, FDIC, SOX and the FTC Red Flag Rules.
➢
Consolidated legacy systems to modern and hardened systems using development/production mirroring.
•
Email, Web, Database, DNS, and DHCP servers – affecting most of the pre-existing infrastructure
•
Migrated to modern Linux systems, for improved reliability, flexibility and supportability
➢
Implemented network-wide monitoring system of all operational servers and network equipment.
➢
Streamlined secure internal operations: change requests, source control, license management.
➢
Performed highly complex data and contract analysis of multi-party code escrow dispute.
➢
Designed system to securely transfer large files between businesses in a user-friendly manner.
➢
Provided outsourced Information Security Officer duties for medium businesses and enterprises.
•
Determined long term strategies and managed projects to achieve security goals within budgets.
•
Handled incident exploration, containment and mitigation.
➢
Developed multi-layer protection for Linux-based Web and FTP hosting and Java application servers.
➢
Developed security awareness and pre-sales presentations for numerous audiences.
➢
Drafted strategy to guide the development of a new security division.
Sales Engineer: Focus on Needs Assessment, Report Writing and Presentation
➢
Developed sales presentations for state-wide tours raising awareness of security issues and solutions.
➢
Developed sales strategy and tools to identify solutions by business size and industry vertical.
➢
Developed marketing material for prospects and clients on each solution sold.
➢
Developed rapid assessment system for sales staff to use to uncover hidden opportunities.
➢
Analyzed public data breaches to create common stories for use in presentations and sales calls.
➢
Traveled with sales person to prospects to conduct pre-sales opportunity analysis.
➢
Developed rapid reporting template to be used when conducting pre-sales opportunity analysis.
➢
Engaged in Internet-based marketing: blogging, forums, mailing lists, twitter, image creation
➢
Devised multi-year improvement plans and match solutions to client budget cycles
➢
Managed partnerships with security vendors: Sophos, Astaro, Solutionary, Thawte, Google, TestudoData
➢
Managed partnerships with technical vendors: Microsoft, Novell, Syncsort
➢
Served as account- and project-manager to clients requiring ongoing security/infrastructure improvement.
➢
Attended business networking events, representing the company and seeking leads.
➢
Performed technical and business reviews preceding acquisitions.
➢
Identified buyer and assisted sale of unprofitable portion of our business.
➢
Served as technical lead in group of consultative business leaders, tying together numerous industries.
➢
Served as technical and security lead on RFP response teams for large companies and governments.
➢
Devised strategy for providing managed service for synchronizing mobile devices.
January 2008 – presentSANS and GIAC
Question Author and Reviewer: GIAC certification exams based on SANS course material
➢
Wrote and reviewed for the GWEB certification, focusing on web-based security issues.
SANS Instructor (Mentor Level): Management 414 – CISSP Mentor Session
➢
Taught students the ten domains of Information Security to prepare them for the CISSP exam.
➢
Emphasized practical security concerns within their respective professional environments.
➢
Added additional teaching of test taking, studying and memorization techniques.
December 2005 – PresentPearson Educational, O'Reilly Press, Syngress
Technical Reviewer: Focus on Security and Applicability to the Market
➢
Reviewed numerous book proposals and recommended for or against publication
Technical Editor and Proofer: Focus on Security and Technical Accuracy
➢
Proofed
Security+ Review Guide
➢
Edited
Novell Cluster Services for Linux and NetWare
➢
Edited
FreeBSD 6 Unleashed
➢
Edited
X Power Tools
➢
Edited
Linux in a Nutshell
May 1999 – November 2004Clement Claibourne LC / Mail Services LC
Security Analyst
➢
Dramatically improved security through strong authentication and system standards.
➢
Ensured products' technical compliance with the Graham-Leach-Bliley Privacy Act and HIPAA.
➢
Devised password, role, and data management policies for improved security and privacy.
➢
Determined firewall, VPN and routing rule sets for various clients' needs.
➢
Designed, implemented and administered Linux-based products and solutions, providing:
•
Secure authentication for varied user levels with seamless connection to third party systems.
•
Automatic synchronization to backup systems for redundancy and disaster recovery.
•
“Self Aware” systems to help automate security maintenance.
➢
Designed and oversaw development of multi-platform and multi-algorithm encryption system.
➢
Drafted policies for the secure handling of sensitive customer data.
Pre-sales Support
➢
Developed proof-of-concept systems for sales endeavors. Production systems build after close of sale.
➢
Developed traveling demonstration systems for sales people to use at trade shows.
➢
Accompanied Sales to demonstrate systems and answer technical questions.
Community Involvement
Security and Open Source Community Leadership:
➢
Head of Cyber division of Iowa Infragard: an FBI-vetted business/government collaboration.
•
Ran annual conference focused on security communication and education.
➢
Founded local Virtualization Users' Group and Des Moines Security Group.
➢
Hosted and ran meetings as President of the local Linux Users' Group.
➢
Attend local meetings as a security and technical community representative:
•
Agile Users Group, Iowa Bloggers, ISSA, Cyber Defense Competition at Iowa State University
➢
Consulted to the State of Iowa Department of Homeland Security Information Technology Group.
➢
Active on numerous international security-focused mailing lists and IRC channels.
Security and Open Source Community Presentations:
➢
2011: Virtual Desktop Security – technologies and issues involved with the security of virtual desktops
➢
2011: Senior Scams – issues impacting senior citizens and those that care for them
➢
2011: Malware and Identify Theft – short-form presentation on big issues effecting businesses
➢
2011: Sales – internal presentation educating sales staff on security strategy and prospecting
➢
2010-2011: General – common security issues impacting businesses
➢
2010-2011: Finance – financial malware impacting banks and credit unions
➢
2010-2011: PCI – compliance issues for small businesses accepting credit cards
➢
2010-2011: HIPAA – compliance issues for medical clinics, insurance agents and hospitals
➢
2010-2011: Malware – financial malware impacting general business and non-profit groups
➢
2010: Communication – network-level issues impacting telephone companies and data centers
➢
2009: Disaster Recovery – technical issue overview for the Iowa Contingency Planners
➢
2009: GroupWise 8 – features of the new email and calendaring system for an internal audience
➢
2009: Web Application Security – general security issues for the Des Moines Web Geeks
➢
2009: Virtualization Security – security issues surrounding virtualization for ISSA
➢
2009: Linux Security – security issues specific to Linux for Infragard and CIALUG
➢
2006-2009: MediaWiki – features and use cases for wikis as collaboration systems
➢
2008: Security Policies – overview of security policy issues for ISACA
➢
2008: OSX Security – overview of security on Apple computers for Des Moines Mac Users Group
➢
2008: SQLi and XSS – overview of web-based attacks for the Iowa Ruby Users Group
➢
2008: Information Warfare – review of public data attacks and defense for Iowa Infragard
➢
2005-2008: Certification – recommendations for certification paths and testing tips
➢
2007-2008: Web 2.0 – business uses of emerging web technologies
➢
2007: Barcamp – ran sessions on Linux, monitoring, job searches and self-promotion
➢
2006: Guest Lecture – lecture on Linux in business for the DMACC Linux Administration Class
➢
2006: Technology for Entrepreneurs – using technology to grow startup businesses
➢
2005: Linux in schools – how open source technology can improve education
Media Interviews:
➢
2011: RFID security and credit cards
➢
2010: Buena Vista University data loss incident
➢
2008: Workplace Productivity
Nov. 1996 – May 1999Grinnell College
Technical Support: User Consultant / Help Desk Technician
➢
Analyzed applications for network inclusion, with a focus on stability and security.
➢
Audited existing applications for adherence to security requirements.
➢
Secured Windows and Macintosh systems against unauthorized users and malicious applications.
May 1998 – Aug. 1998University of Notre Dame
Academic Research: Intern in High Energy Physics
➢
Programmed system to aid high-energy particle analysis.
➢
Trained other interns in the use of the Unix operating systems.
Add a Comment
kcrecruiterleft a comment