1 Oak street 212.991.

8013
Westfield, MA 01085 julian.villan@gmail.com

Julian Villan
Passionate information security professional with over a decade of proven experience in high value
target environments. Currently seeking remote only contracts or FTE prior to 03.2020

Director: Virtue Security – 06.2014 to current

 Helped advance an early stage startup into a thriving, going concern.
 Collaborated in the creation and upkeep of internal testing methodologies and reporting templates.
 Interviewed and evaluated potential hires, oversaw the onboarding and training process.
 Led several consulting engagements for end-of-year certification requirements in the major utility,
healthcare, and insurance sectors. These engagements posed unique challenges, with significantly shorted
timetables and absolute deadlines. Relying on a thorough understanding of each industries IT operations and
regulations, our teams needed to quickly devise and execute workflows that satisfied all stakeholders.
 Maintained an 85% retention rate on annual engagements, with clients requesting our team specifically.
 Played a large role in shaping the information security programs of government and fortune 500
corporations. This included the creation and training of both red and blue teams, as well as continued
tabletop exercises to ensure efficient integration with the existing Security Operations Center.

Senior Security Consultant: Intel Security (Foundstone) – 05.2011 to 05.2014

 Helped recruit and later train multiple junior team members in network security, whom all went on to more
senior roles at a significantly accelerated pace in comparison to their peers.
 Achieved the highest rating in all annual reviews.
 Was a senior course instructor for the Ultimate Hacking product offering, completing dozens of multi-week
training seminars for group’s sized 15-40 people.
 Developed and presented several research projects for the internal consulting team on the subjects of RFID,
Android Security, and other emerging technologies.
 Was chosen for several engagements involving state of the art or esoteric technologies for which there was
no methodology, such as automotive OS/ CANBUS systems, next generation internet connected gaming
consoles (with specific focus on their proprietary internet service.) These projects required considerable
research and collaboration with many other subject matter experts from our team.

Independent Security Consultant: 01.2009 to 04.2011

 Performed security assessments for a variety of clients, focusing mainly on web applications.
 Worked independently with little oversight to deliver product offering, including project scope, testing,
remediation, and follow up.
 Leveraged professional experience to deliver a competitive service without the support of a larger team.

Senior Security Consultant: CBS Broadcasting – 08.2008 to 11.2008

 3 month contract reporting directly to the CSO, providing up to date information on security policy, as well as
evaluating risk for new applications, internal development, and infrastructure.
 Provided pen-testing expertise for custom and off the shelf applications.
 Audited firewall controls across extremely high traffic global network, including critical video streams, VPN
access, web & email proxies, and DMZ access for outside vendors and CBS radio and TV affiliate stations.
 Developed corporate incident response policy

Application Penetration Tester: Net2S (British Telecom) – 11.2006 to 02.2008

 Penetration testing and vulnerability assessments for Fortune 100 clients, with the majority of
engagements performed for some of the top 5 financial institutions in the world.
 Engagements included web application pen tests, network assessments, Multi factor authentication
implementations, PCI compliance and auditing, as well as more esoteric testing of emerging
technologies such as cellular SMS systems, check scanning systems, and social engineering.
 Worked under absolute deadlines in providing security report deliverables, including updated testing
status via conference calls on a daily basis with CSO’s, project managers, and development teams.
 Developed security policy based on industry best practices and professional expertise.
 Identified new threats relevant to our client’s security posture, threat modeling based on the latest Common
Vulnerability Scoring System (CVSS 2.0), including remediation steps.
 Led creation of a research & development division to increase the value of security offering.

Page 1
1 Oak street 212.991.8013
Westfield, MA 01085 julian.villan@gmail.com

 Leveraged background in development and systems administration to communicate with developers and
sysadmins directly in resolving security issues. Commended by several clients in being able to expedite the
remediation process in time critical situations.

Lead UNIX Systems Engineer: Reality Check Network (Digital Ocean) – 10.2005 to 10.2006
 Managed hosting for high-end small business clients, across 500 Linux and FreeBSD servers.
 Increased client value by tuning various aspects of the LAMP stack for higher performance applications.
 Developed an extremely proactive 24/7 monitoring system, with an average response time under 5 minutes.
 Provided security expertise in implementing a variety of ecommerce shopping carts and credit card
processing systems. Monitored for unauthorized network activity, attacks on web applications, and forensics.
 Configured switches and servers across multiple datacenters in a high bandwidth environment.

Skill Set:

Security:
 Constantly remaining up to date on security models and evolving threats, such as local privilege escalation
attacks, remote exploits, SQL injection, XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery), DNS
Poisoning/Pinning, Root kits, Denial of Service, Buffer overflows/under runs, session hijacking, authentication
bypass, and client based malware.
 All aspects of cryptography and its secure implementation via SSL certificates, TLS, OpenSSH, as well as Full
Disk Encryption via PGP, TrueCrypt, and dmcrypt.
 Fluent with CISSP and CEH principals, computer security regulations SOX, HIPAA, BS7799, and ISO 17799.

Tools: Metasploit, Burp, Qualysguard, Appscan, Webinspect, Nikto, Nessus, Nmap, Core Impact, Ollydbg, gdb,
Ikescan, Wireshark, HTTPwatch, Kismet, Airsnort, Aircrackng, Tripwire, Rkhunter, Encase, Sleuthkit, DDrescue,
Netcat, SSLDigger, WSDigger, Scanrand, Hping, Hydra, John the Ripper, Snort, Microsoft Security Analyzer

Operating systems:
 Android, iOS, Linux, BSD, Windows, Mac OS X, virtualization via VMWare, Xen, KVM, and OpenVZ.
 Understanding of local OS security principals, access controls, file permissions, memory protection.

Development:
 Creating custom scripts to quickly solve tasks using BASH, sed, awk and other GNU tools.
 Deep understanding of the LAMP stack and successfully implementing applications in high
traffic environments in frameworks such as Python, PHP, Perl, and Ruby.
 Securely configuring web server software: Apache, IIS, and Websphere.

Networking:
 Advanced proficiency in all aspects of internet operations, including DNS, the TCP stack, IPv6, and BGP.
 In depth familiarity with the operations of datacenters and NOC’s, including best practices for working with
remote personnel, as well as on site maintenance and installation of servers, switches, et al.
 Implementing and securing network architecture such as Cisco IOS, Cisco VPN, Checkpoint firewall & VPN
Secure Client, OpenVPN, 802.11 wireless auditing, Citrix Server, and VLAN’s.
 Developing firewall rule sets in high traffic, high target environments using IPTables and PF.

Professional: Highly developed interpersonal communications ability. Able to convey technical information
effectively and courteously to people with varying levels of expertise. Approaches new technology with a genuine
interest that does not stop at the end of the business day. Conscious of correlation between detailed decisions to
“big picture” goals.

Professional Affiliations & Accreditations:

 InfraGuard – An FBI & private sector collaboration to analyze and defend against threats to the
nation’s critical infrastructure.
 Open Web Applications Security Project (OWASP) – NY Metro Chapter
 International Association for Counterterrorism & Security Professionals (IACSP)
 Information Systems Security Association (ISSA)
 Comptia Network+

Page 2