## BIO
| Slaying security, network, and web application dragons since 1997. Turning the impossible to the possible, and the expensive to the cost effective with open source tools and applications. I know what I know, and I will not stop till I know the rest. This introduction may be hyperbolic, but I assure you, the answers I give to your problems will be straight. |
| * * * |
| **Skill Domains** |
| Network and Systems Security | Security Scanning, IDS | OpenBSD, Linux, other UNIX |
| Server Hardening | Firewall, Proxy, DMZ | Open Source Software |
| Internet/Intranet, LAN, Wireless | SMTP, DNS, HTTP, FTP servers | UNIX Systems Programming/Scripting |
| * * * |
| * * * |
| **Systems Experience** |
| * **Unix** -- 7 years (*OpenBSD*, *Linux*, *NetBSD*, *FreeBSD*, *Solaris*, *IRIX*, others): Design, implementation, administration, and security hardening.
* **Windows/NT** -- 9 years (*NT3.5.1 to WindowsXP*): Design, implementation, administration, and hardening.
* **Network Devices** -- 4 years (*Cisco* PIX/Router/CSS/LocalDirector, *CoyotePoint*, *Packeteer*, Misc. Switches/Hubs): Design, implementation, administration, and security hardening. |
| **Network Experience** |
| * **TCP/IP** -- 7 years: *Ethernet*, wireless, dialup, and *Frame Relay* transports.
* **Firewall** -- 6 years: *PF*, *PIX*, *Raptor*, and many others.
* **Proxy** -- 5 years: *Squid* (with URL redirectors), *Apache*.
* **Scanning/Auditing** -- 5 years: *NMAP*, *Nessus*, *DSniff*, and many others.
* **Intrusion Detection** -- 4 years: *Snort* (plus *ACID*), syslog monitoring, *mtree* for host integrity checking.
* **Load Balancing/Traffic Shaping** -- 4 years: Load balancers, *Packeteer* traffic shaping, *PF/ALTQ* shaping and balancing.
* **VPN/Tunneling** -- 4 years: *IPSEC*, *SSL* (with *STunnel*), *SSH*.
* **DNS** -- 6 years: *DJBDNS*, *BIND*, many split DNS implementations.
* **SMTP** -- 6 years *Postfix*, *Sendmail*, *Qmail*, *Exchange*, *Procmail*, various add-ons and filters.
* **HTTP/HTTPS** -- 7 years *Apache w/ModSSL*, *Squid*, *IIS*, *Netscape/iPlanet*.
* **Miscellaneous** -- *NTP*, *SNMP*, *LDAP*, *ICA (Citrix)*, syslog. |
| **Programming Experience** |
| * **Perl** -- 4 years: System and network utilities, *CGI* scripts, regular expressions.
* **Shell/Script** -- 7 years: *Bourne shell*, *C shell*, and *Expect/TCL*.
* **HTML/XML** -- 6 years: Internet and Intranet web sites.
* **Other** -- *C/C++*, *PHP*, *Javascript*, and *x86* assembly. |
| * * * |
| * * * |
| **Selected Accomplishments** |
| * Deployed numerous hardened servers to provide secure email, DNS, proxying, web, and other services to existing networks with benefits including vastly improved security, efficient management, flexibility, and reliability.
* Built email gateway filtering system to strip out dangerous attachments, and defang macros/embedded script and provide an additional security layer on top of rule based virus scanners.
* Developed security and network utilities (primarily in Perl), including a log monitoring daemon, PIX firewall log data importer for Snort IDS databases, and a SMTP filtering daemon.
* Developed CGI/Perl network management interface to integrate a set of Open Source network monitoring packages, providing a low cost and flexible alternative to expensive commercial network management packages. |
| * * * |
## Area of Expertise
Network/systems security, OpenBSD/Linux/UNIX, server security hardening, firewall/proxy/DMZ structure, Perl, PHP, MySQL, HTML/XML, shell scripting, SMTP/email filtering, DNS, HTTP, FTP