Assumed a leading role in development of the regulatory compliance knowledge content for the Symantec Control Compliance Suite (CCS) of products. The primary focus was research and analysis of industry regulations, standards, and best practices. The results of this research and analysis were included within the products and helped the users to effectively manage and monitor their compliance with external authorities.• Derived and developed a set of common controls from many government… Show more Assumed a leading role in development of the regulatory compliance knowledge content for the Symantec Control Compliance Suite (CCS) of products. The primary focus was research and analysis of industry regulations, standards, and best practices. The results of this research and analysis were included within the products and helped the users to effectively manage and monitor their compliance with external authorities.• Derived and developed a set of common controls from many government regulations, industry standards, and best practice documents (e.g., PCI DSS, NERC CIP, NIST SP 800-53, ISO 27000 family, HIPAA/HITECH, GLBA, FISMA, CSA CCM). The result of these derivations was product knowledge and functionality that allowed the user to demonstrate compliance with an authority.• Advised a group of developers and facilitated in the implementation of an SCAP (Security Content Automation Protocol - http://scap.nist.gov/) solution. Researched and validated that the solution would meet all of the requirements needed in order to pass the third-party validation process. The result of this project was a fully functional and validated SCAP implementation that was delivered to our customers in a very short time-frame.• Authored the Symantec SCAP vendor product information for validation. See http://nvd.nist.gov/validation_symantec_ccsft_10.5_docs.html• Developed numerous scripts (Perl and XSLT) for analyzing our knowledge content database. Resulting data was imported into Excel spreadsheets for easier consumption by internal consumers.• Developed a set of scripts (Perl and XSLT) that created regulatory views of system configuration benchmarks (mainly the Center for Internet Security benchmarks). The result was a new benchmark that was structured based on a regulation or industry standard. These benchmark views became extremely popular within our product and are still used today. The scripts themselves are also available for download for end user consumption. Show less

Researched and developed system security configuration content for the Symantec Control Compliance Suite (CCS) of products. • Developed executable system configuration benchmarks within the product based on third-party benchmark documents (mainly Center for Internet Security benchmarks). The benchmarks contained documentation as well as the necessary algorithms to perform the documented system configuration tests. Many of these benchmarks are still being used by customers… Show more Researched and developed system security configuration content for the Symantec Control Compliance Suite (CCS) of products. • Developed executable system configuration benchmarks within the product based on third-party benchmark documents (mainly Center for Internet Security benchmarks). The benchmarks contained documentation as well as the necessary algorithms to perform the documented system configuration tests. Many of these benchmarks are still being used by customers today.• Developed system configuration benchmarks for both Windows and UNIX systems (Red Hat Linux, Solaris, HP-UX).• Managed technical aspects and acted as the main point of contact for the certification of our Center for Internet Security (CIS) benchmark implementations. Pioneered the process for CIS benchmark certifications.• Developed a number of special patch checks during Microsoft Patch Tuesday releases. These releases were in high demand and needed to be developed in short time frames (1-2 days).• Developed scripting (XSLT) that created a Windows system patch check library within the product.• Contributed expertise to the Center for Internet Security (CIS) benchmark consensus process and reviewed and critiqued many of their benchmarks. Show less

Performed research and analysis as a member of the Bindview RAZOR security team. The RAZOR security team was credited with uncovering many new cyber security vulnerabilities and was always on the leading edge. • Developed system configuration and system vulnerability documentation and algorithms. The result of this work was automated checks within the products that would identify the configurations and vulnerabilities on systems in user environments.• Performed internal penetration… Show more Performed research and analysis as a member of the Bindview RAZOR security team. The RAZOR security team was credited with uncovering many new cyber security vulnerabilities and was always on the leading edge. • Developed system configuration and system vulnerability documentation and algorithms. The result of this work was automated checks within the products that would identify the configurations and vulnerabilities on systems in user environments.• Performed internal penetration testing to identify new vulnerabilities and harden the internal network.• Identified and documented a high profile security vulnerability in the Funk Proxy Remote Control software as part of an internal penetration test exercise. This software was rebranded by Bindview at that time and distributed to its customers as Netrc. It was also used extensively on the Bindview internal network for system administration. The vulnerability exposed the system and allowed it to be fully compromised using a remote desktop session. The software was removed from all internal servers and systems at that time until the issue was patched. The detailed security release can still be viewed here: http://www.wilderssecurity.com/showthread.php?t=988. • Maintained the security team lab environment which consisted of both Windows and UNIX systems. • Administered the security team website, including posting news and updates.• Co-presented a class on hacking at a Black Hat conference. Developed a fifteen minute slot that walked the class through a multi-part security breach. Show less

Performed phone support for all of the Bindview products. Also performed many special tasks and projects that helped to propel advancement within the organization.• Performed phone support for all of the products. Obtained a significant amount of problem solving skills during this period.• Performed pre and post sales product walkthroughs. Many of these walkthroughs resulted in product sales.• Performed after-hours quality assurance testing of all new products. The results of which… Show more Performed phone support for all of the Bindview products. Also performed many special tasks and projects that helped to propel advancement within the organization.• Performed phone support for all of the products. Obtained a significant amount of problem solving skills during this period.• Performed pre and post sales product walkthroughs. Many of these walkthroughs resulted in product sales.• Performed after-hours quality assurance testing of all new products. The results of which identified many defects that were corrected before shipping the product or update to customers.• Developed a special training program for the Bindview bv-Lifeline product suite. Presented this training program to customers on multiple occasions. The results of this program allowed customers to be quickly brought up to speed on the use of this product suite.• Performed on-site consulting for the Bindview bv-Lifeline product suite. • Obtained a Microsoft Certified Systems Engineer (MCSE) certification for Windows NT 4.0 Show less

The CompUSA technical department would perform any kind of repairs or upgrades that were requested by customers. A technician needed to be able to do just about everything.• Performed hardware and software troubleshooting for consumer systems.• Performed warranty repairs for both desktop and laptop computers.• Performed system upgrades• Performed onsite installation and training for consumers.• Obtained A+, Microsoft, Compaq, and Toshiba certifications.