7367 Evergreen St. Lima, NY 14485
(585) 624-9551 firstname.lastname@example.org http://www.rd1.net
5/96 - present DURKEE CONSULTING, Inc, Lima, NY
Application Security Testing and Code Reviews
Performed web and network application security architecure reviews, code reviews and web application penetration testing on variety of applications for large enterprises.
Payment Card Industry (PCI) Compliance Auditing and Consulting
Performed internal audits and consulting for security compliance to the Payment Card Industry standards (www.pcisecuritystandards.org) for level 2-4 merchants including dozens of credit card processing applications. In addition to reporting on compliance, consulting included remediation options, potential mitigating controls and business risk analysis.
Development of Industry Accepted Benchmark Security Standards
Consulting for the Center for Internet Security (www.CISecurity.org), led the development of a variety of security benchmark standards including Apache Web Server, Red Hat Linux, FreeBSD, BIND DNS, FreeRadius, and OpenLDAP. CIS benchmarks are widely recognized as a industry standard, and are developed through a consensus process using teams of information security experts from the public, private, and academic sectors.
Instructor for SANS Network Security Certifications and (ISC)2 CISSP CertificationTaught students in technical network security material required for the SANS GIAC GSEC and GCIH Certification tracks. Sessions included hands-on usage of security tools, hacking techniques, question and answer sessions and discussions of current and emerging security issues and defenses. Also developed new security training material on Web Application Security including hands-on labs for the SANS Institute LAMP (Linux, Apache, MySql and PHP) track. Also teaching CISSP certification courses, and custom hacking and web application security courses.
Rochester Security SummitSolicited, organized and approved expert speakers on leading edge technical security topics as the chairman of the technical track for the very successful Rochester Security Summits for 4 years. www.RochesterSecurity.org
Application and Network Security Consulting
Provided network, system and application security consulting for a wide variety of corporate projects from architecture and design consulting and site audit. Developed corporate security technical standards for Windows and Unix platforms. Performed security audits, vulnerability analysis and risk assessments for corporate data centers. Web Application security training and application security code inspections.
Remote Authenticated, Secure Mail Relay Service
Setup and administration of secure SMTP and POP3 services using sendmail, qpopper and openssl on a Unix platform for a remote office networks. All services included host and user authentication and encryption over SSL, as well as effective SPAM filtering with Spam-Assassin and Anti-Viral filtering with ClamAV.
Java Server Architecture, Security and Administration
Developed secure, scalable architecture for optimal price and performance. Deployed with security hardening, audits and monitoring, and secure remote access, using Apache, J2EE, JServ, openssl, ssh, vnc, perl, Nessus, Whiskers, and nmap.
Firewall setup and monitoring
Proposed and installed multiple open source Linux dual home proxy firewall for private school and office LAN, included log security monitoring, intrusion detection, and proxied web access with content filtering service. Software used included iptables, ipchains, apache, ssh, syslogd, sendmail.
XML Web Server secure HTTPS communication
Enabled secure browser to web server communication and XML web server to web server communication by integrating and configuring openSSL, X509 client and server certificates and Java Secure Sockets Extension (JSSE) for two different XML web server software products using the Apache+Jserv+mod_ssl web server on Solaris, Linux, FreeBSD, NT4.0 and Win2000 platforms.
Web Server Performance Analysis
Benchmarked and analyzed the performance of a client web site with competitive web sites, and proposed hosting and design changes that would bring a more than five fold increase in performance.
Software Methodology Training
Provided a series of in-house hands-on seminars on a full spectrum of software methodology, including object design technology, object modeling techniques, C++ programming, project management, requirements analysis with use-cases, and software configuration management with TeamWare. Also provided consulting services to analyzed current requirements for Software Configuration Management (SCM) tools and methodology in support of a SEI CMM (Capability Maturity Model) level 2 effort. Effort resulted in a detail requirements matrix, which was used in selecting SCM tools for several projects.
Embedded Web Server Administration Interface for Network Switch
Internet based Software Development and Administration
Designed and developed a C++ CORBA server with Orbix and Oracle, which provided document printing production services to a Java User Interface, developed using Visual Café. Developed perl scripts for the installation and configuration of the Apache web server, HTML and Java files. Also maintained the DNS zone and mail server for the project sub-domain.
Real Time Software Design and Development
Proposed several alternative design improvements for an RPC based lookup services used in an automated voice telephony assistance software subsystem. Implemented in a tight schedule a greater than five fold performance improvement in the service requests, which allowed the project to meet necessary real-time response requirements.
11/93 - 5/96 QUESTRA CONSULTING Rochester, NY
Project manager for the second largest on-site project, as well as project manager for the most successful to date in-house project. The three components of the out-source contract were awarded time-to-market bonuses for early delivery, of 1, 2 and 3 weeks respectively ahead of the contracted fix priced schedule which was only 11 weeks long. The project was the most profitable to date for the company in terms of the effective hourly rate, by exceeding its goal by 34%.
As the UNIX system expert for the Xerox DCS35 Multi-function printer, made a wide variety of recommendations and fixes for kernel and system level problems. Designed a UNIX System Vr3 device driver to emulate the BSD socket calls on VxWorks. The driver was designed for high performance by minimizing data movement, and while maximizing concurrency. Developed an advanced C++ seminar, and held two sessions of an intensive 4 day hands-on seminar, for a total of 27 consultants. The seminar covered all of the C++ language, including up-to-date ANSI innovations, the Standard Template Library (STL), as well as an introduction to current object oriented design methodologies.
5/91 - 11/93 ASEA BROWN BOVERI (ABB) PROCESS AUTOMATION Rochester, NY
Senior Software Engineer and technical project leader responsible for development of a central part of an object oriented management facility implemented in C++ to be used for process automation. Also filled the role of UNIX expert in advising in the design and implementation of the other projects at ABB in the US and Sweden.
7/89 - 5/91 COMPUTER CONSOLES INC. Rochester, NY
Senior Software Engineer responsible for design proposals and development of performance enhancements to a database batch update for white pages directory assistance. Optimized the on-line update implementation to reduce memory usage by more than 40%. Design and implementation of a 2-4 fold increase in performance for the index generation subsystem.
6/85 - 6/89 AT&T Bell Labs (UNIX System Labs), Summit, NJ
Lead MTS responsible for the design and development of transaction based file system of a real-time fault tolerant relational database system called TUXEDO. Designed, prototyped and benchmarked an implementation of a state of the art database transaction commit algorithm, which will reduce physical I/O by a factor of 3. As a member of a select team, designed and implemented a prototype distributed transaction-processing system. As a lead member of the department quality team, proposed and implemented policies and procedures to ensure the effectiveness and efficiency of document and code reviews. As department liaison to the UNIX kernel development group, represented the needs and interest of distributed database and real-time systems by reviewing requirements and designs for the System V 4.0 release. Wrote the initial draft proposal for the standard X/Open XA transaction specification, which allows integration of heterogeneous database systems.
7/83 - 6/85 IIT RESEARCH INST. (ITTRI) Rome, NY
Acting project manager for a five-member team of programmers, responsible for all aspects of the project requirements schedule and delivery and documentation including extensive customer support for ten Army command posts.
10/81 -- 5/83 SOFTWARE ASSOC. INC. Socorro,
NM (Half time during college)
1/81 -- 10/81 and 1/79 -- 5/79 NEW MEXICO TECH Socorro, NM (Half time during college)
9/79 -- 12/80 S.S.R. Corp. Rochester, NY
5/79 - 8/79 HONEOYE DATA Systems Honeoye, NY
Designed, implemented and wrote documentation for assigned projects. Estimated time requirements for programming, and supported the customers of the implemented systems.
Durkee Consulting, Inc.