Ralph Durkee
7367 Evergreen St. Lima, NY 14485
(585) 624-9551 info@rd1.net  http://www.rd1.net

SUMMARY OF EXPERIENCE:

EDUCATION: B.S. degree in Computer Science from New Mexico Tech. May 1983

CERTIFICATIONS:

WORK EXPERIENCE:

5/96 - present  DURKEE CONSULTING, Inc, Lima, NY

Projects

Network Security Pentration Testing

Performed network security penetration testing on medium to large enterprise networks, including reporting and remediation. SANS GIAC GPEN certified since June 2009.

Advanced Application Security Pentration Testing and Code Reviews

Performed advanced web network application penetration tests and security code reviews on variety of applications for medium to large enterprises. Including manual penetration testing, review and remediation with automated static code analysis tools such as Fortify, Coverity and CppCheck. Application penetration testing includes testing of web services, custom network protocols, and Android Apps using hundreds of tools such as Metasploit, OWASP ZAP, Burp Suite Pro, Genymotion, netcat, socat, openssl, Kali Linux and many others.

Payment Card Industry (PCI) Compliance Auditing and Consulting

Performed internal audits and consulting for security compliance to the Payment Card Industry standards (www.pcisecuritystandards.org) for level 2-4 merchants including dozens of credit card processing applications. In addition to reporting on compliance, consulting included remediation options, potential mitigating controls and business risk analysis.

Development of Industry Accepted Benchmark Security Standards

Consulting for the Center for Internet Security, led the development of a variety of security standards including Apache Web Server, Red Hat Linux, FreeBSD, BIND DNS, FreeRadius, and OpenLDAP. CIS benchmarks are recognized as a industry standard, and developed through a consensus process using information security experts.

Instructor for SANS Network Security Certifications and (ISC)2 CISSP Certification

Community instructor for technical network and application security required for the SANS GIAC GSEC and GCIH Hacking Techniques and Penetration Testing Certifications. Sessions included hands-on usage of security tools, ethical hacking techniques, and discussions of emerging security issues. Developed training material for ethical hacking training and web application security and CISSP certification courses.

Application and Network Security Consulting

Provided network, system and application security assessment and consulting for a wide variety of corporate projects from architecture and design consulting and site audit. Developed corporate security technical standards for Windows and Unix platforms. Web Application security training and application security code inspections, as well as incident response handling.

Rochester Security Summit

As the Rochester ISSA president and event chairman, led a volunteer committee to organize the very successful Rochester Security Summit as a sell-out event for several years. (Served as Officer and Track Chair 2004-2009, as ISSA President and Event Chair 2010-2013)

Application and Network Security Consulting

Provided network, system and application security consulting for a wide variety of corporate projects from architecture and design consulting and site audit. Developed corporate security technical standards for Windows and Unix platforms. Performed security audits, vulnerability analysis and risk assessments for corporate data centers. Web Application security training and application security code inspections.

Remote Authenticated, Secure Mail Relay Service

Setup and administration of secure SMTP and POP3 services using sendmail, qpopper and openssl on a Unix platform for a remote office networks. All services included host and user authentication and encryption over SSL, as well as effective SPAM filtering with Spam-Assassin and Anti-Viral filtering with ClamAV.

Java Server Architecture, Security and Administration

Developed secure, scalable architecture for optimal price and performance. Deployed with security hardening, audits and monitoring, and secure remote access, using Apache, J2EE, JServ, openssl, ssh, vnc, perl, Nessus, Whiskers, and nmap.

Firewall Setup and Monitoring

Proposed and installed multiple open source Linux dual home proxy firewall for private school and office LAN, included log security monitoring, intrusion detection, and proxied web access with content filtering service. Software used included iptables, ipchains, apache, ssh, syslogd, sendmail.

XML Web Server Secure HTTPS Communication

Enabled secure browser to web server communication and XML web server to web server communication by integrating and configuring openSSL, X509 client and server certificates and Java Secure Sockets Extension (JSSE) for two different XML web server software products using the Apache+Jserv+mod_ssl web server on Solaris, Linux, FreeBSD, NT4.0 and Win2000 platforms.

Web Server Performance Analysis

Benchmarked and analyzed the performance of a client web site with competitive web sites, and proposed hosting and design changes that would bring a more than five fold increase in performance.

Software Methodology Training

Provided a series of in-house hands-on seminars on a full spectrum of software methodology, including object design technology, object modeling techniques, C++ programming, project management, requirements analysis with use-cases, and software configuration management with TeamWare. Also provided consulting services to analyzed current requirements for Software Configuration Management (SCM) tools and methodology in support of a SEI CMM (Capability Maturity Model) level 2 effort. Effort resulted in a detail requirements matrix, which was used in selecting SCM tools for several projects.

Embedded Web Server Administration Interface for Network Switch

Acting manager of a team of five software engineers to design, schedule, implement and maintain a web based network management system (NMS) for a fault tolerant switch. The NMS was implemented in current web technologies (HTML, DHTML, JavaScript and Java) through two generations of a fault tolerant network switch product. Proposed and supervised the design and implementation of cascading style sheets to decrease maintenance costs while increasing consistency in look and feel. Proposed, and help implement perl utilities which automated the build of the web servers file system and function control table.

Internet Based Software Development and Administration

Designed and developed a C++ CORBA server with Orbix and Oracle, which provided document printing production services to a Java User Interface, developed using Visual Café. Developed perl scripts for the installation and configuration of the Apache web server, HTML and Java files. Also maintained the DNS zone and mail server for the project sub-domain.

Real Time Software Design and Development

Proposed several alternative design improvements for an RPC based lookup services used in an automated voice telephony assistance software subsystem. Implemented in a tight schedule a greater than five fold performance improvement in the service requests, which allowed the project to meet necessary real-time response requirements.

11/93 - 5/96 QUESTRA CONSULTING Rochester, NY

Project manager for the second largest on-site project, as well as project manager for the most successful to date in-house project. The three components of the outsourced contract were awarded time-to-market bonuses for early delivery, of 1, 2 and 3 weeks respectively ahead of the contracted fix priced schedule which was only 11 weeks long. The project was the most profitable to date for the company in terms of the effective hourly rate, by exceeding its goal by 34%.

As the UNIX system expert for the Xerox DCS35 Multi-function printer, made a wide variety of recommendations and fixes for kernel and system level problems. Designed a UNIX System Vr3 device driver to emulate the BSD socket calls on VxWorks. The driver was designed for high performance by minimizing data movement, and while maximizing concurrency. Developed an advanced C++ seminar, and held two sessions of an intensive 4 day hands-on seminar, for a total of 27 consultants. The seminar covered all of the C++ language, including up-to-date ANSI innovations, the Standard Template Library (STL), as well as an introduction to current object oriented design methodologies.

5/91 - 11/93 ASEA BROWN BOVERI (ABB) PROCESS AUTOMATION Rochester, NY

Senior Software Engineer and technical project leader responsible for development of a central part of an object oriented management facility implemented in C++ to be used for process automation. Also filled the role of UNIX expert in advising in the design and implementation of the other projects at ABB in the US and Sweden.

7/89 - 5/91 COMPUTER CONSOLES INC. Rochester, NY

Senior Software Engineer responsible for design proposals and development of performance enhancements to a database batch update for white pages directory assistance. Optimized the on-line update implementation to reduce memory usage by more than 40%. Design and implementation of a 2-4 fold increase in performance for the index generation subsystem.

6/85 - 6/89 AT&T Bell Labs (UNIX System Labs), Summit, NJ

Lead MTS responsible for the design and development of transaction based file system of a real-time fault tolerant relational database system called TUXEDO. Designed, prototyped and benchmarked an implementation of a state of the art database transaction commit algorithm, which will reduce physical I/O by a factor of 3. As a member of a select team, designed and implemented a prototype distributed transaction-processing system. As a lead member of the department quality team, proposed and implemented policies and procedures to ensure the effectiveness and efficiency of document and code reviews. As department liaison to the UNIX kernel development group, represented the needs and interest of distributed database and real-time systems by reviewing requirements and designs for the System V 4.0 release. Wrote the initial draft proposal for the standard X/Open XA transaction specification, which allows integration of heterogeneous database systems.

7/83 - 6/85 IIT RESEARCH INST. (ITTRI) Rome, NY

Acting project manager for a five-member team of programmers, responsible for all aspects of the project requirements schedule and delivery and documentation including extensive customer support for ten Army command posts.

MEMBERSHIPS:
Center For Internet Security, Usenix, SANS, SAGE, Rochester Business Alliance, Faith Fellowship Church

Durkee Consulting, Inc.
7367 Evergreen St. PO Box 404, Lima, NY 14485 585-624-9551