www.apolis.org

Information Security Expertise

• IDS/IPS, Cryptography, SSH, and various security tools and applications.
• Network Security and Firewall Management.
• Server and network hardening procedures and implementation.
• Policy and standards development and enforcement.
• Server and application security assessment, evaluation and reporting.
• Intrusion detection, incident handling and attack mitigation.
• Detailed knowledge of methods employed by intruders tattack systems and networks.
• Authentication, Authorization, Access Control.
• Risk assessment and control.
• Regulatory compliance for Sarbanes-Oxley, GLBA, and others.

Unix System Engineering and Administration Expertise

• Experienced with Solaris, AIX, Linux, HP-UX and BSDi
• Advanced Korn Shell (ksh) Scripting
• Experience using and managing Oracle, MySQL, DNS/BIND, SMTP/Sendmail, TCP/IP, TCP Wrappers, PGP, NIS, NIS+, LDAP, Rsync, Samba, NFS, Automounter, LVM, Veritas VM and Veritas FS, RAID, Network Appliance NAS, DCE/DFS, DHCP, Apache, IBM Network Dispatcher.

Windows System Engineering and Administration Expertise

• Experienced with Windows Server 2003, XP, 2000, NT
• Active Directory, Group Policy, EFS, server hardening, IIS, SQL Server, IPSec, DFS.

TCP/IP Networking Expertise

• Cisco Firewalls, IPSec and SSL VPN, Routers, troubleshooting.
• Juniper NetScreen Firewalls
• ISS Intrusion Prevention Systems (IPS)
• Detailed knowledge of network applications and protocols at all layers of the OSI model.

Programming Languages

• Fluent Java, VB .NET, SQL, ksh.
• Some C, C++, Pascal and Assembly Language.

Professional Certifications

• CISSP -- Certified Information Systems Security Professional (#26735)
• CPISM -- Certified Payment-Card Industry Security Manager
• SCNA -- Sun Certified Network Administrator for Solaris (and other Sun certifications)
• CATE -- IBM Certified Advanced Technical Expert - RS/6000 AIX (and other IBM certifications)
• HP Certified HP-UX System Administrator
• MCSA -- Microsoft Certified Systems Administrator (Working towards MCSE)
• CompTIA Network+ Certification

Education

• Master of Science in Information Systems [In progress - expected completion 2-3 years] - Kennesaw State University
• Bachelor of Science in Information Systems. Summa Cum Laude 2004 - Kennesaw State University, GPA 4.0/4.0
• Certificate in Information Security and Assurance. 2004 - Kennesaw State University, GPA 4.0/4.0.
  Kennesaw State University has been designated as a National Center of Academic Excellence in Information Assurance Education by the National Security Agency.
• AAS in Computer Information Systems, concentration in business programming. 1998 - Front Range Community College, Honors Graduate, GPA 4.0/4.0

 What I am not...

• I am not a Lawyer, and nothing I say should ever be construed as legal advice.
• I am not an expert on PCI DSS, GLBA, or HIPAA, although I have experience or training in each of those areas.
• I am not a PCI QSA (PCI Qualified Security Assessor) or PCI ASV (PCI Approved Scanning Vendor).
• I am not a big company - I am just myself.

I also can never guarantee that your servers and apps will be absolutely secure or that they will never be hacked. New exploits are created every day, and applications and operating systems will always have holes. My objective is to "raise the bar" sufficiently so that hackers go elsewhere and look for easier targets. That said, with data of sufficient value, hackers have plenty of incentive to keep trying.