Document Sample
1609 Powered By Docstoc
					                           Philip A. Wallisch, GREM, GCIH, CISSP
                                             3207 Nestlewood Drive  Herndon, Virginia 20171
                                              Email:  Phone: (703) 655-1208


Acquire a challenging information security position focused on malware analysis and incident response where my skills and
growth contribute to overall mission success.

Professional Summary

I have been exposed to numerous technical areas in the course of eleven (11) years in the Information Security and Computer
Networking fields, with specialization in providing Information Security Services. My background includes malware investigations,
incident response, perimeter security architecture design and implementation, vulnerability assessments, penetration studies, Unix
systems administration, layer two/three network design, and technical presentations and documentation.

      Malware Investigations: Reverse engineer malware through a combination of dynamic and static analysis to determine
       software characteristics and behaviors. Present findings to customers and determine the relevance of malicious code to
       the overall attack.

      Incident Response: Respond to multiple computer intrusions across different industries. Perform investigation and
       containment services to allow clients to return to normal operations in a timely fashion.

      Network Penetration Testing: Black Box (blind) testing, operating system and active TCP/UDP port exploitation, IDS,
       Firewall, Router evasion through sophisticated packet fragmenting and tunneling processes, and Denial of Service

      Perimeter Security Architecture: Design and Implementation of perimeter security architectures including the use of
       firewalls, intrusion detection systems, screening routers, bastion hosts, honey pots, address translation, authentication,
       and virtual private networking for networked and wireless infrastructures.

      Security Training: Train students in volatile memory forensics and reverse engineering. Demonstrate the value of these
       topics through lecture and hands-on lab exercises.

Additional areas of exposure include business analysis, and management of client relations, sales processes, and pre and post-sales
technical support.
Professional Experience

HBGary INC                                                                                    09.09 – present
Sr. Security Engineer
Provided information security consulting services to clients across multiple Federal agencies and civilian organizations.
     Perform cyber security incident response services for multiple customers including volatile memory forensics, Windows
        registry forensics, malware analysis, disk forensics, and investigation assistance.
     Conduct training sessions for customers on reverse engineering malware and volatile memory forensics on the Windows
     Perform disk-based forensics using EnCase Enterprise and freeware Windows Registry analysis tools.
     Monitr open source intelligence sources and participate in private malware focused groups on current and emerging
        attack trends.
     Maintain public facing blog focused on malware analysis and HBGary technology.
     Support pre and post sales efforts by interfacing with customers and translating communications into actionable items
        for the development staff.
     Speak at events and conferences on various topics surrounding HBGary’s approach to defeating cyber security threats.

PricewaterhouseCoopers LLC
Sr. Associate                                                                                   05.08 – 09.09
Provided consulting services for incident response, penetration testing, and perimeter security helping customers protect the
integrity, confidentiality and availability of their corporate data, resources, and reputation.
     Assisted client with the termination of its information security staff by performing passive reconnaissance of the
        organization, integrating with the remaining staff, performing security assessment in a limited time period, searching for
        remote access capabilities, mapping the network, and searching for malware
     Performed as lead security resource on an extremely large payment card processor breach. Determined cause of security
        breach, lead containment effort to prevent further losses, and improved the organization’s security posture going
     Conducted multiple penetration tests for clients in the Health Care and Internet Services industries. Assessment scopes
        included physical, perimeter, application, dial-up, and internal security.
     Founded and lead firm-wide group focused on malware trends and analysis.
        Designed and implemented upgrades and migrations of perimeter firewalls, IDS, and bastion hosts.

Neustar INC
Sr. Security Engineer                                                                        06.03 – 05.08
Provided information security services to the internal organization including perimeter, Unix, and application security.
     Designed and implemented upgrades and migrations of perimeter firewalls, IDS, and bastion hosts.
     Integrated additional perimeter security measures such as: Web-filtering, Firewalls, IDS, and High-availability - using
        products such as BlueCoat, Checkpoint/Juniper, and SourceFire.
     Produced documentation of services performed and standard operating procedures with focus on security such as:
        Firewall Configuration, Server and Host Configuration, Network Diagrams, Vulnerability Assessments, and Standard
        Operating Procedures (SOW) based on Industry Accepted Best Practices.
     Performed incident response services internally as needed including disk imaging, investigation services, packet
        capturing, and reporting.
     Conduct quarterly vulnerability assessments using open source tools such as Nessus, NMAP, and Hping.
     Responsible for data visualization efforts using freeware tools such as Cacti, MRTG, RRD, and Perl scripting.
     Designed and deployed Ironmail anti-spam and anti-virus solution. Replaced Postfix deployment with a more robust
        commercial solution.
     Designed, deployed, and maintained a highly available RSA SecurId two factor authentication system supporting 2500
        users. Leveraged Lucent RADIUS technology to enforce customer access limits.
     Designed data integrity solution for meeting SOX audit requirements. Deployed commercial Tripwire solution for over
        650 nodes encompassing Linux, Solaris, AIX, Win2K, SunOne LDAP and Active Directory.
     Created custom reports using PERL scripting to parse various logs and archive data in MySQL and Oracle databases.

Kaiser Permanente                                                                          06.01 – 06.03
Sr. Network Engineer
Provided Cisco network design and implementation skills to the corporate network engineering team.
     Designed layer 2 and layer 3 networks for hospitals and other medical facilities. Heavy use of Cisco 6500 and 4000
       switches, 802.1q trunking, VLANS, and VTP.
     Provided level 3 support for a 3000+ router network. Included troubleshooting OSPF and BGP issues.
      Responsible for business partner connections. Designed and maintained an IPSEC VPN connection scheme using Cisco
       PIX firewalls and NAT tables.
      Provided Solaris and Linux system administration skills to the local team. Set up a Cricket SNMP collection and
       graphing station to monitor bandwidth usage for all East Coast routers.
      Researched, tested, and implemented an IP precedence based QoS mechanism.

Metromedia Fiber Networks                                                                            06.00 – 05.01
Security/Network Engineer
Provided a broad range of IT skills to support a web hosting operation.
    Designed web hosting infrastructures for multiple clients. Included web, application, and database layers.
    Focused heavily on host level security as well as perimeter security. Heavy use of Checkpoint firewalls and freeware
        operating system security tools including netfilter, SSH, tcpwrappers, NIST hardening standards.

Technica Corporation                                                                              11.99 – 05.00
Unix Administrator
Provided Unix systems administration skills to support the US Secret Service.
    Systems administrator for 10 node Solaris server farm supporting the US Secret Service.

TRW                                                                                            06.98 – 10.99
Unix Administrator
Provided Unix systems administration skills to support the US Federal Aviation Administration.
    Systems administrator for multiple Windows NT and Solaris servers supporting the Federal Aviation Administration.
Technical Proficiency
Operating Systems:
    Intel x86: MS-DOS, IBM-DOS, OS/2, Windows95/98, Windows NT, Windows 2000, Red Hat, FreeBSD, Solaris 2.51 & 2.6,
        Gentoo, Ubuntu
    SPARC: Solaris 2.51, Solaris 2.6, Solaris 7, Solaris 8
Application Packages:
    Firewalls: CISCO ASA, PIX; Check Point VPN-1/FireWall-1 3.x, 4.x,NG,NGX; Check Point Provider-1; NOKIA Firewall
        Appliances; Juniper/NetScreen; SonicWall;; WatchGaurd; Conclave; IPChains; IPTables; BlackICE
    Intrusion Detection System Software: Snort, SourceFire, ISS, NFR, TripWire
    Forensics: EnCase Enterprise, Helix, HBGary Responder Professional, RegRipper
    Penetration Testing Tools: Nessus, ISS Internet Security Scanner, Nmap, Whisker, X, Netcat, Solar Winds, ACL dump,
        tcpshow, L0phtCrack, Satan, Tiger, Strobe, xscan, iptools, hping, Netcat, Metasploit, BackTrack, etc.
    Authentication: Microsoft RADIUS, RSA SecurID/ACE Server, Rainbow Technologies, LDAP, TACACS+
    Anti-Virus: TrendMicro, McAfee
    Web Application Security: Burp Suite, WebInspect, Nikto
    Web Servers: Apache, TomCat, Microsoft IIS, Netscape Enterprise Server
    Other: Microsoft Office Suite, PGP, pcAnywhere, Adobe Photoshop, Macromedia Dreamweaver, SCREEN, tcpdump,
        snoop, debug, edlin, hexcalibur, windump, winpcap, ethereal, etc.

    Perl
    Bourne Shell and DOS Batch scripting
    JAVA (limited)
    x86 Assembly
    Currently learning Python

Education and Certifications

Bachelor of Science in Finance, George Mason University                                               1997
SANS GIAC Certified Reverse Engineering Malware (GREM Silver)                                         2009
SANS GIAC Certified Penetration Tester (GPEN Silver)                                                  2009
SANS GIAC Certified Incident Handler (GCIH Gold)                                                      2007
Redhat Certified Engineer (RHCE)                                                                      2006
Certified Information Systems Security Professional (CISSP)                                           2004
Certified Ethical Hacker (CEH)                                                                        2004
Cisco Certified Network Professional (CCNP)                                                           2004(expired)

Professional Conferences
Black Hat Briefings, Las Vegas, NV                                                                    07.2005
Black Hat Briefings, Las Vegas, NV                                                                    07.2006
DEFCON 0xD, Las Vegas, NV                                                                             07.2005
DEFCON 0XE, Las Vegas, NV                                                                             08.2006
DEFCON 0X11, Las Vegas, NV                                                                            08.2009
DoD Cybercrime, St. Louis, MO                                                                         01.2010

Professional Associations
ISC2, CISSP – Certified Information Systems Security Professional # 62863

Professional Presentations
DHS SIBR Status, Arlington, VA                                                                                  03.2010
“HBGary Phase II SIBR Status”
Outline of Professional Courses Taught
Reverse Engineering Malware
This was a two day class on reverse engineering malware with HBGary Responder Pro. The course introduced students to malware
concepts such as installation and deployment factors, information security factors, communication factors, obfuscation, and packing
techniques. The class was designed to teach students the benefits of using Responder Pro for malware investigations vs. traditional
freeware tool approaches.

Live Memory Forensics
This was an introductory class on general concepts of live memory forensics on the Windows platform. The course helped the student
master terminology and general understanding of the Windows operating system and how memory works. Students attend lecture and
perform labs where mock investigations are completed using HBGary Responder to acquire and analyze volatile memory from a
Windows system.

Personal Profile
Excellent leadership skills, recognized by peers as exceptionally organized and thorough.
Strong interpersonal and communication skills, with the ability to work efficiently on an individual basis or in a group setting.
Ability to learn quickly and adapt to new situations, encompassing new technological and managerial opportunities.
Strong work ethics, and highly motivated to learn.

Shall be provided upon request.

Shared By: