Philip A. Wallisch, GREM, GCIH, CISSP
3207 Nestlewood Drive Herndon, Virginia 20171
Email: firstname.lastname@example.org Phone: (703) 655-1208
Acquire a challenging information security position focused on malware analysis and incident response where my skills and
growth contribute to overall mission success.
I have been exposed to numerous technical areas in the course of eleven (11) years in the Information Security and Computer
Networking fields, with specialization in providing Information Security Services. My background includes malware investigations,
incident response, perimeter security architecture design and implementation, vulnerability assessments, penetration studies, Unix
systems administration, layer two/three network design, and technical presentations and documentation.
Malware Investigations: Reverse engineer malware through a combination of dynamic and static analysis to determine
software characteristics and behaviors. Present findings to customers and determine the relevance of malicious code to
the overall attack.
Incident Response: Respond to multiple computer intrusions across different industries. Perform investigation and
containment services to allow clients to return to normal operations in a timely fashion.
Network Penetration Testing: Black Box (blind) testing, operating system and active TCP/UDP port exploitation, IDS,
Firewall, Router evasion through sophisticated packet fragmenting and tunneling processes, and Denial of Service
Perimeter Security Architecture: Design and Implementation of perimeter security architectures including the use of
firewalls, intrusion detection systems, screening routers, bastion hosts, honey pots, address translation, authentication,
and virtual private networking for networked and wireless infrastructures.
Security Training: Train students in volatile memory forensics and reverse engineering. Demonstrate the value of these
topics through lecture and hands-on lab exercises.
Additional areas of exposure include business analysis, and management of client relations, sales processes, and pre and post-sales
HBGary INC 09.09 – present
Sr. Security Engineer
Provided information security consulting services to clients across multiple Federal agencies and civilian organizations.
Perform cyber security incident response services for multiple customers including volatile memory forensics, Windows
registry forensics, malware analysis, disk forensics, and investigation assistance.
Conduct training sessions for customers on reverse engineering malware and volatile memory forensics on the Windows
Perform disk-based forensics using EnCase Enterprise and freeware Windows Registry analysis tools.
Monitr open source intelligence sources and participate in private malware focused groups on current and emerging
Maintain public facing blog focused on malware analysis and HBGary technology.
Support pre and post sales efforts by interfacing with customers and translating communications into actionable items
for the development staff.
Speak at events and conferences on various topics surrounding HBGary’s approach to defeating cyber security threats.
Sr. Associate 05.08 – 09.09
Provided consulting services for incident response, penetration testing, and perimeter security helping customers protect the
integrity, confidentiality and availability of their corporate data, resources, and reputation.
Assisted client with the termination of its information security staff by performing passive reconnaissance of the
organization, integrating with the remaining staff, performing security assessment in a limited time period, searching for
remote access capabilities, mapping the network, and searching for malware
Performed as lead security resource on an extremely large payment card processor breach. Determined cause of security
breach, lead containment effort to prevent further losses, and improved the organization’s security posture going
Conducted multiple penetration tests for clients in the Health Care and Internet Services industries. Assessment scopes
included physical, perimeter, application, dial-up, and internal security.
Founded and lead firm-wide group focused on malware trends and analysis.
Designed and implemented upgrades and migrations of perimeter firewalls, IDS, and bastion hosts.
Sr. Security Engineer 06.03 – 05.08
Provided information security services to the internal organization including perimeter, Unix, and application security.
Designed and implemented upgrades and migrations of perimeter firewalls, IDS, and bastion hosts.
Integrated additional perimeter security measures such as: Web-filtering, Firewalls, IDS, and High-availability - using
products such as BlueCoat, Checkpoint/Juniper, and SourceFire.
Produced documentation of services performed and standard operating procedures with focus on security such as:
Firewall Configuration, Server and Host Configuration, Network Diagrams, Vulnerability Assessments, and Standard
Operating Procedures (SOW) based on Industry Accepted Best Practices.
Performed incident response services internally as needed including disk imaging, investigation services, packet
capturing, and reporting.
Conduct quarterly vulnerability assessments using open source tools such as Nessus, NMAP, and Hping.
Responsible for data visualization efforts using freeware tools such as Cacti, MRTG, RRD, and Perl scripting.
Designed and deployed Ironmail anti-spam and anti-virus solution. Replaced Postfix deployment with a more robust
Designed, deployed, and maintained a highly available RSA SecurId two factor authentication system supporting 2500
users. Leveraged Lucent RADIUS technology to enforce customer access limits.
Designed data integrity solution for meeting SOX audit requirements. Deployed commercial Tripwire solution for over
650 nodes encompassing Linux, Solaris, AIX, Win2K, SunOne LDAP and Active Directory.
Created custom reports using PERL scripting to parse various logs and archive data in MySQL and Oracle databases.
Kaiser Permanente 06.01 – 06.03
Sr. Network Engineer
Provided Cisco network design and implementation skills to the corporate network engineering team.
Designed layer 2 and layer 3 networks for hospitals and other medical facilities. Heavy use of Cisco 6500 and 4000
switches, 802.1q trunking, VLANS, and VTP.
Provided level 3 support for a 3000+ router network. Included troubleshooting OSPF and BGP issues.
Responsible for business partner connections. Designed and maintained an IPSEC VPN connection scheme using Cisco
PIX firewalls and NAT tables.
Provided Solaris and Linux system administration skills to the local team. Set up a Cricket SNMP collection and
graphing station to monitor bandwidth usage for all East Coast routers.
Researched, tested, and implemented an IP precedence based QoS mechanism.
Metromedia Fiber Networks 06.00 – 05.01
Provided a broad range of IT skills to support a web hosting operation.
Designed web hosting infrastructures for multiple clients. Included web, application, and database layers.
Focused heavily on host level security as well as perimeter security. Heavy use of Checkpoint firewalls and freeware
operating system security tools including netfilter, SSH, tcpwrappers, NIST hardening standards.
Technica Corporation 11.99 – 05.00
Provided Unix systems administration skills to support the US Secret Service.
Systems administrator for 10 node Solaris server farm supporting the US Secret Service.
TRW 06.98 – 10.99
Provided Unix systems administration skills to support the US Federal Aviation Administration.
Systems administrator for multiple Windows NT and Solaris servers supporting the Federal Aviation Administration.
Intel x86: MS-DOS, IBM-DOS, OS/2, Windows95/98, Windows NT, Windows 2000, Red Hat, FreeBSD, Solaris 2.51 & 2.6,
SPARC: Solaris 2.51, Solaris 2.6, Solaris 7, Solaris 8
Firewalls: CISCO ASA, PIX; Check Point VPN-1/FireWall-1 3.x, 4.x,NG,NGX; Check Point Provider-1; NOKIA Firewall
Appliances; Juniper/NetScreen; SonicWall; Intrusion.com; WatchGaurd; Conclave; IPChains; IPTables; BlackICE
Intrusion Detection System Software: Snort, SourceFire, ISS, NFR, TripWire
Forensics: EnCase Enterprise, Helix, HBGary Responder Professional, RegRipper
Penetration Testing Tools: Nessus, ISS Internet Security Scanner, Nmap, Whisker, X, Netcat, Solar Winds, ACL dump,
tcpshow, L0phtCrack, Satan, Tiger, Strobe, xscan, iptools, hping, Netcat, Metasploit, BackTrack, etc.
Authentication: Microsoft RADIUS, RSA SecurID/ACE Server, Rainbow Technologies, LDAP, TACACS+
Anti-Virus: TrendMicro, McAfee
Web Application Security: Burp Suite, WebInspect, Nikto
Web Servers: Apache, TomCat, Microsoft IIS, Netscape Enterprise Server
Other: Microsoft Office Suite, PGP, pcAnywhere, Adobe Photoshop, Macromedia Dreamweaver, SCREEN, tcpdump,
snoop, debug, edlin, hexcalibur, windump, winpcap, ethereal, etc.
Bourne Shell and DOS Batch scripting
Currently learning Python
Education and Certifications
Bachelor of Science in Finance, George Mason University 1997
SANS GIAC Certified Reverse Engineering Malware (GREM Silver) 2009
SANS GIAC Certified Penetration Tester (GPEN Silver) 2009
SANS GIAC Certified Incident Handler (GCIH Gold) 2007
Redhat Certified Engineer (RHCE) 2006
Certified Information Systems Security Professional (CISSP) 2004
Certified Ethical Hacker (CEH) 2004
Cisco Certified Network Professional (CCNP) 2004(expired)
Black Hat Briefings, Las Vegas, NV 07.2005
Black Hat Briefings, Las Vegas, NV 07.2006
DEFCON 0xD, Las Vegas, NV 07.2005
DEFCON 0XE, Las Vegas, NV 08.2006
DEFCON 0X11, Las Vegas, NV 08.2009
DoD Cybercrime, St. Louis, MO 01.2010
ISC2, CISSP – Certified Information Systems Security Professional # 62863
DHS SIBR Status, Arlington, VA 03.2010
“HBGary Phase II SIBR Status”
Outline of Professional Courses Taught
Reverse Engineering Malware
This was a two day class on reverse engineering malware with HBGary Responder Pro. The course introduced students to malware
concepts such as installation and deployment factors, information security factors, communication factors, obfuscation, and packing
techniques. The class was designed to teach students the benefits of using Responder Pro for malware investigations vs. traditional
freeware tool approaches.
Live Memory Forensics
This was an introductory class on general concepts of live memory forensics on the Windows platform. The course helped the student
master terminology and general understanding of the Windows operating system and how memory works. Students attend lecture and
perform labs where mock investigations are completed using HBGary Responder to acquire and analyze volatile memory from a
Excellent leadership skills, recognized by peers as exceptionally organized and thorough.
Strong interpersonal and communication skills, with the ability to work efficiently on an individual basis or in a group setting.
Ability to learn quickly and adapt to new situations, encompassing new technological and managerial opportunities.
Strong work ethics, and highly motivated to learn.
Shall be provided upon request.