What makes me a security specialist?

My in-depth knowledge and experience ranges from the overall concepts & strategies (i.e. the "big picture") down to the most technically detailed aspects of each area within security. What makes me especially unique is my true understanding of security because unlike other standard security specialists, I have actually developed many core network security monitoring services such as communication sniffers, raw packet data protocol parsers, and network operations center systems for monitoring & alerting.

Many specialists in the field can install and configure Nagios, Snort, and other monitoring applications/services... but lack the in-depth technical knowledge behind these, thus contributing to their reliance on functionality within the product. I have created security related applications throughout my career either to fulfill a specific need or for learning the technical details of the project or solution.

Using my software development, systems administration, and network management experiences I have planned, designed, and developed security related solutions ensuring maximum protection as evident by my various projects and responsibilities.

Security in Information Technology is critically important and having been responsible for all areas within security, I have dedicated my career focus to ensuring maximum security protection applied to all projects I have previously worked on and all future ones. The content on this page is a balance between giving enough information but trying to limit the complexity for brevity's sake... as security is such a large field which many 400+ page books on the subject can be found.

What is security?

Commonly security is known to most people as protecting computers from malicious hackers (i.e. Black Hats) or viruses and other malware software types that cause problems. This actually is a very small, but important part of the true definition of security pertaining to Information Technology (IT). I would define security in its simplest definition is "Protection of assets & resources ensuring maximum continuation of operation, availability, and recoverability; used only by authorized individuals with access controls being applied." Security includes plans, processes, procedures, policies, and guidelines all intended to ensure proper security.

Depending on the security expert you talk to or book you read, security can be grouped in many ways with varying titles... but I have successfully used the following ("simplified version" as not to write a book), grouped and ordered accordingly:

1. Planning & Strategies
   Planning is the key aspect to security and is used as the framework to: determine goals & objectives; identify/assess SOX and other compliance requirements; assess business operations affected by or affecting the security plan; identify infrastructure elements (i.e. hardware, software, applications, networks, data, users, accounts, etc...); identify risks (i.e. risk assessment & exposure); establish policies & guidelines; define technical standards & baselines for implementations; define processes & procedures; and assignment of duties & responsibilities. A good plan is critical to successful security but requires continued updating & re-evaluation regularly over time to maintain it's effectiveness.
2. Auditing & Logging
   This in my opinion is the next most important piece as without having visibility & knowing what is actually happening means you cannot both identify issues and verify protection implementations effectiveness. Easiest way to illustrate this is, "It's like shooting a gun in the dark trying to hit a moving target."; and just expecting that your firewall rules are setup correctly to always protect you with blind faith. Setup of auditing and monitoring (with logging) of all resources including for example: account logins, data/application access, network communications, firewalls activity, Wi-Fi/VPN network access, hardware events such as changes in status with UPS/SAN/RAID, and many others not listed. Each resource needs to be configured as per your security plan to audit use & access in an implementation that provides both real-time event notifications and secure historical archiving. Additional resources will also need to be deployed depending on your plan to provide auditing of network communications known as sensors or IDS which do not provide any end-user resources (ex. file server)... these are used specifically for security auditing & monitoring purposes only.
3. Protecting & Safeguarding
   This is the actual implementation of your security plan to proactively provide protection and involves mostly technical aspects of the plan. Depending on the security plan, this can include many action items such as: deploying new security devices such as firewalls; restricting access to data, applications, & other network resources; requiring complex domain account passwords; reconfiguring storage for fault-tolerance using RAID; implementing or deploying your backup plan (part of the security plan); establishing a business continuity plan; and many other items all depending on your security plan & environment. It is very important that all action items follow your security plans "defined technical standards & baselines for implementations" and "defined processes & procedures" to both test these plans for accuracy & effectiveness as well as to follow the plan. If needed, changes to the security plan can and should be done when implementations identify gaps, problems, or ineffectiveness... and this is actually the best time to make improvements as needed.
4. Maintaining & Re-evaluation
   After successful implementation of your security plan, it is critical to maintain security ongoing by: enforcing established policies & guidelines; continued execution of defined processes & procedures; continuous monitoring of auditing events & logs; and handling of security events as per your security plan. Furthermore re-evaluation and update in whole or part of the security plan is required in cases of: infrastructure changes (i.e. servers, applications, networks, firewall rules change, etc...); staff or responsibilities change; security event/situation occurs requiring changes to plan; and varying other reasons which depend on the complexity and scope or your security plan & implementation. At a minimum re-evaluation and verification of the security plan should be done regularly to ensure continued effectiveness & re-verify management's risks exposure acceptance.

My fascination with computer security started way back when I was a kid with an Apple IIe computer using a modem to directly access Bulletin Board Systems (BBS). I started programming in Basic and was inspired by an older computer hacker Dr. Fantasmo who explained things such as backdoors, buffer-overflows, and various other hacker & programming techniques. Since that time I have continued the fascination for security having many opportunities to directly apply my knowledge & experience in the security field. I respect the elite hackers of the world but condemn any and all malicious intent, so my focus has been to use my knowledge to protect others as a "White Hat" hacker.

Over the years I have been involve with many projects and responsible for ensuring proper security with an excellent record of success. All solutions I have been directly responsible for planning & deploying have remained secure and uncompromised even after many years without continuous up-keep. Other solutions involving networking, high availability, fault-tolerance, and backups successfully achieved their intended planned goals when events did occur, for example: networking uninterrupted with the loss of T1 & switches; successful data recoveries from backups; continued operation of storage after drive failures; and continued GC/DNS/DHCP/WINS operations with server unavailability.

Detailed areas of security used during my career, successfully applying my knowledge and experience:

• Networking
  Everything about how devices communicate including: sockets, ports, protocols, MAC addresses, ARP, Spanning Tree Protocol (STP), broadcasts, IP addresses, and more. My knowledge includes many specific protocols down to the raw packet level and technical understanding of the RFC protocol specification used to create in some cases packet protocol parsers for security monitoring/control purposes. Detailed network communications knowledge is critical for effective monitoring, control, and protection which I have used during my IT career and consider this essential.
• Operating Systems
  Understanding how to properly setup & securely configure operating systems to maximize protection using "Operating System Hardening" ensures longevity of servers lifecycle. When deploying specific services and/or additional server applications like SQL & Exchange, it is important to properly configure these with security in mind.
• Firewalls
  Experience in properly configuring firewall rules to both properly protect and identify network devices that have been compromised. Particular focus on designing detailed rules providing granular communications control ensuring maximum protection. Experience in firewall configurations that include advanced features such as IDS, IDP, RBL, Applications Firewall, IPSEC (office-to-office), VPN, and other features. The most common design mistake I regularly find with firewall rules configuration is not using the rules properly to maximize protection & detection... normally I find a configuration of filter/block inbound (from Internet) and allow all communications outbound. This is somewhat effective but should be corrected to filter/block outbound communications for much better protection; by doing this, unauthorized or unexpected outbound communications would be blocked by default and with proper logging, events of interest can actively be detected for immediate follow-up.
• Security Concepts
  I have and continue to diligently study security concepts as they are the foundation of good security plans & strategies. Some security specialists tend to get caught up with the technical aspects and forget the concepts leaving gaps in security. Take for example one of the most basic concepts of security, "Least privileged permissions to accomplish the task". It is something that Administrators normally disregard when performing their daily duties while logged onto their workstations and/or servers with Administrator and even Domain AD Schema rights.
• Hacker Methods
  Understanding how malicious hackers would attack and/or compromise the network in order to protect against it is extremely important and I have invested a lot of time to maintaining up-to-date knowledge on this. Methods such as: botnets, backdoors, rootkits, "man in the middle", ARP poisoning, DoS attacks, DDoS attacks, session hijacking, port scans, and many others need to be technically known for proper configurations of firewalls, services, operating systems, and networks to name just a few.
• Protocols
  I have used my in-depth understanding of protocols primarily for properly configuring firewall rules which is critical when deployed internally between network segments. Other uses of protocols have been network monitoring, IDS/IDP, and applications development.
• High Availability & Fault-Tolerance
  Keeping critical infrastructure elements up and running takes a mixture of technologies, techniques, design, and proper configurations to successfully achieve high availability & fault-tolerance. I always ensure when working with Windows infrastructures that core services are deployed with multiple servers providing HA & fault-tolerance for the services: DC, GC, DNS, DHCP, WINS, NTP, and DFS/DFS-R especially in branch office local server situations. Virtualization projects I have done also achieved HA using VMware's Virtual Center (now known as vCenter) with multiple hosts and shared SAN storage. The hardware level is also critical for fault-tolerance to ensure resource availability and storage is always deployed with the appropriate RAID configurations. In cases of network backbones and other critical segments, deploying L2/L3 switches configured for fault-tolerance with port trunking adding increased data throughput. ISP connections have used double T1's bonded to provide resilience against single circuit loss also providing greater data throughput.
• Vulnerability/Risk Assessment & Penetration Testing
  Using my conceptual & technical security knowledge I have assessed entire infrastructures for vulnerabilities and risks using penetration testing, security assessment tools, and manual research of specialized software. To maintain my vulnerability knowledge, I review CVE, CERT, Microsoft Security Bulletins, and other security notifications regularly so I can be up-to-date and perform proactive protection. When I have been responsible for security, I did full parameter security checking on any Firewall changes, Internet mapped services changes, and at normal intervals ensuring continued protection. Depending on the assessment, I use various tools such as nmap, Nessus, Microsoft Baseline Security, wireshark, and others as needed for targeted results.
• Network Design
  Designing networks into logical isolated segments to apply security controls and logic to them. For example you would define a servers "trusted" network with security as: client computers would trust for inbound communications using host firewall rules; IDS & network monitors (i.e. sniffers) would be configured to detect specific communications omitting expected ones; and special server management only communications would be filtered from client access. Whereas a clients "trusted" network segment would differ as: no inbound network initiated communications allowed, only responses; detecting and blocking peer-to-peer client computers communications (if security policy forbids this); filtering of client communications either by IP or protocol to the Internet or other network segments.
• Encryption
  Encryption is used to keep the information secured in an encoded (i.e. encrypted) unreadable format until decrypted back to the original data using a key which can be a string (i.e. password/passkey) or certificate. I have extensively used and learned in-depth details of encryption understanding the various encryption algorithms (ex. DES, 3DES, AES, Blowfish, Diamond, etc...) and certificate based implementations. I have experience with Public Key Infrastructure (PKI), SSL, Certificates, Certificate Authorities (Enterprise & Standalone) and have directly implemented encryption technologies with Microsoft SQL 2005 Server, Microsoft IIS, Microsoft Certificate Services, Windows IPSEC, Apache, Firewalls (Office to Office & Remote Client VPN), and within custom applications using ASP & Delphi.
• Share/File/Folder Permissions
  Understanding permissions completely and proper configuration is more important than most IT people know for many reasons. Permissions are to restrict, control & allow access, but more than that they also can dramatically reduce future maintenance, retain planned file/folder structures, and prevent unauthorized changes to permissions by untrained users. I have designed and deployed network file shares and "Distributed File System" (DFS) on many occasions with extensive properly configured permissions on all levels such as DFS root/share, server resource share, and the file/folder levels ensuring the structure could not be altered by anyone except the IT staff. In cases where the permissions were not configured properly, users caused problems by changing folder names breaking DFS targets; putting data in the DFS root structure stored on the operating system volume which is very bad if it fills up; and endless other examples of not truly understanding and properly applying permissions.
• Backups
  I have been responsible for designing & implementing enterprise backup plans (i.e. Disaster Recovery Plan) for protecting the organization along with many other customers over the years. My experience has included very simple backup plans to complex multi-level protection utilizing various elements such as: robotic tape libraries; Internet based backup repositories; centralized enterprise backup repositories; branch office backups; and VMware VCB virtual machine backups. The technical implementations of the backup plans I created included various commercial backup software in conjunction with customized scripts, tasks, software, and utilities to complete the backup solutions providing complete automated reliable data protection.