2902 LAKE VISTA DRIVE - WYLIE, TX. 75098 Home: 972-636-5483 - Cell: 469-831-8543CELL E-MAIL: JOSH.BERRY@NETSCHEMATICS.COM JOSHUA BERRY, CISSP & GCIA PROFILE_____________________________________________________________________________________ * Highly motivated and goal oriented * Good time management and written communication skills EDUCATION___________________________________________________________________________________ * University of Texas Dallas Richardson, Texas B.S. in MIS * Richland MCSE Classes Richardson, Texas MCSE/MCDBA PROFESSIONAL EXPERIENCE_____________________________________________________________________ 12/05/05 – Present FedEx Kinko’s Plano, Texas Principal Engineer II, Security * Designed plan and engineered migration from Symantec AV to McAfee AV. Rolled out McAfee ePO, VirusScan and AntiSpyware out to 20,000+ systems * Designed plan and engineered Tripwire Enterprise rollout * Supported compliance team for auditing/remediation of PCI and SOX related issues * Identified solutions to meet PCI compliance regulations * Coordinated key management requirements for all PCI in-scope applications * Consolidated key management processes within the Information Security Team and aligned them with PCI requirements * Supported Checkpoint firewalls, Bluecoat Proxies, Symantec and McAfee AV Servers * Integrated security into the company’s SDLC process * Interfaced with development teams to identify security requirements based on functional specifications provided by the business * Reviewed technical specification documents to ensure adequate security measures were included in each development iteration * Security Requirement Analysis * Analyzed new kiosks and devices before implementation into the retail environment. Assessed current security controls and made recommendations for additional security layers and configuration changes. * Analyzed new eCommerce development projects to ensure PCI compliance and proper security controls. Provided recommendations and web application security framework to development teams to build security into the development process. * Assessed code for security issues with opensource and commercial code auditing software. Assessed web applications for security weaknesses with opensource and commercial web vulnerability scanners * Helped develop Information Security Policies 05/17/04 – 12/02/05 Penson Financial Services Dallas, Texas Security Engineer * Implemented a Security Information Management Solution * Developed a server/client platform that sends/receives XML based alert messages over an SSL encrypted tunnel. Alert messages are correlated and then sorted and stored in a backend database * Developed a web based PHP front-end that displays alert information, allows users to create tickets, and produces reports * Deployed Customized Monitoring Solution * Deployed multiple Snort sensors monitoring each critical network * Deployed multiple Nessus Vulnerability Assessment servers with customized scripts that perform automated scans on each network segment * Supported the Checkpoint and IPTables based firewalls as well as the Checkpoint, Cisco and OpenSWAN based VPN servers * Supported the security hardening scripts, tripwire installations, and kernel builds on the Slackware based Linux servers * Supported the syslog, MySQL, PostgreSQL, and Apache security servers * Policy, Procedure and Process Development * Developed the Vulnerability Management and Incident Response Plans * Worked the business and IT department managers to meet SOX control objectives * Designed and helped implement secure wireless infrastructure 05/12/03 – 05/14/04 CompuCom Systems, Inc. Dallas, Texas Security Engineer * Migrated and Consolidated IDS deployment * Redeployed Dragon IDS sensors to monitor all necessary traffic * Consolidated IDS deployment and phased out Dragon by deploying Snort on a Crossbeam C30 appliance * Reconfigured TopLayer’s IDS Balancer product to maximize the ability to aggregate data from all internal networks and increase IDS performance * Consolidated reporting of security logs with Network Intelligence appliance * Reduced exposure to vulnerability with TopLayer’s Attack Mitigator IPS * Led evaluation/test pilot of Sana Security’s Host based Intrusion Prevention Product * Developed IDS analysis and evaluation procedures * Responded to security incidents and performed computer forensics with Encase * Redeployed all security infrastructure servers with a hardened Redhat 8 * Performed network vulnerability assessments, network traffic analysis, server hardening, incident response on a regular basis * Performed risk analysis on infrastructure changes and proposed new products * Performed Firewall/OS audits (Checkpoint Firewalls) * Managed SurfControl web content filtering product 07/01/02 – 05/09/03 Network Partners, Inc. Richardson, Texas System/Security Engineer * Setup redundant/load balanced internet connection * Configured/Maintained Fatpipe Warp appliance to provide active/active T1 failover capability and balance our internet traffic over both lines * Configured/Maintained Active/Passive Cisco Pix configuration to provide redundancy for their firewall * Performed on-site network/security evaluations and consultation * Performed server hardening and incident response for internal systems and customers * Ran pen-tests and vulnerability assessments on corporate and customer networks * Deployed and maintained Cisco Pix, Watchguard, Netscreen, Linux, Sonicwall Firewall systems for clients and internal data center * Deployed and maintained Snort, Shadow, ISS, Intrusion Detection Systems for clients and internal data center 10/31/99 – 07/01/02 Hoak Breedlove Wesneski & Co. Dallas, Texas System/Security Engineer * Deployed and maintained Watchguard Firewall * Maintained remote access and VPN connection from branch offices * Performed penetration tests and vulnerability assessments internally/externally for the corporate office as well as branch locations * Installed, configured, and maintained Anti-Virus deployment * Defined and configured security policies and settings on all workstations and servers * Installed and configured Snort IDS for the corporate network * Supported Windows Server environment which included Windows NT, and 2000 Server as well as Windows 98, 2000 and XP desktop operating systems. OBJECTIVE___________________________________________________________________________________ I want to continue to build on my existing IT and security knowledge and training to further enhance my career and be a valuable resource to my employer. I am always seeking challenging work, which will enable me to grow in the IT Security industry. ACCOMPLISHMENTS_____________________________________________________________________________ * Certifications: MCSE, MCDBA, CISSP, GCIA Gold * Performed a technical review for O’Reilly on one of their new Snort books. * Placed 2nd in UTD’s first Business Idea Competition. Also won the “Most Effective Presentation” award in this contest. REFERENCES AVAILABLE UPON REQUEST