_ Comet

_ Comet

Information Security Quality Architect

San Francisco Bay Area

Past
  • Systems Manager at KLA Instruments Corporation

see less...

1 more...

Education
  • Continuing Education
  • San Jose State University
Recommended
_ has 13 recommendations 13 people have recommended _
Connections
227 connections
Industry
Computer & Network Security

_ Comet’s Summary

Operating Systems -- I can perform systems administration tasks on the following systems, and have experience using several other systems (MVS, VM, Primos).
• Windows (32-bit and 64-bit), including Vista and XP
• Linux (RedHat and SuSE), SPLAT (Check Point secure Linux)
• Unix (HP-UX, Solaris)
• OpenVMS

Security Assessment Tools -- I am familiar with OWASP guidelines and the use of many security and debugging tools to find and address design and coding security vulnerabilities.
• nmap, netcat, Achilles web proxy, MetaSploit Framework, Wireshark (Ethereal) network sniffer, tools from Sysinternals and Foundstone, and many others.
• ZoneAlarm Extreme Security Suite, Check Point Endpoint Security

QA Tools -- I have experience automating QA scripts and creating detailed bug reports, including analysis of system and application dumps.
• WinRunner, LoadRunner
• Bugzilla, ClearQuest

Languages -- I have written production code and documented secure coding standards for the following languages. I easily learn new languages, and can achieve fluency in two weeks of self-study.
• Shell scripts (C, Bourne, Bash, DOS, PowerShell)
• HTML
• PL/SQL
• DCL
• C
• Java
• Fortran

_ Comet’s Specialties:

Seeking work as part of a team dedicated to improving product software and systems, using my expertise to improve coding practices and operational security.

• 18 years experience with computer security.
• 17 years experience in software quality assurance.
• 22 years experience in systems administration, including Web server administration.

_ Comet’s Experience

  • Security QA (Architect, Manager, Engineer)

    Check Point Software Technologies

    (Computer Software industry)

    March 2004March 2009 (5 years 1 month)

    • As Check Point's security expert, performed functional, design, and performance QA of consumer and enterprise security products. This included full disk encryption, network firewall, anti-virus, anti-spyware, browser virtualization and anti-phishing features.

    • Received award for completing Common Criteria (CC EAL4+) evaluation under budget and seven months ahead of schedule. This was a matter of critical importance for the company, to be in compliance with U.S. Government directives. I was chosen to work on this progress because of my specific skill in determining functionality and test strategies for legacy code without reference to the source code.

    • Managed QA team for consumer and enterprise security products. Under my mentoring, two direct reports were promoted to team lead, and the automation group's performance was greatly improved.

    • Orchestrated changes in the Belarus development center to integrate with global QA, focusing on development QA testing and reporting. Attended various management classes including: Leadership, Managing change, Holding Effective Meetings, and Time Management.

    • Assisted major Fortune 500 customers on-site with rollout of installations and upgrades of an enterprise firewall suite, channeling feedback to the development team for product improvements.

    • Maintained security knowledge through Foundstone’s Ultimate Hacking training and attendance of DefCon and Black Hat briefings. Created and presented internal training both locally and internationally for QA, IT, and Development staff on various topics including: format string exploits, cross-site scripting (XSS), Unicode and local code page handling, file scanning evasion, and XML and database injection.

  • Sr. Security Analyst, QA Specialist, Developer, Sr. Technical Support Analyst

    Oracle Corporation

    (Public Company; ORCL; Computer Software industry)

    October 1991August 2003 (11 years 11 months)

    • Co-authored secure coding standards for Java, C, PL/SQL, and various operating systems, ensuring that Oracle’s software had state-of-the-art security, training developers and Webmasters.

    • Wrote external security alerts, and coordinated responses to external researchers. Evangelized security as part of cross-organizational team. Lead Birds-of-a-Feather discussion on tiger team penetration testing, for SANS Black Hat symposia.

    • Performed design audits and penetration tests to assess security risks of both internal production systems and software products, with stop-ship authority when any severe vulnerabilities were discovered. Coordinated work of Y2K team.

    • Designed and implemented Oracle's first corporate Support Web site, porting CERN Webserver C code to OS/2.

    • Performed on-site bug remediation, including source code analysis of customer applications. Authored and presented white paper on database backup and recovery at DECUS Symposia.

    • Processed customer support for all Oracle products on all supported platforms, including installation, performance, and troubleshooting, handling of down production databases during off-hour and weekend support calls for all global customers.

  • Systems Administrator

    Adaptec Corporation

    (Public Company; 1001-5000 employees; ADPT; Computer Hardware industry)

    August 1990May 1991 (10 months)

    Supported VMS and Fortran applications, installing PROMIS and COGNOS Powerhouse applications. Maintained MicroVAX 3800 and DECserver 200 machines in production environment.

  • Systems Manager

    KLA Instruments Corporation

    (Public Company; 5001-10,000 employees; KLAC; Semiconductors industry)

    June 1988August 1990 (2 years 3 months)

    Performed backups, tuning, and software updates on MicroVAX, VAXstation, and VAX 11-780 computers. Managed DECnet and Local Area VAXcluster. Evaluated, purchased, and installed hardware and software for engineering environment, including rewiring VAX 11-780 backplane for CPU acceleration. Developed real-time reminder facility, spelling checker, multi-window character-based system for multitasking, and automated backup script.

_ Comet’s Contact Settings

Interested In:

  • career opportunities
  • job inquiries
  • expertise requests
  • reference requests
  • getting back in touch

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View _ Comet’s full profile:

  • See who you and _ Comet know in common
  • Get introduced to _ Comet
  • Contact _ Comet directly

View Full Profile