Patrick Harrison

Current

Senior Security Engineer at Aware Corporation Ltd

Past

Director of Security Operations at Revolution.com
Sr. Security Consultant at True North Solutions
Principle Security Engineer, Global Security Operations Lead at ICSA.net/ TruSecure Corp. / Cybertrust Inc.

Senior Security Engineer, Team Lead at ICSA.net/ TruSecure/ Cybertrust Inc.
Senior Security Engineer/ Network Administrator at ICSA.net/ TruSecure Corp. / Cybertrust Inc.
Senior Security Engineer at ICSA.net/ TruSecure Corp. / Cybertrust Inc.
Security Analyst at ICSA.net/ TruSecure Corp. / Cybertrust Inc.
Global Security Operations Lead at TruSecure Corp. (now Cybertrust)
Senior Router Security Engineer at UUNET/ WorldCom
Application Developer at UUNET/ WorldCom
Security Support/ Abuse Investigations. (Levels I, II, and III) at UUNET/ WorldCom
Assistant Server Administrator at Tidalwave Internet
Technical Support Team Manager at Tidalwave Internet
Support Technician at Tidalwave Internet

see less...

11 more...

Education

University Of Houston

Recommended

9 people have recommended Patrick

Connections

217 connections

Industry

Computer & Network Security

Websites

Patrick Harrison’s Summary

Patrick has over 10 years of information security experience in various roles. Patrick specializes in risk management, web application and infrastructure vulnerability assessment, penetration testing, firewall management, and incident response. Previously he was the Director of Security Operations for Revolution Health LLC where he oversaw every aspect of operational security for the organization including security program development, IDS implementation and web application security. Prior to Revolution, Patrick held several high profile roles including the Global Lead of the Security Operations for CyberTrust (formerly TruSecure) and a Senior Router Security Engineer for UUNET Worldcom where he was heavily involved in DDoS Attack mitigation, protection of critical infrastructure, and special security projects.. As a consultant, Patrick has also performed extensive security engagements for Fortune 500 companies, US Government organizations, and the US military. Additionally, Patrick is a regular contributor to several OWASP projects, is the lead developer of an open source Linux project, and maintains a public blog focused on enterprise security issues.

Patrick Harrison’s Specialties:

Firewall Admin., Intrustion Detection, Penetration Testing, Infrastructure Vulnerability Testing, DDoS, Incident Response, UNIX Admin., Risk Management, Policy Development, Physical Security, Network Architect, Certified Blue Coat Instructor, TruSecure ICSA Certified Security Associate (TICSA)

Training:
•Check Point 4.0 & NGX
•Juniper SSL VPN, IDP, Firewall & Advanced VPN
•UUNET Cisco I & II, Ascend MAX/TNT, Network Management, BGP, Cisco CBAC
•Certified Security Compliance Specialist

Patrick Harrison’s Experience

Senior Security Engineer

Aware Corporation Ltd

(Public Company; 51-200 employees; Information Technology and Services industry)

November 2007 — Present (2 years 1 month)

Aware Corporation is a Software Engineering and IT Services company with offices in both Chiang Mai and Bangkok, Thailand. Aware provides IT services to corporate customers in Northern Thailand, and Software Engineering and Outsourcing services to clients in Thailand, USA, Canada and Vietnam.
Director of Security Operations

Revolution.com

(Privately Held; 201-500 employees; Health, Wellness and Fitness industry)

July 2006 — November 2007 (1 year 5 months)

Leads the Security Operations team. Responsibilities include web application security testing, managing regulatory compliance activities (PCI & HIPAA), drafting company security policies, managing intrusion detection systems, enterprise vulnerability assessments, and assessing the security posture of third party vendors. Additionally is a regular contributor to several OWASP projects, attends the meetings of several security groups (OWASP, NoVa Sec., CapSec, and ShmooCon) and maintains a public blog focused on enterprise security issues.
Sr. Security Consultant

True North Solutions

(Privately Held; 51-200 employees; Computer & Network Security industry)

July 2005 — July 2006 (1 year 1 month)

Responsible for supporting commercial and government clients by providing expert advice for current and emerging technologies to the benefit of the overall architecture and design of their network security solutions. Responsible for the global delivery of consulting, implementation, and training services to clients. Has focused on highly available and clustered firewall systems as well as identifying long-term security strategies (including authentication, encryption, bandwidth-control and enterprise management) and assessment of current network security posture.
• Security Product Implementation – Implemented products for large scale federal and commercial clients.
• Security Architecture Analysis – Performed Security Architecture review and created enhancement roadmaps.
• Training – Conducted Blue Coat Training for Proxy Fundamentals and Advanced Proxy Solutions.
• Vulnerability Assessment – Performed vulnerability assessments for commercial and government clients.
Principle Security Engineer, Global Security Operations Lead

ICSA.net/ TruSecure Corp. / Cybertrust Inc.

(Privately Held; 501-1000 employees; Computer & Network Security industry)

August 2000 — June 2005 (4 years 11 months)

• Served as principle Security Engineer in charge of internal global security operations.
• Drafted security policies for the company; designing firewall and IDS deployments globally; performing security audits on all global entities and ensuring compliance with known security standards such as ISO 17799, Sarbanes-Oxley, etc; development of an incident response policy; network, wireless, and physical penetration testing; and employee monitoring.
• Assisted the CyberTrust knowledge team’s research of new and evolving vulnerabilities and attacks.
Senior Security Engineer, Team Lead

ICSA.net/ TruSecure/ Cybertrust Inc.

(Privately Held; 501-1000 employees; Computer & Network Security industry)

August 2000 — June 2005 (4 years 11 months)

• Maintained a high level of corporate security across 11 global sites, including both physical and data/network security.
• Maintained various biometric systems, physical access control devices, and visual monitoring systems across all locations.
• Served as firewall and IDS administrator, designing and implementing a multi-vendor deployment of firewalls and Intrusion Detection Systems.
• Composed corporate security policies and implemented methodology to ensure compliance.
• Performed periodic network security audits of all locations international, as well as physical penetration tests.
• Served as the primary point of contact for the TruSecure Corporate Incident Response Team.
Senior Security Engineer/ Network Administrator

ICSA.net/ TruSecure Corp. / Cybertrust Inc.

(Computer & Network Security industry)

August 2000 — June 2005 (4 years 11 months)

• Redesigned the network infrastructure, both internal and external.
• Integrated several remote locations using a combination of private frame relay connections and fail over IPSEC tunnels.
• Setup complex multi-vendor firewall architecture to provide a multi-layer DMZ structure.
• Deployed and maintain several IDS systems to monitor traffic patterns.
• Designed and maintained all corporate UNIX based email, DNS, and web servers.
• Administered all corporate firewalls, routers, switches, and IDS systems and assisted in the administration of corporate Win32 servers in both WinNT4 and Windows 2000 environments.
Senior Security Engineer

ICSA.net/ TruSecure Corp. / Cybertrust Inc.

(Privately Held; 501-1000 employees; Computer & Network Security industry)

August 2000 — June 2005 (4 years 11 months)

• Redesigned, documented, configured and implemented a new probing and vulnerability assessment lab. This included custom hardware and OS configuration on BSD, Linux, Windows NT, and Windows 2000 platforms. Also, conducting performance testing and quality assurance of available port and vulnerability scanners across multiple platforms and configurations.
• Designed new security applications in Perl, Bash Shell, and Expect, to improve scanning techniques.
• Redesigned network layout based of discovered traffic patterns.
• Developed a series of Bash Shell, Perl, and Expect scripts, in conjunction with SSL
secured website with custom CGI scripts to automate the overall scanning process.
• Served as an escalation point and technical reference for the security analysts and their customers.
• Setup test cases, mirroring a customer’s environment, and employ various Intrusion Detection Systems (SNORT, RealSecure, etc) and traffic sniffers/ analyzers to diagnose complex problems.
Security Analyst

ICSA.net/ TruSecure Corp. / Cybertrust Inc.

(Privately Held; 501-1000 employees; Computer & Network Security industry)

August 2000 — June 2005 (4 years 11 months)

• Conducted vulnerability and risk assessment testing, as well as, on-site security evaluation for customers participating in the ICSA.net TruSecure Certification Process.
• Utilized multitude of port and vulnerability scanners such as CyberCop Scanner, ISS Internet Scanner, Nessus, nmap, Satan, and Cheops.
• Performed further research on all report vulnerabilities and made recommendations for correction.
Global Security Operations Lead

TruSecure Corp. (now Cybertrust)

(Computer & Network Security industry)

2000 — 2005 (5 years )
Senior Router Security Engineer

UUNET/ WorldCom

(Public Company; 5001-10,000 employees; Internet industry)

April 1998 — July 2000 (2 years 4 months)

• Served as a senior member of the Customer Router Security team, responsible for mitigating and tracing all denial of service attacks, directed at members of the UUNET customer base.
• Worked with both Cisco and Juniper backbone routers, manipulation of several routing protocols, including BGP, and working with advanced Cisco IOS security features (Extended ACLs, TCP Intercept, Committed Access Rate Filters, CBAC, and TACACS).
Application Developer

UUNET/ WorldCom

(Public Company; 5001-10,000 employees; Internet industry)

April 1998 — July 2000 (2 years 4 months)

• Developed UNIX platform based applications for the UUNET security groups. This included applications written in Bash Shell, Perl, TK, TCL, and Expect. These applications were designed to interact with such things as Remedy Ticketing Systems, Cisco Routers, and Ascend TNT dial access hardware.
• Developed a tool to uniquely identify machines belonging to known AUP violators and permanently deny them access to dial access infrastructure.
Security Support/ Abuse Investigations. (Levels I, II, and III)

UUNET/ WorldCom

(Public Company; 5001-10,000 employees; Internet industry)

April 1998 — July 2000 (2 years 4 months)

• Worked the incident response desk to handle reports of Acceptable Usage Policy (AUP) Violations, including such things as massmail, spam, copyright infringement, child pornography, subpoena compliance, denial of service attacks, and hacking attempts.
• Completely designed, implemented, and documented procedures for handling complaints regarding Usenet violations.
Assistant Server Administrator

Tidalwave Internet

(Privately Held; 11-50 employees; Internet industry)

January 1998 — April 1998 (4 months)

• Assisted server administrators to maintain a collection of Windows NT based servers. This included such things as Ms Exchange Server, Netscape Messaging Server, IIS 4.0, Front Page Web Server, DNS Consoles, Serve-U FTP, Wins Servers, DHCP servers, D-News USENET servers, Net Dynamics Ticketing System, and several Authentication/Radius consoles which interacted with a MS Access backend.
• Maintained local area network and all employee workstations, both at the hardware and software levels.

Also solely maintained local area network and all employee workstations, both at the hardware and software levels.
Technical Support Team Manager

Tidalwave Internet

(Privately Held; 11-50 employees; Internet industry)

January 1998 — April 1998 (4 months)

• Managed the technical support team, generated weekly work schedules, resolved personnel issues, and was responsible for the hiring/ staffing of the support team.
• Served as top tier support for all unresolved, escalated, or complex customer issues.
Support Technician

Tidalwave Internet

(Privately Held; 11-50 employees; Internet industry)

January 1998 — April 1998 (4 months)

• Responsible for troubleshooting of issues affecting a 12,000 member ISDN, dial access, and webhosting customer base. Tasks included connection issues, authentication problems, e-mail retrieval problems, Internet software misconfigurations, and content uploading issues.
• Supported all known web browsers, email packages, IRC clients, FTP clients, web content authoring software, and PPP connection software on Windows 3.1, Windows 95, Windows 98, Windows NT, and Macintosh platforms.

Patrick Harrison’s Education

University Of Houston

Physics, Math, Comp Sci August 1993 — May 1994

Physics Major with Minors in Math and Computer Science.

Additional Information

Patrick Harrison’s Websites:

Patrick Harrison’s Groups:

Security Crew
Information Security Community
UUNET Alumni
$Thailand Connection ราชอาณาจักรไทย \ Professionals and Friends$ Thailand Connection ราชอาณาจักรไทย \ Professionals and Friends
Thailand Professionals
IT Expats in Thailand
Cybertrust Alumni
True North Solutions Alumni
Information Technology Thailand
Revolution Health Group
Singapore & APAC IT Professionals
Verizonbusiness - Cybertrust
Thailand IT Community
Career Connect Thailand