Vlad Gostom
(201)783-7501
To obtain a challenging position as a network security professional.
NMap Utilized nmap for penetration testing and verifying server integrity. Utilized logging to database, performed comparison on results of scheduled scans and produced reports.
Nessus Setup, configured, maintained and updated nessus. Wrote own custom rules, performed scanning, and scheduled automated scanning, logging and alerting.
SNORT Setup, configured and maintained snort in passive sensor mode and in in-line mode. Customized rule set and wrote custom rules. Participated in rewriting the libpcap sniffer used by snort and the database logging plug in due to them being intentionally crippled by SourceFire. Participated in a project that utilized snort and several other custom written applications. Active participant in Bleeding Snort.
EnCase participated in a course approved by Guidance Software, performed various coarse work in a lab environment. Successfully completed the computer forensics and investigations exam with a perfect grade. Assisted in investigating compromised honeypot machines and in handling internal investigations.
CGI, Web and Network Vulnerability
Scanners Utilized various web vulnerability scanners and fuzzers to perform black box and gray box testing against
web based applications and web servers. Some of the utilities included Appscan, WebInspect, Spi Proxy, SpiKe Proxy, Fiddler,
source insight, Olydebug, Metasploit
Framework, SSL Digger,
Programming Languages: C++, SQL, C#, PHP4, PHP5, ASP, Perl, Turbo Pascal, Turbo Assembler
OSes and Environments: Windows 95/98/NT/2K/XP/2003, Linux, UNIX, Apache, Checkpoint Firewall, Cisco PIX, Tipping Point IPS, Webalizer, IIS4, IIS5, LDAP
Performed
penetration testing for global banking, telecommunications and service industry
clients. Performed
over 300 vulnerability assessments, for fortune 200 companies. Developed information security guidelines, vulnerability assessment
guidelines, best practices, and incident response plans for clients. Supervised
the on-site vulnerability assessment team, reviewed reports, conducted quality
assurance, scheduled vulnerability assessments, managed
relationships with clients. Performed comparative testing
against competing vulnerability assessment teams and clients overseas assets.
Performed
vulnerability assessments on web applications, embedded network devices, VoIP telephones, and ISP infrastructure that included WiFi as last mile solution.
Senior Consultant Technology Risk Division (September
November 2006)
Performed penetration testing for
various financial institutions. Audited for compliance to industry best practices, internal
policies and various guidelines in preparation for internal audit, SOX audit or
PCI audit.
Designed and helped
implement network intrusion detection system for the largest VoIP provider in the world. Deployment included designing
and writing custom signatures for use within the organization.
Conducted
vulnerability assessments for units of New York City Government.
Part of the team testing
every Internet facing application client has, including Brokerage services,
Payroll, multiple financial applications, Retirement Services, Tax tools, and
intranet portal. Tested clients
authentication methods and Single Sign On Solutions
for intranet/extranet portal, as well as custom hosted environments.
Utilizing proven test
methodologies, was instrumental in increasing network security and security
awareness. Performed Gap Analysis of
security factors, and recommended mitigating strategies and tactics for gaps.
Testing performed using
off-site and on-site machines, at various hours of day and night.
Participated
in full life cycle development of an Intrusion Detection/Intrusion Prevention
Systems. Developed specifications,
implemented numerous modules, conducted code review and supervised a team of
developers, conducted testing.
Performed
security auditing and penetration testing on government and private networks.
Wrote specifications and
implemented a secure setup and configuration of a security appliance with
Security Enhanced Linux, Apache, PHP, Postgres SQL, WebMin and various other software packages.
Designed, implemented and
maintained an IDS testbed network for evaluating IDS
systems. Worked with Bleeding SNORT group to test and optimize SNORT rules.
Audited
malicious code (viruses, worms, exploits) to research more effective detection
techniques.
Wrote custom exploits to
audit proof of concept systems, products, and competing systems.
Designed and implemented a
2012 node cluster to simulate a wireless ad-hoc network for testing various
aspects of Future Warrior Combat System. Participated in
various DARPA funded contracts.
Helped found and currently
leads the response team responsible for investigating reports of compromised
architecture for clients employing the CONEX Guard IPS. The team is also
primarily responsible for maintaining and analyzing the deployed honeypot network.
Implemented and deployed
applications for wireless community network systems and research projects. Lead
a development team working on ActiveCampus. SmartCampus allows for real time location of users of a
wireless network. Responsibilities included configuring and securing all
project servers and infrastructure. Project is run in conjunction with UCSD.
Supported various NSF funded studies.
Designed, deployed and
secured a wireless network in downtown
Performed development and
troubleshooting of PHP4 applications. Developed PHP4 applications to help
maintain and automate various procedures on UNIX. Developed web interfaces for
UNIX shell scripts. Assisted in transition from IIS/ASP to
apache/PHP including carrying out full code conversion. Participated in full life
cycle development of a web based applications.
|
2000 2005 |
New Jersey Institute of
Technology, |
|
2004 |
Computer Forensics and
Investigations Course + hands on lab |
|
2003 |
Network Security
Auditing and Best Security Practices Course + hands on lab |
|
2002 |
Advanced cryptography,
Security and protocol analysis coarse |
|
2002 |
Cyber Law and Computer
Investigations Course |
|
1996 2000 |
|