Edward Turkaly

 

Email: 13fefe1d@opayq.com        Linkdin:  https://www.linkedin.com/in/edward-turkaly-aa64877                     Phone: 720-432-5821

 

 

QUALIFICATIONS

15+ years cyber security experience. Develops & manages new Security Programs for the fortune 500. Policy maker and strategic advisor, specializing in linking security strategy to business goals. Experience commercializing new security products to market, developing and finalizing security request for proposals, and operational security management. Keeps executive’s informed. Expertize in setting multi-year security strategy, protecting critical infrastructure and industrial control systems, developing and improving incident response programs, conducting Emergency Management, performing Vulnerability Management, and ensuring Business Continuity. Provides technical know-how linked to the big picture to promote mature program, processes & policy. Trained in strategic decision-making. Strong leadership traits, team player, excellent knowledge, visionary perspective & communication skills.  

 

TECHNICAL OVERVIEW

Technologies: Windows Server 2000-20016 install/config/hardening, Active Directory Domain Security, Metadata Analysis, AD Schema Extensions & Event log correlation, Identity Management (Microsoft Identity Integration Services), Security in IaaS, PaaS and AaaS, PKI, Certificate Revocation Infrastructures, IDS/IPS, Radius, NAT, VPN, & other Internet Authentication Services.

Operating Systems: Windows Server 2008 - 3.11. Nokia Firewall, Novell 4.11, some Cisco Pix 520, some Linux (Red Hat 5.2), BEOS R4.

Software: Active Directory, MIIS, VMware, Veritas/KVS Enterprise Vault, SAP, Check Point FWl-1 & VPN, CISCO PIX & VPN, Guardian Firewall, Real Secure Network & Host Based Intrusion Detection IIS/IPS, Exchange Server, Internet Information Server (5.0-3.0), SQL Server, Veritas, Microsoft Visio, ODBC compliance, Office Suite(s), DOS, Norton Ghost, Timbuktu, among others.

Security tools: ISS (SiteProtector 6.1), IDS/IPS, HIDS/NIDS, RSA EnVision, SPLUNK, SolarWinds (SIEM), NMAP, McAfee ePO (ePolicy Orchestrator), Cisco CSW, OpenDNS, RedCloak, Blue Coat Proxy, Tenable, HPWebInspect, dbProtect, Nessus, Wireshark, Encase, Spector, CyberCop, Eeye, Hyena, Kane, SnifferPro, Snmpwalk,

Protocols: IPSec, PPtP, TCP/IP, SSH, VPN, LDAP, RADIUS, HTTP/S, NetBEUI, PPP, SLIP, NetBIOS, IPX/SPX among others.

Hardware: LAN/WAN, Routers, Switches, Hubs, PIX/Nokia Firewalls, RAID 5, Fault Redundant NIC’s, among others.

Compliance Experience: FISMA, Certification & Accreditation (C&A), Privacy Impact Assessment (PIA), System Security Plans (SSP), OMB, NIST (800-53), FIPS (199, STIGS), SOX, HIPPA, NERC CIP 02-09, GLBA, and ISO frameworks. 

Government Experience: DHS, ICE, Air Force, NAVAIR, Pentagon, DISA, CIA, DOI – Bureau of Reclamation

High Level Skills: Strategic Advisor, Business Development, Proposal writing, Cloud Computing Security, IR&H, Management, Project Management, Defense in Depth, Business Impact Assessment (BIA), Disaster Recovery/Business Continuity, Security Policy, Assessments, Boundary Protection, Network/Server Administration; Client Facing, Public Speaking, Consulting & Technical Support.

 

CERTIFICATIONS

(ISC)² Certified Information System Security Professional (CISSP) Cert #: 46026

SCADA Security Architect (CSSA)

Lean Six Sigma Green Belt

Federal IT Security Institute – Federal IT Security Professional Designer (FITSP) Cert # 00672

SANS Global Industrial Cyber Security Professional (GICSP)

Former SANS Security Essentials Certification (GSEC)

Former Microsoft Certified Systems Engineer (MCSE)

NSA INFOSEC Assessment Methodology- IT Security Organization - Critical Infrastructure Protection

Business Continuity Planning Training Certificate, Sentryx; Oct 2005

 

KEY PUBLICATIONS & DOCUMENTATIONS

 “Securing Certificate Revocation List Infrastructures” published on SANS

IT Disaster Recovery Plan(s) - CoBank & Coors Brewing Company

Information Security Policies (dozens) - Coors Brewing Company

 

EDUCATION

Bachelor of Arts in Philosophy; George Mason University, Fairfax, Virginia. January 1995

Emergency Management Academy, Disaster Science Fellowship (G-level) - Master of “FEMA Body of Knowledge”

Completed ISC2 courseware for Certified Cloud Security Professional

 

SECURITY CLEARANCES

Inactive DOD Top Secret 3/23/09   -   Inactive DHS Secret Cleared 6/16/09   -   Former United States Postal Service Clearance

 

 

Newmont Mining Corp – Cyber Security Contractor to CISO (BridgeView IT)             Greenwood Village, CO. 11/15 – Current

Deputy to the CISO, implementing a new three year cyber security program and strategy valued over 36M, improving Newmont’s overall operational maturity. Wrote RFP for new strategic provider covering Managed Security Services Provider (MSSP), including SOW, SLA’s, qualifying metric/procurement scorecards, ultimately down selecting out of eight Gartner’s Magic Quadrant bidders. Designed a three year endpoint and network security strategy, building new capital investments. Developed new governance model / organization support chart. Shored up past investments while procuring new capital and strategic providers. Managed entire program costs. Developed investment review requirements, including ROI, gaining Investment Review Board approval.

·               Managed operational tempo including several high priority incidents (e.g., Ransomware, Botnets, Law Enforcement request)

·               Performed Operational Technology (OT – Mine site) security strategy, assessments and roadmap

·               Governed the procurement qualifications for all 3^rd Party Cloud Computing adoptions

·               Security Architecture Board Member reviewing/designing/approving all cyber security projects before funding

·               Developed Newmont Information Security Policy & Standards meeting NIST & ISA compliance

·               Tackled a very wide range of Newmont/NIST maturity shortfalls by avoiding point solutions, partnering with strategic sustainable companies that included machine automation, active response, big data, connectivity, and threat intelligence

 

GE Oil & Gas – Industrial Control System Cyber Security – Commercial Application Leader       Longmont, CO. 3/12 – 11/15

Positions cyber security expertize to the Sales team driving global revenue on multi-year support agreements. Grows & enables global commercial teams to obtain cyber-security revenue. Reviews complex Industrial Control System (ICS) environments providing cyber security solutions & services for customers with GE Power Generation, Oil & Gas, Aero & Power Distribution equipment. These Critical Infrastructure facilities primarily have MarkVIe controllers supporting Nuclear, Gas, Steam, Compressor, Wind and Excitation, utilizing CAP, SecurityST, and NetworkST cyber solutions. Translates the customers cyber-security Critical To Quality (CTQ) requirements into GE solutions.

·               Key technologist, subject matter expert, & application engineer for all things cyber-security.

·               Contributed $24+ MM in 2014 YTD in cyber security orders.

·               Trains the global Sales & Commercial Team on customer’s security perspective of critical industrial controls.

·               Provides onsite sales support for customers in North America, Europe, Brazil, Asia, African & Middle East.

·               Commercializes the quoting & scoping of cyber security, enables Conversation Guide Outputs, simplifies appropriate technical selection of base & plus options, along with known engineering contingencies.

·               Key technical resource on all large and/or complex cyber security opportunities.

·               Increases contribution margins by reducing technical inaccurate responses & decreasing specification gathering cycle time (from weeks to days) through a Lean Six Sigma cyber-security project, resulting in Lean Six Sigma Green Belt Certified.

·               Presents to multiple customers, tailoring custom solutions, helping them obtain a high degree of operational maturity, promoting good cyber security strategy & demystifying technical complexity. 

·               Commercialize GE Oil & Gas cyber-security marketing items such as videos & whitepapers for NEI 08-09, NERC, WIB, IEC 62443, ISA, QATAR and others, including customer presentations and GE specific procurement specifications.

 

Manager of Security Operations Center/Computer Security Incident Response Center (SOC/CSIRC); Infrastructure Defense Manager; Information Systems Security Officer (ISSO)

Contract for Immigration & Customs Enforcement; Dept of Homeland Security – Broomfield, CO. 6/09 – 2/24/12

Responsible for daily security operations management of the Infrastructure Defense & Security Operations Center (SOC) for Production Operations of the Department of Homeland Security (DHS), Immigration and Customs Enforcement (ICE) network consisting of 35,000 users, including leading security and federal compliance requirements:

·       Key customer relationship manager between multiple highly political & sometimes very divided government leads. Provided sound guidance without damaging political relationships. Liaison between Operations, Engineering, Architecture & Information Assurance Division. Managed the inter-activity between SAIC sub-teams (NOC, IDG, ADEX & Service Desk) and communication with their government clients. Lead communication & resolution of complex and cross-team problems.

·       Managed the Enterprise Operations Center FISMA Compliance Program - gaining authority to operate (ATO @ 91% for 35,000 endpoints) to include negotiating FIPS-199 (EOC boundary definitions), performing & writing Contingency Plans, Disaster Recovery Test, completing Interconnection Service Agreements, PIA, Risk Assessment(s) and managing vendors performing ST&E activities, finally completing POA&M actions. Other management actions include mitigation from routine Vulnerability Assessment Security Scans and other reports for government officials.

·       Reorganized the EOC SOC/CSIRC 24/7 operations into a much more efficient machine by prioritizing key processes by; level of complexity, primary shift dependence, primary and desired SME’s and remediation time for future Service Level Agreements. Managed 18 EOC SOC/CSIRC individuals in two different time zones, including 3 sub-contractors. Managed training, leave time, personal issues and performance reviews. Maintained respect from employees by leading from example (getting hands dirty), providing a mid-term vision and, most importantly, from listening. Implemented daily customer operation calls (stand up calls); focusing in on last 24 hours of most significant events, situational awareness and tool/health concerns. This greatly increased senior level customer involvement, trust, and understanding of environment.

·       Gained senior level approval and kicked off Critical Infrastructure Assets (CIA) project from building key trust relationships with ICE Field ISO’s and ISSO’s. Sold our 24/7 monitoring as a service to help protect CIA. Gathered field infrastructure details; identifying future placement of HIDS/NIDS and for inclusion of host info into SOC/CSIRC incident monitoring tools – zeroing in on true security concerns/alerts. 

·       Expanded and improved RSA EnVision SIEM coverage/correlation for the SOC/CSIRC.

·       Provide internal SAIC Business Development services such as RFP writing (ICE, ICE ITFO, EPA, US Forest Service, FEMA and NASA), Proposal Red/Blue and Technical Readiness Reviews.

·       Provided SAIC ICE Contract-Wide Security Refresher Training. Received countless praise on the quality, which was based off real life DHS/ICE SOC/CSIRC incidents and the trouble contractors find themselves in.

·       Awarded opportunity / completed Emergency Management Academy Fellowship Program (Master Level) –specifically studying the “FEMA body of knowledge”.

·       Performed internal audit and process mapping utilizing CERT Coordination Center (CERT/CC) process mapping methodology for Incident Response centers to map all “as-is” state processes – enabling examination of process routers (inputs, outputs, handoffs, roles, responsibilities, cross organization boundaries, et.). Re-worked poorly defined handoffs, missing process activity, bottlenecks and single points of failure.  Identified SOC key business functions and further identified the subprocess supporting these business functions. Categorized subprocess as high, med and low for better incident response time. This effort allowed me to then create visual SOP’s, known as “swim-lanes”, for each process allowing executive leadership visibility, understanding and a better commitment for process improvements. 

·       Patch Management (Information Security Vulnerability Management) design improvements; implemented a new process of patch analysis to help build “business justification” for emergency change management decisions

·       Created SOC vulnerability management and incident response and handling SOP’s, PlayBooks, RunBook guidelines and manuals.

·       Created a “knowledge management wiki” internal for the ICE SOC, based on Media Wiki, allowing for “on-the-fly” changes to occur without interfering with published documentation.

·       Identified gap and lead effort zeroing in of true ICE mission critical system overshight - obtained critical infrastructure FIPS I99 lists inputting IP’s into network/host based intrusion detection tools  and Vulnerability Management Tools.

·       Created an Open Source Monitoring process to “jump ICE decision making forward”. Developed an algorithm to examine individual patch CVE numbers and calculate risks, including Common Vulnerability Scoring Systems (CVSS).

 

Information Security FISMA & NERC Program Manager

Contract for Bureau Of Reclamation, Department of Interior – Lakewood, CO. 10/08 – 6/09

Managed compliance program for NERC CIP Critical Cyber Asset Controls & FISMA Certification & Accreditation (C&A) for Electronic Access Control and Surveillance Systems (EACSS) at National Critical Infrastructure facilities; Glen Canyon Dam, Grand Coulee Dam, Shasta/Trinity/Keswick Dams, and PASS - Snake River Area Office regions. These physical protection systems provide interrelated methods for detection, delay, and response to alarms, threats, and other adversarial actors utilizing access control, ground based radar, and video surveillance. This position directly dealt with real national security concerns to critical infrastructure:

·       Utilizing enterprise security risk frameworks (NERC CIP 02-09 – Critical Cyber Assets and NIST 800-53) identified those controls having specific applicability, and then further clarified the implementation of those controls into Industrial Control Systems (ICS), while incorporating operational and finical realties. Identified enhancing actions to security posture.

·       Mapped common NERC CIP to NIST 800-53 controls to help consolidate compliance management program. Identified and improved EACSS Physical Security & Electronic Security Perimeters.

·       Audited each EACSS (dam security) installation. Addressed cyber deficiencies identified in Technical Vulnerability Assessments and prioritized project around "greatest potential impact" to implemented NERC CIP and NIST security controls. Managed preparation and operations for Privacy Impact Assessments (PIA), System Security Plans (SSP), FIPS 199 impact categorization, & Risk Assessments (RA). Provided Privacy Impact Assessment (PIA) for entire program.

·       Architected network security layer with CISCO 1841 Integrated Security Services and redesign of flat IP subnets. Provided Server Hardening per STIGS, AD Domain Security, audit policies and event logging. Per DHS Privacy workshops, created Video Surveillance Policy and Procedures for operational EACSS.

·       Provides each client technical support/architecture design & consulting to include; detailed network diagrams per Nessus scans,  site specific System Security Plans & System Restoration Plans, selection/implementation of Malicious Code Protections & Flaw Remediation, site specific standard operating procedures & rules of behavior.

 

Disaster Recovery Coordinator

Contract for CoBank – Greenwood Village, CO. 11/05 – 3/06

Analyzed current CoBank IT Disaster recovery readiness, plans and recovery strategies. Delivered a new step by step “master disaster recovery plan” capturing the entire IT “restoration order” (recovery procedures for people, process and technology) organized in the most logical order of events - from disaster to recovery – for any “disruption scenario”.

·      Mirrored VMware from production into hot site and warm site DR environment.

·      As a bank many Recovery Time Objectives (RTO’s) where under 4 hours (per law), consultant to various business leaders identifying perceived vs. actual recovery time objectives and resource or financial plans to address any gaps.

·      Managed business continuity contracts with all third parties; including SunGard Authorization Profile, Schedule A; Iron Mountain, SunGard, Sprint, and VMware.

·      Created scheduled for several unique DR test plans including staff mock tests, isolated system tests, and large scale “surprise” DR drills - testing staff and vendor readiness.

 

IT Security Engineer

Coors Brewing Company– Golden, CO. 10/02-11/05

Working under the Chief IT Security Officer responsible for setting overall corporate security strategies. Technical Review Board Member reviewing all proposed IT changes (for new projects) and Change Control Boards (enhancements). Created IT Security charter and launched the new Coors Information Security Board.

·       Created and implemented Microsoft Identity Integration Service (Identity Management) business case/project; business case proved a major cost savings for password resets and allow for more security. Experience with MIIS and AD Schema metadata analysis and re-configuration more clearly represent organization master data requirements. 

·       Reviews and approves all firewall policies and change requests (Pix & Checkpoint), for web hosting/app hosting LAN environments. Reviews and makes recommendations to Vulnerability scan reports/logs. Continually provided internal assessments, identifying threats to be reviewed (mitigated, accepted, or transferred) and presented to board. 

·       Served as Disaster Recovery Coordinator. Wrote IT Contingency DR Plan. Managed DR schedule; which services, servers, components are in recovery center; SunGard Hot-Site in Philadelphia. Performed yearly DR drills, identifying IT testing scope (such as proving SAP transaction integrity) and criticality scorecards. Monitored/Improved DR Service Level Agreement; drafted Business Continuity Business Case identifying Business Impact Analysis (BIA)& Maximum Tolerable Downtimes (MTD) for more effective SLA;s.

·       HIPPA Security Officer, performed internal audit on entire enterprise identifying all EPHI data and controls in place or lacking. Maintained remediation plan of action; ensured continual compliance.

·       Developed RFP for enterprise vaulting strategy due to a legal underage drinking lawsuit aimed at Coors. Obtained/Implemented Symantec/Veritas Enterprise Vault & NetBackup product hands on training. Lawsuit provided 50 key words for a number of key employees: our challenge was to collect enormous/terabit’s of data across unique storage platforms (SharePoint, file servers, email and personal laptops). Created two classification levels of vaulted data, one internal and one for the lawyers. The first containing "all data" collected from pst/nsf migrations; file system archiving; tape backups; share point archiving components. Using discovery accelerator "abstracted just the results" into another archived/vault thus ensuring not too much information was provided (or inappropriate - confidential information) to lawyers. The layers in turn used discovery accelerator on there end (a separate instance). Created data retention polices, Storage Lifecycle Polices & backup policies for integration with NetBackup (from disk archive to tape library) to disk) – for automated backup of different types of data/retention periods – improving cost effectiveness.

·       Drafted all Coors Information Security Policies & Procedures (password; encryption; contractor; wireless and many more corporate polices/procedures).

·       Privacy & compliance advisor for Coors Legal dept.

 

Information Assurance Senior Systems Engineer   EDS – United States Nationwide - Projects from 4/2000-10/2002

·       Security Engineer: Coors Brewing Company: Provided an independent security assessment across multiple client facing platforms and vendors, providing mitigation solutions for Cornerstone Project. Resolved gaps. Participated in design of 3-teir environment/positioning of firewalls, routers and v-lan switches. Architect Wireless Networks for encryption (WEP), device authentication (Mac address) and user authentication with a RADIUS server, while planning for digital certificates and SAP authentication. Created Information Security Polices & Standards. The Polices & Standards severed as the foundation of the Cornerstone Project & formed the platform for Coors Brewing Company IS department adoption.

·       Security Design: Cooperative.com:  Provided client RFP support then designed & implemented the Windows Active Directory LDAP Schema and Namespace for the Cooperative.com portal -- a one-stop website helping Cooperative.com partners in the new deregulated US energy environment. I ensured LDAP Active Directory would include, mirror, & replicate user info to the four current and all future Cooperative partners. Our design allowed applications to read fully qualified namespaces or flat, non-LDAP aware, namespaces. By arranging schema extensions under the UserClass, we allowed for future single-sign-on & targeted user translation, for example, by allowing content apps such as Eprise to obtain targeted views for individual users. We designed LDAP to be centrally controllable, to facilitate major changes, provide replication, to provide a single POC, yet to allow partners to control their own apps. During online self-registration, we designed the schema to allow import of existing user data from a proprietary database (Ablaze) for verification and transition into a new Active Directory user account. We provided indexing on attributes requiring web searches. By installing new attributes & classes from LDIF Script, we completed the schema implementation. Additionally, we ensured LDAP would provide future secure methods of authentication, such as storage of digital certificates & directory-enabling a PKI solution.

·        Security Assessment: USG 400:  USG400 Special Applications Group, focusing on the security assessment, proposal efforts, technical designing & packet/sniffing analysis (Eeye, SinfferPro) for a new secure HTTP/SSL/SHH VPN Tunnel called ICE (Intelligent Communication Environment). ICE is essentially SSH within SSL with “double 128 bit encryption”), a new technology created within the EDS labs.  My packet level security assessment verified the connection “appeared” just like any typical SSL transmission. My participation  helped ICE receive the potential to become a new protocol/VPN for use at the CIA.  I provided nine proposal initiatives to the Central Intelligence Agency. Now ICE is under review by IN-Q-TEL, a private organization supporting the CIA. ICE is a SSH encrypted and secure shell/tunnel that travels within any SSL at 128 bit encryption, effectively providing a discrete level of communication, double encryption, and concealing the SSH packet header, destination & source address. ICE includes items such as Private Certificate Authorities, NAT and PKI services. Most importantly, ICE is platform independent, working with any Internet connectivity device (PDA, WAP, LAPTOP) without requiring any additional software or hardware.

·       Security Assessment/Consultant: DISA Field Security Operations:  Provided RFP details, then independently did a security assessment for clients PKI Certificate Revocation List (CRL) checking tools and solutions, to ensure each web users session are authenticated against revocation information on every separate connection made to the DISA Field Security Operations systems.  This assessment will serve to identify the most secure solution available from vendors such as Entrust, Baltimore, KyberPASS, VeriSign, CertCo, ValiCert and Microsoft. The findings serve both for DISA/DITSCAP as well as EDS PKI Information Assurance.

See my SANS publication on this topic: http://rr.sans.org/encryption/revocation_list.php

·       Security Implementation: VenServ:  Provided RFP then completed CISCO boundary protection  & Windows Server Hardening. Updated a PIX 520 firewall, added another for fail-over redundancy, configured NAT & firewall policies, and added CISCO VPN 3DES. Migrated all IIS 5.0 web and servers and Windows 2000 DNS servers from routable IP’s to internal private IP’s.  Web servers resided in Windows 2000 active directory, configured each for Internet Authentication Services. CISCO VPN clients now authenticate through the PIX to the Windows 2000 RADIUS server, allowing remote users to log in directly using Active Directory. Implemented each server to use fault-redundant NIC’s and configured paths to two separate redundant switches, and then to the two firewalls, for complete redundancy. Reviewed Active Directory & DNS Event Logs addressing discrepancies. Finally, implemented Windows 2000 Server hardening, removing unused services, applications and ports.

·       Security Consultant: United States Postal Service:  Drafted RFP. Technical Team leader providing management and technical documentation for Server hardening; including testing scripts for deployment on NT, Unix, Red Hat & Solaris servers, included Application Hardening for Internet Information Server (IIS 4.0), Systems Management Server (SMS) & Netscape Enterprise Server.  Led development for the Security Monitoring Office, Raleigh, NC. Designing an Intrusion Detection System (IDS) infrastructure including monitoring & reporting of incidents tied into the Server Hardening Configuration Audit Process. Used Real Secure Host Based & Network Based Intrusion Detection (IPS/IDS) on five subnets with over 150 NT and Unix Web Servers. The SMO included remote management for two CheckPoint Firewall-1 servers.  Served as technical POC for all hardware & software purchasing requirements. Provided CheckPoint Firewall-1 training for SMO staff. Obtained a USPS Security Clearance. 

 

 

PERSONAL ACHIVEMENTS

 

Emergency Management Academy, Disaster Science Fellowship, Mastery of “FEMA Body of Knowledge”

One of a small group from around the US & Canada selected to participate in the Emergency Management Academy’s Disaster Science Fellowship program. This prestigious graduate-level program requires the mastery of the Emergency Management Body of Knowledge, a set of 36 books recognized by industry leaders as the definitive works on disaster science. In December 2011, after completing an intensive year-long program, Ed was designated a Fellow of the Academy of Emergency Managers (FAcEM). One of only 12 fellows worldwide!

 

Completed the 2011 Colorado Trail Race 500+ miles and 65,000' of elevation gain through the Colorado Rocky Mountains from Durango to Denver. Race Time: 10 Days, 16 Hours & 59 Minutes.

 

Completed the 2013 Tour Divide – 2800+ miles mountain bike race from Canada to Mexico (Banff, AB to Antelope Wells, NM) with 200,000 feet of vertical - equivalent to summiting Mount Everest from sea-level 7 times.

Raised $10K+ in charitable donations.  Race Time: 24.5 Days.

 

AFFILIATED ORGANIZATIONS