RALPH S. HOEFELMEYER, CISSP-ISSAP, CRISC

17650 Woodhaven Drive Colorado Springs, Colorado 80908-1348

719-481-3665 (h) 719-310-0911(m) e-mail: rshoefelmeyer@gmail.com

 

Seeking

Position for research, data analysis, risk analysis, security architecture or other areas of expertise in the Colorado Springs, Monument, Castle Rock or Denver Tech Center Colorado areas. Telecommuting is welcome.

 

Summary

Interdisciplinary expert across several areas- Technology Leader with International experience – Complex Systems Architect/Engineer for applied AI, security, fraud & anomaly detection, risk analysis, data analysis, video, audio - Security Architect/Engineer for PKI/security infrastructure, network, software, risk; Systems Architect who excels at rapid assimilation and specialization in new technologies; superior systems integration and troubleshooting skills; extensive experience in dealing with cross-cultural issues. I have designed from branch offices of 10 endpoints up to national/global level solutions with 100,000 plus endpoints; for voice, nodes, and secure endpoints using certificates; including firewalls, and IDP/IDS. I have experience and knowledge of “follow the Sun” work center support & operational handoff, or 24/7/365 operations in mission critical environments, from defense to commercial transactions; experience with projects with budgets ranging from $1 million to approximately $20-25 million USD; supported projects with budgets exceeding $100 million USD; extensive experience with Fortune 500 companies, as well as government entities, primarily defense; broad compliance knowledge across ISO 27000 series, HIPAA CFR 45 Part §164.312 Technical safeguards , HIPAA/HITECH, Sar-Box, GLB, and the approximately 80 governing documents in the Federal compliance space for DOD, NIST and other agencies; standards from IETF, ITU; and SNMP V3 , knowledge of private standards such as PCI-DSS, but not PCI certified. Principal Engineer or security engineer for 16 patents.

 

CTO for CirclePlus Payments (Board Member).

 

Current Personal Research: New transfer functions for ANNs, for an AI that exceeds the human brain; that are processing and concept improvements over Bayes’ Theorem; 3-D printing.

 

AREAS OF EXPERTISE

Security Architect – Requirements Systems Architect – Risk management	Public Key Infrastructure (PKI); SSL/PKI Certificate infrastructure policy, practice and design	Enterprise Security Architectures, monitoring and management using intelligent systems	Artificial Intelligence/anomaly detection/fraud detection – scalable across enterprises
Cryptographic techniques Cryptographic attacks Cyberwar-cyber-defense; firewalls-IDS-IPS as required	VoIP/Video over IP/AV - IP Telephony/SIP/Voice over IP	Data analysis and visualization	Linux, UNIX, Windows systems administration, including Active Directory and LDAP
Standards for protocols, services, data interchange for communications, security, healthcare, SNMP	Troubleshooting on a national and international basis for corporate and national espionage; APT; Steganographic attacks	Network analyst/architect - Requirements - TCP/IP - Ethernet to IP/ATM – Cisco systems/VLAN	High availability and resilient architectures and designs; coding at a very high level then delegate to programmers [C/C++/Java/Ada]

 

 

 

Professional Experience

Dell SecureWorks Senior Security Advisor (April 2012-October 2014)

·   Perform consulting operations for clients for

o   IT gap assessment versus government and private group regulatory regimes for public and private entities

o   US, Canadian, European and other government standards

o   FTC, SEC, HIPAA/HITECH, all US based

o   Canadian wholly owned operations, with US subsidiaries

o   Islamic based banking operations in Cairo, Egypt

o   Assisted PCI DSS gap assessments and audits

o   Performed EI3PA audit

o   Physical and other aspects of the security domain

·   Security threat assessment

·   Investigation of methods of cyberwar

·   WLAN assessment, audit, limited by contract penetration testing

·   Software security assessment – risk in code as built

·   Cloud based risk assessment

·   Maintain awareness of international security threat levels for physical and Cybersecurity

 

Private Consultant/Writer (Dec 2011-April 2012/present)

·   Consulting Partner for Circle Plus Payments, Inc.

·   Performing research on Applied AI to

o   Medical

o   Intelligence

o   Fraud detection

o   Cyberwar

o   Geopolitical Scenarios

o   Cryptographic methods for Android devices

·   Advisor to a political party at the county level on information security matters; vetted and revised their security policy

 

SESC – Contractor to Verizon (2009-Dec 2011)

Security QA Engineer

·     Integral part of QA Security team for architectural, functional and test review requirements & functions for new and modified product offerings; with integral fraud detection, Checkpoint firewalls and IDS systems. Systems scanned using Nessus, nCircle and Websense

·     Assisted Systems Engineering group in Architectural design work and requirements, including compliance on a per customer basis for HIPAA, PCI, SarBox, GLB

·     Presented alternative Architectures that meet business, functional and production requirements to the team

·     Validated architectural designs for Cloud architectures for Security Access and Control

·     Assessment of proposed systems engineering architectures

·     Assessment of proposed applications designs for testability and meeting the architectural requirements

·     Security test engineer for Federal systems orders using SOAP/XML; requires creation and injection of XML messages using a SOAP UI OSS tool [XML standard messages, as well as SAML and SASL]

·     Security test engineer for security access services for Computing as a Service [CaaS]

·     Security test engineer for the Distributed Denial of Service [DDoS] detection and mitigation product; security order entry and Security Resource Manager systems complex

·     Integration, coordination and validation of all SSL certificates in the QA environment to Verizon’s Root CA to meet architectural, regulatory and policy requirements; what cryptographic strengths we can use with overseas partners and company employees

·     Assessing and vetting script environments and languages [Perl, Bash, Tcl]

·     Basic network engineering setup and verification, as well as network architecture for test support

·     Architectural and Systems integration of Solaris, Linux, Cisco and other systems

·     Systems administration of Solaris, Linux and Windows systems

·     Perform professional group briefings outside of Verizon to maintain speaking and presentation skills

 

Verizon (2005 – 2008)

Service Architect

·     Lead the architectural and engineering programs to meet requirements for Verizon Business’ Managed IP Telephony programs. 10 up to 100,000 endpoints for national solutions; global solution architectures, including secured communications for business and government customers, with integral fraud detection, Checkpoint firewalls and IDS systems. Systems scanned using nCircle and Websense.

·     Worked with multinational teams to deliver Verizon Business Managed IP Telephony Services

·     Briefed Director on a weekly basis on process, solutions and results

·     Designed for high availability and 24/7/365 availability – 99.95% mission capability

·     Designed the overall architectures for the LAN/WAN integration for Verizon Business Managed IP Telephony products, including international connections and presence

·     Integration of XML as required by products and processes

·     Provided security assessments of the legal implications of international offerings for the legal team [e.g., cryptography is tightly controlled in some countries; content filtering in some countries is required]

·     Lead engineer assisting the legal team for international homologation of Verizon service products

·     Architect for Cisco Telepresence and other AV products for the US and International markets

·     Serve as the liaison between the Marketing/Sales groups and Engineering/IT/Operations groups

·     Serve as Thought Leader for innovative Internet Managed Services globally; Thought leader in fraud detection – Patent based on Benford’s Law for fraud detection 

·     Created new intellectual property

·     Launched four Managed IP Telephony products for managed services, including Cisco CallManager, CallManager Express, IPCC and Nortel CS 1000 systems

·     Designs maintain domain separation between customers

·     Brought in to troubleshoot vexatious operational issues – support to 4th level support and the vendor

 

Frontier Technology, Inc. (2003 to 2005)

Member of Technical Staff

·     Subcontractor to Lockheed Martin on the NORAD ISC2 contract.

·     Evaluate and test network and security architectures for applicability to the next generation of NORAD mission systems, using Citrix Presentation Manager and Symantec Enterprise Security Architectures

·     Consultant on multilevel security separation using PKI, CAC and other technologies

·     Briefed and supported the NORTHCOM mission in addition to NORAD

·     Architected and designed for 24/7/365 mission availability and requirements – actual mission capability percentage is >99.99%, as a matter of national security.

·     Consultant on LAN/WAN, code environments, including J2EE, and other architectures

·     Video over IP using Cisco IP/TV and Citrix [Program: VDS-R]; consultant on MPEG; Consultant on Legacy NORAD AV cable system [VDS]

·     Business development for FTI in Colorado Springs, CO defense sector – NORAD, AF Space Command and US Northern Command

·     Resource for all FTI personnel in Colorado, for security, DITSCAP processes, systems engineering, architecture and technical direction

 

MCI, Colorado Springs, CO. (1996 to 2003)

Senior Engineer

·     Lead engineer for Intrusion Detection Systems (IDS) research and security services; leader of the Enterprise Security Task Force Security Threat Assessment Team, an R&D group researching future security threats to MCI’s infrastructure and services, assessing J2EE, C++, JavaScript, and other environments/tools for current and future vulnerabilities and fraud potential; Snort, Nessus.

·     Principal design engineer for WorldCom’s Application Infrastructure security program; a state-of-the-art, comprehensive offering, providing protection and security at all levels of the enterprise, from the border routers to the desktop.  This includes networks, firewalls, anti-virus, systems, desktop and intrusion detection security measures, as well as VPN, SSL and public key certificates [PKI], authentication and biometrics. Design for 24/7/365 mission availability

·     Tier of last resort support for problem solving

·     Vetted international technology partners for the venture capital group, notably Canadian companies

·     Briefed and presented findings to senior management and executives

·     Designed and implemented real time call processing LAN/WAN for benchmark testing, using a combination of technologies not used prior to this time for the International BT project.  (IP/ATM and IP/FDDI); for 24/7/365 mission capability

·     Team lead for next generation network security services, vetting cryptographic algorithms for usability in a telecommunications and ASP environment,  designing Public Key Infrastructures, using Certificate Authorities and policy management servers to provide access control, encryption capabilities and digital signatures.  Install Solaris OS, Oracle and Informix databases, Entrust security software, Apache web servers, Java servers, direct security team in development of processes and procedures to build a trusted infrastructure for product offerings

·     Acted as systems architect, network management engineer and LAN/WAN design, benchmark and integration engineer for real time call processing networks; performed network management for call processing and billing networks.  Technologies include ATM, FDDI, OC-3, Cisco routers, TCP/IP, network management (Cabletron Spectrum, Digital TeMIP), SNMP, MPEG

·     Worked IP Telephony design and integration between the switched and network environments, using H.323 and SIP

·     Moved Network management platforms from application and operating system software two years out of date to current software releases, and moving and updating databases simultaneously

·     Enthusiastic supporter of MCI fraud AI group for AI thinking

 

Vistech, Colorado Springs, CO

Consultant

·     Engineering project manager for the Intelligent Call Routing MCI Call Manager/Gateway series of projects (supporting a $150 Million revenue stream while adding over $30 million additional revenue annually) and the Ethernet WAN (EWAN) Health of the Network projects simultaneously

·     Performed the project planning, budgeting, scheduling and review necessary to install and integrate new network connectivity, network capabilities, hardware and software at MCI or customer sites

·     Performed extensive coordination and integration between customer, engineering, implementation, installation, and site personnel in scattered geographic areas

 

Kaman Sciences Corp., Colorado Springs, CO

Lead Systems Engineer

·     Brief Program Director and US government civilian and military customers weekly

·     Team Lead for requirements, design, operations, security, maintenance, configuration and installation for LAN/WANs, including UNIX system administration; Domain Name Server configurations, security configurations to ensure RED/BLACK separation; development of operational procedures and hardware installation; all systems had to meet the 24/7/365 mission capability of NORAD, as a matter of national security

·     Designed and led the construction of a multi-way cryptographic facility, with RED/BLACK separation, in order to test several cryptographic devices with multiple configurations

·     Designed communications systems for international missile warning, space surveillance and space defense systems [Kwajalein, Spain, Korea]

·     Team Lead for Protocol Interface Device, a Real Time SDLC variant protocol interface device (C & Assembly), in firmware, with verification and validation testing; the coding for this project required the use of embedded code for a Z280 processor. Code had to be tested in a test rig and tested again with a burned PROM

·     Lead engineer and analyst for performance studies, requirements analysis, software fixes and protocol verification for communications interfaces between main frames using Ada, C and assembly language

·     Lead Engineer for software metrics, measuring cyclomatic complexity, performing data and logic path testing, and testing software to specification

·     Design Engineer and analyst for an intercomputer LAN (UNIX & C), utilizing Sun 4/260 workstations, Intel SBC386, the Retix protocol suite and the Intel Real-Time Multi-Tasking Kernel

·     On site Systems Analyst, and development/operational test analyst for the major systems and subsystems of NORAD

·     Lead Engineer for performance studies

 

United States Air Force Space Command., Colorado Springs, CO

1st Lt.

·     Systems Control Officer, Test Systems Control Officer for the 427M and other NORAD systems.  Managed and lead the System's Control Center Work Center.  Daily involvement in Missile Warning and Space Surveillance activities. - Configured and controlled the 87+ systems and 512+ circuits of the international NORAD environment in real-time, using developed procedures and checklists, unless emergency circumstances required on the fly innovation

·     Maintained and was responsible for the configuration of all mission systems, to preserve the 24/7/365 mission availability of >99.99%, as a matter of national security.

·     Coordinated with international locations, requiring a knowledge of time, locations and capabilities in real time

·     Directed outputs of the NORAD AV cable system

·     Lead troubleshooter on systems and network issues, as well as lead integrator during version and system upgrades.  Familiar with the mission, capabilities and technologies of missile warning, space surveillance, space defense and satellite systems

·     Reported to the NORAD Command Director, a General Officer, daily.

·     Plans and Programs Officer, assigned to Nuclear Weapons Effects Studies, to review and verify technical studies results and applications to the NORAD environment, with a view to SCADA impacts

 

International Certifications

·     Certified Information Systems Security Professional (CISSP) by http://www.isc2.org

·     Information Systems Security Architecture Professional (ISSAP) by http://www.isc2.org

·     Certified in Risk and Information Systems Control (CRISC) by http://www.isaca.org

·     Information Technology Information Library [ITIL] Foundation Certification v2 [expired]

·     Avaya Certified Associate – Design – IP Telephony [expired]

·     Avaya Certified Associate – Implementation – IP Telephony [expired]

·     Nortel Certified Technology Specialist – Converged IP Telephony Solutions [expired]

·     Nortel Certified Support Specialist – IP Telephony [expired]

·     Nortel Certified Design Specialist – CS 1000 Rls. 4 [expired]

 

Patents Granted

·     US Patent # 6,385,204 Network Architecture and Call Processing Systems

·     US Patent # 6,618,389 Validation of Call Processing Network Performance

·     US Patent # 6,879,562 Validation of Call Processing Network Performance [additional claims validated]

·     US Patent # 7,043,757 System and Method of Malicious Code Detection

·     US Patent # 7,150,044 Secure Self-organizing and Self-provisioning Anomalous Event Detection Systems

·     US Patent # 7,151,942 Advertisement Broadcasting for Paging

·     US Patent # 7,937,321 Managed service for detection of anomalous transactions

·     US Patent # 8,290,779 System and method for providing a managed language translation service

·     US Patent # 8,126,722 Application infrastructure platform (AIP)

·     US Patent # 8,108,930 Secure Self-organizing and Self-provisioning Anomalous Event Detection Systems [additional claims validated]

·     US Patent # 8,566,234 Managed service for detection of anomalous transactions [different from the other by the same name]

·     US Patent # 8,589,517 Systems and methods for providing self-compiling, peer-to-peer on-line gaming

·     US Patent # 8,627,457 Integrated security system

·     US Patent # 8,760,687 Network security architecture

·     US Patent # 8,908,852 System and method of providing local number portability

Some patents are repeated as new embodiments of a previous patent, e.g., new features.

 

PATENTS PENDING

·     Debit Card Use via smart phone

 

International Organizations

·     Information Systems Security Association [ISSA]

·     Information Systems Audit and Control Association [ISACA]

·     International Information Systems Security Certification Consortium [ISC2]

 

Education

·     B.Sc., Computer Science, Southwest Texas State University

·     M.Sc., Computer Science, Colorado Technical College

·     Entrust PKI Management I & II

·     Introduction to Cisco Router Configuration

·     SS7 Foundation and DECss7 Configuration

·     MCI Operator Course

·     Cisco CallManager Courses 4.X-7.X [UCM; UCCM]

·     Cisco Contact Center [IPCC]

·     Avaya Certification Courses

·     Nortel Certification Courses [CS1000; CallPilot]

·     ISSA Certification and Accreditation Course for ISSEP, Baltimore ISSA, 2007

·     SCADA systems course by ISSA 2010

·     PCI DSS training from Dell on the job; 60 hours plus, 2012

·     HIPAA Training, Dell, on the job, 100 hours plus, 2012, 2013

·     WLAN penetration testing, on the job, 200 hours plus, 2012-2014

 

Publications/Presentations

·     “Steganographic Attack Vectors for Real Time Streams”, ISSA COS Chapter Presentation, November 2010

·     “Steganographic Attack Vectors for Real Time Streams”, IEEE Computer Society, Colorado Springs, CO Oct 2010

·     Guest speaker, University of Colorado, COS, Future technologies, 2004-2008, various classes

·     IEC, Speaker on VoIP vs Telephony, Miami, FL, 2000

·     Smart Card Forum, Speaker, Austin, TX, 1999

·     Whitepapers for MCI/WorldCom, “The True Meaning of Security”, http://www.worldcom.com

·     Or http://www.mci.com   [Now search Verizon.com]

·     Chapter on malicious code for “The Handbook of Information Security Management”, volume 4, Chapter 32.

 

Languages

·   Limited reading ability in Latin American Spanish, European Spanish, German, French, Italian

·   Limited language fluency, depends on exposure time

·   Ability to quickly pick up conversational languages to show courtesy and ask basic questions [Japanese, Arabic, Russian]