Maurice Perry, CISSP

(240) 346-9688 (mobile)

iperry@intellitrex.com

PROFESSIONAL SUMMARY:

Seasoned Cyber Security Professional with a plethora of relevant hands-on experience enabling IT

product and system integration and corporate business development activities. Mr. Perry currently

supports a variety of Internet of Things (iOT) cyber security engineering projects and spearheads

cutting-edge on-site and Cloud (IaaS/PaaS) hosted security solutions and managed Software-as-aService

(SaaS) research and development (R&D) tasks, policy and procedure development and

implementation in both the federal and commercial cyber security sectors. He has demonstrated

competence as a senior advisor to decision makers and provided critical cyber technical input of

security implications for big data analytics and also supported numerous proposal development

activities.

PROFESSIONAL EXPERIENCE:

2008 TO PRESENT: iNTELLITREX

Contractor

DoD/SPAWAR/NSA/DTRA Government Customers

Mr. Perry has over 20 years of hands-on cyber security engineering expertise. He is currently a senior

member of a team of cyber security, malware triage and supply chain exploitation specialists and he

provides both Static Application Security Testing (SAST) and Dynamic Application Security Testing

(DAST) testing support as well as other cyber security engineering support to a diverse customer set

utilizing tools such as Veracode, MD5, LogRhythm, BotHunter, AuthentiCo and WireShark,

Symantec End-point Protection and WinMagic. He serves as a Subject Matter Expert (SME) and

provides NIST 800-53 and other FedRamp compliance activities and enablement through a variety of

risk assessment and validation tools and PCI processes. He engages in rigorous evaluations of mobile

applications and network configuration and documents overall assessments of organizational

compliance with prescribed standards. He is responsible to coordinate with federal government

organizations to create and execute cyber (offensive and defensive) operations, exercises, and training

events that focus on mitigating high risk system deployments, implementations and managing system

patch management.

He is in charge of researching and implementing new technologies in the network and

telecommunications industries and identifying possible points of vulnerability that could expose

personally identifiable information (PII) data and equipment at unacceptable levels. Using tools such

as IDM for identity management and profile tracking and RadiantOne (from Radiant Logic), he

developed a Role-Based Access Control (RBAC) and Attribute-Derived Access Control (ABAC)

strategy that was implemented via Active Directory for a secure web portal and private cloud that

provided 24/7 access for a small cadre of analysts and developers. He provided supporting

documentation for PCI DSS processing to enable online financial transactions and managed the

incident handling process.

1

supporting

As a co-developer of the U.S. Navy’s Basic Digital Network Analysis (BDNA) course, he is

exceptionally well-versed in network topologies, enterprise architecture and Computer Network

Attack/Defend (CAN/CND) net-centric technologies and supply chain risk management concepts.

He has conducted proactive and in-depth technical risk assessments with tools such as RSA Archer

eGRC that provided strong technical support for secure and high performance computing systems. He

analyzed operational communications, computer systems and metadata related procedures and

documentation and provided Indications and Warning (I&W) support to intelligence analysts. His

technical documents were used to brief decision-makers of critical target of interests.

He performed highly detailed vulnerability assessments of network nodes to include: CISCO

routers/switches, Windows, Linux, Sun Solaris environments as well as various mobile application

security architecture and provided input to National policy directives accordingly.

He has executed arduous tasks of monitoring raw network traffic and aggregating performance metrics

at various analysis stations. He regularly tested equipment and provided feedback on how to improve

software for easier operator use. He has published white papers on Computer Forensics Analysis

procedures and maintains a cadre of relationships with some of the brightest minds in the Cyber

Security industry.

OCTOBER 2000 TO JULY 2008: OAO CORPORATION/LOCKHEED MARTIN CORP.

Responsible for managing and performing network architecture design and analysis for customers by

installing, configuring, and maintaining different brands of network devices, intrusion detection and

firewall products. Acts as an information security technical consultant to the business units and as a

liaison to application development organizations within the government to inculcate information

assurance within new technology implementation teams. Researches public key encryption models

by analyzing cryptographic design and coding technique. Configures LAN/WAN routers and other

network appliances. Evaluates mission critical assets, assesses threat probability and recommends

cost beneficial safeguards and security counter measures to mitigate risk.

NOVEMBER 1999 TO OCTOBER 2000: CAC/ DARPA

Supported the INFOSEC program at the Defense Advanced Research Projects Agency (DARPA).

Performed specific tasks of capturing raw data based on the security domain criteria by monitoring

intrusion detection systems (IDS), analysis stations and intrusion behavior occurring on Ethernet or

Fiber Distributed Interface (FDDI) of DARPA. Provided passive monitoring of IP, TCP and UDP

network packets. Utilized intrusion detection software to monitor network traffic for specified attack

signatures while providing retrospective analysis. Conducted packet analysis, warning sorts, initiated

intrusion reports, and in-depth vulnerability assessments for DARPA. Utilizing the Network Intrusion

Detection Software (NIDS) initiated mapping, probing, and analysis of networks, devices and hosts.

Provided strong technical support for secure systems on complex and challenging projects for future

enhancements for Defense and Government Systems.

2

MAY 1999 TO NOVEMBER 1999: CACI, INCORPORATED/Federal Bureau of Investigation

Supported the Information Assurance group at the Federal Bureau of Investigation (FBI), Naval

Surface Warfare Center (NSWC) and several internal CACI customers. Provided security guidance

to the Information Systems Security Unit regarding risks associated with new or changing

technologies. Evaluated and designed security tools to support risk assessments and to mitigate risks.

Served as information security technical consultant to the FBI and NSWC and as a liaison to

application development organizations within the government information assurance activities.

AUGUST 1996 TO MAY 1999 U.S. Navy/NATIONAL SECURITY AGENCY

Performed Network Security and SIGINT analyst functions related to requirements analyses;

information security; risk analyses; computer security; Security Test and Evaluation Plan development

and implementation; performance testing; communications security; operations security; and general

system security planning in both the Federal and Commercial environments. Analyzed operational,

communication, computer system and information. Authored data related procedures and

documentation.

Collected data on mission and security practices, evaluated mission critical assets, assessed the

probability of threats to the assets, and computed the associative risks to and recommending

costbeneficial safeguards and security countermeasures to reduce and/or eliminate those risks. Lead

technical risk assessments and security exposure analyses of mission critical computer platforms, and

systems. Briefed security issues and concerns to upper echelon staff. Performed network architecture

design and analysis for customers.

Installed, configured, and maintained network devices, network security, and firewall products.

Utilized measurement tools and techniques to identify, classify and catalogue uniquely modulated

signals and associated protocols. Researched encryption and compression models for public and

private key infrastructure by analyzing cryptographic design and coding technique. Additional

responsibilities encompassed installation and configuration of LAN/WAN routers and other network

appliances.

MARCH 1991 TO JULY 1996: U.S. NAVAL SECURITY GROUP

Conducted high-level testing and analysis of current LAN/WAN configurations for the Naval

Security Group. Analyzed the daily administrative and technical procedures of the Operations

Department and developed a recommendations for system redesign and migration to a state-of-theart

platform. Identified potential operational and security problem areas and made recommendations that

provided for immediate solutions for several operational problems. Developed evaluation criteria

based on requirements and routinely performed evaluations for process improvement.

Served as Communications Security Custodian on risk analysis and security plan development tasks

for the Naval Security Group storage and retrieval database. Evaluated COMSEC/COMPUSEC and

INFOSEC processes being followed including site/facility security and development procedures as

related to overall system security.

Developed contingency and disaster recovery plan models for regional and field offices. Also served

as COMSEC Analyst on a comprehensive qualitative/quantitative threat analysis of a Pacific Theaterwide

exercise that evaluated the overall effectiveness of COMSEC procedures for forward deployed

3

forces on the Korean peninsula. Analyzed and evaluated the overall INFOSEC aspects of the United

States Forces Japan (USFJ) systems, platforms and procedures ensuring compliance with International

and Federal requirements. The risk analyses covered several regional offices, their subordinate field

offices and the Executive Command Post Center. Also responsible for executing strategic alliances

with theater-wide tactical Communication Security Forces.

CLEARANCE

TOP Secret

EDUCATION

B.S, Information Systems Management, Columbia Union College

Advanced/Specialized Education:

  q Cisco Certified Network Associate (CCNA), Mentor Labs

  q Advanced Vulnerability and Penetration Testing , Foundstone Inc.

TOOLS AND TECHNOLOGIES

Nessus, TripWire nCircle IP360, LogRhythm, Qualys, RSA Archer, Oracle, Radiant Logic

RadiantOne, NMAP, BotHunter, Computrace, Snort, AirSnort, ChipWhisperer, AuthentiCo,

WireShark, AIDE, AirCrack, ArchAssualt, CORE Impact, MetaSploit, NetStumbler, L0phtCrack,

SolarWinds, APPScan, Symantec End-point Protection, WinMagic, IDM

OPERATING SYSTEMS

Linux (multiple flavors), Windows, Mac OS

PROFESSIONAL CERTIFICATIONS

  § Certified National Security Agency - InfoSEC Assessment Methodology (NSA-IAM)

  § Certified Information System Security Professional (CISSP) #20476

  § Checkpoint Certified System Administrator (CCSA)

PROFESSIONAL AFFILIATIONS

  § International Information Systems Security Consortium (ISC2) (www.isc2.org)

  § Cyber Security Research Alliance (www.cybersecurityresearch.org)

  § Institute for Defense Analyses (www.ida.org)

  § Cyber Gamut Technical Tuesdays (cybergamut.com)

4