M. David Brown                                         208 St. Michaels Lane  Smyrna, TN 37167                                                                                                                           

                                                                                                                               zbrownmd@gmail.com   615-995-4325

 

 Summary:

Over 25 years of extensive Information Technology knowledge and experience, with the last 15 years focused on network engineering, network and information security. Supervised permanent and contract personnel. Possesses excellent communication skills with the ability to interact at all levels. A Team player who works well independently.

 

Experience:

 

Kroll Background America/HireRight, Inc November 2012 to July 2016

Security Engineer, Information Security

Responsible for providing security expertise regarding network parameter integrity, Database (DBF/DAM), WEB application/server access (WAF), anti-spam and anti-virus scanning on inbound e-mail, Asset management, Physical Security (Badge, Door, Cameras) and Security Policy development.

·             Imperva’s WAF and DBF/DAM was deployed to protect web servers and applications, protect Oracle and MSsql database (DBF) and monitor those databases (DAM) access and changes.

·             Deployed MacAfee Nitro SIEM to correlate traffic from firewall, switches, routers and servers via syslog traffic.  Managed  orther deployed McAfee applications IPS, ePO from the SIEM dashboard

·             Utilized Mcafee’s NSM-IPS sensors to Monitor and alert to neferious and anomalous traffic, auto-block known bad signatures and external Ips.

·             Helped push out the installation of HID and AV protection, using McAfee’s ePO. 

·             We replaced a different e-mail spam and AntiVirus scanners that we aquired through mergers and acquisitions with ProofPoint for inbound e-mail security and to leverage the Data Leakage Protection available in that application.

·             Websense Triton APX Advanced Protection is used to whitelist, blacklist urls and proxy outbound HTTP/HTTPS web connections

·             For pen testing and Vulnerability scanning, HireRight started with Rapid7 Nexpose and Qualsys, those were replaced with Beyond Trust’s Scannsers and Data collectors, which have been replaced with TripWire’s IP360 scanners.

·             To meet EI3PCA and SOC complincy, installed a FireMon Security Manager appliance to track changes to the firewalls configurations.

·             Help manage Authenex for two factor authentication for VPN access by traveling, remote, and Work-at-Home colleagues.

·             Leveraged Tanium End Point Security for asset management, tracking installed software, both approved and un-approved software, patch management and pushing instalation of sodtware and OS updates to Servers and workstations.

·             Audit controls and security policy development, performed monthly and quarter audits of assigned controls for EI3PCA and SOC certification compliancy.  Helped develop security policies that were inline with my responsibilities

·             Physical Security, responsible for printing access badges using Software House C-Cure900 which also controled the door and file room security at all North American and U.K locations.  Maintained HDR video usin ONSsi with Axis cameras in North America.

 

Robert Half Technologies (Contract to Vanguard HealthSystems) September 6, 2012 to November 26, 2012

IT Contractor

Support new requests, provide level 1-3 support and document the existing processes of Vanguard Health Systems’ secure file transfer (SFTP, SSH, and FTPS) with their internal and external customers.  Help prepare Vanguard’s MoveIt Central and MoveIT DMZ implementations for relocation to their new San Antonio, TX and Troy, MI data centers including upgrading, and building an High Availability model of the process between the two data centers.

 

Ettain Group (Contract to CHS) March 19, 2012 to May 4, 2012

Security Engineer

Helped remediate IT Audit “Hit List”.  Utilized Rapid7 Nexpose scans to locate devices at the 140+ hospitals and Medical Centers to import into Metasploit for deeper scanning and testing.  Remediated DLP via a report from Symantec’s DLP product (stored passwords, credit card information, PII information on shared and unsecured drives.

 

Healthways, Inc (formerly American Healthways), November 2001 to December 2011

BT Operations, Sr. Security Engineer

Responsible for providing security expertise regarding network parameter integrity, secure PHI transport, anti-spam and anti-virus scanning on inbound e-mail, and Security Policy development

·             Built, installed, maintained and monitored Raptor (Axent, SEF) firewalls and appliances on the perimeter and between remote call centers and offices.

·             Installed and Maintained Cisco ASA 5540, 5520, 5510, and 5505 models for perimeter defenses, Site-2-Site, RA, and SSL VPN’s.  (Replaced the SEF (Raptor) firewalls with Cisco ASAs)

·             Performed three month POC to test and analyze replacing the Raptor firewalls with Juniper, Check Point, Watch Guard and Palo Alto Firewalls (pre-Palo Alto PA2000 series firewallsavailablilty)

·             Audited Cisco switch and router configurations to verify security policy compliance, change management compliance, static and dynamic routes, and arp issues(trouble shooting on the switch).

·             Installed and Maintained PaloAlto PA-2020 Firewalls as a replacement to Cisco ASA 5550 on the perimeter in HA active/passive mode.

·             Installed and maintained SSH/Sftp server (Tectia and GlobalScape EFT Enterprise)

·             Performed PEN testing (quarterly) utilizing open source tools, nmap, and nessus.  Anually used an outside vendor to perform PEN test and SET for SOX, HIPAA compliancy.

·             Utilized ubuntu and Red Hat linux distrubutions for POC test for Snort, nmap platforms.

·             Installed, maintained, and monitored NetIQ’s (formerly Pentasafe) security manager, vulnerability manager and provided technical support to VPC

·             Installed and supported Symantec’s Protection Center and deployment of Symantec End Point Protection (EPP) solution.

·             Installed and supported Trend Micro’s office scan product to leverage their AV for Virtual Machines.  Phased in replacing the client installs of Symantec’s EPP with TrendMicro’s office scan clients.

·             Supported Mcafee’s AV products installed on the devices of acquired company’s.  Supported installation of Mcafee’s AV on any new devices at the newly acquired company for the duration of the integration of their networks to Healways’ normally a 10 to 12 month process.

·             Supported Proxies - MS Proxy 2.0 and ISA 2004 and 2006, Barracuda Networks WebFilter

·             Installed and initial configuration of a pair of Juniper load balancer for a Server farm on the DMZ repurposed the Juniper Load balancers for an IBM Web Sphere project and replaced them with a pair of Citrix Netscalers.

·             Supported Tumbleweed’s MMS mail server, Installed and supported Tumbleweed EMF Mail server

·             Installed and configured Ironmail in a POC to replace the Tumbleweed e-mail firewall.

·             Maintained Radware’s Linkproofs limited DNS, and NAT functions and firewall load balancing for inbound Internet traffic as well as utilizing Fireproofs to load balance firewalls for traffic to the DMZ and internal networks.

·             Provided level 3 support to the corporate helpdesk and all End user support issues in the corporate offices and call center locations.

·             Designed the security architecture of leased lines between Healthways and Oxford Health Plan and CMMS

·             Installed and monitored five ISS Proventia G IDS appliances and the Realsecure Event collector for the appliances.

·             Help determine, test, deploy, and support InterIM instant messaging appliance.

·             Help develop security policies for HIPAA compliancy.

·             Other duties included research to answer or overcome any technical issues.

·             Provided Security team leadership in the interim of a Security Director’s retirement and the hiring of a CSO/CTO

 

Gresham Smith and Partners, Nashville, TN . (05/2001 to 09/2001)

Contractor, Network Administrator

Scripted a boot up floppy disk to perform and unattended install of the standard enterprise apps and by answering a few questions, install the apps/tools necessary for the user of that system to perform their duties.  Supported the permanent employees with their daily duties where needed.

 

ROHM Corporation, Irvine, Ca. (3-91/7/91) Nashville,Tn. (8-91/12-00)

Systems Support Supervisor,

Responsible for the installation and support of a Windows NT network to 250 internal nodes and 300 remote nodes over MCI Hyperstream Frame Relay.  Supervised sub-department, Systems Support, of 2 employees providing user support of Win95 clients and PC hardware in house and all remote sales offices and warehouses.

·             Installed local cabling, Bay Network HUBs and Switches for internal access to the LAN. Extended the LAN

over MCI's Frame Relay cloud using Bay Network ASN Routers, ARN Routers, and HUBs to remote sales offices and warehouses. 

·             Installed and supported NT 3.51 PDC, RAS, WINS, and DHCP services, upgraded to NT4.0.

·             Installed the NetBEUI and TCP/IP protocols on  servers and clients.

·             Installed and configured HP Jetadmin software on a print server to control spooling over the LAN.

·             Installed and supported MS Exchange Server and clients, upgraded to Exchange Server 5.0.

·             Supported Internet connection over a full T1, 1.5 on MCI’s Internet Backbone.

·             Installed an internal DNS Server to prepare for the installation of the RAPTOR Eagle NT Firewall.

·             Installed and supported RAPTOR Eagle NT Firewall to protect internal LAN of PC clients, HP 3000 mini computers and an automatic storage and retrieval system in the local warehouse from, the Internet.  Configured DNS on the outside NIC of the Firewall for name resolution outside the Rohmelectronics Domain.

·             Installed and supported an NT WEB Server outside the firewall to provide a Marketing presence on the Internet

Continued:

·             Installed Optical Storage for current paper files and COLD Reports utilizing HP Optical Jukebox, Diskentend, OTG, and MS Sql Server Software.

·             Utilized Bay Network’s OpenView Optivity, Pinpoint Software, Inc.’s ClickNet, and Fluke’s Enterprise LAN meter to document, monitor and maintain the health of the LAN.

·             Added 2 HP NT servers to corporate office, and placed 3 at remote Sales Division Headquarters for Data Mart project using Oracle DB, Discover and Discoverer reporting tools.

 

ROHM Corporation, Irvine, Ca. (3-91/7/91) Nashville,Tn. (8-91/12-00)

Systems Analyst,

Systems Manager on HP 3000 Mini computer, responsible for Operating System user connectivity both in house and remote over X.25 Sprint Network. Program maintenance and development in FORTRAN.  Designed and implemented customer required Bar Code label on parts shipped.

·               7-91-Moved Data Center from Irvine, Ca to Nashville, Tn., while maintaining remote user connectivity using a leased HP 3000 to keep order entry and shipping going while Corporate offices and warehouse were relocated to Tennessee.

·               Setup warehouse in Nashville utilizing HP 2335 Multiplexor, Intermec barcode printers, PC’s and handheld scanners to ship parts while operations in Irvine, Ca were moved to Tennessee.

·               Designed Disaster Recovery plan for the Data Center contracting with SUNGARD to provide equipment and using SUNGARD’s Minimum Disaster Recovery Configuration theory.

·               Supported modified ASK FINMAN package in FORTRAN while new business package BOSS 3000 was modified and tested by programming staff and 5 consultants.

·               Supported all warehouse functions from order picking to shipping utilizing Symbol Radio Frequency Terminals, PC’s, handheld scanners, and Intermec barcode printers.

·               Added 2 more HP 3000 mini computers using HP NS3000.  System one to shadow production system for no down time, using Quest Software Inc’s Netbase Shadow module. System two used for program development and test.

·               Added remote sales offices and warehouses to HP 3000 network over SPRINT X.25 network.

·               Supported Intertel Phone switch with extension moves, adds, and deletes.

·               Added raised access floor system, and Patch panels to Computer room.  Added Cat5 infrastructure to local corporate office.

 

 

Programmer Analyst-  BFM Energy Products,  Santa Ana, CA. (7-90/3-91)

Responsible for development and maintenance of Boeing PMS reports in FORTRAN and View screens

utilizing two HP 3000 systems networks using NS3000.

·               Managed printers and spool files using the Netbase NBSpool module

 

Programmer Analyst- ROHM Corporation, Irvine, Ca. (3-88/7-90)

Responsible for assigned projects, applications, and  “fire fighting” using FORTRAN, MPE V Commands, Image/Query, MPEX, and Adager.

·               Design and modify Speedware, a 4GL, screens and reports

·               Design and modify Quiz, a 4GL reports and processes

·               Design and modify Bar Code and EDI routines using AIAG and EIA standards

·               Set up remote sites through a VAN, Infonet using X25 protocols

·               Database design, implementation, and maintenance

 

Programmer Analyst- General Design, Sun Valley, Ca. 

Responsible for all Data Processing Department programming, operations, systems management, and database management utilizing a

Hewlett Packard 3000 computer.

·               Design and modify Quick Screens and write Quiz reports using Powerhouse.

·               Consult daily with management system end-users advising optimum usage of the

        Ask Manman/Finman Software Packages and implementation of MRP II.

·               Conduct end-user orientation and training of ASK Manman/Finman Software Packages.

 

Data Processing Programmer-  Cubic Defense Systems, San Diego, Ca.

Responsible for writing Gould MPX 77 and FORTRAN 77 based subroutine data path tests and integration of software/hardware acceptance

test procedures for the B 1 Bomber Avionics and Armaments Maintenance Training Simulator.

 

 

Computer Programer- Raytheon Company, Oxnard, Ca.

Responsible for remote site batch job scheduling, utilizing an IBM Virtual Machine 370.

·               Run daily programs for inventory control, contract bidding, payroll and account payable.

·               Evaluate job failures using stream console to recover lost reports and tape/disc files.

·               Performed related job applications programming, modified existing programs, wrote and rewrote new job Execs using CP, CMS,

        RSCS and OS/JCL.

 

Sr. Computer Operator-  3M Clinical Laboratory Services, Ventura, Ca.

Responsible for accounts receivable, sales analysis system, data file maintenance, updates, applications programming and operation of HP 3000

and CDC System 17 computers, CRT terminals, line printers, tape drives and remote batch job equipment.

 

Electronics Warfare Technician-  U.S. Army, Berlin, West Germany 

Responsible for search acquisition and modulation analysis of electronic signals. 

·               Held Top Secret Cryptologic clearance.

·               Interfaced computer programming operations with daily duties on Honeywell, Data General,

Sperry Univac and GTE Sylvania AN/YK7 computer systems,

·               Utilized test equipment to troubleshoot CRT terminals, oscilloscopes, teletype printer systems,

modulators and demodulators.

·               Developed training procedures and instructed duty requirements to assigned personnel.

 

CERTIFICATIONS:
MCSE - NT Workstation 4.0
NT Server 4.0
NT Server, Enterprise
Networking Essentials
TCP/IP NT 4.0
MS Exchange 5.5

EDUCATION:

Information Technology-(59.5 units) Ventura Community College, Ventura, Ca. 1983

Computer Programming-Diploma , Sawyer College, Ventura, Ca. 1982

 

MILITARY TRAINING:

Cryptological Intercept, Naval Technical Training Center, Pensacola, Fl. 1976

Computer Programming and Operations, Berlin, West Germany, 1976

Station Audio Routing Switch, Berlin, West Germany, 1976

 

PROFESSIONAL TRAINING:

March 1012 – present: Currently taking online courses for CCNA, Security+, Network+, CISSP, CEH certifications.

ASK System Manager-    ASK Education Center,  Orange, Ca.  1987

Generic MRP II-    General Design,   Sun Valley, Ca.  1987

Speedware 5.0-    Infosys Inc.  Fullerton, Ca.  1989

Programmers Migration to MPE/XL-    Hewlett Packard Co.  Fullerton, Ca.  1990

System Managers Migration to MPE/XL-    Hewlett Packard Co. Fullerton  Ca.  1990

Netbase, NBSpool, and Vista Plus-   Quest Software, Inc. Nashville, Tn  1994

VISIMAGE 120-    Vitalsoft Inc. Nashville, Tn.  1994

ISO 9000 Quality Awareness-    Rohm Electronics  Nashville, Tn   1994 

Speedware 7.0-    Infosys Inc. Irving, Tx.  1995

Intro to Hubs, Switches, Bridges, & Routers-    Technology Standards Group Nashville Tn.  1995

NT 3.51 Workstation-    Intergraph Corp.  Tampa Fl.  1996

TCP/IP Concepts-  Computer based training Bay Network Nashville, Tn. 1996

Simple Network Management Protocols-  Computer based training Bay Network Nashville, Tn. 1996

Case Studies Data Warehousing- Data Warehouse Inst. Convention San Diego, Ca.  1997

RAPTOR EAGLE NT Firewall 4.0-   Boston, Ma.  1997

System Administration MS SQL Server 6.5-    SOLUTECH Nashville, Tn.  1998