CONTACT INFORMATION James O. (Jim) Truitt 1-770-650-5705 (home) 2115 Old Forge Way http://jotruitt.tripod.com/ Marietta, GA 30068 E-mail: [EMAIL PROTECTED]
INTRODUCTION Over twenty years experience in all aspects of the software/system life cycle. Progressing from Software Developer, to System Integrator, to Task Leader, to Systems Engineer, to Information Systems Security Professional. I have been actively involved with network, computer and information security as an Information Systems Security Professional since 1989. CERTIFICATION Certified Information Systems Security Professional (CISSP) EDUCATION University of Florida Math Masters/Bachelors CLEARANCE DoD Top Secret clearance, with SBI. (last active June 1998) SKILLSETS security, network security, computer security, information security, security policy, security program, security architecture, intrusion detection, penetration testing, security plan, security awareness, risk management, risk review, risk assessment, assurance, security engineer, security analyst, security consultant, security administration, security testing, security management, biometrics, forensics, disaster recovery, business continuity, security audit, privacy, encryption, PKI, information warfare, information protection, information assurance, web security, ecommerce security, security consulting, security training, security mentoring LAST POSITION Worldspan (7/98 - 11/01) Position: Information Security Engineer My responsibilities as Information Security Engineer included: Providing leadership and direction for the Worldspan Information Security Program. Facilitating and providing guidance to the Worldspan Security Council (VPs and Directors) and the Worldspan Security Working Group (Managers and Administrators). Establishing policies, standards, guidelines, procedures, and controls ensuring the security and integrity of all Worldspan computing environments, networks, systems, and information assets. Defining and developing methodologies, processes and procedures for penetration testing, vulnerability scanning, log monitoring and incident management. Working with the Development, Roll-Out and Quality groups to incorporate security into their respective processes. Providing support to Internal Audit in developing and conducting security audits and reviews. Acting as liaison with the Legal Department on matters of electronic privacy, acceptable use, terms of service and 3rd party agreements. Assisting the Regulatory Group with the annual European Union Audit and Worldspan privacy initiatives. Providing security consulting and expertise to all Worldspan projects. Promoting security awareness across the enterprise with security web pages, security presentations and security reading rooms. Performing risk reviews, risk assessments and product reviews for Worldspan functional groups, such as Human Resources, Finance and Product Development. Supporting Technical Operations and Internal Systems with the planning and design of security solutions for all Intranet and Internet connectivity. Assisting the Marketing Group in responding to security questions and issues that come up as part of the proposal process. PRIOR PROFESSIONAL EXPERIENCE Booz-Allen & Hamilton (1/97 - 6/98) Position: Senior Associate Network Security and Information Assurance (IA) task area leader supporting the IA Branch of N5 of the National Communications System (NCS). This Includes supporting the Network Group (NG) and Information Infrastructure Group (IIG) of the President's National Security Telecommunications Advisory Committee (NSTAC). Additionally I was involved in the Firm's Information Security (IS), Information Warfare (IW), Infrastructure Protection (IP) and IA activities. SSDS, Inc. (11/95 - 5/96) Position: Security Engineer GlaxoWellcome Firewall migration. Supporting the customer's project to consolidate two existing firewalls (TIS Gauntlet and DEC SEAL) into a single new firewall (TIS Gauntlet). Involved in business development activities. Assisted in the development of security services offerings. General Research Corporation International (6/95 - 11/95) Position: Information Systems Security Engineer Defense Investigative Service (DIS) Integration program Information Systems Security Engineer for the integration effort. Responsible for the integration of security controls in the overall DIS integration effort. Responsibilities include; review of the DIS Computer System Security Plan (CSSP), review and refine security requirements, provide support to the test organization for developing security test plans and procedures, define and create a Security Integration and Test Environment (SITE), interface with customers to resolve security issues and develop solutions for the program, work with vendors to assess how their products may be applied as part of the DIS security solution, assist in the development of a Continuity of Operations Plan (COOP) for DIS. Harris Information Systems Division (10/89 - 12/94) Position: Staff Engineer National Crime Information Center (NCIC) 2000 program Security Engineer. Total responsibility for security in the developed system. A major component of the security effort was the development and integration of an intrusion detection capability. * Security requirements analysis and allocation * Security presentations at program reviews: System Requirements Review (SRR), System Design Review (SDR), Preliminary Design Review (PDR), Critical Design Review (CDR), In Process Reviews (IPRs), Technical Interchange meetings (TIMs) * Create security documentation: System Security Plan (SSP), Security Architecture, Security CONOPS, Security Policy, Trusted Facility Manual (TFM) * Designed Intrusion Detection subsystem: Hardware/software components, generate design documentation; Prime Item Specification (B1), Software Requirements Specification (SRS), Interface Control Document (ICD) ISDN Security Program. Exposure to ISDN protocol, ISDN services, ISDN security, ISDN Key management services, Secure Data Network System (SDNS) security protocol. (study) DNS team. The DNS team designed the replacement network for NASA's back-end DNS, migrating from dedicated point-to-point communication lines to a true networked environment using the TCP/IP protocol suite. Tasks dealt with computer/network security issues/concerns associated with this migration. This culminated in a 75 page Security White Paper and four ESRs to implement the papers recommendations. * Performed Risk Analysis: identified assets and threats, evaluated vulnerabilities, determined probabilities and assessed impact due to breach of security * Developed recommendations for risk mitigation * Proposed controls included: firewalls, gateways, packet filtering, hand-held authenticators, restricted shells, use of proxies, Kerberos * Network architecture: FDDI backbone bridged to FDDI global buses, in turn routed to Ethernet LANs * Worked with routers, bridges, comm servers * Worked with TCP/IP, SNA, GOSIP/OSI * Worked with Ethernet, Token Ring * Generated estimates for cost and schedule to implement security ESRs selected from DNS Security White Paper * Researched and evaluated the feasibility of implementing hand-held authenticators for access control Range Operations Checkout and Control (ROCC) program. Provided coding support in the areas of data acquisition and display processing. Development was done per DoD-STD-2167A. * Design, code, test, integrate, document custom software * Designed, coded, implemented test drivers and automated test files * PDL, Peer reviews, code walkthroughs * 17 CSUs, 125 modules, 40,000 LOC (these are approximate values) * Involved re-engineering a large amount of legacy code Cost History Database (CHDB). Designed and implemented an Oracle database to house project measures and metrics related to project estimated and actual cost and schedule. Designed and implemented Sequel screens to access, format and display the data. Designed and implemented standard reports. Harris Controls Division (12/77 - 10/89) Position: Associate Principle Engineer. Real-time Supervisory Control and Data Acquisition (SCADA) systems for electric utilities. Activities covered all areas of system development; system configuration and build; database configuration and build; system integration and test. Developed and taught custom courses and provided support for problem resolution (phone support and on-site support). Designed, coded, integrated, tested and documented custom code. General categories included: Data Acquisition (DAC), Man-Machine-Interface (MMI), Database (DB), data links and handlers. The coding was done in assembly language and FORTRAN. Other activities included Task Leader and proposal support. Computer Science Corporation (10/77 - 12/77) Position: Scientific Programmer. Continuation of work done for Federal Electric Corporation. Federal Electric Corporation (6/77 - 10/77) Position: Scientific Programmer. Centaur launch support. Maintained programs written in Honeywell's GMAP assembly language and provided programming support to the weather office at the Kennedy Space Center. Designed, coded, tested and integrated a program to plot wind shears. Programming was done in BASIC. Brevard County School Board (3/71- 6/77) Position: Teacher, Secondary Mathematics.
