Dominique S Davis
CSO/Security architect
415 681 4216
Email:[EMAIL PROTECTED]
Email:[EMAIL PROTECTED]
Email:[EMAIL PROTECTED]
Objectives
My goals are a permanent position with a company where I can put my existing
skills to use as well as acquire new ones. I also desire position where i
can
design and implement company wide security measures and build an effective
security team .
Accomplishments/Media
I was the first person to break the encryption on Microsoft's NetBEUI Shared
folders and network resources for Windows 95/98.
Speaker at defcon 7 on windows security and windows networking as (Mrmojo).
Speaker at defcon 8 on windows 2000 security.
Numerous white papers on windows security.
Numerous windows Security programs http://www.dis.org/mrmojo
I am quoted in the following:
CNN online http://cnn.com/TECH/computing/9907/12/hair.idg/index.html
WTVN radio show john Corby show speech on windows networking and security.
Wired Magazine
PC world weekly
USA today Front-page of life section /article on windows security after
defcon 7.
LA Times front page of business section defcon 6.
A&E Interview on cyber terrorism and computer crime (to air JAN to FEB 2000)
SKILLS:
Operating Systems:
MSDOS
Windows 3.11 (windows for workgroups)
Windows 95,Windows 98 (se) Windows CE
Windows NT (server and workstation) (3.5,4.0)
Windows 2000 /XP
FreeBSD, Net BSD, OpenBSD
Slackware, Redhat, Suse, Trinux, Mandrake
Networking skills
Ability to configure, administer, audit, secure and penetrate the following:
Networks:
Windows 3.11, Windows 95/98, Windows NT, Windows 2000
Network Applications:
Internet Information Server/Visual Source Safe/SQL Server/MS Site server/MS
Exchange/MS BackOffice/Web trends Server/Samba/Apache Web Server/Wingate/Win
proxy/Codesafe/MS Personal Web Server/MS Virtual Private Networking/LOTUS
Mail Server/
Firewalls
Firewall 1 (NT) + Nokia Versions/CISCO PIX/Netscreen/Raptor/Netgear
Network Protocols:
Vpn/ TCP/IP/ NetBEUI/ NETBIOS/ IPX/SPX/ SNMP/ SMTP/ SSH/ SHTTP/ HTTP/
TELNET/ FTP/GOPHER/
SSL/ IPSEC/ SMB/PKI
Intrusion detection /Prevention systems
Tripwire
Viperdb
Etercept
Nfr
Hummingbird NT
Mantrap
Custom IDS*
Security Skills
Ability to train and manage others as well as working well alone
In-depth knowledge of security audits as well as how to write and implement
policy
Ability to conduct legal and policy audits
Ability to design and implement company wide security measures including but
not limited to:
Site audits
Security audits
Physical security measures i.e. Biometrics and theft prevention
Intrusion detection and prevention measures
Data backup encryption security and redundancy measures
Firewalls
Encryption and Vpn solutions
Security training and presentations for employees
Preparing security presentations for potential partners as well as third
party auditors
Design and implementing document and software change control
Ability to audit and evaluate new security technologies (hardware/software)
Misc skills
In-depth knowledge of the Windows 95/98/NT/2000/XP registries
Understanding of PC hardware installation, repair, and upgrade
Level 3 technical support skills, in person and over the telephone
Understanding of PC software installation, repair, upgrade, and disaster
recovery
Ability to program in Visual Basic, HTML, and VRML, JavaScript,
Working knowledge of shell commands and shell scripts
Working knowledge of Xwindows, SSH, telnet, text only web browsers
Professional Experience:
Microsoft
WebTV Security Architect
Mountain View, CA
Jan 2001 - Jan 2002
Responsibilities Included:
Application Level Security Testing
24 hour on call incident response
Intruder tracking and prosecution
Attacker profiling
Corporate counter espionage
Authoring and implementing the following policies:
Network Security Policy
EIRP (Emergency Incident Response Procedure)
Security Document change control policy (for security documents)
Employee Termination Policy
Service level Security policy
Further duties include
Management of the 911 security breach
Electronic Infiltration of hostile groups
24 hour on call incident response
Writing training documentation for Sales staff, and train Sales and Support
on 'demo exploits' and functionality and security of the web tv service
Service and software side bug resolution and tracking
Reverse engineering software
Entercept
Senior windows researcher
Sanjose ,CA
July 2001 - October 2001
Responsibilities Included:
Manage windows team and delegate tasks
Train windows team and bring them up to date on new issues
Research, test, and document security issues and vulnerabilities for Windows
NT,2000,IIS
Write attack signatures for Entercept's host-based IDS
Test product signatures and write testing plans for QA to provide effective
testing of HTTP engine functionality
Write training documentation for Sales staff, and train Sales and Support on
'demo exploits' and functionality of the HTTP engines
Monitor over conventional and underground sources daily for new information.
Provide Escalation Support for Tech Support cases.
Work with QA and Development to isolate and correct product bugs, and to
document current and needed functionality.
Build, manage, and maintain eKAT Windows Lab.
Provide emergency product response for new issues i.e. code red ,code blue,
and nimda
Wells Fargo
Intrusion detection /venerability analysis team
201 3rd street San Francisco,CA
January 2001-July 2001
Responsibilities Included:
Blind/internal/application level penetration testing
Security audits
24 hour on call incident response
Intruder tracking and prosecution
Attacker profiling
Building and managing a live lab for training and war games
Building and securing a secure communications system including
bbs,ftp,webserver,emailserver,key exchange server
Authoring security programs for use in penetration testing and security
audits
Training other team members in penetration testing as well as writing policy
Attending training sessions such as black hat and Nfr`s Ncode training
Authoring and implementing the following polices
Intrusion response procedure
EIRP (emergency Incident response procedure)
Pager rotation teams and IDS/firewall response procedure
Real names Corporation
Redwood City, CA
Chief Security Architect/CSO
March 2000 - August 2000
Responsibilities Included:
Developing Security patches and legal notices for all network computers
Periodic Security scans and reports of security status
Inspecting Network Topology for weaknesses
Implementing changes to existing networks for a more secure environment
Researching new security issues and exploits and providing reports and
workarounds.
Installing and configuring web servers for maximum security.
Managing Security Department
Training additional security personnel
Authoring and implementing the following policies:
Network Security Policy
EIRP (Emergency Incident Response Procedure)
Backup and restore policy
Acceptable network use policy
Security Document change control policy (for security documents)
Prosecution and Tracking Policy
Employee Termination Policy
Network Penetration testing
Physical Penetration testing
Network security auditing
Intruder tracking and prosecution
Preparing documentation and presentations to successfully pass third party
security audits
Designing and deploying a network wide anti-viral defense topology
Managing and deploying/monitoring Nokia Firewalls
Installation and monitoring IDS software
IDS, Firewall,
Writing and applying registry armor/OS hardening
Designing and implementing secure standards and methods for telecommuting
users and remote co-locations
Quality Assurance testing of third party security applications as well as
providing solutions for remote networking and management
Responsible for assisting Human Resources in adjusting the corporate culture
to a security-centric model
Biztro
Santa Clara, CA
Independent Security Architect/Consultant
October 1999 - November 1999
Responsibilities Included:
Penetration testing
Security auditing
Training Personal in use of security software and secure networking
practices.
Writing A security policy to pass Third party inspection (Price &
Waterhouse)
Analyzing Pix Firewall configuration
Securing the Following apps and servers On A Multi Network
Internet Information Server, Visual source safe, SQL server, Ms Site server,
Ms Exchange, MS BackOffice, Web trends Server, Ms Virtual Private
Networking,
Shttp server
Developing Security patches and legal notices for all network computers
Periodic Security scans and reports of security status
Inspecting Network Topology for weaknesses
Implementing changes to existing networks for a more secure environment
Researching new security issues and exploits and providing reports and
workarounds.
Installing and configuring web servers for maximum security.
Crimson Dragon
Long Beach, CA
Independent Consultant
June 1998-June 1999
Responsibilities Included:
Penetration testing
Security auditing
Hardware and software installation and upgrade of existing software
Training Personal in use of security software and secure networking
practices.
Troubleshooting and repair of existing system
Tutoring of users on computer and Internet usage
Disaster recovery, data restoration, and virus clean-up
Adding Internet connectivity to the existing system
Telephone and "hands on" technical support
Developing Security patches and legal notices for all network computers
Periodic Security scans and reports of security status
Inspecting Network Topology for weaknesses
Implementing changes to existing networks for a more secure environment
Researching new security issues and exploits and providing reports and
workarounds.
Installation and configuration of database and inventory software
Installation and configuration of backup system (removable drives and
uninterruptible power supply)
Installation and configuration of network workstations
Establishing an Internet presence for the company
Interplay Productions
Irvine, CA
Level 3 Support Technician,
December 1997-June 1998
Responsibilities Included:
Providing superior level 3 technical support both over the phone and email
Solving hardware and software compatibility problems
Beta-testing software and providing bug analyses
Updating the tech support database over a network environment
Designing macros for the email support data base network
Use of MS-Office, Lotus, and Excel databases
Tiger Crane Martial Arts Studios
Signal Hill, CA
Independent Consultant,
August 1997-November 1997
Responsibilities Included:
Hardware and software installation and upgrade of existing software
Troubleshooting and repairing existing system
Tutoring users on computer and Internet usage
Disaster recovery, data restoration, and virus clean-up
Basic administration of existing system and customer database
Telephone and "hands on" technical support
