Catherine Blackadar Nelson
OBJECTIVE:
To
obtain a position as a senior security architect, senior risk assessment auditor
or manger of a security team where I can continue to promote information
security awareness, design/review security infrastructures, and remain active
in the security community.
CURRENT EMPLOYMENT:
Cisco Systems
Risk Assessment Auditor 2002
– Present
·
Performed
Information Security audits based on CRAM (ISO 17799/FIPS-199 standards).
·
Conducted risk
assessments on domestic and international Cisco, partner and acquisition facilities.
·
Gathered data
using standard tools, host/network scanners (Nessus, Nmap, SARA, Kismet,
NetStumbler etc.), drafted reports, presented finding to senior management and
worked on remediation.
·
Performed
benchmarking and bakeoffs on various scanning tools and risk management
software.
·
Designed
implementation plans for enterprise wide network scanning and risk management
solutions.
·
Wrote risk
assessment procedure, policy and template documents.
·
Developed and
maintained hardened Mac OS X image and security tools for Risk Assessment team.
Senior Information Security Architect/Team
Lead 2000
– Present
·
Web Architecture
Team Lead – Set strategic direction for the team, defined policies and overall
security improvements in this area, mentor for other team members.
·
Worked closely
with Cisco groups to help them design secure solutions for projects. This entailed
evaluating, researching, and designing innovative security architecture
solutions. Required knowledge of the technical, business and political issues
involved and the ability to find viable, cost effective, timely solutions
acceptable to all parties.
·
Web and Internet
security expert - Designed secure web architectures, remediated web security
incidents, evaluated/implemented new technologies, review ASP’s (Application
Service Providers). Many technologies dealt with included: Borland Enterprise
Server, Siebel, Oracle Application Server, IBM WebSphere, BEA WebLogics, J2EE,
Tomcat, SSL, COBRA/IIOP, LDAP, AD, Netegrity, Kerberos, Messaging systems/JMS,
SSH, PGP, PKI, cache engines, encryption standards, CMS/CSS/Local Directors
·
Worked with
leading vendors to evaluate and improve the security of their products.
·
Wrote security
policies, procedures, hardening guides, documented networks, and
infrastructures.
·
Member of the
security awareness team, designed and taught classes, educated other groups inside
and outside of Cisco
·
Member of the
security alerts team which monitored various lists such as BugTraq, Symantec Alerts
etc., for new incidents and vulnerabilities, assed criticality and worked with
other infrastructure/incident response teams for remediation.
·
Worked with
upper management, global review boards and other groups in a general advisory
capacity to promote security throughout Cisco.
·
Interfaced with
other Cisco security teams such as PSIRT (Product Security Incident Response Team),
CIAP (Cisco Information Asset Protection), and IT compliance (CA SB 1386 and
Sarbanes-Oxley compliance)
Team lead & Technical lead for
TacWeb/TacSuns System Administrator 1997
– 2000
·
Managed TacWeb
team including budgets, hiring, training, interfacing with other Cisco teams.
·
Responsible for
everything to do with www-tac - Web/application servers, security, operating
systems, publishing systems, software, hardware, databases, search engines,
cgi-scripts, content, new technologies.
·
Developed web
applications (HTML, XML, Perl, PHP, C, Java, Javascript, Python).
·
TacSuns System
and network administrator, Linux and Sun Systems (Ultra 1/5/10/20, E250/450).
PATENT:
“System and Method for
Modeling an Information Security Risk” Patent Pending 2004
Co-inventor
of The Cisco Rapid Risk Prototyping Tool, a decision support tool that provides
baseline profiling and security risk triaging for IT projects.
SPEAKING ENGAGEMENTS:
SANS (SysAdmin, Audit,
Network, Security) Institute 2000
– Present
Conference Speaker and Volunteer
SANS is
a Computer Security training, certification and research organization
·
Conference
Speaker 2002-2003 – Presented “Secure Web Infrastructures: Beyond the Hardened
Web Server”.
·
Volunteer –
Helped with conference and the “Terminal Room” (provided machines and network
access for participants).
·
Participated in
various SANS technical conferences through the country and taken the majority
of their curriculum.
KnowledgeConnect 2000
– Present
Guest Speaker
This
forum provides confidential technical information sharing between fortune 500 companies
to help them achieve strategic and operational advantages.
·
Three time guest
speaker at this forum. Topics covered
Risk Assessment and Management models and best computer security practices.
Mr. Router’s
Neighborhood 2002
- Present
Regular Guest Speaker
This is
a live IPTV show broadcast internationally through out Cisco on which I’m a
returning guest speaker presenting various security topics.
Nerd Lunches November 2004
Guest Speaker
This is
an internal Cisco Technical engineering forum.
·
Guest speaker
presenting “General Security and Secure Web Infrastructures”.
Security Training 2000 - Present
Regular Lecturer
Wrote
and presented courses to Cisco employees, at EBC’s, and trained partners,
vendors and clients. Topics included:
·
Risk Assessment/Management
processes and methodologies
·
Computer
security and awareness
·
Web/Internet
security
·
Designing secure
e-Commerce infrastructures
·
Secure Coding
Practices
PREVIOUS EMPLOYMENT:
Stardust Technologies
Web Team Manager/WebMaster/System
Administrator/Network administrator
·
Responsible for
all aspects, hardware and software,
of high traffic, rapidly changing, cutting edge web sites including Web/FTP/Secure
servers, Apache, IIS, HTML, XML, forms, cgi-scripts, search engines,
reflectors, MBONE, IP Multicast, audio/video, animation, listserv, hypermail,
ftpmail, site statistics, registration and certificates.
·
Installed and
maintained all internal systems, including networks (TPC/IP, IPX/SPX, NetBeui,
NetBios, SLIP/PPP), routers, switches, gateways, firewalls, Internet
connections, Internet servers, nameservers, mailservers Linux/UNIX systems
(SCO, AIX, BDS, System V), Novell Netware, MS Lan Manager, VMS, PDP/VAX, IBM
Mainframe, Windows/Win95/NT/WFWG/Win 3.1/DOS systems, printers, cabling,
internal software, phones, fax machines.
Network Engineer
·
Helped maintain,
configure, and operate the WinSock Interoperability Networking Labs
·
Helped customers
test WinSock applications over windows 3.1/95/NT 16 and 32 bit Ethernet and
dialup TCP/IP stacks including Chameleon, Microsoft, Trumpet, Spry, Solarnet,
Instant Internet, WRQ, Novell, FTP, TGV/Cisco
·
QA on customers
networking applications.
WWW/Internet Consultant
·
Design, and maintained
web sites and developed custom backend cgi-scripts in Perl, C, and Unix Shell.
·
Internet
consultant for small and enterprise level businesses.
·
Trained clients
in the basics of the Internet, Web Servers, HTML, browsers, UNIX, VI, Telnet,
FTP.
InfoStreet, Inc.
Web Developer/Web Master
·
Maintained the
web servers, ftp servers, and other Internet related programs/scripts.
·
Developed custom
backend cgi-scripts (HTML, Perl, Java, C, Shell) for clients needs.
·
Designed and maintained
web sites for InfoStreet clients.
·
Trained clients
in Internet and web related information.
Technical Lead/System Administrator
·
Purchased,
installed and maintained internal UNIX systems, internet connections, and other
systems/hardware.
JSB Corporation
Technical Support Manager 1995
JSB WebMaster/ System Administrator
1994 - 1995
·
Designed, wrote
and maintained JSB's web site.
·
Internal
support/maintenance of PC's, UNIX systems, Novell server, internal ethernet
networks, modems, printers, backups, fax's ISDN Internet connection,
gateway/firewall, FTP, WWW and mail servers.
·
Purchased/repaired
equipment.
Technical Support Engineer (pre and
post sales support) 1993-1994
·
Installation and
trouble shooting of JSB's network terminal emulator, UNIX terminal windowing
application, and X server.
·
Set up and
managed the support testing facilities.
·
Wrote
documentation and technical information, internal and external training.
Borland International
Independent Contractor
·
Directed market
research for the Languages Business Unit.
·
Evaluated third
party software including C, C++, Pascal, FORTRAN, BASIC development
environments.
The Santa Cruz Operation Inc.
Technical Support Engineer
·
Helped Customers
install UNIX/XENIX on PC's, hook up terminals printers, modems, disk drives, tape
machines, and instructed them in general system maintenance and operation.
·
Trained new
engineers in support procedures and technical information.
·
Researched
difficult or unusual customer problems.
·
Wrote
documentation and FAQ’s.
EDUCATION:
B.A., Computer and Informational Sciences, June 1987
References Available Upon Request