1997 – present
Millions Consulting Limited
Senior Consultant: Information System Security, System Architecture, Network
and Infrastructure Architecture, Software development.
1989 – 1997
Ernst & Young
- Senior Consultant (July 1994 – September 1997)
- Network Manager (Jan. 1991 – July 1994)
- Communications Consultant (Jan. 1991 – July 1994)
- Unix Kernel Programmer (Oct. 1989 – Jan. 1991)
- Unix System Programmer (Oct. 1989 – Jan. 1991)
- Unix System Administrator (Oct. 1989 – Jan. 1991)
1985 – 1989
Millions Computing Ltd.
2010/08 – 2010/08 Network Security Consultant
Implemented a ssl vpn for a small business
to enable remote workers to access office LAN resources.
2010/03 – 2010/06 Application Development
Implement SASL EXTERNAL authentication method in Thunderbird mail client.
2009/12 – 2010/01 Network Security Consultant
Firewall redesign. Catalogued existing firewall rules, identified which
services were using which rules and identified the owner of each services.
Recommended a periodic review process be created as part of the firewall
operations. Rationalised and simplified the firewall rules and removed rules
for obsolete services. Implemented e-mail grey listing as first layer
of anti-spam countermeasures.
2009/12 – 2009/12 Security Consultant
Web server assessment.
Identified operating system and web server components that were installed.
Assessed the configuration of the components (web applications assessment
was out of scope). Assessed access controls. Recommended processes and
procedures for the management of the web server. Recommended changes
in the access controls. Recommended the creation of test environment to
help both future web server upgrades and future web application development.
2008/11 – 2008/12 Network and Infrastructure Consultant
VoIP migration. Installed and configured VoIP PBX.
Configured call termination and call origination through a 3rd party provider.
Configured PBX to accept SIP URI addressed calls.
Implemented fax over VoIP including recommendation for faxes deliverd
via e-mail based on DID number.
2008/06 – 2008/10 Security Consultant
PKI pilot. Install and configure Certificate Authority (CA) software.
Design a two level two level, three CA PKI. Define certificate profiles
for client and server certificates. Develop processes and procedures to
create and publish Certificate Revokation Lists (CRL).
2003/08 – 2008/03 Security Consultant
Responsible for defining many aspects of the security practise.
Controls Catalogue based on NIST SP800-53 and
Created technical—architectural—standards and guidelines
to aide in the implementation of required security controls.
Technical Standards were intended as a bridge between the policy security
goals and infrastructure implementations.
Technical Guidelines provided implementation specific guidance on how
to meet the requirements of a technical standard, if such guidance was
For example, the Encryption Standard defined the acceptable cyphers and
required key lengths; then there was a Technical Guideline for how to
configure Microsoft IIS SSL to conform to the standard, there was
another guideline that explained how to use PGP—or GPG—in
conformance with the standard.
Other standards and guidelines included:
- OS, middle-ware and application standard configurations—or
- Wireless Network Security Standard, included configuration guidelines
for several wireless network radios that were deployed.
- Authentication Standard. UNIX/MS Active Directory Kerberos interoperability
- Standards and Guidelines for controls from the
Catalogue where developed on an as needed basis.
Created a frame work for deploying applications for external users.
The frame work included:
- Processes to ensure that external users where properly identified and
authorised before being granted access to an application.
- Processes and procedure to ensure that authentication credentials for
external users were managed in accordance with the information security policy.
- Security profiles for external users.
- Classification of data according to the classification guidelines in
the information security policy.
- Proper controls as required by the information security policy for
the particular data classification.
Participated in the redisgn of the DMZ.
Helped to formalise the design process and the evaluation of the designs.
Developed risk assessment processes based on the existing information
classifications and probability and impact definitions.
Preformed security assessments base on the NSA Information Assurance
Assessments were done on internally developed systems, purchased
systems and service provider's systems.
Provided risk analysis for the monthly
Patch Tuesday meetings.
Meetings were held to determine which patches would be deployed and the
time line that they would be deployed to. As well, short and long term
mitigation strategies were decided upon for issues that warranted them.
Participated in incident investigations as well as incident response and
Consulted on many projects;
extrapolated security goals/requirements from project business requirements,
assessed designs to evaluate applicability and strength of proposed controls
proposed additional controls
and assisted in the implementation of the controls.
Responsible for vulnerability assessments; responsibilities included:
- designing and building the assessment environment
- defining assessment procedures
- performing quarterly assessments
- analyse results
- prioritise remediation efforts
Developed and presented informational
Lunch & Learn
Developed and presented informational technical security information
sharing sessions, based on SANS materials.
2003/01 – 2003/02 Programmer (Perl) UNIX Consultant
Developed network performance monitoring solution that allowed
clients of a network service provider to verify that Service Level
Agreements were being met.
2001/10 – 2001/10 Network Security Consultant
Firewall and VPN install and configuration.
Installed and configured Checkpoint Firewall-1/VPN-1 based appliances
for a network service provider to provide to their customers.
2000/06 – 2003/01 Lead Java developer/Application Architect
Contracted to small firm to re-factor their desktop product into
an enterprise product. Consulted on all aspects of technology
involved in all aspects of the software design and development.
Designed an implemented the application security framework. This framework
was a dynamic rule based access control system that allowed access control
to reflect changes in a company's organisational structure.
Wrote a SWING component to display a JTree as an org. chart.
Also designed, implemented and maintained the network—three sites in three
cities connected by VPN—used by the developers and inter-site VoIP.
Hosted the source code repository.
1999/09 – 2000/06 Network Security Consultant
Installed and configured IBM firewall. Responsible for day to day operations
of the firewall. Monitored logs and investigated incidents.
1998/01 – 1998/05 Network–UNIX Consulting
Provided network and UNIX consulting services to a small ISP.
- Configuring RADIUS server
- Configuring dialup network server
- Disaster recovery—without backups—of a Solaris server
- Installation and configuration of Red Hat Linux servers
1997/10 – 1998/06 IT Consulting
Executive office support. Responsible for day to day operations
and support of desktop systems, back office systems and network and telecomm
systems. Systems include MS Exchange, Cisco PIX firewall and MS Remote
1997/10 – 1998/06 SAP Basis Consultant
Upgrade and support of SAP system
1997/10 – 1997/11 SAP Consultant Support
Provided on-site technical support for SAP consultants working on
1997/10 – 1997/10 UNIX Consultant
Worked with receiver to prepare assets for sale.
Work included ensuring that all intellectual property was safely backed
up and that it was securely removed from workstations prior to the
workstations being re-imaged.
1997/10 – 1998/04 Network Security Consultant
Assessed existing firewall. Recommended improvements in
implementation and processes.
IBM Learning Services – IBM Firewall for AIX (S0625)
SAP Partner Academy – Certified SAP R/3 Application Consultant
ABAP/4 Development Workbench
1981 – 1984
University of Regina – Computer Science