Stacy L. Millions
Millions Consulting Limited
60 Stradbrooke Way S.W.
Calgary, AB
T3H 1S5

Work History

1997 – present

Millions Consulting Limited

Senior Consultant: Information System Security, System Architecture, Network and Infrastructure Architecture, Software development.

1989 – 1997

Ernst & Young

1985 – 1989

Millions Computing Ltd.

Owner/Manager

Experience

2010/08 – 2010/08 Network Security Consultant

Implemented a ssl vpn for a small business to enable remote workers to access office LAN resources.

2010/03 – 2010/06 Application Development

Implement SASL EXTERNAL authentication method in Thunderbird mail client.

2009/12 – 2010/01 Network Security Consultant

Firewall redesign. Catalogued existing firewall rules, identified which services were using which rules and identified the owner of each services. Recommended a periodic review process be created as part of the firewall operations. Rationalised and simplified the firewall rules and removed rules for obsolete services. Implemented e-mail grey listing as first layer of anti-spam countermeasures.

2009/12 – 2009/12 Security Consultant

Web server assessment. Identified operating system and web server components that were installed. Assessed the configuration of the components (web applications assessment was out of scope). Assessed access controls. Recommended processes and procedures for the management of the web server. Recommended changes in the access controls. Recommended the creation of test environment to help both future web server upgrades and future web application development.

2008/11 – 2008/12 Network and Infrastructure Consultant

VoIP migration. Installed and configured VoIP PBX. Configured call termination and call origination through a 3rd party provider. Configured PBX to accept SIP URI addressed calls. Implemented fax over VoIP including recommendation for faxes deliverd via e-mail based on DID number.

2008/06 – 2008/10 Security Consultant

PKI pilot. Install and configure Certificate Authority (CA) software. Design a two level two level, three CA PKI. Define certificate profiles for client and server certificates. Develop processes and procedures to create and publish Certificate Revokation Lists (CRL).

2003/08 – 2008/03 Security Consultant

Responsible for defining many aspects of the security practise.

Created a Controls Catalogue based on NIST SP800-53 and ISO19977.

Created technical—architectural—standards and guidelines to aide in the implementation of required security controls. Technical Standards were intended as a bridge between the policy security goals and infrastructure implementations. Technical Guidelines provided implementation specific guidance on how to meet the requirements of a technical standard, if such guidance was required. For example, the Encryption Standard defined the acceptable cyphers and required key lengths; then there was a Technical Guideline for how to configure Microsoft IIS SSL to conform to the standard, there was another guideline that explained how to use PGP—or GPG—in conformance with the standard.

Other standards and guidelines included:

Created a frame work for deploying applications for external users. The frame work included:

Participated in the redisgn of the DMZ. Helped to formalise the design process and the evaluation of the designs.

Developed risk assessment processes based on the existing information classifications and probability and impact definitions.

Preformed security assessments base on the NSA Information Assurance Methodology. Assessments were done on internally developed systems, purchased systems and service provider's systems.

Provided risk analysis for the monthly Patch Tuesday meetings. Meetings were held to determine which patches would be deployed and the time line that they would be deployed to. As well, short and long term mitigation strategies were decided upon for issues that warranted them.

Participated in incident investigations as well as incident response and look backs.

Consulted on many projects; extrapolated security goals/requirements from project business requirements, assessed designs to evaluate applicability and strength of proposed controls proposed additional controls and assisted in the implementation of the controls.

Responsible for vulnerability assessments; responsibilities included:

Developed and presented informational Lunch & Learn sessions.

Developed and presented informational technical security information sharing sessions, based on SANS materials.

2003/01 – 2003/02 Programmer (Perl) UNIX Consultant

Developed network performance monitoring solution that allowed clients of a network service provider to verify that Service Level Agreements were being met.

2001/10 – 2001/10 Network Security Consultant

Firewall and VPN install and configuration. Installed and configured Checkpoint Firewall-1/VPN-1 based appliances for a network service provider to provide to their customers.

2000/06 – 2003/01 Lead Java developer/Application Architect

Contracted to small firm to re-factor their desktop product into an enterprise product. Consulted on all aspects of technology and was involved in all aspects of the software design and development. Designed an implemented the application security framework. This framework was a dynamic rule based access control system that allowed access control to reflect changes in a company's organisational structure. Wrote a SWING component to display a JTree as an org. chart. Also designed, implemented and maintained the network—three sites in three cities connected by VPN—used by the developers and inter-site VoIP. Hosted the source code repository.

1999/09 – 2000/06 Network Security Consultant

Installed and configured IBM firewall. Responsible for day to day operations of the firewall. Monitored logs and investigated incidents.

1998/01 – 1998/05 Network–UNIX Consulting

Provided network and UNIX consulting services to a small ISP. Services included:

1997/10 – 1998/06 IT Consulting

Executive office support. Responsible for day to day operations and support of desktop systems, back office systems and network and telecomm systems. Systems include MS Exchange, Cisco PIX firewall and MS Remote Access Server.

1997/10 – 1998/06 SAP Basis Consultant

Upgrade and support of SAP system

1997/10 – 1997/11 SAP Consultant Support

Provided on-site technical support for SAP consultants working on customer premises.

1997/10 – 1997/10 UNIX Consultant

Worked with receiver to prepare assets for sale. Work included ensuring that all intellectual property was safely backed up and that it was securely removed from workstations prior to the workstations being re-imaged.

1997/10 – 1998/04 Network Security Consultant

Assessed existing firewall. Recommended improvements in implementation and processes.

Education

1999

IBM Learning Services – IBM Firewall for AIX (S0625)

1998

SAP Partner Academy – Certified SAP R/3 Application Consultant ABAP/4 Development Workbench

1981 – 1984

University of Regina – Computer Science