Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

docx - Mickey Lasky

advertisement 
Mickey Lasky (GCFA GWAPT GCFE RHCE CEH)
4079 Britwell Place, Fairfax, VA 22033
(703) 942-9156 | mickey@ita.org
Principal Security Analyst | INFOSEC Engineer | Forensics Analyst
Professional Experience
Verisign, Reston, VA,
January 2012 - Present
Incident Response Manager

Manage day-to-day incident response and investigative duties for Verisign. Coordinate multi-departmental
responses to information security events including events within the corporate infrastructure, Verisign product offerings,
and the .COM, .NET, .GOV, .TV, .CC, and .NAME resolution systems.

Manage, operate, and analyze data from corporate security systems including Sourcefire IDS, Solera Network Forensics,
Mandiant Intelligent Response, and EnCase.

Analyze incident event data from FireEye and Damballa Failsafe appliances as well as other data sources.

Maintain department database of investigations and security incidents.

Act as Tier 3 support for the Global Service Desk with regards to desktop security incidents.

Public Trust clearance with MBI for working with sensitive .GOV resolution data.
Accomplishments:

Designed and deployed multiple appliance (both physical and virtual) Solera Network Forensics capture infrastructure
providing packet capture services for both corporate and server environments.

Designed, published, and maintained corporate-wide Incident Response program guide including processes, procedures,
contacts, review, and operational aspects.

Upgraded and modernized existing forensics environment including upgrading to EnCase Enterprise 7 and the installation of
AccessData Forensic Toolkit v4.1 for greater coverage.

Produced new hire orientation training materials specializing in the information security aspects of the corporate
environment.
Network Solutions, Herndon, VA,
August 2009 – December 2011
Manager, Systems & Platform Security

Manage and lead day-to-day technical security operations for a global web hosting provider and domain name registrar and
provide leadership for Corporate Security team.

Operate and analyze results from enterprise detection systems such as Sourcefire, Tripwire, and several others.

Perform incident response for compromises that occur within the network, both in production and on the back-end servers.
Act as Tier 3 escalation point and on-call responder.

Perform regular vulnerability assessments and internal penetration tests against corporate assets.

Maintain corporate SSL certificates and ensure their freshness and renewal status.

Provide security oversight and best-practices advice for ongoing operations within other organizations.

Act as a security evangelist for the company and provide guidance on information security topics.
Accomplishments:

Designed and deployed multi-sensor Sourcefire Intrusion Prevention System covering public shared web hosting, corporate
web storefront, three remote offices, and public E-Commerce environments directly leading to a reduction in attack volume
to near zero percentage within the first 3 months of implementation.

Researched and developed over 900 customized Snort signatures to assist in detection and prevention of attacks.

Configured and deployed enterprise-wide 2-factor authentication system utilizing RSA SecurID in cluster failover mode.

Designed and deployed enterprise-wide vulnerability management and remediation system utilizing Rapid7 NeXpose and
multiple scanning engines for continuous scanning per environment and comprehensive remediation reporting.

Designed and helped to deploy enterprise-wide network forensics solution utilizing Solera DeepSee allowing for previously
unattainable visibility into traffic flow.

Supported internal audits for ITGC/SOX and participated in 2 complete successful Level 1 PCI audits.
Georgetown University, Washington, DC,
May 2005 – August 2009
Senior Security Analyst

Established the Information Security Office and program for the University leading day-to-day security operations.

Perform security architecture reviews, vulnerability analyses, penetration tests, and risk assessments for University
organizations and IT projects. Served as a tier 3 escalation contact for University help desk services.

Led incident response and forensics analysis for security breaches and litigation support.
Accomplishments:

Project managed, designed, and led the implementation, of border HA VPN Nokia firewall cluster, for main campus data
center, School of Foreign Service in Qatar and disaster recovery sites.

Designed, implemented and managed campus-wide McAfee Data Loss Prevention Monitor (iGuard) system.

Led the implementation and management of campus-wide McAfee Intrushield Intrusion Prevention System.
Mickey Lasky
(703)942-9156
Page 1





Designed, implemented and managed campus-wide Solera DS Series Network Forensics Appliance.
Supported University network migration in reviewing and securing of over 500 servers to a default deny security stance.
Performed forensics on a 2006 data breach that directly led to arrests and prosecution by Federal authorities.
Managed the University Information Security Office student internship program.
Guest lectured for computer science classes on the topic of Information Security.
Computer Associates, Herndon, VA,
May 2004 – May 2005
Security Specialist

Deployed and operated the Managed Vulnerability Service (MVS) and Vulnerability Operations Center (VOC).

Worked with clients to integrate the CA Unicenter suite into their existing environments to mitigate security threats.

Created and distributed impact analysis reports to clients on existing and emerging security vulnerabilities.
Accomplishments:

Built the MVS Vulnerability Operations Center from scratch to support the newly launched MVS service.

Configured, deployed, and managed Juniper Netscreen 204 and 5GT firewalls in a VPN configuration to support secure
communications between the MVS VOC and client sites.

Successfully deployed CA Unicenter to act as a patch management infrastructure for a large government agency supporting
thousands of workstations simultaneously.
Counterpane Internet Security, Chantilly, VA,
January 2003 – May 2004
SOC Engineer

Performed technical operations in a 24x7x365 Security Operations Center environment.

Monitored third-party news sources to develop emerging security trends.

Developed and distributed Intelligence Objects (security reports and updates) updating clients on imminent threats.

Performed incident response for clients and Manage client security monitoring devices.
Accomplishments:

Part of the first team to detect the SQL Slammer outbreak before it became public and advised clients on how to remediate
the threat.
WorldCom (UUNET), Ashburn, VA,
December 1993 – December 2002
Manager, Network Security Consulting, Business Services

Responsible for managing the day to day operations of a staff of 6 in the Network Security Consulting division.

Led and managed budget planning, forecasting and staff scheduling for client engagements

Responsible for providing consultative services to customers on network and security matters
Accomplishments:

Implemented Hardware and software configuration for firewall and Intrusion Detection Systems for numerous clients.
Technical Expertise

OS
Linux/Unix, Solaris, OSX & Microsoft Windows (All versions)

Hardware
-
Access and Intrusion Managment (IDS/IPS): SourceFire (3D9900, 3D6500, DC3000), McAfee Network
Security IPS/IDS Platform, PaloAlto (PA-2050), Tripwire (v7.x), RSA SecurID, LDAP
Firewall & Networking: Nokia Firewalls (IP330, IP1260, IP1280, IP2450), Network Critical Network
Taps, Cisco switches/routers, Cisco PIX 515/ASA 5520
Malware & Data Loss Prevention: Symantec SEP 11, McAfee Data Loss Prevention Monitor (formerly
Reconnex iGuard Monitor), Solera DS3150, FireEye, Damballa Failsafe
Forensics: ImageMaster Solo IV, Solera DeepSee, VOOM HardCopy II

Software
Tripwire, Check Point Firewall-1/VPN-1 NG/NGX, NMAP, Wireshark, Metasploit, Nokia IPSO 4.2/6.0/6.1,
Tenable Nessus, Snort, tcpdump, Netflow, iptables, Paros, HP WebInspect, Rapid7 NeXpose, honeypots,
AIDE

Forensics
AccessData Forensic Toolkit, X-Ways Forensics, Guidance EnCase 7.x, Autopsy Forensic Browser, The Sleuth
Kit (TSK), Windows Forensic Toolkit, RegRipper, Volatility, SANS SIFT Workstation, Foremost, Scalpel,
Sysinternals Suite, IEF, Mandiant Intelligent Response
Mickey Lasky
(703)942-9156
Page 2
Education/Certifications

The American University, Bachelor of Arts in Broadcast Journalism
1994

Vice President, Private Investigators Association of Virginia
2011









SANS FOR610 – Reverse Engineering Malware
SANS GIAC Certified Forensic Examiner (GCFE) #666
Pentesting with BackTrack Live, Offensive Security
SANS GIAC Web Application Penetration Tester (GWAPT) #799
Red Hat Certified Engineer (RHCE) #805009840838122
SANS GIAC Certified Forensic Analyst (GCFA) #4598
EC Council Certified Ethical Hacker ECC915516
Registered Virginia Private Investigator DCJS #99143477
Check Point Certified Security Administrator, Security Engineer vNG and Instructor
2012
2012
2010
2010
2009
2008
2006
2003
Mickey Lasky
(703)942-9156
Page 3
Related documents
Qualifying Digital Forensic Practitioners as Expert
Qualifying Digital Forensic Practitioners as Expert
Wildlife Forensics
Wildlife Forensics
SE00 - 台灣大學地質科學系
SE00 - 台灣大學地質科學系
Final - Utah Valley University
Final - Utah Valley University
9781435498839_Sol_ch07
9781435498839_Sol_ch07
IRP 4 Forensics
IRP 4 Forensics
Establishing Secure and Trustworthy Computing in the
Establishing Secure and Trustworthy Computing in the
cfintro
cfintro
pacing of forensics - Grant County Schools
pacing of forensics - Grant County Schools
Dead-box and Live-box analysis - PSNA CET
Dead-box and Live-box analysis - PSNA CET
Learning Science Through Forensics Activities
Learning Science Through Forensics Activities
Tyler Watson CSC540 April 26, 2012 Dr. Lyle and Dr. Pilgrim Digital
Tyler Watson CSC540 April 26, 2012 Dr. Lyle and Dr. Pilgrim Digital
Download
advertisement