Nicholas H. Schmidt Position: Information Technology/Information

advertisement
Nicholas H. Schmidt
POSITION:
Information Technology/Information Assurance Lead Architect
DETAILED EXPERIENCE:
Information Assurance/Information Technology Lead, Boeing, Huntsville Alabama
2006 – 2008






Recognized within weeks of joining program as an expert in the system security field as
well as the overall information technology area.
Worked with customer counterparts to Certify and Accredit system for national program.
Diligent hard work moved system from 100+ high vulnerabilities to 1. Awarded and
recognized by customer Program Manager.
As Lead Information Assurance technical lead, created secure baselines and architecture
documents. Briefed multiple high level meetings and interfaced weekly with senior level
customers.
NOC/SOC Architecture used as basis of proposal. Produced over 200 pages of detailed
documents pertaining from technology to operating procedures. Architect lead also
allowed for system engineering role for specifications, requirements, and schedule/cost
impact. Managed team of 15+ individuals not to include 3 subcontractors.
Recognizing the importance of advancing a team, worked after hours to ensure
technicians were trained and provided guidance. Ability to mentor recognized by
customer who also utilizes materials and applications developed for Boeing.
A spokesperson and liaison to multiple customers and management, often called upon as
technical expert to assist in decision making process for security and information
technology issues.
Secure Computing Systems Administrator, Boeing, Huntsville Alabama
2006 – 2007




Created network deployment appliance that was able to patch and provide Operating
System installs for 4 flavors of Linux, Windows 2000/2003/XP. This project decreased
deployment times for classified labs and allowed for better baseline imaging.
Provided training videos to allow fellow technicians to learn and replicate good
administrator practices on Linux and UNIX systems.
Wrote scripts to bring Huntsville Boeing in better Sarbanes-Oxley compliancy by
dynamically changing network permissions and reporting.
With no budget, created a satellite latency machine to allow programs to test their code
under conditions they would experience in real world conditions. Commercial alternative
was 40,000 dollars per system. The machine is now installed in 10 different
environments providing a savings of 400,000 dollars to the customer.




Installed Linux clusters using Beowulf, OpenMOSIX, and OpenSSI technology to
transition from SGI server farms. Customer was able to move from proprietary solutions
and long-term contracts by using hardware already in place.
Wrote security checklists for Defense Security Service inspections on Linux servers and
desktops.
Provided technical overview on VMWare usage and installation for entire network
migrations and consolidations using failover and SAN solutions. Due to increased
VMWare usage, was able to live migrate customer’s 3 networks without impact to
mission.
With a 2-week deadline, created network architecture that spanned 10 remote locations
and partners including federal agencies with 2 different classification levels. This
required the documentation and planning of an enterprise network complete with
monitoring and security scanning. After initial documentation and planning stages,
created network servers and implemented all the technology as lead on 3 person team.
Senior System Engineer/Administrator, General Dynamics, Keesler AFB Mississippi








2005 – 2006
Created Keesler AFB’s first VMWare Server Farm. The 30-node HP farm provided 750
virtual machines and servers for training use. Not only was the sheer number of available
servers increased but also the variety. Created VMWare Sessions running Windows 95Vista, Linux, BSD, Sidewinder, and Plan9. This number increased available nodes by
150%. Total cost of project was zero dollars. Savings to the Air Force estimated at 6
million dollars. Solution was entirely Linux-based.
Upgraded 333TRS Core Training Network from IPv4 to IPv6 using Linux V4-V6 tunnels
in order to provide students and instructors an early look at the coming DoD
Architecture.
Created Action Request Servers (Remedy/Etang) in VMWare providing realistic INOSC
to NCC ticket flow training. Since Combat Information Transport System provides a
customized install CD, had to manually rewrite scripts and environment to fit virtual
hardware. Scripts were written in VB, Python, Autoit, and batch files.
Created a SCORM compatible distant learning system for training worldwide. The
system allowed for online testing and course development while providing students real
access to servers. The entire suite was accessible without any distant end firewall
configuration. Using Linux, Moodle, SSL VPN, VMWare, and Apache; was able to
provide this system at a cost of zero dollars.
Administered a network of 170 HP thin clients running Embedded Windows XP. Created
customized images for each classroom and the ability for the students to run VNC/X11
from stations. Entire network was administered through an Altiris Deployment suite.
Using Python and Autoit programming languages, created installs for HP OpenView,
CiscoWorks 2000, and Remedy to streamline process of installs. This took the total time
of systems administrator from 8 hours to 20 minutes saving the Air Force an estimated
72,000 dollars a year.
Implemented CITS network suites of NetCOP, Etang, Vertias Backup, and AD/DHCP.
Managed Cisco network consisting of 6509 Core Routers, 3550 Edge Switch/Routers,
and 2500 classroom switches. Also repaired Light Stream 1010 ATM equipment with
Avalanche network traffic generators
Senior UNIX Test Analyst, Defense Information Systems Agency (DISA), Slidell Louisiana











2005 – 2005
Performed testing on Department of Defense systems utilizing secure and standard UNIX
and Linux operating systems including GCCS/COE/NCSE/GCSS.
Developed Department of Defense approved Test and Evaluation Plans and Reports for
any UNIX system and software. This included developing objectives and procedures with
test scenarios to ensure the system met all standard requirements as determined by DoD
standards.
Advised the Project Manager and or Technical Project Manager on any problems noted
during the testing that would affect findings or delay delivery of final results.
Using government provided instructions, checklists, test tools, cases, scenarios, and
scripts, performed application and operating system software test analysis of software
applications and services running on platforms using the following Operating Systems
(OS); SUN Solaris 8 and higher, Hewlett-Packard 10.20 and higher and Linux.
Analyzing problems encountered to determine if they are the result of the operating
system, test tools, DoD software test regulations or the software being tested. If the
problem is attributable to the OS, modifies or corrects problem accordingly.
Performed tests on database systems e.g., Oracle, Sybase, Informix.
Performed tests on web-based design systems.
Researched DoD and Government regulations, procedures, etc., in support of testing
requirements.
Performed troubleshooting tasks on UNIX platforms related to the software testing
process.
Interact with DCTF personnel to perform quality assurance reviews, collaborating on test
issues, and attending meetings or conference calls with program engineers, program
managers and developers.
Received DoD training for testing security and functionality of web applications.
Self-Employed Network Security/Unix Consultant, Shreveport Louisiana





2004 to 2006
Migrated 15 domains from NT4 and Samba 2.3 to newer Samba 3. Using Kix Scripts and
VB, kept desktop systems on software baseline with hot fixes and software updates.
Reduced deployment time from days to hours.
Implemented dual media backup plans for all client servers. Backup jobs were across tape
drives and DVD+RW for better reliability. Added ability to simultaneously backup to
remote sftp/ftp/webdav.
Installed real-time server monitoring to ensure client servers were operational at all times.
Upon hardware or software error an email was sent to a pager. This allowed for the
tracking of metrics to provide clients with data on performance.
Stress tested networks using security scanners, packet generators, and port scans to find
weak points before a critical task was at hand.
Wrote shell scripts to automate the process of log rotation, backups, and to highlight
possible problems throughout syslog messages using cron jobs.








Implemented PPTP and IPSEC VPN for clients’ remote work centers using Linux and
OpenBSD.
Provided disaster recovery for clients that had lost information on RAID controllers and
through faulty backups from their IT department.
Migrated customers away from Outlook/Exchange to the Mozilla suite to provide better
security and scanning. Using OpenExchange, was able to cut costs from licensing and
provide more stability while increasing capabilities.
Implemented SPAM and virus email gateways to keep clients email loads down.
Worked on wireless networks to increase security. Using OpenBSD and a RADIUS
server was able to lockdown wireless networks. Also compiled custom firmware for
Linksys access points running Linux to further secure clients.
Installed snort on all servers to keep real-time stats of intrusion attempts.
Created weekly maintenance plans that included verification of backups, review of snort
intrusion logs, disk/memory/cpu usage, nessus security scans for vulnerabilities, and
upgrades to Operating System and required core software.
Using a mixture of Appletalk, Samba, and NFS; was able to have home drives shared
across multiple platforms in their native formats. By using standard UNIX username and
grouping files; was able to keep permissions and security consistent though all.
Network Security Administrator, United States Air Force, MacDill AFB Florida









2002 to 2004
With little formal training came to Network Control Center and became lead technician
for Network Administration.
Migrated secure network from NT4 based domain to an updated Active Directory domain
model. This included changing software push models and update technologies. Integrated
Exchange, SUS, NAV, and GPO.
Implemented proactive web based server farm monitor providing real-time control and
monitoring. System provides automatic updates and pages on call beeper in event of
problems.
Self-trained on CISCO routers and switches to fix secure network problems. Setup TFTP
server and reconfigured all routers and switches to operational state while training peers
on advanced network security principles.
Created Visual Basic, Kix Scripts, and GPOs correcting security deficiencies. Second
base in Air Mobility Command (45,000 man division of the USAF) to achieve
capabilities.
Configured Air Mobility Command’s first Software Update Services server. Automated
virus protection scheme protected entire base during multiple worm outbreaks. Only base
in Air Mobility Command to not be infected. Setup became the template for all other
bases.
Setup Defense Information Systems Agency second operational Software Update
Services server to keep secure network up-to-date with current patches.
With no formal training took over Secure Computing Sidewinder Firewall. Improved
setup by implementing fail over for increased uptime.
Administered 2 RedHat Linux Squid-based proxy servers for base. Setup bash scripts and
cron jobs to automatically tailor logs and email administrator. Implemented NTLM
authentication to prohibit unauthorized use.



Migrated Linux proxy servers to Air Force standard BlueCoat proxy. With no technical
guidance took these machines from box to operational mode and migrated all previous
proxy configurations. First base in Air Mobility Command to implement NTLM
authentication and port openings for various specialty functions on the base.
Hand selected by base Chief Executive Officer to support CORONA conference.
Maintaining an unprecedented 99.97% uptime on both unclassified and classified
machines in direct support of Secretary of the Air Force and Chief of Staff of the Air
Force. Worked with Pentagon and 20 other base network officials to coordinate firewall
access for VPN and Citrix clients.
Wrote security policies for MacDill Network Control Center governing all aspects of
asset utilization. Single-handedly rewrote entire process for firewall and VPN requests
and installs.
EDUCATION:
Bachelor of Science (BS) in Information Technology Minneapolis, MN; 2008-Present

Pursing a degree program to better myself and the career opportunities afforded
BIP200 Advance Security Keesler AFB, MS; 2004-2004

Secure networks from desktop to firewall

Advanced CISCO techniques for ACL and configuration GPO and login scripts

Active Directory fundamentals and its use in computer security

Securing CITS Suite of servers using Symantec Antivirus, Intruder Alert, and Enterprise
Security Manager

Use of Internet Security Systems Scanner to find problems on networks

Security with Linux; use of ettercap, tcpdump, nmap, nessus, and other utilities

Highest-level course in the Air Force for Network Security. One of only two E3 in class
5 Skill Level Training MacDill AFB, FL; 2002-2003

Computer and Emission Security

Continuation of computer and network principles

100% Qualified for Network Administration and Boundary Information
Protection
3C0x1 USAF School Keesler AFB, MS; 2002-2002

Basic Computer Maintenance

Microsoft NT Server/Workstation Configuration and Implementation

Solaris 7/8 in a networked environment

Fundamentals of network topologies
CERTIFICATIONS:

Computer Operator (3c0x1) USAF

Journey Man 5 skill level USAF

Messaging Technician

Exchange Technician

Active Directory Basic





Active Directory Advanced
Sidewinder Firewall Advanced
Internet Security Scanner
Solaris 9 Administrator
Linux Administrator
SECURITY CLEARANCE:
DEPARTMENT OF HOMELAND SECURITY SUTIABILITY FULL-BI (LES)
TOP SECRET SCI, DOD, 2004 (ACTIVE)
COMPUTER EXPERIENCE:
Hardware: IBM Compatible PC, Micro VAX, Apple Macintosh, Sun, Network Management
Hardware, LAN/WAN Hardware, Embedded xScale/z80/mips, BeBox, SGI Workstations,
Newton, Amiga, DEC Alpha
Software: Samba, Apache, Sendmail, Postfix, BIND, qMail, Exchange 5.5 - 2003, MSSQL
2000, IIS 4-6, Squid, Sidewinder, ClamAV, Novell Groupwise, Novell NDS, Cyrus-imapd,
Veritas Backup, Norton Ghost, Bluecoat, Symantec AV Mail Relay, Symantec Intruder Alert,
Symantec Eneterprise Security Manager, Symantec Antivirus Corporate, VSFTP, OpenSSH,
VMWare ESX, VMWare GSX/Server, VMWare Workstation, VMWare P2V, Altiris
Deployment Server
Programming Languages: BASIC, SQL, PHP, ASP, Mono, C#, VB.NET, VBscript, Javascript,
Java, Perl, Python, Ruby, Bash
Database: ORACLE, Sybase, Beehive, PostgreSQL, MySQL, SQLite, Access, Microsoft SQL,
XML, Berkely DB
Operating Systems: MS Windows 3.1-Vista, Windows NT 3.51-2003, DOS, OS/2, Linux,
FreeBSD, OpenBSD, NetBSD, QNX, MacOS 6-10, Plan9, Inferno, Sidewinder, Solaris 7-10,
OpenSolaris, HP-UX, VMWare ESX, and Embedded Windows CE/XP.
Networking Communications: Network Design, Network Management Software, Transmission
Software, LAN/WAN Software
Tools: HP Openview, Nagios, Cheops, nmap, ettercap, tcpdump, Nessus, ISS Scanner, NTOP,
MRTG, NetIQ Application Manager, NetIQ Active Directory Manager, NetIQ GPO Policy
Creator, Remedy ARS, Smarts INCharge, NetIQ App Manager, CiscoWorks 2000, Symanetc
Intruder Alert, Symantec Enterprise Security Manager
Download