Bob Dooling | Elance
 
176985602337900
Last Sign-in: Dec 28, 2013

Bob Dooling

Offensive and defensive network security services
   United States
  |   Austin, TX

Resume/C.V.

Robert (Bob) Dooling is currently focused on penetration testing - identifying and exploiting network- and application-level vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients.
Bob has worked professionally in the information security field since 2000. In addition to his professional experience, he has actively experimented with and participated in various aspects of information security for over a decade.
Bob is a Certified Ethical Hacker (CEH), a Certified Information Systems Security Professional (CISSP), and has obtained GIAC (SANS) certifications related to auditing, firewall analysis, web application penetration testing, and incident handling. He is also a member of the GIAC Advisory Board, and has written papers on email encryption, firewall auditing, and wireless network analysis. Bob has a BBA in Computer Information Systems and Finance from James Madison University.
Service Description
I provide independent security services on a freelance contracting basis, specializing in the following areas of expertise:
* Security assessments, including penetration testing
* Perimeter defense technologies
* Log analysis & security information management (SIM)
* Incident detection and handling
* General network security consulting
Certifications
Global Information Assurance - SANS Institute
GIAC Web Application Penetration Tester Honors
Awarded: 2010
EC Council
Certified Ethical Hacker (CEH)
Awarded: 2010
International Information Systems Security (ISC2)
Certified Info. Systems Security Prof. (CISSP)
Awarded: 2007
Global Information Assurance - SANS Institute
GIAC Certified Firewall Analyst (GCFW) Honors
Awarded: 2007
Global Information Assurance - SANS Institute
GIAC Certified Incident Handler (GCIH) Honors
Awarded: 2006
Global Information Assurance - SANS Institute
GIAC Security Essentials Certification (GSEC) Gold
Awarded: 2004
Global Information Assurance - SANS Institute
GIAC Systems and Network Auditor (GSNA) Gold
Awarded: 2003
Education
James Madison University
Computer Information Systems & Finance - B.B.A.
1997 - 2001
Employment
Dooling Information Security Defenders, LLC (DISD)
Founder, Principal
2009 - Present
Provide information security services on contract basis. Specializing in network security assessments, perimeter defenses, log analysis, information security monitoring, and risk analysis. Performed on-site and remote internal, external, wireless, and web application penetration tests for a diverse set of customers. Developed security information management (SIM) system device integration modules for intrusion detection and credit card processing applications.
Texas State Department of Information Resources
Penetration Tester
2008 - 2011
Conduct over 25 self-directed external penetration tests annually for Texas state agencies. Utilize commercial, open source, and custom-created software to assess and attempt to infiltrate customers' networks, systems, and applications. Create detailed reports containing prioritized findings, demonstrations of exploits, explanation of compromise impacts, and recommendations for mitigation and remediation. Validate customers' remediation activities upon request.
Symantec Corporation
Senior Security Analyst
2003 - 2008
Performed Incident Identification and Escalation in a 24x7 Security Operations Center (SOC) environment. Monitored correlated security device log data for several hundred organizations through use of Security Information Management (SIM) platform and tools. Performed triage on correlated security events; responsible for identifying, escalating, and validating security incidents in accordance with customer-specific Incident Management procedures. Provided customers with best practice guidelines and practical suggestions to protect against or mitigate threats; provided remediation recommendations as needed; coordinated with Engineers on customer device changes to enhance security posture in response to potential threats and realized incidents. Developed, tested, and maintained 'event collectors' to read and parse data from various security product logs into standardized schemas, with appropriate security values. Installed, configured, tested, and analyzed output from multiple point products to generate sample integration data, using both commonly available and customized host and network attack tools. Conducted quality review of event collectors developed by remote team. Developed correlation logic rules to identify certain combinations of events as 'Incidents' indicating attacker activity, generating alerts for enterprise Incident Management and Response teams from within a Security Information Management (SIM) solution.
Arthur Andersen, LLP / Protiviti
Technology Risk Consultant
2001 - 2003
Performed audit and analysis of clients' information systems security controls to help ensure integrity of financial statements.
Payment Terms
None specified
Bob Dooling | Elance

Bob Dooling