Ian
R. J. Burke, GCIH, GCFA, EC/SA, MCSE-NT
iburke@headwallsecurity.com
(603) 769-9251
29 Border St.
Amherst, NH 03031
Professional Statement:
My passion for finding the best solution to a problem has found a strong match
with my interest in network security and architecture. I am seeking a position
where I can help to architect security solutions that best support the business
needs of an organization.
Work Experience:
TJX Companies, Inc.
770
Conchituate Rd
Framingham,
MA
508-390-3061
April,
2009 – Present
Responsibilities:
IDS/IPS Security Engineer. My responsibilities included policy and rules
management of all IDS and SEIM appliances. I was also in charge of firmware and
patch compliance on this equipment. As a member of the Security Operations
Center and security team I was also responsible for supporting other security
equipment such as log monitoring applications. As a forensics analyst I was
responsible for conducting forensics investigations into computer related cases
with suspect mobile or computing equipment.
Accomplishments:
Certified
in SANS Forensics 508, Certified in EC-Councils EC/SA.
Developed lab testing
environment for IDS signature rule sets.
Configured and deployed IDS’
at and local remote sites.
Worked with vendor and
management to resolve licensing and budget issues.
Technisource
(contracted to TJX Companies)
800
Boylston St, Ste 1425
Boston,
MA
617-369-1999
December,
2008 – April 2009
Responsibilities:
Contracted to TJX as an IDS/IPS Security Engineer my responsibilities included
policy and rules management of all IDS and SEIM appliances. I was also in
charge of firmware and patch compliance on this equipment. As a member of the
Security Operations Center and security team I was also responsible for
supporting other security equipment such as log monitoring applications.
Accomplishments:
•
Worked
with vendor to build and tune rule sets for IBM’s ISS intrusion
detection/intrusion prevention solution using the Proventia application.
Rolled out several Sourcefire
NIDS
St Joseph Hospital
172
Kinsley St
Nashua,
NH
603-882-3000
June,
2006 – December 2008
Responsibilities:
As the Data Security administrator I was responsible for IT security at St
Joseph Hospital. My responsibilities included identifying and responding to
network or application security events and educating the organization about
security issues, policies, and procedures. I was responsible for identifying, evaluating
and implementing technologies needed for security and worked with vendors to
resolve security issues. I worked with the CIO and the IT department to develop
security policies and ensuring compliance with standards.
Accomplishments:
•
Obtained
GCIH GOLD certification with an honors paper on the regulations impacting the
incident handling process.
Networking with colleagues
gained knowledge and supported the Hospital with SOX, Federal Rules 26-34, Red
Flags, PII, PCI, and other non HIPAA regulations that impacted the standards
governing our network and application development.
Served on the HIPAA
Compliance committee.
Worked with the CIO/HIPAA
Security Officer to develop HIPAA Audits and procedures.
Helped to develop downtime,
disaster recovery and business continuity plans.
Worked with System
administration to manage patch management with Microsoft Active directories and
Windows Server Update Services.
Evaluated and implemented two
factor authentication for remote connectivity with Microsoft Terminal Services
and Windows Server 2008.
Monitored and responded to
security events with different tools ranging from sniffers to IDS to
vulnerability assessment.
Supported IDS appliances
based on UNIX operating systems.
Provided user education of
security issues through SharePoint pages, Power Point presentations, and other
venues.
Participated in application
audits of user account rights and access.
Completed a penetration test
and vulnerability assessment.
Copley Hospital
528
Washington Hwy
Morrisville,
VT
802-888-8158
August
2001 – June 2006
Responsibilities:
As the network Administrator I was responsible for designing and developing a
Windows 2000 based network to replace the Novel and terminal network that
existed. I was responsible for maintaining all switches, servers, firewalls and
routers. I was responsible for all patch management on servers, and network
equipment. I was responsible for securing this equipment and for user access
and provisioning. I also assisted with helpdesk support at the desktop level
for this 300 to 500 node network.
Accomplishments:
·
Designed
and implemented an Active Directories environment on Windows 2000 and then
Windows 2003 networks.
Implemented Exchange 5.5 and
eventually Exchange 2000.
Removed a serial based
terminal network.
Implemented several new
interfaces on a PIX 515 firewall.
Implemented a VPN on a Pix
515 Firewall.
Introduces HP4108 Mutli-port
fiber switching to the network and added a second vlan for a public network.
Introduced SNORT Intrusion
detection.
Developed a thin client
environment with HP Thin clients and Microsoft Terminal Services to control
user access provided roaming profiles.
Introduced Citrix for remote
access to increase remote security and access functionality.
Using Active Directories and
Terminal Services provisioned rites to resources.
Worked with management for
budgeting and purchase cycles.
Worked closely with vendors
Worked with other hospitals
on group collaborations.
Worked with Regional HIPAA
consortium
New horizons Computer
Learning Center
Williston,
VT
2000-2001
Responsibilities:
To prepare and provide technical Microsoft Official Curriculum and non
technical computer education on topics ranging from MS Word or MS Excel to
server applications or network design.
Accomplishments:
·
Trained
on several Microsoft Server platforms.
Learned different presentation
and communication techniques for different types and levels of learning styles.
CDI (contracted to IBM, Essex
VT)
Williston,
VT
1998-2000
Responsibilities:
To provides third level help desk support to application development team and
project management team at the Essex junction Wafer plan en Essex Junction
Vermont. This included providing rudimentary support for a token ring network,
Lotus Notes support at the desk top level, year 2000 migration support, and
application support for multiple different applications.
Accomplishments:
·
Acquired
my MCSE on the NT platform.
Worked with individuals,
vendors and contractors from many different nations and backgrounds.
Supported users through
challenging language barriers.
Worked with dispersed support
teams and remote networking strategies.
Mad River Canoe
Waitsfield,
VT
1996-1998
Responsibilities:
To provide network and desktop support for a small network of about 35 Windows
for Workgroup systems and one HP-UX server.
Accomplishments:
·
While
much of this facility had dirt floors, network stability was a challenge.
Introduced this network to
file sharing provided network stability over floppies carried across a shop
floor.
Introduced tape backups to
the server and zip backups to the PC file shares providing file redundancy to
critical data.
Worked with FoxPro, Access
and PASCAL for data base administration and data manipulation.
Project Experience:
·
Developed
security program for St Joseph Hospital with intrusion management at its core.
The program embodies compliance, education, incident handling, and network
integrity.
Designed,
developed and implemented a MS Windows network with Active Directories and MS
Exchange. This network replaced a Novel and serial network.
Security
Experience:
Presentation of GCIH paper at Secure World Boston 2008
Network security design and architecture
Business impact assessment
Implementation of IPS/IDS Solution
Implementation of Patch management
solution
Implementation of whole disk
encryption solution
Daily monitoring of network traffic
for flow and alert analysis
Virus disaster remediation
Diagnosis and remediation of
network anomalies
Diagnosis and remediation of
network intrusions
Policy development
Disaster recovery planning
ISO-17799 evaluation
HIPAA security auditing
SEC Red Flags
User education
Education:
Masters of Information Assurance
Regis University
On-Line / Denver Colorado
Start - July 2010
Expected Graduation - 2012
Bachelor
of Science
Recreation
Management
School
of Natural Resources
University
of Vermont
February
2003
English
Major
School
of Arts and Science
University
of Vermont
Undetermined
InfoSec Institute CISSP Course Completed
ISC2 CISSP exam scheduled for September 4th 2010
Certified Ethical Hacker
EC-Council
June 11th, 2010
Certified Security Analyst EC/SA
EC-Council
April
3rd,
2010
GIAC,
Certified Forensic Analyst
SANS
Institute
June 25th, 2009 -silver
GIAC, Certified Incident
Handler-Gold
Practical,
“Security Education – The Tool for Today”
SANS Institute
February, 2007-silver, October,
2007-gold
Microsoft MCSE, MCP+I, MCT
MCP
#969985
Panurgy
Learning Center
South
Burlington, VT
2000
SEC452-IP
Packet Analysis
SANS
Stay Sharp Institute
Columbia,
MD
September,
2007
Miscellaneous
computer classes 2001-2007
Cisco
PIX, CompTia Security, Microsoft Exchange 5.5, non-specific workshops
