David
Matthew Zendzian
dmz@dmzs.comihttp://www.dmzs.com/~dmz/resume.htmliPDFi
(415)738-5324
Summary
Skilled self-starter with Executive,
Departmental & Team Management experience in Fortune 50 organizations. Skillful resolution of complex problems. Very experienced in the full application
development cycle. Demonstrated ability
in the crafting of strategic plans and interfacing with internal and external
management, peers and partners.
Respected for interpersonal skills, integrity, leadership and especially
computer knowledge and principles.
Certifications: VISA QDSP (Qualified Data Security
Professional)
VISA QPASP (Qualified Payment
Application Security Professional)
Published: Hack Proofing your
Wireless Network by Syngress Publishing,
2002
Managing IMAP by OReilly, 2000 has sections on my Cyrus/SASL patches
Speaker SecurityOpus Business / IT & PCI
Compliance 2007
Two day training
course to provide PCI solutions to Merchants, Acquirers and the IT staff that
support them. What, Why & How of
PCI, Legal Liability, PCI Audit Checklist, Tools for making your staff PCI
ready, Documentation, Architecture, Encryption, Auditing, Vulnerability scan
and Penetration testing, SDLC vs PABP and Patch Management.
MIS
Training Institute Conference & Expo on Mobile & Wireless Security,
September 2002. Presented
detailed instructions on how Wireless networks are identified and technical
information on how the carte project utilizes identified information to graph
possible bounds of wireless networks using satellite imagery.
WRQ Customer Conference Yearly conference of
top customers of WRQ. Presented Wells Fargo solution for single sign-on
Internet based access to mainframe systems.
Projects: PCI Conference - The first conference
devoted entirely to the Payment Card Industry (PCI) Data Security Standard
(DSS). It is a place to learn and discuss the compliance requirements, and meet
experts who can answer your touch questions. PCI-CON focuses on how to prepare
for and survive an audit from both the technical and business perspectives.
Carte - Project Creator / Developer Wireless network
bounds mapping application that creates Inverse Distance Weighted image maps
that overlay on top of TerraServer satellite & Mapquest Aerial maps showing
the possible range of discovered wireless maps.
F.I.R.E. Developer Forensic & Incident
Response Environment - Bootable CDROM capable of providing immediate tools for
performing Forensic analysis, incident response, data recovery, penetration
testing & vulnerability assessment (documentation, testing, script hacker,
Xapp(C)).
Air Internet - Creator, Developer GNU Wireless Access
Point administration and payment system
enhancement for NoCat captive portal with support for Cybersource, Paypal &
BofA payments.
Nocat
Wireless - Developer GNU Wireless
Access Point Authentication system for turning Linux & BSD systems into
secured WAP.
sentryWatch Project Creator /
Developer Central database integration of portsentry intrusion monitoring
(sh, php, perl, mysql)
Mysql-SASL Patches
Patches to Carnegie Mellon Simple Authentication and Security Layer to support
Mysql as an authentication mechanism and allow cyrus IMAPd to support multiple
instances with multiple config files (C).
Debian Developer: Icecast MP3/Ogg Vorbis audio streaming & the public key
server used within the pgp public key network.
ZZ Servers, LLC. (www.zzservers.com)
·
Business
Development & Marketing of collocation and managed services
·
Sourced
and designed Managed Internet Collocation data-center
·
Identified
and hired technical teams
·
Designed
and configured asterisk pbx, including IVR functions that integrate into
company back-end systems and provide customers and staff multiple telephone
based tools
·
Designed
and deployed multi-DMZ managed infrastructure for deploying and supporting mass
managed and unmanaged collocated internet applications.
·
Designed
and deployed network based server provisioning for entire hosts or Xen virtual
hosts.
·
Managed
team of system and network engineers responsible for entire corporate
infrastructure.
- DMZ
Services, Inc. (www.dmzs.com)
DMZ
Services
·
Designed,
deployed and supervise team that monitors distributed network intrusion
detection network to monitor for threats against on-site or collocated network
infrastructures.
·
Designed,
deployed and supervise team distributed application security log monitoring for
threats against on-site or collocated applications.
·
Created
OEM product for highly available network load balancer on inexpensive network
devices, supervised and contributed to web application configuration tool and
supervise team managing deployment and use of load balanced network
infrastructure.
·
Designed
and configured asterisk pbx, including IVR functions that integrate into
company back-end systems and provide customers and staff multiple telephone
based tools
·
Formalized
all business processes and relationships
·
Responsible
for all business operations and management
·
Design,
Built out and maintenance of internet colo including n+2 servers for all tiers
(Firewall, Web, DB, Mail)
·
Design
and programming of new DMZS portal that includes web site, email and customer
provisioning along with online tools for network and local vulnerability
assessment tied into full zabbix monitored
systems.
·
Provided
small business consulting services for IT design and deployment as well as
security vulnerability and forensic services for incident response requests
from the small business community
DMZ
Services AirInter.net
·
Created
& programmed wireless portal for NoCat gateway, including full user and
administrator management of accounts.
·
Created
& programmed payment gateway for NoCat gateway including support for
SurePay, Cybersource, PayPal & BofA payment gateway
·
Created
custom embedded linux image and system for deploying AirInter.net/NoCat gateway
on an easy to use small embedded system
·
Worked
with programmers and ISPs in multiple locations in the
·
Recreated
new AirInter.net web site for public download and forum support of all software
released
DMZ
Services Justgive.org, 2004-
·
Continued
support of justgive, moving their servers into new DMZS managed facilities
·
Added
clustering of web, application and database layers for Justgive to facilitate
2005 giving season which should top 15MM in total donations through Justgive
and American Express partner
Verisign
Siebel Systems, 2004
·
Designed
IDS / IPS / Vulnerability assessment tool for Siebel systems through a contract
with Verisign Professional Services
Sapient Data Security Blue Shield of California, 2005/2006
·
Performed
HIPAA Risk Assessment of internal projects and external vendors
·
Assisted
in hiring of full time staff risk engineer
·
Developed
database to store all risk assessment details and generate department reports
and statistics
·
Developed
new methods of creating risk reports by extending current tool functionality.
DRG Virgin
Mobile USA, 2005
·
Contract
Chief Information Security Officer responsible for creating security policies,
procedures and department within Virgin Mobile USA (VMU)
·
Worked
with SOX and PCI teams to ensure policies and procedures within VMU were in
place to ensure VMU compliance.
·
Identified
and assisted in hiring security engineering team
·
Identified
additional security device requirements necessary for compliance. Worked with
vendors to receive evaluation devices and coordinated installation and testing
of these devices (LogLogic, PacketMotion, Net Forensics, N-Circle, etc)
·
Worked
with all technical teams to ensure firewalls, network devices and security up
to newly created security standards
·
Initiated
design of corporate wireless reconfiguration with WPA and centralized
certificates. Worked with network and server team to begin beta testing of new
wireless configuration
·
Created
list of all security needs to be passed on to permanent CISO when hired.
DRG PCI
(listed below), 2005-2007
PCI Projects below include auditing security
policies, network architectures, firewall and IDS implementations, systems
services and protocols, configuration standards, patch management, encryption
methods and key management controls, antivirus, application software development
lifecycles, systems authentication and physical access controls, audit logging
and monitoring, media storage controls, data retention and destruction,
disaster recovery and business continuity, incident response plans, network
vulnerability scanning and penetration testing.
DRG Williams
Sonoma PCI, 2005/2006
·
Performed
2005 network penetration testing of web presence for all Williams Sonoma
companies (Pottery Barn, Williams Sonoma, etc).
·
Performed
2006 War-dialing assessment of all Williams Sonoma phone systems
·
Performed
2006 Wireless security assessment of Williams Sonoma Corporate offices
DRG Wells
Fargo Bank PCI, 2006/2007
·
Performed
2006, 2007 PCI policy review & Debit Card PCI Audit
·
Lead
Security Engineer for 2006 PCI audit of Wells Fargo Bank debit card systems.
Over 120 people and 6 applications spread between multiple states.
DRG - Marine
Corps Community Service (MCCS) PCI, 2006/2007
·
Lead
Security Engineer for 2006, 2007 on-site PCI Audit of MCCS in
DRG Global Cash Access PCI, 2005/2006/2007
·
Performed
2005, 2006 & 2007 PCI policy review
·
Lead
Security Engineer for 2006 on-site PCI Audit
·
Performed
2006 network penetration testing of network resources for PCI compliance
DRG Adteractive
PCI, 2005, 2007
·
Performed
2005 & 2007 PCI policy review
·
Security
Engineer for 2005 on-site PCI Audit
·
Performed
2005 network penetration testing of network resources for PCI compliance
DRG I-Pass
- GoRemote PCI, 2006
·
Performed
2006 PCI policy review
·
Lead
Security Engineer for 2006 on-site PCI Assessment
·
Performed
2006 PCI policy review
·
Lead
Security Engineer for 2006 on-site PCI
DRG Chelsea & Scott One Step Ahead - PCI, 2006
·
Lead
Security Engineer for 2006 on-site PCI Readiness Review
·
Lead
Security Engineer for 2006 on-site PCI Assessment.
- DMZ
Services, Inc. (www.dmzs.com)
DMZ
Services, Inc.
·
Established
business relationships with engineers and consultants world wide to provide a
24x7 support.
·
Established
capital budget and performed all back-office business functions, including
permits, licenses, insurance and payroll.
·
Designed
and developing (patent-pending) interface for performing all back-office tasks
as well as providing an interface for all servers and services being monitored
integrated into a system that clearly meshes with the business logic of the
organization deploying it.
·
Integrated
new DMZS web design into several Open Source projects in the creation of the
new corporate web site using PHP, Perl and C.
Included tools to support IT professionals with Project Management and
distributed system and network assessment and system & security monitoring
tools.
·
Designed,
programmed and manage live MP3/Vorbis-Jukebox, offering team custom set-lists
they can choose from to listen to from home or work. The project became the
backend to the radio station at the
largest hacker convention in the world, Defcon.
·
Volunteered
time and services to provide internet, server, network & security
consulting to JustGive.org, Global
Gateway to Charitable Giving and Philanthropy on the Internet.
·
Setup
Corporate Headquarters network, Linux Internet Gateway and Packet Filter
Firewall.
·
Deployed
windows file shares with SAMBA, eventually moved to an NT file/print server.
·
Designed
3 layer DMZ security architecture facilitate new software & partnership
with American Express.
·
Deployed
& Supported new DMZ utilizing TRex firewalls, tripwire, snort, portsentry
and sentryWatch to provide security and Apache Jakarta Tomcat with mysql and
PostgreSQL database for the new application.
Wells
Fargo Bank, N.A. (www.wellsfargo.com) Security Consulting
·
Provided
secure network infrastructure designs for the Secure Access Engineering
Division of Wells Fargo.
·
Worked
with all banking business units within the bank to implement secure
infrastructure designs on any project that connected to the Internet or
external partner.
·
Worked
on designs for Wells Fargo Brokerage backend connectivity to multiple systems
of record and partner networks.
·
Designed,
deployed and managed multi-zone Raptor Firewall for one of the first WFB
co-branded sites.
·
Partnered
with Sure-T, an electronic provider of Surety bonds for Internet Commerce to
provide all IT & Security services.
·
Worked
with founder to develop application design integrating security principles into
the plan.
·
Managed
outsourced development shop on the build of the application, managing
development cycle and reporting status to Sure-T founding team.
·
Negotiated
collocation facilities with Above.net for production servers.
·
Procured
all software necessary for Sure-T application, including lifetime Oracle
license for core database.
·
Worked
with & managed team of engineers to deploy secure infrastructure capable of
being integrated into any leading financial, insurance or commerce application.
·
Deployed
multiple Raptor firewalls, SecureID access to every server
·
Configured
dual Sun Enterprise 4500s with shared SCSI D1000 RAID cabinet.
·
Worked
with network & server team to deploy application and server monitoring for
developed J2EE/Weblogic application.
·
Provided
proactive support on 24x7 managed services for all servers and security.
·
Provided
complete documentation regarding IT management and IT deployment details to
Sure-T team.
·
Provided
Gazoontite.com, an Allergy Solution provider with stores in NY, LA,
·
Designed,
configured & Deployed Development, QA and Production server farms.
·
Assisted
DBA and Developers in troubleshooting Oracle and java problems on large
multi-processor redundant systems.
·
Configured
cron and other scripts to simplify repetitive applications. Installed custom
bigbrother and MRTG monitors and provided documentation on all system(s)
configuration.
·
Performed
custom sendmail rule configuration to provide inbound Internet proxy/gateway
for e-mail.
·
Monitored
and supported all systems in case of emergency.
3d-Unlimited.com (www.3d-unlimited.com) IT &
Programming Consulting
·
Reprogrammed Cyrus IMAP Daemon and SASL libraries to support
multiple-virtual environments
·
Deployed
new configuration using TWIG for the
online gaming community 3d-Unlimited
to support virtual email services to every domain and user of the 3du
group.
April 1999 Director
of Information Technology
November 1999 International Microcomputer
Software, Inc. (www.imsisoft.com)
·
Managed
International IT Department that provided and supported the systems and
networks used by the corporate office and their Internet strategies.
·
Organized
all IT projects in online project system, including support for online
meetings.
·
Provided
weekly reports to executive staff on all IT department projects.
·
Organized
weekly and monthly budget and expenses. Worked with financial department to
develop a capital budget.
·
Documented
infrastructure with dig-down & database integrated Visio Diagrams.
·
Outlined
security policies through drafts of Internal Computer Use Policy and Security
Standards.
·
Redesigned
headquarters LAN installing corporate VPN and firewall.
·
Investigated
and specified future co-location partners.
·
Negotiated
with regional and international ISPs, Telco and Equipment vendors.
·
Moved
executive staff onto blackberry wireless services.
·
Installed
24x7 network monitoring system monitoring for: Bandwidth, Server status
(services and internal processes and drive space), and inappropriate
system/network activity.
·
Configured
UNIX (Sun Enterprise & Linux) systems for use with: Oracle, MySQL,
Apache-SSL, PHP, Mod-Perl, FastCGI and Coldfusion.
April 1999 Wells Fargo
Bank, N.A.; Information Security Services (www.wellsfargo.com)
·
Provided
security consulting services on complex projects.
·
Ensured
security risks such as data access, integrity, confidentiality and business
continuity controls were identified and addressed.
·
Guided
internal customers in their project security planning process and risk/exposure
analysis.
·
Developed
and evaluated platform specific security standards.
August 1997- Founder/CEO/Programmer/Engineer/Security
April 1998 Air Internet,
LLC (www.airinter.net)
·
Founded
High Speed Wireless Internet & Services Provider for the
·
Designed
all marketing and rollout of network.
·
Negotiated
access to entire
·
Negotiated
data connectivity from regional internet provider.
·
Investigated
possible insecurities and concerns with wireless networks.
·
Identified
WIMAN equipment for wireless, and
negotiated exclusive rights to equipment in the
·
Designed
city grid & setup first antennas on 175' tower.
·
Setup
and configured SOHO Router, a modified Linux Router Project (LRP) to support WIMAN equipment..
·
Provided
24/7 online radio station broadcasting live & recorded DJs via real-audio
& video.
August 1995 ‑ Owner/Operator/Engineer
(IT & Security)
April 1998 DMZ Services
(www.dmzs.com)
DMZ Services
·
Founded
a Computer Services company to address the needs of small area businesses.
·
Responsible
for all aspects of running a business to include developing the software,
marketing and sales.
·
Provided
security reviews of new and existing infrastructures and provided solutions to
issues discovered.
·
Assessed
infrastructures for capacity planning and provided designs and equipment
necessary to handle current and future utilization.
·
Designed
and Installed Novell/UNIX/NT networks.
·
WEB
page design (HTML, CGI, Java, JavaScript), maintenance and hosting.
·
Developed
TeleResort Auctions - an automated auctioning system for property bidding via
touch tone telephone, included development of libraries for: RS232 interrupt
driven routines for IBM-PCs, Graphics Kernel System in C++ & Text Window
System.
Cable Wave,
Inc., (www.cablewave.net) Linux & Security
Consulting
·
Assisted
system manager with configuration and support of custom Linux/Cable modem
interface.
·
Provided
support for wireless Internet connection from Air Internet.
·
Assisted
system manager with security design issues and network penetration testing.
Internet Channel, Inc. - Internet News Manager & Linux
Consulting
·
Setup
and maintained Internet news feed from news servers around the Internet to
their customers.
·
Provided
support to internal staff with Linux kernel & network questions.
January 1994 Founder/Board
Member/IT/Security/Programming
July 1994 A World of
Difference, Inc. (www.awod.com)
·
Setup
system for A World of Difference, an Internet provider for the
·
Facilitated
negotiations for Internet services from regional Internet provider
·
Established
relationship with equipment vendors to acquire necessary hardware for initial
ISP operations.
·
Programmed
user interface menu for easy use of resources on Internet. All development done on a Linux.
·
Setup
News and Email services used by customers.
·
Configured routers and dialup
equipment.
July 1991- MIS Manager
August 1995 Atlantic Services
Group, Inc: Palmetto Shipping, TradeSource, Opti-Trans Inc, Commercial
Bonded Warehouse, Prestige Furniture, Atlantic Document Storage
·
Maintained
all IT projects and provided reports to management at weekly staff meeting.
·
Maintained
IT budget and allocation of all monthly expenses.
·
Documented
entire network design and layout.
·
Monitored
& supported systems and network to assure resource availability.
·
Implemented
trouble ticket system for IT issues.
·
Downsized
from AS400 & VMS to Novell/UNIX network.
·
Established
corporate wide E-Mail system connecting corporate network to the Internet.
·
Implemented
wireless barcoding system and integrationed with warehouse management software.
·
Designed
& Programmed barcode printing application.