| Contact Information | |
| Name: | Dominique Davis |
| Email: | monsieur.mojo (at) gmail (dot) com [email concealed] |
| Location: | los angles, California, United States |
| Resume | |
| Position/Title: | Penetration Engineer |
| Resume: |
D.O.B: Feb 2nd 1978 Phone: 253 - 472 6345 Email: monsieur.mojo (at) gmail (dot) com [email concealed] Penetration Testing Skill-Sets: Electronic Security Architecture Review Scoping Engagements Host Enumeration Service Enumeration Network Enumeration External Network Assessment Internal Network Assessment Wirless/Bluetooth/rfid Assessments Firewall Rule-set Review/Log Analysis/Access Bypassing Blind Web, Network, Application Assessment Trusted Web, Network, Application Assessment Automated Security Scans Manual Vulnerability Reproduction and exploitation Host and Network Based IDS/IPS Signature Annalist, Custom Signature Creation, Rule set review Penetration, Bypassing, Topology and Network Deployment Network Security Appliance Device Assessment Proprietary Web Application Assessment and Hardening Proprietary Network Protocol Analysis Proprietary Operating System Review And Hardening Physical Social Engineering and Personnel Compromise Private Investigation and Surveillance Corporate Counter Espionage Listening Device and Camera Detection and Placement Area Penetration and Access Control Review Forensics and Anti Forensics (n-Case ,Department Of Justice FTK) Security Measure Assessment's Lock-picking, Bump-keying, Biometric Security Bypass and Assessment (fingerprints, retinal, etc) Electromagnetic, Rfid, Card, Fob and key-card. Information Disclosure Review Telephony ,SIP and Voip Assessments WarDialing War Games Lab Deployment Tools & Scanners See attached… Accomplishments/Media I was the first person to break the encryption on Microsoft's NetBEUI shared folders and network resources for Windows 95/98. Speaker at Defcon 7 on windows security and windows networking Speaker at Defcon 8 on windows 2000 security. Numerous white papers on windows security. Numerous windows Security programs at packetstorm. I am quoted in the following: - CNN online http://cnn.com/TECH/computing/9907/12/hair.idg/index.html - WTVN radio show John Corby show speech on windows networking and security. - Wired Magazine - PC World Weekly - USA today Front-page of life section /article on windows security after Defcon 7 - LA Times front page of business section Defcon 6. - A&E Interview on cyber terrorism and computer crime (aired JAN to FEB 2000) Professional Experience: Vistatra Technologies Senior Penetration Tester, California July 2006 - Current Responsibilities included: · Penetration Testing · Client Interaction · On site Client facing Penetration test · Application Penetration Testing · Host Penetration Testing · Vulnerability Research · Target Assessments · Reporting · Training team members ----------------------------------------------------------------- Portcullis Senior Penetration Tester, London Feb 2006 – July 2006 Responsibilities included: · Penetration Testing · Client Interaction · On site Client facing Penetration test · Application Penetration Testing · Host Penetration Testing · Vulnerability Research · Target Assessments · Reporting · Training team members o Capture and Reverse engineering of hostile code o Spearheading new research projects o Network level traffic monitoring and analysis o ( Application &Network Level) Black Box Testing o ( Application &Network Level) White box testing ------------------------------------------------------------------------- PIVX Senior Security Researcher/ Senior Penetration-Tester, Newport Beach, CA Dec 2005– Dec 2006 Responsibilities included: · Capture and Reverse engineering of hostile code · Spearheading new research projects · Network level traffic monitoring and analysis · ( Application &Network Level) Black Box Testing · ( Application &Network Level) White box testing Designing, Building, Maintaining, and Secure Black lab environment. To that end: · Developed communications hub for remote security researchers in other countries · Established, secure multi-user environment for reverse engineering · Established virtual war-games net work · Globally accessed able, yet invisible, hostile code. Developed proof of concept, and exploit repository · Automated Real-time, Semi-sentient data collector. (Collector scans both underground and mainstream sources · Identified and quarantined new exploits and threats for targeted security data and reported to research team 24X7 in real-time · Established virtual environment for reverse engineering of existing software · Automated defense and intrusion protection infrastructure · Administered Honeypots and Petri dishes to capture live samples of Malware, worms, and viri for reverse engineering · Centralized reporting and logging of live threats · Sanitized hostile code for safe reproduction Further responsibilities include: · Captured and reverse engineered hostile code · Coded active system hardening fixes for the product Pre-empt (Currently the product is on the market as Qwik-Fix · Designed and populated company wide threat database Designed and implemented the following policies: · Threat assessment reporting policy · Company-wide department interaction and release policy for security threats · Centralized team responses to 24X7 security threats · Maintaining a presence in the hacker underground --------------------------------------------------------------------------------- Microsoft (contractor) WebTV Security Architect, Mountain View, CA Jan 2002 - Sept 2003 – Feb 2004 (two engagements) Responsibilities included: · ( Application &Network Level) Black Box Penetration Testing · ( Application &Network Level) White box Penetration testing · Application Level security testing · 24 hour on call incident response · Intruder tracking and prosecution · Attacker profiling · Corporate counter espionage · Authoring and implementing the following policies: - Network Security Policy - EIRP (Emergency Incident Response Procedure) - Security Document change control policy (for security documents) - Employee Termination Policy - Service level Security policy Further duties included: · Management of the 911 security breach · Electronic Infiltration of hostile groups · 24 hour on call incident response · Writing training documentation for Sales staff, and train Sales and Support on "demo exploits" and functionality and security of the WebTV service · Service and software side bug resolution and tracking · Reverse engineering software ---------------------------------------------------------------------------------- Entercept Senior Windows Researcher/Penetration-Tester; San Jose, CA July 2001 - October 2001 Responsibilities included: · ( Application &Network Level) Black Box Penetration Testing · ( Application &Network Level) White box Penetration testing · Manage windows team and delegate tasks · Train windows team and update them on new issues · Research, test, and document security issues and vulnerabilities for Windows NT,2000,IIS · Write attack signatures for Entercept's host-based IDS. · Test product signatures and write testing plans for QA to provide effective testing of HTTP engine functionality. · Write training documentation for Sales staff, and train Sales and Support on "demo exploits" and functionality of the HTTP engines. · Monitor over conventional and underground sources daily for new information. · Provide Escalation Support for Tech Support cases · Work with QA and Development to isolate and correct product bugs, and to document current and needed functionality · Build, manage, and maintain eKAT Windows Lab · Provide emergency product response for new issues i.e. code red, code blue, and NIMDA --------------------------------------------------------------------------------------- Wells Fargo Intrusion detection / vulnerability analysis team; 201 3rd street San Francisco, CA January 2001-July 2001 Responsibilities included: · Blind/internal/application level penetration testing · Security audits · ( Application &Network Level) Black Box Penetration Testing · ( Application &Network Level) White box Penetration testing · 24 hour on call incident response · Intruder tracking and prosecution · Attacker profiling · Building and managing a live lab for training and war games · Building and securing a secure communications system including bbs, ftp, webserver, emailserver,key exchange server · Authoring security programs for use in penetration testing and security audits · Training other team members in penetration testing as well as writing policy · Attending training sessions such as black hat and Nfr`s Ncode training · Authoring and implementing the following policies: - Intrusion response procedure. - EIRP (emergency Incident response procedure). - Pager rotation teams and IDS/firewall response procedure. --------------------------------------------------------------------------------------- Real Names Corporation Chief Security Architect/CSO/CTO; Redwood City, CA March 2000 - August 2000 Responsibilities included: · ( Application &Network Level) Black Box Penetration Testing · ( Application &Network Level) White box Penetration testing · Developing security patches and legal notices for all network computers · Periodic security scans and reports of security status · Inspecting Network Topology for weaknesses · Implementing changes to existing networks for a more secure environment · Researching new security issues and exploits and providing reports and workarounds · Installing and configuring web servers for maximum security · Managing Security Department · Training additional security personnel · Authoring and implementing the following policies: - Network Security Policy - EIRP (Emergency Incident Response Procedure) - Backup and restore policy - Acceptable network use policy - Security Document change control policy (for security documents) - Prosecution and Tracking Policy - Employee Termination Policy Further duties include: · Network Penetration testing · Physical Penetration testing · Network security auditing · Intruder tracking and prosecution · Preparing documentation and presentations to successfully pass third party security audits · Designing and deploying a network wide anti-viral defense topology · Managing and deploying/monitoring Nokia Firewalls · Installation and monitoring IDS software, IDS, Firewall. · Writing and applying registry armor/OS hardening. · Designing and implementing secure standards and methods for telecommuting users and remote co-locations. · Quality Assurance testing of third party security applications as well as providing solutions for remote networking and management. · Responsible for assisting Human Resources in adjusting the corporate culture to a security-centric model. ---------------------------------------------------------------------------------- Biztro Independent Security Architect / Consultant; Santa Clara, CA October 1999 - November 1999 Responsibilities included: · Penetration testing · Security auditing · Training Personal in use of security software and secure networking practices · Writing a security policy to pass Third party inspection (Price & Waterhouse) · Analyzing Pix Firewall configuration · Securing the Following apps and servers On A Multi Network · Internet Information Server, Visual source safe, SQL server, Ms Site server, Ms Exchange, MS BackOffice, Web trends Server, Ms Virtual Private Networking, Shttp server · Developing Security patches and legal notices for all network computers · Periodic Security scans and reports of security status · Inspecting Network Topology for weaknesses · Implementing changes to existing networks for a more secure environment · Researching new security issues and exploits and providing reports and workarounds · Installing and configuring web servers for maximum security --------------------------------------------------------------------------------- Crimson Dragon Independent Consultant; Long Beach, CA June 1998-June 1999 Responsibilities included: · Penetration testing · Security auditing · Hardware and software installation and upgrade of existing software · Training Personal in use of security software and secure networking practices · Troubleshooting and repair of existing system · Tutoring of users on computer and Internet usage · Disaster recovery, data restoration, and virus clean up · Adding Internet connectivity to the existing system · Telephone and "hands on" technical support · Developing Security patches and legal notices for all network computers · Periodic Security scans and reports of security status · Inspecting Network Topology for weaknesses · Implementing changes to existing networks for a more secure environment · Researching new security issues and exploits and providing reports and workarounds · Installation and configuration of database and inventory software · Installation and configuration of backup system (removable drives and uninterruptible power supply) · Installation and configuration of network workstations · Establishing an Internet presence for the company ----------------------------------------------------------------------------------- Interplay Productions Level 3 Support Technician; Irvine, CA December 1997-June 1998 Responsibilities included: · Providing superior level 3 technical support both over the phone and email · Solving hardware and software compatibility problems · Beta-testing software and providing bug analyses · Updating the tech support database over a network environment · Designing macros for the email support database network · Use of MS-Office, Lotus, and Excel databases ----------------------------------------------------------------------------------- Tiger Crane Martial Arts Studios Independent Consultant; Signal Hill, CA August 1997-November 1997 Responsibilities included: · Hardware and software installation and upgrade of existing software · Troubleshooting and repairing existing system · Tutoring users on computer and Internet usage · Disaster recovery, data restoration, and virus clean up · Basic administration of existing system and customer database · Telephone and "hands on" technical support |
