| Contact Information | |
| Name: | Robert Eoin Miller |
| Email: | eoin.miller (at) gmail (dot) com [email concealed] |
| Location: | Sterling, Virginia, United States |
| Resume | |
| Position/Title: | Security Consultant |
| Resume: |
Robert Eoin Miller Mobile Phone: 703-863-5044 E-mail: eoin.miller (at) gmail (dot) com [email concealed] ________________________________________ OBJECTIVE To work in a consulting role primarily geared towards penetration testing and FISMA/NIST compliance testing. ________________________________________ WORK EXPERIENCE Senior Digital Forensics Engineer 3/2007 - Current The George Washington University | Ashburn, VA Developed risk management process based upon the NIST risk management framework. Familiar with FIPS 199/FIPS 200/SP 800-18/SP 800-30/SP 800-37/SP 800-53/SP 800-60/SP 800-70 and their usage in developing system security plans, POAM's and security accreditation packages. Helped standardize OS and common application configurations to be in line with best practice standards used by NIST and CISecurity.org. Worked with in house web development staff to identify and mitigate web vulnerabilities using input validation, improved session management, Apache mod_security, etc. Demonstrated and explained various types of exploits and how they could be leveraged by attackers to gain unauthorized access. Performed network/host/application penetration testing against various COTS and in house developed products. Identified several 0-day vulnerabilities and followed responsible disclosure practices with the software vendors/in house developers to ensure patches were produced and exploit information was not released into the wild. Continued use of popular open source security testing tools (nmap, Nessus, Nikto, Wireshark, Paros, Web Scarab) and commercial tools Cenzic Hailstorm. Performed forensic analysis of users systems for internal policy violation incidents using AccessData's Forensic Toolkit (FTK). ________________________________________ Security Consultant 9/2006 – 2/2007 Insight Global/Savvis | Sterling, VA Performed penetration testing using common open source tools for various commercial and government clients. Performed certification and accreditation (C&A) of various information systems for FISMA regulated government clients using the NIST risk management framework. Performed Payment Card Industry Data Security Standard (PCI-DSS) evalations for various commercial clients performing online web transactions ________________________________________ Senior Security Consultant 4/2004 - 8/2006 NETSEC / MCI / Verizon | Herndon, VA Provided professional security services to major commercial organizations and government agencies in the intelligence community. Primarily focused on performing penetration testing for the certification and accreditation of products to be utilized by the intelligence community of the United States Government. Ensured that deliverable made use of a referenced implementation to provide added value to the intelligence community for the deployment of products. Worked directly with vendors during penetration testing to allow for accelerated creation of patches to remediate newly identified vulnerabilities. Developed various C, shell and Perl programs to find and exploit unknown vulnerabilities. Performed assessments against numerous types of customized systems (Solaris, Windows, *BSD, Linux) utilizing an array of technologies including embedded, VMWare, trusted and multi-level security domain architecture systems. Performed vulnerability assessments against government/commercial networks including wireless and telephone vectors of network access. Utilized open source/proprietary tools and intelligent report writing to ensure deliverable provides added value to the client. Assessments were completed using various open source and company proprietary tools such as: NMAP, Nessus, Paros, Hping2, Ettercap, TCPDump, Ethereal, Nikto, Achilles, stunnel ________________________________________ Network Administrator II 4/2001 – 5/2004 Federal Home Loan Bank - Office of Finance | Reston, Fairfax, VA Administration of Windows 2000 Domain, Novell NetWare 5, Windows 2000 Professional, Exchange 5.5/2000,Mandrake Linux, and OpenBSD. Completed migration and integration of existing Novell NDS domain into existing Windows 2000 ADS domain using Microsoft Directory Synchronization Services. Integration of off site disaster recovery location into existing Windows 2000 ADS architecture. (Multi site ADS administration) Automated installation of OS related patches using Microsoft Software Update Services and auditing using Microsoft Baseline Security Analyzer. Architect and implemented centralized logging system for Windows with web front end and automated reporting via SMTP; using NTSyslog, MySQL, PERL, and Apache. Intrusion detection using Snort logging to MySQL database with DeMarc PureSecure web front end. Penetration testing and vulnerability/risk assessment using Nessus, SARA and SAINT. Proficient in PERL, Visual Basic Script and Bash Shell scripting languages to automate and ease administration tasks. Responsible for systems backup (OS and databases)solution using Legato Networker and DrakBackup. ________________________________________ Network Administrator 2/2000 – 1/2001 The Global TeleExchange | McLean, VA Administration of Microsoft NT 4 Server, Windows 2000 Professional, Exchange 5.5, and WebLogic. Responsible for management of NT4 domain. Focus on rapid expansion and ease of deployment for client workstations to assist quickly growing start-up organization. Provided 24/7 support for mobile worldwide employees. Installation and configuration of WebLogic on a Windows 2000 Server platform. ________________________________________ Certifications 3/2004 SANS/GIAC - GSEC Certification | GIAC Security Essentials Certification (GSEC) ________________________________________ PUBLICATIONS/ PRESENTATIONS Open Source Penetration Testers Toolkit: Volume 2 (Contributing Author) Shmoocon 2007 – Auditing Cached Credentials With CacheDump (Co-Presenter) |