JOHN R.

CROASDALE II
6006 Burdon Ct., Apt. # 201 ~ Alexandria, VA 22315
jcaae6fc@westpost.net
402-209-3674 (H)

Security Analyst ~ Malware Analyst ~ Intrusion Analyst

QUALIFICATIONS
Enthusiastic and dedicated IT Professional with significant experience in the co
mputer and network security field. Offers a solid combination of skills and know
ledge, including computer forensic investigations, malware analysis, identificat
ion of emerging security threats, network log analysis, intrusion investigations
, network communications, computer software and hardware installation, configura
tion, support, and troubleshooting. Excellent communication, presentation, inter
personal, analytical, and problem-solving skills. Very knowledgeable with revers
e engineering tools. Ability to manage multiple investigations and projects simu
ltaneously, unsupervised, in a fast-paced and changing environment. Strong inter
est in researching and solving complex technical issues at work and on personal
time. Recipient of Appreciation Award from Federal Aviation Administration. Mast
er of Science, Management of Information Systems, University of Nebraska. GIAC,
CompTIA, Cisco, and EC-Council certifications. Will travel.

COMPUTER SKILLS
Software:
Word, Excel, Visio, Outlook, IDA Pro, HBGary Responder Pro, Encase Enterprise 6,
Mcafee Intrushield, Mcafee ePO, IDA Pro, TripWire Enterprise, Cisco IOS, Regsho
t, Capturebat, Process Monitor, Process Explorer, Apache, Paros, Ollydbg, PeiD,
Virtual Forensic Computing (VFC), Mount Image Pro, CACE Pilot, Manage Engine Fir
ewall Analyzer, Vmware Workstation, Vmware Fusion, Parallels
Hardware:
Dell Servers and Workstations, Apple Mac Pro Workstations, HP Servers
Programming:
Linux Shell Scripting, Python, C++, C, Java, PHP, HTML Network Security:
Nmap, Ngrep, SSLDump, Nessus, Netcat, Mcafee Foundstone, Snort, Tcpdump, Wiresh
ark, Honeypots (Honeyd) Networking:
TCP/IP, DNS, LAN, DHCP, SSL Operating Systems:
Windows 2000/2003/XP/Vista/7, Linux/Unix, Mac OSX, Fedora, Redhat, Novell Netwa
re 6.5

SELECTED CAREER ACCOMPLISHMENTS

U.S. Department of Commerce:
* Upon deploying Tripwire Enterprise, successfully detected numerous missing pat
ches and identified many server systems that were not in compliance with Departm
ent of Commerce policies.
* Was instrumental in the implementation of a Security Operations Center that al
lowed the Department of Commerce to conduct more effective vulnerability scannin
g and management, integrity monitoring for servers, as well as identify computer
s not in compliance with patching levels or configurations.
* Conducted risk assessment that helped identify many weaknesses and the misconf
iguration of security devices within the Security Operations Center.
* Wrote log parsers in Python to identify anomalous network activity, resulting
in improved intrusion detection.

PROFESSIONAL EXPERIENCE
IT Specialist (INFOSEC)
U.S. DEPARTMENT OF COMMERCE, Washington, D.C., 2008 - Present
Office of the Chief Information Officer, Computer Incident Response Team
* Perform computer forensic investigations, malware analysis, network log review
, and intrusion investigations using various forensic tools and techniques to id
entify network computer intrusions; deploy network sniffers for intrusion invest
igations.
* Maintain a list of malicious IP addresses and domain names; offer guidance on
writing intrusion detection signatures; recommend tools and techniques that will
prevent future intrusion.
* Document investigations; create incident response processes; create diagrams a
nd graphics to communicate intrusions.
* Present security metrics and risk assessment results to the CIO and upper mana
gement.
* Assisted with the development of a Concept of Operations (CONOPS) document to
outline the roles and responsibilities of the Network Operations Center, Securit
y Operations Center, and Computer Incident Response Team.
* Participated in modifying the process for reporting Personally Identifiable In
formation (PII) incidents.
* Deployed Tripwire Enterprise by installing agents and database, planning netwo
rk communication, configuring backup schedule, and writing custom policies to d
etect high-value changes that may indicate intrusions.
* Conducted a two-week risk assessment of Security Operations Center as part of
a team of three specialists; reviewed configurations of security devices such as
Blue Coat Proxy, Mcafee Intrushield IPS, Mcafee ePO, and Network Appliance SAN
storage solution.
* Participated in the implementation of a Security Operations Center through dev
eloping a CONOPS, policies, processes, and escalation procedures for security ev
ents, as well as deploying Tripwire, Symantec Antivirus Endpoint Protection, Mca
fee Foundstone, and Nessus vulnerability scanner.
* Wrote Log Parsers for Cisco ASA firewall logs to identify network anomalies an
d intrusions.
* Detected and analyzed malware; used behavioral analysis techniques, using tool
s such as Regshot, Capturebat, Process Monitor, and Process Explorer.
Information Technology Intern
FEDERAL AVIATION ADMINISTRATION, Leesburg, VA, 2007
Cyber Security Incident Response Center (CSIRC)
* Participated in moving the CSIRC from one site to another; deployed over 40 de
sktop computers at the new facility in preparation for employee use; installed W
indows XP, using Symantec Ghost and 3Com Boot services.
* Installed and removed network cables for over 40 desktop computers.
* Logged inventory of all Information Technology equipment in preparation for de
commission.
* Received an award in appreciation for services during internship.
Computer Lab Technician
METROPOLITAN COMMUNITY COLLEGE, Lavista, NE, 2002 - 2007
* Maintained 10-12 academic servers to support the college's computer curriculum
.
* Ensured network communications within classrooms were secure, available, and r
eliable.
* Provided troubleshooting assistance during development, implementation, and ma
intenance.
* Installed operating systems for over 70 computers for student use, including F
edora, Redhat, Microsoft Windows Server 2003, Microsoft Windows XP, and Novell N
etware 6.5.
* Deployed operating systems using Symantec Ghost.
* Maintained accurate inventory records using the Altiris enterprise management
system.
**Additional professional experience as an Information Security Consultant, deve
loping procedures and successfully completing security risk assessments for 12 r
ural healthcare providers across Nebraska, in compliance with the Health Insuran
ce Portability and Accountability Act of 1996 (HIPAA).

EDUCATION
UNIVERSITY OF NEBRASKA AT OMAHA, Omaha, NE
Master of Science, Management of Information Systems, 2008
Concentration: Information Assurance
UNO is recognized as a Center of Academic Excellence in Information Assurance Ed
ucation by the NSA.
BELLEVUE UNIVERSITY, Bellevue, NE
Bachelor of Science, Computer Information Systems, 2004
Majors: Systems Networking, Web-Based Networking, Software Development
METROPOLITAN COMMUNITY COLLEGE, Omaha, NE
Associate of Science, Microcomputer Technology, 2002
Scholastic Achievements:
* Cybercorp Scholarship for Service, 2006
Full tuition scholarship for a Master's degree at the University of Nebraska
* National Dean's List, 2004
Nominated by faculty at Bellevue University and selected for this national accom
plishment

PROFESSIONAL TRAINING, CERTIFICATIONS, AND MEMBERSHIPS

Training:
* EnCase v6 Computer Forensics I, 2009
* EnCase v6 Computer Forensics II, 2009
* EnCase v6 Advanced Internet Examinations, 2009
* Computer Hacking Forensic Investigator, 2009
* SANS Reverse Engineering Malware: Malware Analysis Tools and Techniques (SEC 6
10), 2009
* EnCase v6 Examination of NTFS and Artifacts, 2010
* Encase EnCE Prep Course, 2010
Certifications:
* CompTIA A+, 2000
* CompTIA Network+, 2001
* Cisco Certified Network Associate (CCNA), 2003, expired
* Cisco Certified Network Professional, Switching Exam (CCNP), 2003, expired, (1
exam passed)
* Computer Hacking Forensic Investigator (CHFI), 2010
* GIAC Reverse Engineering Malware (GREM), 2010
* CISSP, in progress
* EnCase Certified Examiner (ENCE), in progress
* SANS Hacker Techniques, Exploits, and Incident Handling (SEC 504), in progress
* SANS Computer Forensic Investigations and Incident Response (SEC 508), in prog
ress
Memberships:
* FBI Infragard: member since 2006; researched and reviewed documents and emails
regarding information technology and the threats presented to industry.
* Armed Forces Communications and Electronics Association (AFCEA): member since
2007; researched Information Security topics in relation to signal and communica
tion security.