4820

Danny Fullerton - Resume

Personal Information

  • Name; Fullerton
  • First name; Danny
  • City, province, country; Montréal, Québec, Canada
  • Spoken and written languages; French (native language) and English
  • Email;

Professional experience

2010-until now
Canadian National Railway - Transportation.
-Security Enterprise Architect:

  • To come...

2005-2010
IBM Canada, Bromont - Microprocessor manufacturing plant.
-IT security specialist:

  • Management; Created and coordinated various control point and security process referring to IT internal compliance control.
  • Consultancy; Security advisor for software development and infrastructure design.
  • Security training; Created security course explaining exploitation and remediation of various security threats.
  • Security policy; Created development security guidelines and modified development framework to avoid common vulnerability such as sql/command injection, xss, client-side manipulation and others.
  • Threat and Risk analysis; Evaluation of threats to produce qualitative or quantitative risk analysis with main focus on manufacturing process impacts.
  • Software architecture; Design security application for centralized identification and documentation of overall security issue and compliance.
  • Security audit; Penetration testing of critical software with open and close source analysis (white and black box analysis). Conduct annual security audit of every systems groups, mainly: aix, z/os main frame, linux, windows. Also involved in different ethical hacking events for internal and external clients such as banks and manufacturing plants.
  • Security software implementation; Installation, configuration, review and audit of various security technologies (Identity manager, NIDS, Honeypots, Authentication firewalls, et cetera).

2004-until now
Mantor Organization - Security research.
-Founder:

  • Management; Members and clients relationship management.
  • Infrastructure design; Installation, configuration, maintenance and review of organization IT assets: name, mail, web, cvs, file, backup services.
  • Development; Security applications and solutions.
  • Consultancy; Lead security officer of projects release under organization name.

2004-2005
Edison Communication - IT solutions.
-Developer and system administrator:

  • Development; Flexible and centralised authentication/authorization system and Intranet interface for image processing.
  • Administration; Production servers Cobalt/Xserver/FreeBSD.
  • Advisor; for servers/services architecture and security policy integration.

2003-2004
Wissar Technologie - IT solutions & security.
-Chief Technology Officer:

  • Development; Creation of web site development framework and custom backup systems.
  • System administration; Name, mail, web and file servers.
  • Security audit; Ethical hacking and vulnerability assessment leading to system hardening and implementation of firewall/QoS/NIDS/HIDS systems.
  • Management; Directing technical aspects of projects architecture such as conception, normalization and documentation.
  • Advisor; Evaluation of technology proposal to clients.

Technical skills summary

Operating systems:

  • Unix; freebsd, openbsd, aix, darwin;
  • Linux; ubuntu, debian, knoppix and variant, others;
  • Mac; os x/server;
  • Microsoft Windows; all;

Software:

  • Web; apache, mod_php, mod_ssl, mod_perl, ms iis;
  • DNS; bind, dnssec, tsig, ms dns;
  • Email; postfix, qmail, sendmail, tls, spamd, spamassassin, dkim;
  • File server; samba, nfs, dce/dfs;
  • Database; mysql, postgresql, sqlite, db2;
  • Firewall, NAT et QoS; packet filter, ipfilter, ipfw, natd et dummynet;
  • Security; tcpdump, openssl, openssh, kerberos, openvpn, openpgp, gnupg;
  • Intrusion detection; snort, ossec, tripware, samhain, aide;
  • Vulnerability research; webscarab, metasploit, ollydbg, ida pro, gdb, nessus, iss internet scanner, winspector, java/.net reverser, wireshark;
  • Honeypot; nepenthes;
  • Forensic; pyflag, autopsy;
  • Others; vmware/chroot/jail environment and much more.

Programming language:

ruby, php5, perl, c, nasl, c++, shell script, sql, xhtml, css2, asm PowerPC, asm IA32, java, batch.

Protocols:

tcp/ip, dns, smtp/smtps, pop3/pop3s, xml, xml-rpc, rss, http/https, ssh, tls/ssl, ftp and other common protocols.

Standards:

IBM Security Standards, OWASP, OSSTMM, ISO 17799

Certifications and publications

Certified; CISSP:
Certified Information Systems Security Professional. - March 2010

Certified; GCIH:
Giac certified hacking techniques, exploits and incident handling. - October 2006

Certified; GHTQ:
Giac cutting edge hacking techniques. - November 2006

Nicht framework:
Nonintrusive PHP5 lightweight framework for the development of small to average size web application. The framework mainly interface a normalized authentication, authorization and navigation scheme in a way enabling us to use mostly any type of backend we want (e.g. Mysql, flat file, Kerberos, LDAP, Active Directory, PAM or others) without internal change to our application logic. - 2005

CDI college:
Production of a seminar on network security solutions offered by the BSD operating systems family. Mention received underlining my competency in the field of computer security. - 2003

Education

  • CDI College: Network administration diploma. 2001-2003
  • Les Sentiers: High school diploma. 1994-1999

References

On request.