English/Français 2661

Danny Fullerton - Resume

Personal Information

  • Name; Fullerton
  • First name; Danny
  • City, province, country; Granby, Quebec, Canada
  • Spoken and written languages; French (mother tongue) and English
  • Homepage; www.mantor.org/~northox/
  • Email; dfullerton <at> mantor <dot> org

Technical skills summary

Operating systems:

  • Unix; freebsd, openbsd, aix, darwin;
  • Linux; ubuntu, bebian, knoppix and variant, others;
  • Mac; os x/server;
  • Microsoft Windows; all;

Software:

  • Web; apache, mod_php, mod_ssl, mod_perl, ms iis;
  • DNS; bind, dnssec, tsig, ms dns;
  • Email; postfix, qmail, sendmail, tls, spamd, spamassassin, dkim;
  • File server; samba, nfs, dce/dfs;
  • Database; mysql, postgresql, sqlite, db2;
  • Firewall, NAT et QoS; packet filter, ipfilter, ipfw, natd et dummynet;
  • Security; tcpdump, openssl, openssh, kerberos, openvpn, openpgp, gnupg;
  • Intrusion detection; snort, tripware, samhain, aide;
  • Vulnerability research; webscarab, metasploit, ollydbg, ida pro, gdb, nessus, iss internet scanner, winspector, java/.net reverser, wireshark;
  • Honeypot; nepenthes;
  • Forensic; pyflag, autopsy;
  • Others; vmware/chroot/jail environment and much more.

Programming language:

php5, perl, c, nasl, c++, shell script, sql, xhtml, css2, asm IA32, masm, java, batch.

Protocols:

tcp/ip, dns, smtp/smtps, pop3/pop3s, xml, xml-rpc, rss, http/https, ssh, tls/ssl, ftp and other common protocols.

Standards:

IBM Security Standards, OWASP, OSSTMM, ISO 17799

Professional experience

2005-until now
IBM Canada, Bromont > Processor manufacturing plant.
-IT security specialist:

  • Management; Created and coordinated various control point and security process referring to IT internal compliance control.
  • Consultancy; Security advisor for software development and infrastructure design.
  • Security training; Created security course explaining exploitation and remediation of various security threats.
  • Security policy; Creation of development security guidelines and modification of development framework to avoid common vulnerability such as sql/command injection, xss, client-side manipulation and implementation of hash, hmac, obfuscator and other techniques.
  • Threat and Risk analyst; Evaluation of threats to produce risk analysis with main focus on manufacturing production impacts.
  • Software architecture; Design security application for centralized identification and documentation of overall security issue and compliance.
  • Security audit; Penetration testing/Ethical hacking of critical software with open and close source analysis (white and black box analysis) and annual security audit of every systems groups, mainly: aix, z/os main frame, linux, windows. Also involved in different ethical hacking events with the IBM's national IT security team for internal and external clients such as banks.
  • Security software implementation; Installation, configuration, review and audit of various security technologies (NIDS, Honeypots, Authentication firewalls, et cetera).

2004-until now
Mantor Organization > Security research.
-Founder:

  • Management; Members and clients relationship management.
  • Infrastructure design; Installation, configuration, maintenance and review of organization IT assets: name, mail, web, cvs, file, backup services.
  • Development; of security applications and solutions.
  • Consultancy; Lead security officer of projects release under organization name.

2004-2005
Edison Communication > IT solutions.
-Developer and system administrator:

  • Development; of flexible and centralised authentication/authorization system and Intranet interface for image processing.
  • Administration; of production servers Cobalt/Xserver/FreeBSD.
  • Advisor; for servers/services architecture and security policy integration.

2003-2004
Wissar Technologie > IT solutions & security.
-Chief Technology Officer:

  • Development; Creation of web site development framework and custom backup systems.
  • System administration; Name, mail, web and file servers.
  • Security audit; Ethical hacking and vulnerability assessment leading to system hardening and implementation of firewall/QoS/NIDS/HIDS systems.
  • Management; Directing technical aspect of projects architecture such as conception, normalization and documentation.
  • Advisor; Evaluation of technology proposal to clients.

Certifications and publications

Certified; GCIH:
Giac certified hacking techniques, exploits and incicent handling. - October 2006

Certified; GHTQ:
Giac cutting edge hacking techniques. - November 2006

Nicht framework:
Nonintrusive PHP5 lightweight framework for the development of small to average size web application. The framework mainly interface a normalized authentication, authorization and navigation scheme in a way enabling us to use mostly any type of backend we want (e.g. Mysql, flat file, Kerberos, LDAP, Active Directory, PAM or others) without internal change to our application logic. - 2005

CDI college:
Production of a seminar on network security solutions offered by the BSD operating systems family. I received a mention underlining my competency in the field of computer security. - 2003

Education

  • CDI College: Network administration diploma. 2001-2003
  • Les Sentiers: Secondary diploma. 1994-1999

References

On request.