Mickey Lasky (GCFA GWAPT GCFE RHCE CEH)

4079 Britwell Place, Fairfax, VA 22033 (703) 942-9156 |

Principal Security Analyst | INFOSEC Engineer | Forensics Analyst

Professional Experience

Verisign, Reston, VA, January 2012 - Present

Incident Response Manager

  • Manage day-to-day incident response and investigative duties for Verisign.Coordinate multi-departmental
    responses to information security events including events within the corporate infrastructure, Verisign product offerings, andthe .COM, .NET, .GOV, .TV, .CC, and .NAME resolution systems.
  • Manage, operate, and analyze data from corporate security systems including Sourcefire IDS, Solera Network Forensics, Mandiant Intelligent Response, and EnCase.
  • Analyze incident event data from FireEye and Damballa Failsafe appliances as well as other data sources.
  • Maintain department database of investigations and security incidents.
  • Act as Tier 3 support for the Global Service Desk with regards to desktop security incidents.
  • Public Trust clearance with MBI for working with sensitive .GOV resolution data.

Accomplishments:

  • Designed and deployed multiple appliance (both physical and virtual) Solera Network Forensics capture infrastructure providing packet capture services for both corporate and server environments.
  • Designed, published, and maintained corporate-wide Incident Response program guide including processes, procedures, contacts, review, and operational aspects.
  • Upgraded and modernized existing forensics environment including upgrading to EnCase Enterprise 7 and the installation of AccessData Forensic Toolkit v4.1 for greater coverage.
  • Produced new hire orientation training materials specializing in the information security aspects of the corporate environment.

Network Solutions, Herndon, VA, August 2009 – December 2011

Manager, Systems & Platform Security

  • Manage and lead day-to-day technical security operations for a global web hosting provider and domain name registrar and provide leadership for Corporate Security team.
  • Operate and analyze results from enterprise detection systems such as Sourcefire, Tripwire, and several others.
  • Perform incident response for compromises that occur within the network, both in production and on the back-end servers. Act as Tier 3 escalation point and on-call responder.
  • Perform regular vulnerability assessments and internal penetration tests against corporate assets.
  • Maintain corporate SSL certificates and ensure their freshness and renewal status.
  • Provide security oversight and best-practices advice for ongoing operations within other organizations.
  • Act as a security evangelist for the company and provide guidance on information security topics.

Accomplishments:

  • Designed and deployed multi-sensor Sourcefire Intrusion Prevention System covering public shared web hosting, corporate web storefront, three remote offices, and public E-Commerce environments directly leading to a reduction in attack volume to near zero percentage within the first 3 months of implementation.
  • Researchedand developed over 900 customized Snort signatures to assist in detection and prevention of attacks.
  • Configured and deployed enterprise-wide 2-factor authentication system utilizing RSA SecurID in cluster failover mode.
  • Designed and deployed enterprise-wide vulnerability management and remediation system utilizing Rapid7 NeXpose and multiple scanning engines for continuous scanning per environment and comprehensive remediation reporting.
  • Designed and helped to deploy enterprise-wide network forensics solution utilizing Solera DeepSee allowing for previously unattainable visibility into traffic flow.
  • Supported internal audits for ITGC/SOX and participated in 2 complete successful Level 1 PCI audits.

Georgetown University, Washington, DC, May 2005 – August 2009

Senior Security Analyst

  • Established the Information Security Office and program for the University leading day-to-day security operations.
  • Perform security architecture reviews, vulnerability analyses, penetration tests, and risk assessments for University organizations and IT projects. Served as a tier 3 escalation contact for University help desk services.
  • Led incident response and forensics analysis for security breaches and litigation support.

Accomplishments:

  • Project managed, designed, and led the implementation, of border HA VPN Nokia firewall cluster, for main campus data center, School of Foreign Service in Qatar and disaster recovery sites.
  • Designed, implemented and managed campus-wide McAfee Data Loss Prevention Monitor (iGuard) system.
  • Led the implementation and management of campus-wide McAfee Intrushield Intrusion Prevention System.
  • Designed, implemented and managed campus-wide Solera DS Series Network Forensics Appliance.
  • Supported University network migration in reviewing and securing of over 500 servers to a default deny security stance.
  • Performed forensics on a 2006 data breach that directly led to arrests and prosecution by Federal authorities.
  • Managed the University Information Security Office student internship program.
  • Guest lectured for computer science classes on the topic of Information Security.

Computer Associates, Herndon, VA, May 2004 – May 2005

Security Specialist

  • Deployed and operated the Managed Vulnerability Service (MVS) and Vulnerability Operations Center (VOC).
  • Worked with clients to integrate the CA Unicenter suite into their existing environments to mitigate security threats.
  • Created and distributed impact analysis reports to clients on existing and emerging security vulnerabilities.

Accomplishments:

  • Built the MVS Vulnerability Operations Center from scratch to support the newly launched MVS service.
  • Configured, deployed, and managed Juniper Netscreen 204 and 5GT firewalls in a VPN configuration to support secure communications between the MVS VOC and client sites.
  • Successfully deployed CA Unicenter to act as a patch management infrastructure for a large government agency supporting thousands of workstations simultaneously.

Counterpane Internet Security, Chantilly, VA, January 2003 – May 2004

SOC Engineer

  • Performed technical operations in a 24x7x365 Security Operations Center environment.
  • Monitored third-party news sources to develop emerging security trends.
  • Developedand distributed Intelligence Objects (security reports and updates) updating clients on imminent threats.
  • Performed incident response for clients and Manage client security monitoring devices.

Accomplishments:

  • Part of the first team to detect the SQL Slammer outbreak before it became public and advised clients on how to remediate the threat.

WorldCom (UUNET), Ashburn, VA, December 1993 – December 2002

Manager, Network Security Consulting, Business Services

  • Responsible for managing the day to day operations of a staff of 6 in the Network Security Consulting division.
  • Led and managed budget planning, forecasting and staff scheduling for client engagements
  • Responsible for providing consultative services to customers on network and security matters

Accomplishments:

  • Implemented Hardware and software configuration for firewall and Intrusion Detection Systems for numerous clients.

Technical Expertise

  • OS
/ Linux/Unix, Solaris, OSX & Microsoft Windows (All versions)
  • Hardware
/ -Access and Intrusion Managment (IDS/IPS): SourceFire (3D9900, 3D6500, DC3000), McAfee Network Security IPS/IDS Platform, PaloAlto (PA-2050), Tripwire (v7.x), RSA SecurID, LDAP
-Firewall & Networking: Nokia Firewalls (IP330, IP1260, IP1280, IP2450), Network Critical Network Taps, Cisco switches/routers, Cisco PIX 515/ASA 5520
-Malware & Data Loss Prevention: Symantec SEP 11,McAfee Data Loss Prevention Monitor (formerly Reconnex iGuard Monitor), Solera DS3150, FireEye, Damballa Failsafe
-Forensics: ImageMaster Solo IV, Solera DeepSee, VOOM HardCopy II
  • Software
/ Tripwire, Check Point Firewall-1/VPN-1 NG/NGX, NMAP, Wireshark, Metasploit, Nokia IPSO 4.2/6.0/6.1, Tenable Nessus, Snort, tcpdump, Netflow, iptables, Paros, HP WebInspect, Rapid7 NeXpose, honeypots, AIDE
  • Forensics
/ AccessData Forensic Toolkit, X-Ways Forensics, Guidance EnCase 7.x, Autopsy Forensic Browser, The Sleuth Kit (TSK), Windows Forensic Toolkit, RegRipper, Volatility, SANS SIFT Workstation, Foremost, Scalpel, Sysinternals Suite, IEF, Mandiant Intelligent Response

Education/Certifications

  • The American University, Bachelor of Arts in Broadcast Journalism 1994
  • Vice President, Private Investigators Association of Virginia 2011
  • SANS FOR610 – Reverse Engineering Malware 2012
  • SANS GIAC Certified Forensic Examiner (GCFE) #666 2012
  • Pentesting with BackTrack Live, Offensive Security 2010
  • SANS GIAC Web Application Penetration Tester (GWAPT) #799 2010
  • Red Hat Certified Engineer (RHCE) #805009840838122 2009
  • SANS GIAC Certified Forensic Analyst (GCFA) #4598 2008
  • EC Council Certified Ethical HackerECC915516 2006
  • Registered Virginia Private Investigator DCJS #99143477 2003
  • Check Point Certified Security Administrator, Security Engineer vNG and Instructor

Mickey Lasky(703)942-9156Page 1