Yusuf A. Ahmed, CISSP, PMP, CAP, CE|H Email: ya15c58e2@westpost.net Cell: 202.445.

4959 Opportunity Desired: Information Security Architect / Incident Response Manager, Project Manager, Com pliance Specialist (FISMA \ DIACAP) U.S. CITIZEN (CURRENT PUBLIC TRUST) Executive Summary: High energy, entrepreneurial, creative/innovative Security Professional with ove r 14 years experience of successfully analyzing, designing, implementing, teachi ng and managing IT and Security Solutions/Programs for the United States Federal Government and Private Enterprise environments. My niche is providing a vision. PROFESSIONAL EXPERIENCE: Guidance Software - 07/1/2010 - Current Senior Cyber Security Strategist, Incident Response Lead Advisory role to Federal and Commercial clients on Incident Response Program dev elopment Advisory role to Federal clients on Compliance (FISMA) and Security Program deve lopment Lead Incident Response Teams for Federal and Commercial Clients Lead eDiscovery Teams for Federal and Commercial Clients Created opportunities GAP Services proposals focused on Incident Response Progra m Development Incident Response and Forensics Designed strategic integration of Guidance products for clients Incident Respons e Programs Deployed of EnCase Enterprise 6.17, EnCase Command Center (ECC) 3.8/4.1 Design and Configured ECC Cybersecurity Product for Incident Response Utilized the following EnCase Enterprise and EnCase CyberSecurity features for I ncident Response: Malware Scans and Analysis using Custodian Search, Compromise Assessment, System Level Threat\HB Gary, Entrop identify variants of polymorphic malware, Snapshot, Case Processor, utilized System Profile Analyzer and Bit9 fo r White-listing and establishing standard baselines, Matching File sets, Keyword searches, PII search module, Internet Artifact module. Advised on Key technologies that work with EnCase product line i.e. Bit9, Netwit ness, HBGary, Fireeye, ePO and Arcsight. Forensics Utilized EnCase Portable for incident response triage Tested and demonstrated EnCase Nuetrino for iPad and iPhone forensics The following tasks were run as a process during forensics\IR case work: Recover Folders * Mount Files * Hash Analysis * File Signature Analysis *Recyc ler Parser * Link File Parser *Event Log Parser * IE History Search *Keyword Se arch *Alternate Data Stream * Prefetch review * Timeline Review * Utilized Registry Ripper Standard Collection Exact Match Standard Collection Hash list eDiscovery Project Lead for eDiscovery projects involving various litigation cases Designed and Deployed EnCase eDiscovery for various federal and commercial clien ts Deployed and trained attorneys on EnCase Legal Hold \ ECC Web Server for Litigat ion notification requirements. Advised Attorney Staff on search criteria to meet discovery and time requirement s

Installed and trained Legal Hold\ECC Web Server for litigation support projects Advised Attorneys on primary and secondary culls of data collection Project lead in Criteria creation and conditions Held Presentations for Legal and eDiscovery team on efficient searching and coll ection. Utilized following EnCase eDiscovery features for eDiscovery projects: Various C ondition writing, Standard Collection Exact Match, Matching File Importer, Keywo rd Sets, Standard Collection Hash list, Email Connectors, NetApp collection Earthling Security, Inc. 3/10 - 8/10 BAE Systems - Consultant \ Security Strategist Compliance Framework based on NIST 800-53, CAG and DIB Survey (ECP). Incorporated enterprise Certification and Accreditation program based on NIST 80 0-37/53 revision 3 Create System Boundary Policy (Based Service Towers) Defense Industrial Base Compliance requirements to renew SSA, FOCI, ECP, TCP Led effort to coordinate DoD IG Site Visit Security Infrastructure and Tool Roadmap - Maturity and Integration Plan ArcSight, Mandiant, McAfee, Netwitness, CheckPoint Initiated Vulnerability Management Plan (Scan frequency, BIA, Metrics) Threat Management and Engineering Team Role Planning, Services Catalogue and Roa dmap Evaluated TrendMicro DeepSecurity and Core Protection for Data Center Security Integrated Archer for compliance initatives Technical POC for Department of Labor Proposal Centralized ArcSight Architecture (required log devices, connectors, loggers, re dundant ESMs and DB) Recommended ArcSight IdentityView to augment SIEM solution Worked with PWC to integrate IdM planning into compliance efforts Worked with Application Service Tower to initiate SDLC Commuity of Practice and Research Team. Phishme.com - IR email acount, VM mail account that is isolated and monitored. Designed and Implemented EnCase Enterprise and intergrated solution into Incide nt Response Program as per NIST 800-86. Earthling Security, Inc. 10/09 - 3/10 SRA International Enterprise - Security Advisor \ Architect * Contracted to review enterprise security architecture for Headquarter network, Main Data Center and 50+ branch sites. * Managed Team of 8 Department Managers * Network Segmentation Design and Review (Layer 2-3 and Higher Layer Network and Data Separation strategy using a combination of Cisco ASA Firewalls, VRF, Syman tec SEP11, Active Directory Hardening and RBAC) * Security Operations Center Design and Review (IRP, Processes and Arcsight SIEM Review and Design) * Review of Layer 3 VLAN (Checkpoint) Segmentation versus Cisco FWSM modules to protect sensitive networks * Business Process review for Network Security Architecture for all branch sites (61) * Mapped Entire Security Roadmap to Business Requirements, FISMA and DIACAP comp liance requirements, Architecture Solution Approach, Rationale and Vulnerability addressed. * Based on Risk Assessment, identify various security infrastructures to be inte grated into the overall network security architecture (This initiative included a Firewall Rule Set Review and Audit.) * Design Access Control Architecture - Controls for: Active Directory, Endpoint Security, Critical Servers and Role Based Access. * Recommended Data Leak Protection Architecture (WebSense) that integrates with Live Forensics technology (EnCase Enterprise.). * Project Management: Capital Management for projects, project schedules, resour

ce management, estimation of LOE and BOMs, Deliverable requirements and timeline s. Earthling Security, Inc. 7/09 - 10/09 Department of Health and Human Services - Enterprise Security Consultant \ Proje ct Manager * Contracted to provide Penetration Testing services and Security Testing and Ev aluation for 7 General Support Systems of HHS Networks. * Managed Team of 22 Engineers and Analysts * Provided Recommendations for ST&E and Risk Assessment Process * Reviewed 7 C&A Packages and provided recommendations in line with NIST 800-37 * Provided Control and Process Recommendations in accordance with NIST 800-53A & Revision3 * Utilized NMAP, Nessus and Metaspoit for discovery, VA scanning, reconnaissance and testing. Earthling Security, Inc. 2/07 - 7/09 Federal Energy Regulatory Commission - Security Project Manager, Lead Architect * Contracted to provide security vision and leadership as well as technical expe rtise. Roles included: Security Management * Planned, Designed and Implemented Agency's Security Operations Center * Formalized various Ad-hoc security tasks into official "programs" based on app roved policies.* * Established Vulnerability Management Program (VMP) * Established Information Management Program (IMP) * Established and Provided Hands-On Expertise for Agency Digital Forensics Progr am * Established Proactive Incident Response Program (PIRP) * Established Refreshed Certification and Accreditation Program (CAP) * Architected and Implemented Log Management Framework (LMF) * Developed Strategic Roles for IA\Security Team ("FedSec Team" consisting of 16 Engineers) * 800-100 / 800-55 / ISO / ITIL Program/Performance Assessment Methodology * Inter-Department Fusion for Security Audits (Emphasis during Mitigation Phase) * Presented 2008 Situational Awareness Briefing * Development Metrics-based Performance Review process Network Security Architecture * Deployed Live Forensics Architecture * Designed and Deployed Log Management Framework using TriGeo L2 SIEM, Kiwi and CS MARS * Integrated Cisco MARS SIEM, Kiwi and TriGeo SIEM with the LMF * Utilized a Phased approached in feed security and network devices (IDS, Server s, AV, Websense, Firewalls etc.) * Created SIEM Filters, Rules, Alerts for various network and security devices * Designed VM, SAN storage and Network requirements for the both SIEMs (EPS) * Designed Redundant DNSSEC Solution using HA DNS\Signer Appliances (Secure64) * Developed plan for Penetration Testing of Perimeter Network * Configured Context Firewalls for Critical Segments * Provided recommendations on NAC Policy and Architecture Design * Network Refresh Security Design (Cisco Security Design: Core Upgrades, CSM, AS A5520 / FWSM (context), NAC, CS MARS +, IDSM + Snort IDS/ACID) Certification and Accreditation * Led out C&A efforts for GSS and 7 MAs for the Commission * Established a comprehensive compliance matrix for OMB, FIPS and NIST * Security Testing & Evaluations Execution Plan * Methodologies: Asset Categorization, Data Sensitivity, 800-53 Self Assessment * Plan of Action & Milestones Management * Established System Boundaries Review Process

Privacy and Data Leakage Protection (Strategy: Designed Architecture, Policy and Plan) * Initial Data Identification * Data Classification * Asset Categorization (FIPS 199 & NIST 800-60) * McAfee DLP (Data at Rest, Evaluate Reconnix for Data in Transit) * Fedelis (Data in Transit) * TriGeo USB Defender (Data in Use) * McAfee SafeBoot Enpoint encryption (Total Protection for Data) * Redaction Policy * Implementation of OMB M 07-19 * Implementation of OMB M 06-16 Incident Response and Forensics * Designed Proactive Incident Response Program (PIRP) o Integrated Log Management Framework, Whitelisting and Forensics Technology * Presented program to Executive Director's Office * Integrated Live Forensics Architecture using EnCase Enterprise v12.2 * Integrated E-Discovery tools into DLP and Forensics framework * Live Forensics Technology: EnCase Snapshots & Memory analysis, AppDescriptor, PII Sweeps, Enscripts * Performed Media Acquisition, Preservation and Analysis using EnCase Enterprise (Local & Live) * Developed Privacy Program, Incident Handling of PII Breach and Notification * Evaluated EnCase IA Suite for Baselines, E-Discovery and Data Leakage Protecti on * Evaluated Bit9 for Whitelisting Hosts to protect against Zero day attacks and unauthorized applications * Performed Local and Remote Drive Acquisitions and performed analysis for: o Malware Infections o Data Leakage o Resource Abuse * iPhone and Blackberry forensics * Established Procedures for Preservation of Evidence and Chain of Custody Information Management * Security Documentation Requirements Policy * Established in-house Security Operations Center (Policy, Procedures, Displays, Physical Security, Monitor & IR Integration) * Established SharePoint Security Portal * Establish Security Event and Report submission procedures (scan reports etc.) * Provided Executive Management for Websense Internet Usage reports EndPoint Security * Created Compliance strategy for FDCC \ Vista roll-out (ThreatGuard/NessusSCAP & Policy) * McAfee Spyware & VirusScan 8.5i , Policy, Planning * Deployment McAfee ePolicy Orchestrator * Local Administrator Auditing and policy * Deployed 2 Factor Authentication using SecureID * Evaluated, planned and deployed Safeboot Full Disk Encryption Audit and Policy Compliance * Developed Map of policies and SOPs to Legal and Regulatory Requirements * Developed Blueprint of required policies and SOPs * Lead Certification and Accreditation for Major Applications and GSS * Managed United States Inspector General Audit preparation and clean up * Mitigated Password Finding to 0% for IG Audit * Architect for complete OMB-06-16 solution for 2 Factor Authentication and Full Disk Encryption * Policies Authored: Laptop, Remote Access and Telecommute, Issuance of Privileg ed Accounts, PII related, Vista relateted etc. * Mapping NIST Requirements to Agency Security Program * Developed plan for Penetration Testing of Perimeter Network

Physical Security * VA Scans SOP MGT Program * Provide Guidance and recommendation on Physical Security and Logical Security convergence * HSPD-12 (Requirements and Outsource Plan) Perot Systems Corporation 12/05 to 1/07 Chief Security Consultant National Institute of Health Chief Security Consultant/Advisor to company's clients. Contracted to main clien t to provide Security Vision and Leadership. Designed Security Program to meet F ederal Requirements, Responsibilities included managing FISMA compliance for min imum security configuration for all desktop and server systems, created security portfolio for all critical and security documentation, created incident handlin g program, patch management program (Patchlink), Deployed identity management fo r remote access (TNT), authored remote access policy, Created antivirus policy and procedures, Performed product evaluations for various security products and appliances e.g. branch firewall, Enterasys IDS/HIDS review, Enterasys Policy Man ager, Intellitactics Training. Department of Interior Performed Security Review and Evaluation in accordance with FISMA Requirements, Certification and Accreditation for Automated Deployment Database Application (A DD). Responsibilities included: Risk Assessment, Security Testing and Evaluation , Contingency Planning, Compliance matrix for all involved systems, Drafting Sec urity Policy, OS hardening procedures and Vulnerability Assessments. Department of Transportation Reviewed SSP and Minimum Security Baseline as per NIST Guidelines and Standards Reviewed all C&A documentation prior to final submission for two Major Applicati ons. Provided C&A Methodology to Client. Reviewed ST&E and SAR documentation and provided final recommendations. Arrow Electronics, Inc. - 6/04 11/05 Hauppauge, NY - Senior Security Consultant Establish SOX Compliant Incident Handling and Patch Management Program Review Six Sigma Standards to evaluate improvement of IT Security Processes Researched, Evaluated and Selected Best of Breed Patch Management Solution (Patc hLink, BigFix, LANDesk, WSUS). (Malware Mitigation / Handling i.e. Spyware, Viru s, Worms) Researched, Evaluated and Selected Best of Breed Intrusion Detection / Preventio n System Designed and Implemented ISS Proventia G / SiteProtector on critical network seg ment Wrote Event Records (Syslog) Procedure and drafted Daily Log Review Process and Form for SOX compliance. Created custom Scripts for syslog daily parsing Configured and Deployed Netscreen Firewall at remote locations. Daily Firewall Administration e.g. Established Netscreen firewall Log review Upgraded ScreenOS for Firewall firmware standardization (5XT, 5GT, NS25, NS50, N S200) Established Site to Site VPN tunnels between Netscreen Firewalls. Web Security Plan: EFS, HIDS, RADIUS, Audits, Tripwire and SDMZ Reviewed Processes and Procedures for SOX - Created Pre-Audit Tests for SOX Comp liance Responsible for Security Budget Planning Held Monthly Security Presentations for Executive Directors' Committee Created Corporate Security Homepage Policy, Tips and Alerts part of a User Secur ity Awareness program. Documented Internet and Web Business Continuity Plan Implemented Data Protection with EFS for corporate executives Desktop Security Planning (XPSP2, AV, DTfirewall, Incident Handling McAfee, ISS

RSDP) Fully planned and deployed MCAfee Desktop Firewall from a Centralized Server (eP olicy Orchestrator) E-Mail Security: Surf Control, Voltage SecureMail, Audited DNS and Mail Servers Architected post-merger Network Integration and security infrastructure Set up Branch office LAN and Internet (Win2k, Linux, Cisco PIX) Designed WSUS Architecture and Update Approval Process

Earthling Security, Inc. - 4/03 to 4/04 New York, New York Managing Partner, Chief Security Architect Head of Professional Services for Security Solutions Division Led out Company-wide IS Audits for Security Procedures and Processes. (DirectMed ia, Inc.) Managed Deployment of Checkpoint Firewalls, Real Secure IDS, Netscreen Firewalls , Symantec Web Security, Titan Unix OS Hardening, Linux-Bastille and others. (Di rectMedia, Inc.) HIPAA Compliance work for Medical Office (Sports Health Strategies/Sheefa Pharma cy) Managed Implementation of Physical Security solution such as CCTV / DVR systems, ID Access Card systems and related policies and procedures. Solutions included Axis surveillance equipment, Mobotix Security equipment, Voda Digitech CCTV and POS Systems, Visionix Biometrics, Siedle Video Intercom Systems. Advised Company managers on how to implement regulatory compliance programs. (Ma sterCard Corporation) Managed and performed penetration tests, Firewall Deployments, OS hardening, Web Security, Audits and related work. For physical security consultants provided s ite surveys that followed with the recommendation and deployment of Surveillance and Intercom Systems, POS, Identification Systems and \ or Alarm Systems. Planned Business Continuity and Disaster Recovery Strategies Performed Penetration Tests for Publicly facing systems and Human Resource Netwo rk Unified Technologies, Inc. - 11/01 to 3/03 New York, New York - IT Security Consultant / Project Manager New York Department of Law Managed Security team (6 consultants) for Internet Security Project at Governmen t Agency Installation of ISS RealSecure on Windows NT (management) and Solaris 8 / Window s 2000 (Sensors) Deployed Sensors Drafted Information Security Policy for Government Agency, City of New York Led Data Security Policy Initiative for various government agencies Vulnerabilit y Assessment using SAINT and NAI CyberCop Documented results. Deployed Symantec WebSecurity Product as CVP Server for Firewall-1 Deployed Client VPN with SecuRemote and Firewall to Firewall VPN to various sate llite sites & for remote users Set up Information Systems Audit for DOI Compliance (Tools used: SAINT & Nessus, L0pht crack, logmon) New York Social Services Administration Led Data Security Policy Initiative for various government agencies via Intervie w process, presentations etc. Drafted security policy for Government Agency of City of New York Configured SAMP for ISS RealSecure IDS probes Nassau County Government Office Installation of ISS RealSecure on Windows NT (management) and Solaris 8 (Sensors ) Deployed Sensors on multi-networked environment. Configured Cisco 3524 Switches for Internet Security Infrastructure

Deployment of Nokia IP 530 Checkpoint Firewall-1 in HA mode using VRRP. Set up VPN connections b/w satellite sites and main core site for various branch sites Network \ Firewall Planning and Deployment Installation and Configuration of iPlanet 5.1 on Solaris 8 Integrated Systems Group - 5/00 to 11/01 Melville, New York Senior Security Consultant Implementation of Checkpoint Firewall High Availability using Stonebeat Checkpoint Firewall-1 installations, Support and troubleshooting Arranged Audit for HR Applications Evaluation of PKI and Single SignOn Products Secure Remote Access and VPN design and implementation Various secure authentication schemes (Firewall-1, SecureID) Design and drafted Corporate Security Policy Daily LAN Administration (Cisco routers and switches, win2k AD env. /linux serve rs/DNS) Remote Access Architecture: SecuRemote VPN, RSA SecureID, Windows NT TerminalSer ver for Remote Server Checkpoint Firewall Upgrade (3.0 To 4.0) and Administration Acted as a Liaison between Data Security Group and Network Development Group on Security issues: Security Policy and Audit (Fortune 100 Firm) Linux Hardening for Various Web Servers using Linux Bastille script. O\S Tuning and Hardening for Solaris 2.7 for various enterprise servers. Provided pre-sales assistance to Sales team. Firewall to Firewall VPN using Checkpoint Firewall-1 Tunnels Merged two rules sets from 2 Checkpoint Firewalls (V4.0 and V4.1 on NT and Solaris) and Upgraded to Nokia IP 650s and provided HA via VRRP. After initial configuration performed audit of the Firewall Rule-set for security vulnerabilit ies and redundancies of rules on 2 Nokia IP 650s with Checkpoint using VRRP. Datek Online - 4/00 to 5/00 New York, New York - Network Consultant Checkpoint Firewall-1 Installation and Configurations Checkpoint SecuRemote and Nortel VPN Support Evaluated PKI products, Firewall Admin, Web Server Security, Authentication with Radius and NAI CyberCop Installation and Administration of ISS Real Secure \ Scanners Daily Network Support Tickets Contingency planning and interfaced with CTO for direction of IS Security. Patient Watch, Inc. - 4/99 to 4/00 Roslyn, New York - Manager of Information Systems General Network Administration and Support for Small Business (150 Employees) Responsible for E-Commerce and Network Security Designed Corporate Security Policy Responsible for strategic IT Budget planning Responsible for all IT Equipment Purchasing: WAN and LAN hardware and software Deployment and Administration of Checkpoint-1 Firewall: Rules, NAT, encryption, Deployment of MS Proxy for server security and web cache Seagate BackupExec: planning, rotation, schedule and installation Designed and Implemented Trusted NT Domain Environment - Single Master Domain Documentation of network design and structure Exchange Server: planning \ design, daily administration \ deployment of Outlook 98 Installed Exchange Server 5.5 in MultiSite environment \ connected to Internet u sing IMS AUTHORED SECURITY DOCUMENTS / WHITEPAPERS :

Addressing NERC CIP Standards, EnCase Enterprise Forensics Standard Operating Pr ocedures, Building a Proactive Incident Response Program, Live-Forensics Whitepa per, Log Management Framework, Securing Remote Access and Sensitive Data, Variou s Agency-Wide Security Policies, HA Firewall Fail-over Procedure Document, Confi guring VRRP on Nokia IP 530s, Configuring SecuRemote, Installing and Configuring RealSecure, Third Party Connection Policy, How to Manage Incident Handling, St orage Area Network ST&E Survival Guide, Certification and Accreditation Packages STANDARDS: FISMA, NIST 800 SP Series, FIPS, NERC CIPS, ISO17799/20001, SOX, HIPA A, GLB, DISA, FISCAM, ITIL, Six Sigma, ITIL, Homeland Security Presidential Dire ctives (HSDP) and OMB Mandates TECHNICAL SKILLS: EnCase Enterprise, EnCase Command Center (CyberSecurity), EnCase Nuetrino, EnCa se Portable, HBGary Pro, Flypaper, WebSense, McAfee EPO & TOPS Suite, TNT Identi ty, Fedelis DLP, Reconnix DLP, Bit9, Helix, Knoppix, Bindview, AppDetective, Web Inspect, NMAP, Netcat. Nessus, HPing2, Retina, IDS, TriGeo, Kiwi Log Server, Pho nesweep, Bindview, RSA SecureID, McAfee SafeBoot, Backtrack, Checkpoint Firewall -1 (CCSE, CCSA), ISS SafeSuite Scanner / RealSecure / Proventia, PGP, BlackIce, RSA Entrust PKI, Wireshark, BigFix, LANDesk, MSBA, SAINT, NMAP, Backtrack, Ness us, AppDetective, WebTrends, CS MARS, Bindview, NetScreens/Juniper, SurfControl PLATFORMS: Windows 2Kx, Linux, Solaris, Cisco IOS, Juniper, Nokia (IPSO), Apple Macintosh OS X, Vista\Win7 PROGRAMMING: Shell Scripting, PERL, HTML EDUCATION: St. John's University - Queens N.Y. Major: Business Administration June 1996 CERTIFICATIONS: CISSP, CAP, PMP, CE|H, CCSA/CCSE, CCE (Forensics), CCNA, MCSE PRESENTATIONS / LECTURES * Building a Log Management Framework * Components of a Successful DLP Program * Is a SIEM a SOC? * The Importance of Efficient Information Management in Data Security * Integrating Forensics Technology into an Incident Response Program * Your Role in Protecting Privacy Data - Privacy Seminars * They are Alive! Managing Information Security Policies * What is Certification and Accreditation? * Protecting the Nations Infrastructure: Complying with the NERC CIP Standards: Ask the expert! (5/27/09) * Creating Dynamic Protection Models for Compliance Initiatives (8/31/09) ACCOMPLISHMENTS & AFFILIATIONS * Co-Founder of Non-Profit 501(c) 3 Grant Foundation * President of Student Organization 1994-1996 St. John's University * Black belt in Filipino Martial Arts * Member of DC Chapter of ISACA * Interests: Writing, Photography, Public Speaking, Reading, Painting, Martial A rts and Guitar CURRENT PROFESSIONAL WORK IN PROGRESS Whitepaper: "Incident Response Programs that Work" FUTURE PLANS: Acquire EnCE certification

Note: Recommendation letters, references and documents furnished upon request.