Skills and Knowledge
Bachelor of Science: Information System Security and Cyber Security
Network Communication Infrastructure: Understanding of the protocols required for unified communications. This included Voice Over IP and video communications. The convergence of computer networking and telecommunications technologies. Capabilities and limitations of converged networking infrastructure are analyzed through voice, data and video applications in relation to performance, management and security challenges. Project was to create a network that used both VoIP and Video conferencing for both WAN and LAN usage. Security, Confidentiality, Integrity, and Access all had to be met.
Information Technology Infrastructure Security: Hands on approach to the security challenges encountered on backbone networks in an information and communications infrastructure. Topics included methods of tightening infrastructure security, a variety of tools for monitoring and managing infrastructure security and commonly-used technologies, such as firewalls, VPNs, packet sniffers, and vulnerability scanners. Project consisted of creating a network with a focus on WAN, VLAN, firewall, and VPN security.
Risk Management in IT Security: We addresses how risk, threats and vulnerabilities impact information systems in the context of risk management. Topics included methods of assessing, analyzing and managing risks, defining an acceptable level of risk for information systems, and identifying elements of a business impact analysis, a business continuity plan and a disaster recovery plan. Create a risk Management Plan that included a BIA, BCP, DRP, and a Risk assessment and evaluation.
Access Security: The exploration of the concept of controlling access to information systems and applications. Topics included access, authentication and accounting for end-users and system administrators, and security controls for access control including tokens and public key infrastructures (PKIs). Project consisted of creating a Access control policy for 8 offices connected through a VPN over the internet. Here a network including all seven domains of the network were to be secured. Both logical and physical security was required.
Windows Security: Security implementations for a variety of Windows platforms and applications. Areas of study included analysis of the security architecture of Windows systems. Identification, examination of security risks, and application of tools and methods to address security issues in the Windows environment.
Security Issues in a Legal Context: The study of an overview of legal processes involved in implementing and maintaining information systems security. Real world security violations and breaches in relation to pertinent laws and regulations, and used case studies to analyze legal impacts of information security issues. Project was to create a Project: Document Retention Policy and Litigation Hold Notice.
Security Policies and Implementation: The design and process of security policies that protect and maintain an organization''s network and information systems assets. Topics included the effects of organizational culture, behavior and communications styles on generating, enforcing and maintaining security policies. Projected consisted of writing policies consistent with current DOD requirements pertaining to a contractor.
Hacking and Countermeasures: This course explored hacking techniques and countermeasures. Topics included network systems penetration tools and techniques for identifying vulnerabilities and security holes in operating systems and software applications. Hands on practice of ethical hacking procedures to attempt unauthorized access to target systems and data, and incident handling procedures in the case of an information security compromise. This project was broken up in to six parts that included current security threat analysis to a final defense plan to prevent future attacks to the college.
Research Methods: Introduction to conducting research. Topics include scientific reasoning, applying critical thinking principles to assess validity and reliability in research, and production of research-based documents. Project to write a formal research paper.
Security Auditing for Compliance: This course examines principles, approaches and methodology used in auditing information systems security to ensure processes and procedures are in compliance with pertinent laws and regulatory provisions
Cybercrime Forensics: The expolation of cybercrime, security threats and legal considerations facing cybersecurity professionals in dealing with the discovery, investigation and prosecution of cybercrimes. Used tools used by computer forensic professionals for investigating cybercrimes, and the use of these tools for the collection, examination and preservation of evidence for prosecution.
Security for Web Application and Social Networking: I analyzed security implications of information exchange on
the Internet and via Web-based applications. Topics include methods and
techniques to identify and countermeasure risks, threats and vulnerabilities
for Web-based applications, and to mitigate risks associated with Web
applications and social networking
Linux Security: I examined threats, vulnerabilities and other security issues in Linux operating systems and applications in the Linux environment. I practiced using different methods, tools and techniques to secure Linux operating systems and applications.
Information Systems and Cyber Security Capstone Project: Final project in which I was to respond to a Request for Proposal from a state agency. This included meeting all contractor requirements, technical requirements, bring the state in compliance with HIPAA, GBLA, and PCI DSS. It included the creation of high level summaries, Business Impact Analysis (BIA), Business Continuity Plan (BCP), Disaster Recover Plan (DRP), and Cost analysis.
Associate of science: network systems administration
Computer structure and logic: Learned about the history of computers and a discussion of their future, an introduction to their components, how they function, trouble shooting, and binary, decimal and hexadecimal code.
Introduction to networking: Foundations in the study of computer networking technologies. Concepts of data communication to include, coding and decoding, multiplexing, circuit and packet switching, OSI and TCP/IP models, LAN/WAN protocols and implementation, network devices and their functions, topologies and there capabilities. Industry standards and their development of networking technologies in conjunction with a basic awareness for of software used in both networking and internetworking environments
Client server networking 1: An introduction to client server based networks. Preformed the installation, configuration, maintenance, troubleshooting and routine administrative tasks for machines both standalone and as network client computers, and related tasks and aspects of a typical network server. Tasks completed were installing Windows 7 and Sever 2008 R2, establishing client security and access control both locally and on the network, monitoring and managing Server 2008 R2, creating work-groups domains and forest, connecting all machines to the network, the various sever functions and roles, disk management and file system set up.
Client Server Networking 2: A deeper study of server functions, installation. Configuration, maintenance, and routine administrative tasks of the network services as it pertains to its clients and other severs. Installed and configure Microsoft Server 2008 R2 and Windows 7. Configured Microsoft Server 2008 R2 in to a DCHP sever, configure and set Active Directory, configure universal group membership caching, transfer and seize FSMO roles, and analyze group policy applications and techniques to secure Server 2008 R2
Physical Networking: Detailed look at industry standards involved with the physical components of a network, networking devices and their specifications and functions. Designing the physical network based on appropriate capacity planning and implementing various installations, testing and troubleshooting techniques for a computer network. Covered telecommunications, cabling specifications and constraints, cabling tools network equipment for wired and wireless networks, cable testing, fiber optic light principles, fiber cables, splicing and connectors, light sources, detectors and receivers. Fiber optic installation, considerations and testing.
Linux networking: Learned system and network administrative tasks using Linux based components on a network. Performed routine tasks of installation, configuration, maintenance, Linux networking services, and troubleshooting on Linux based workstations and servers with an emphasis on networking through the Linux command line.
Introduction to programming: A foundation for understanding the logical elements and process of computer programming. Basic computer programming knowledge and skills in logic and generic syntax were studied. Coding convention and procedures were discussed relevant to the given programming language. Most work was performed on Microsoft visual Basic at the console level. Gained an understanding of the fundamental concepts of computer programming. Designed programs with flowcharts and pseudo codes. Wrote actual programs that perform input, processing and output. Wrote programs with both variables and constants; programs that use conditional statements to solve problems and programs that use loops to solve problems. Applied techniques to write functions in programs. Wrote programs that can read data from and write data to files.
Database concepts: An introduction to the inner workings of different databases with a focus on the MS SQL RDBMS. A simple data base was created from the conception to final completion. This included implementing security in the form of login and authorization, script base queries, normalization, and ensuring business rules are met.
Introduction to Information security: A look at the types of attacks that networks are faced with from the outside but within as well, covering: DOS, worms, trojans, sniffer attacks, and brute force attack. Measures such as, DMZ, packet sniffing, Intrusion detection, and port scanning were covered as means to harden the network from attacks. The concepts and theories discussed were followed by hands experience on using the programs Wireshark and NMap. SSL certificate creation, authentication and authorization of VPN access.
IP Networking: Here we learned the art of subnetting and the configuration of switches and routers. This was done by hands on training using the program Packet Tracer. All configuration of routers, switches, vlans, encapsulation, ospf, eigrp, igrp, and rip were all performed in the Cisco command line interface. WAN/LAN connections were created so that vlans could talk over the wan while still ensuring segmentation of the network was in place for security. Vital services like DHCP servers were placed on a different LAN and then split into vlans to ensure their security through segmentation while still assigning IP addresses through the WAN.
Email and web services: Topics covered were: installing Windows Deployment Services, creation of a FTP site and website, website management through IIS7, enabling and configuration of authentication through standard and NTFS methods, configuration of SSL certificates for web sites, deploying smtp, streaming media and SharePoint services, email integration, and digital rights management. MS Exchange was explored by ensuring that ADDS was ready for the integration, the installation within ADDS, Outlook, Entourage, client access rules, transport, smtp protocols, and configuration of antivirus and antispam.
Capstone: Final project prior to graduation to manage the scope, cost and schedule of a project to build a complete network for a company from the ground up. We were given the opportunity to design a network for a school system that needed a lab for students to learn and for teachers to use to input grades that would be sent to the district office. We found and priced out all the hardware, labor and software costs to present to the client. The physical and logical infrastructure was created, server roles established, ADDS and LDAP were used for authentication and right assignment. Security through a VPN for replication and security was set up. Federal requirements like CIPA were adhered too.