[Owasp-cert] OWASP Introduction

J. Oquendo sil at infiltrated.net
Sat Jul 19 10:53:06 EDT 2008


Good day all,

<warning>
For those who don't know me, apologies for the lengthy
post... For those who have corresponded with me, those
who know me... Did you expect anything less ;)
</warning>

<intro>
I consider myself a Jack of All trades security
professional with about 16 years professional computing
experience beginning in the banking industry (Chemical
now JP Morgan Chase). I've progressively evolved having
the opportunity to work in everything from systems
administration (AS/400, BSD's, Linux, Irix, Solaris,
HPUX, AIX), through network administration, design and
analysis.

Circa 1996 I made the move over to the security
industry after already dabbling with security mechanisms
via systems/networking tasks.

Currently I work at a VoIP carrier/CLEC (all 50 states)
where my duties vary from network analysis, design,
implementation, managed security services (penetration
testing, policy review/design, risk assessment,
mitigation), firewall architecture, design,
implementation, etc., in other words, I never get a break.

I've been through the dotcom era working at a domain
registrar as a systems/security admin (back then the title
"security engineer" didn't really exist), at a social
networking site with over 60 million users. I follow
security religiously where it went from a hobby to getting
paid doing what I enjoy.

I've created a few public security tools ranging from a
VoIP fuzzier, network Denial of Service analysis tool, to
my own VoIP based IPS. I'm an overall geek who proactively
monitors logs, reads RFC's and drinks too much coffee.

Currently I posses a few security certs and am studying for
three more (CISM, CISSP, CISA) as well as have seats for
yet two other exams one coming next month (OSCP) I've never
been a cert person, but due to the shift in the industry
within the past decade, I decided to take a second look and
attempt to become as educated as I can and helpful to others.
Written technical documents on securing infrastructures and
operating systems from 1998 - ... What can I say, I have too
much time on my hands.

Respectfully requesting to contribute where I can to this
list in hopes of creating a useful industry certification
that will not translate into passing via "reading a book".
Since I've been self taught (hands on), I believe there should
be technical understanding AND hands on implementation outside
of solely reading documentation.

Anything I missed/forgot, feel free to ask. ;)
</intro>

<exhale>Descriptive enough?</exhale>

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1)
CEH/CNDA, CHFI

"Experience hath shewn, that even under the best
forms (of government) those entrusted with power
have, in time, and by slow operations, perverted
it into tyranny." Thomas Jefferson

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB



More information about the Owasp-cert mailing list