I specialize in website security security consulting.
Web hacking analysis, web penetration testing, security code reviews, etc.

See attached resume below:

David Totten
7100 Saratoga Springs Lane
Raleigh, NC 27613
(919) 641-3327 hm
(919) 992-7048 wk

QUALIFICATIONS

• Formidable technical credentials in web penetration testing
• Exceptional application and programming skills
• Outstanding Project Management Skills

COMPUTER SKILLS
• ASP.NET C, C++, Perl, Unix Shell Scripting, Java, Visual Basic, HTML, PHP, JSCRIPT
• MySQL, Microsoft SQL, Oracle, Linux, Unix
• MS project, MS excel, MS power point, MS access
• Evaluation of security vulnerabilities in Java, JSP, JSCRIPT, and Cold Fusion code


CERTIFICATIONS AND TRAINING
• CISSP
• PMP
• MCSE 4.0
• ORACLE DBA
• Network +
• Security +


EMPLOYMENT

Nortel Networks Raleigh, NC
Information Technology Consultant 2000 – Present

• Penetration Tester(August 2005 – present) :
• Perform technical security verification and risk analysis on various systems using automated tools and examination.
• Conduct network security and vulnerability assessments for outsourcing projects
• Made recommendations based on evaluation of assessment information from NESSUS
• utilized penetration software testing tools for security certification
• Utilized Sniffers, NMAP, NESSUS, NetStumbler, and JOHN the RIPPER
• Analyze system configurations to determine the security posture and recommend risk-mitigation solutions.
• Utilized traffic generators to diagnose CPU usage, Memory, Session capacity
• Performed Web vulnerability scanning to detect a wide range of vulnerabilities, including application, platform, and HTML weaknesses
• Utilized the webinspect vulnerability scanner to perform scans
• Analyzed reports including broken links, server errors, and timeouts

• DBA Security Application Prime(August 2005 – present) :
• Develop DBA Security Best Practice Documents and Standards for Oracle, MS SQL, and MySQL.
• Implement DB Audit Solution for Sarbanes Oxley gaps .
• Provide DBA support for installing and upgrading , instance creation, application database setup and database monitoring and tuning of MS SQL and Oracle Servers

• Web Application Developer(August 2005 – present) :
• Implement database driven interactive content.
• Customize information retrieval and client/server programmability.
• Supports the team in utilizing current and emerging script technologies.
• Develop publishing tracking systems, conversion tools, automation tools and procedures and miscellaneous support projects.
• Own responsibility for entire security exemptions project and web pages.
• Works closely with production staff on a project basis-Managing Security Architects or Team

• Security Project Manager(August 2005 – present) :
• -Define project objectives, resources and schedules in conjunction with team members
• -Prepare and maintain project plans including timelines, and resources
• -Identify resource and other constraints in achieving project objectives
• -Prepare regular status and variance reports to Strategic Program Manager and team
• -Negotiate resources and plans with external support organizations
• -Monitor progress of project plans, analyze variances to plan and recommend alternatives to achieve objectives
• -Lead regularly scheduled project reviews with the team
• -Issue action items and follow-up
• -Manage issue resolution with vendors on tech / products quality and functionality
• -Lead and Managed Security Trials
• -Developed Business Case for project funding initiatives
• -Communicate project status, milestones and issues to the project sponsors
• -Track and report progress relative to time, budget, and demonstrated results

• Network Support Engineer(Sept. 2003 – Aug. 2005):
• -Providing technical guidance for trouble shooting and issues resolution
• - Consulted customers including Bellsouth and Qwest on network infrastructure and design with NAT and Radius technologies utilizing Shasta Firewall
• - Provided Penetration Testing for new releases of software using traffic generators and reported appropriate recommendations
• - Conducted Buffer Overflow Penetration testing for Bellsouth and Qwest during VOIP trial period
• - Recommended best use VPN end to end Encryption product alternatives to customers
• -Designed and Supported multiple routing protocols, RIP, BGP, iBGP, OSPF
• -Designed and Supported network monitoring tools(MDM, HP OpenView)
• -Configured Cisco routers, Service Edge Routers, Juniper Routers and switches
• -Gathered network requirements, provided a design from approved product specifications for production networks
• -Collected and analyzed network traces
• -Provided Performance Management & Capacity Planning skills
• -Evaluated and established IP Addressing Schemes

• Technical Instructor(July 2000 – Aug. 2003):

• Performed penetration testing demonstrations for students utilizing traffic generators and sniffers
• Constructed Nat/Firewall network infrastructure and design for students to perform testing
• Performed IPSEC VPN lectures to demonstrate the use of encryption
• -Served as a subject matter expert on Nortel security and routing products(Shasta, Contivity, Alteon, Passport, MDM)
• -Served as a subject matter expert on Nortel security technology(Firewalls, VPNs, Anti-Spoofing, Nat)
• -Develop and implement certification training and exams
• -Develop Technical Learning Modules in a variety of formats (ie. e-learning, instructor-led etc.)
• -Maintained technical training equipment on Nortel Products(Contivity VPN,SER,Alteon,Multi Service Switch Routers)
• -Analyzed program design/development, implementation, evaluation, and the control and improvement of training


AT&T Solutions Durham, NC
Network Engineer 1997 – 2000
• - Provided Unix shell scripting and Unix Administration.
• -Tested and solved TCP/IP LAN/WAN network connectivity issues.
• -Set up, installed, and configured Cisco routers and catalyst switches.
• -Designed and Supported multiple routing protocols, EIGRP, BGP, iBGP, OSPF
• -Designed and Supported network monitoring tools(BMC Patrol, HP OpenView)
• -Configured Cisco routers, Service Edge Routers, Juniper Routers and switches
• -Gathered network requirements, provided a design from approved product specifications for production networks
• -Collected and analyzed network traces



EDUCATION

North Carolina A&T State University
Master of Science Industrial Technology May 2000
Bachelor of Science Computer Technology May 1997