Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Michael W. Meissner - Cyber Security Engineering Biography

857 views

Published on

Michael W Meissner - Cyber Security Experience and Capabilities - 02/17/2015

Michael W. Meissner is a Solutions Architect, Infrastructure Architect and Cyber Security Engineer at Ethernautics, Inc.

Michael Meissner has over thirty years of relevant Information Systems and Information Technology experience. Mr. Meissner is a Cyber Security Engineer with over 20 years of Information Security practice. Mr. Meissner authored Information Security Patents.

Published in: Technology
  • Be the first to comment

Michael W. Meissner - Cyber Security Engineering Biography

  1. 1. MICHAEL W. MEISSNER, RCDD CYBER SECURITY SERVICES CYBER SECURITY PROGRAM AND PROJECT MANAGEMENT CYBER SECURITY SOLUTIONS ARCHITECTURE CYBER SECURITY DESIGN ENGINEERING
  2. 2. MICHAEL MEISSNER SUMMARY • MR. MEISSNER IS A HIGHLY MOTIVATE CYBER SECURITY PROGRAM MANAGER AND CYBER SECURITY ENGINEER AND HAS OVER THIRTY YEARS OF EXPERIENCE AS A MANAGING PROGRAMS AND PROJECTS. • MICHAEL W. MEISSNER LEADS ETHERNAUTICS, INC.'S CYBER SECURITY PRACTICE. MR. MEISSNER HAS OVER 30 YEARS OF IT, ENGINEERING AND MANAGEMENT EXPERIENCE. THROUGHOUT HIS CAREER HE HAS PROVIDED EXCEPTIONAL CLIENT SERVICE AND COMMUNICATION SKILLS WITH A DEMONSTRATED ABILITY TO DEVELOP AND MAINTAIN OUTSTANDING CLIENT RELATIONSHIPS. • HIGHLY ORGANIZED, RESULTS-ORIENTED AND ATTENTIVE TO DETAILS. SELF-MOTIVATED, PROACTIVE, INDEPENDENT AND RESPONSIVE. REQUIRES LITTLE SUPERVISORY ATTENTION. EXCELLENT PRESENTATION, FACILITATION AND DIPLOMACY SKILLS • MEISSNER HAS EXECUTED END TO END PROGRAM MANAGEMENT AND PROJECT MANAGEMENT OF LARGE AND/OR MULTIPLE LARGE PROJECTS. MR. MEISSNER HAS MANAGED PROJECTS FROM A FEW INDIVIDUALS TO TEAMS OF OVER 100 INDIVIDUALS AND VENDORS. ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 2
  3. 3. MICHAEL MEISSNER SUMMARY • MR. MEISSNER DESIGNS AND IMPLEMENTS ALL FACETS OF CYBER SECURITY PROJECTS, PROGRAMMATIC AND TECHNICAL DETAIL MANAGEMENT TO ENSURE DELIVERABLES ARE MET WITHIN SCHEDULE, BUDGET, AND QUALITY GOALS. HE IS ABLE TO EXPRESS A CLEAR UNDERSTANDING OF THE BUSINESS, OPERATIONAL AND HUMAN IMPACT OF TECHNOLOGY AND THE CYBER SECURITY THREATS THEY EXPOSE. • MR. MEISSNER HAS MANY YEARS OF EXPERIENCE WORKING IN A COMPLEX, MULTI TASKING TYPE ENVIRONMENTS. • DEMONSTRATED TRACK RECORD ASSISTING CLIENTS WITH IDENTIFYING AND ASSESSING INFORMATION SYSTEM RELATED RISKS AND DEFINING BEST PRACTICES AS A TRUSTED ADVISER. • HANDS-ON EXPERIENCE WITH INFORMATION SECURITY STANDARDS AND TECHNOLOGY • EXPERIENCE WITH SECURITY STRATEGIES AND/OR SECURITY ARCHITECTURE. • EXPERTISE IN IT POLICY AND PROCEDURE DEVELOPMENT. • MEISSNER HAS EXECUTED PROJECTS THRU THEIR COMPLETE LIFE-CYCLES (SDLC) • IT PROCESSES (I.E., ITIL) INCLUDING INCIDENT, PROBLEM, DEFECT, CHANGE AND RELEASE MANAGEMENT. ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 3
  4. 4. MICHAEL MEISSNER SECURITY DOMAINS • EXPERIENCE WITH THE FOLLOWING SECURITY DOMAINS: • AUDIT AND MONITORING, • RISK RESPONSE & RECOVERY • CRYPTOGRAPHY • DATA COMMUNICATIONS • COMPUTER OPERATIONS SECURITY • TELECOMMUNICATIONS & NETWORK SECURITY • SECURITY ARCHITECTURE & MODELS • MEISSNER MAINTAINS EXPERIENCE IN SEVERAL INDUSTRY VERTICALS ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 4
  5. 5. WORK HISTORY 08/2007 - Present Ethernautics, Inc. California Water Services Areva Computer Sciences Corporation Telcordia Global Telcom Limited (GTL) US Cellular Urenco/LES ETUS STP – South Texas Project Verizon Wireless JoAnn’s Stores 01/2007 – 08/2007 NetCracker, Technologies US Army Time Warner One Communications Covad Telus Nextel/Sprint Verizon Business Horry Telephone Cooperative Comcast 11/1993 – 01/2007 Information Mechanics, Inc. Comcast (TCI) AT&T Broadband MetroList Mobeo GTE AT&T Wireless Bell South Continental Cable Lafarge Concrete Denver Post US Park Service Across Media Networks Telcordia (Belcore) – SAIC TECO/Peoples Gas Cable Services Group (CSG) AMDOCS Cable Data Kenan AT&T Broadband MediaOne USWest/Qwest Ticketmaster/Pacer Cats, AMC, United Artist 02/1992 – 11/1993 Berger & Co Region Transportation District (RTD) Lipper Analytical Aspen Ski Corp Obeymeyer Sports USWest Jones Cable Xcel Energy Frontier Communications Optimus Technologies Ticketmaster/Pacer Cats Trinidad Benham Territory Agent IBM – Oil & Gas/Mining/AEC 05/1987 – 02/1992 IBM Department of Transportation Department of Health and Human Services Department of Labor Rocky Flats – Rockwell International Public Service Company of Colorado Kaiser Permanente St. Anthony’s Hospital St. Luke’s Hospital, Veterans Hospital Colorado School of Mines 05/1987 – 10/1988 Colorado School of Mines Research Development Data Center Management 06/1985 – 05/1987 Schlumberger Measurement While Drilling (MWD) 01/1988 – 06/1985 Mammoth Information Services Calaway Oil & Gas Bird Oil Corporation Amselco Minerals Amoco Microgeophysical Corp Max P. Arnold & Associates * See Project References for details: (Click Here) ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT 5
  6. 6. GOVERNANCE PROGRAM AND PROJECT MANAGEMENT • CYBER SECURITY PROGRAM LEADERSHIP AND MANAGEMENT • CYBER SECURITY STRATEGY • CYBER SECURITY PROJECT MANAGEMENT • REGULATORY COMPLIANCE • POLICY AND PROCEDURE DEVELOPMENT • CHANGE MANAGEMENT - CONFIGURATION MANAGEMENT • TECHNICAL SPECIFICATIONS AND BEST PRACTICE DEVELOPMENT • INCIDENT RESPONSE DISASTER RECOVERY • REPORTING AND KPI’S ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 6
  7. 7. GOVERNANCE PROGRAM AND PROJECT MANAGEMENT • CUSTOMER FACING – WORKS ACROSS ORGANIZATION • PROJECT MANAGEMENT • DEVELOP AND TRACK SCHEDULES • TRACK RESOURCES • KPI’S • RFP PREPARATION, BID PREPARATION AND RESPONSE • JOB COSTING AND BUDGET TRACKING • PROFICIENT IN DESIGN, PRESENTATION, AND PROJECT MANAGEMENT TOOLS (MS OFFICE, WORD, EXCEL, POWER POINT, VISIO, PROJECT) • PROJECT AND CONSTRUCTION MANAGEMENT, IT ENGINEERING MANAGEMENT, FIELD ENGINEERING AND “CRAFT” MANAGEMENT • LABOR/UNION RELATIONS ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT – 7) 7
  8. 8. TECHNICAL CAPABILITIES • LOW VOLTAGE DESIGN - REGISTERED COMMUNICATIONS DISTRIBUTION DESIGNER (RCDD) CERTIFICATION • OUTSIDE PLANT DESIGN • ELECTRONIC SAFETY AND SECURITY SYSTEMS DESIGN (LIFE SAFETY) • WIRELESS DESIGN (DAS, CELLULAR, ANALOG RADIO) • INTELLIGENT BUILDINGS, BUILDING AUTOMATION, UTILITY MONITORING DESIGNS • CYBER SECURITY DESIGN – CISSP CERTIFICATIONS • RIGHTS OF WAY, PERMITTING, AND AUTHORITIES HAVING JURISDICTION (AHJ) • CUSTOMER FACING SALES AND SUPPORT – TECHNICAL PRESENTATIONS • PROFICIENT IN DESIGN TOOLS (ACAD, VISIO, EXCEL) • FIELD ENGINEERING, DESIGN VERIFICATION, AND "AS-BUILTS" • CYBER-PHYSICAL SYSTEMS • CYBER SECURITY ASSESSMENT Hello 8
  9. 9. TECHNICAL CAPABILITIES – CYBER SECURITY • CYBER-PHYSICAL SYSTEMS - ELECTRONIC SAFETY AND SECURITY SYSTEMS DESIGN (LIFE SAFETY) • WIRELESS DESIGN (DAS, CELLULAR, ANALOG RADIO) - ENCRYPTION • CYBER SECURITY DESIGN – CISSP CERTIFICATIONS • REGULATORY REQUIREMENTS • BUSINESS REQUIREMENT • CUSTOMER FACING SALES AND SUPPORT – TECHNICAL PRESENTATIONS • RISK ASSESSMENT • CRITICAL DIGITAL ASSET MANAGEMENT • CYBER SECURITY ASSESSMENT ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT – 7) 9
  10. 10. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN SERVICES • CYBER SECURITY ENGINEERING • CYBER SECURITY ARCHITECTURES (PCI, NIST, ISO ETC.) • BUSINESS AND REGULATORY REQUIREMENTS • SYSTEM ANALYSIS USING MULTIPLE TECHNOLOGIES IN HETEROGENEOUS ARCHITECTURES AND WIDE SYSTEM FUNCTIONALITY • ELECTRONIC SAFETY AND SECURITY (ESS) - PHYSICAL SECURITY SYSTEMS AND LIFE SAFETY SYSTEMS • CRITICAL DIGITAL ASSET DETERMINATION • ANALYZES NETWORK SECURITY DESIGN • RISK ASSESSMENT AND MANAGEMENT • WORK WITH CLIENTS IN IDENTIFYING AND ASSESSING INFORMATION SYSTEM RELATED RISKS RELATED TO CYBER SECURITY. • CREATING STRATEGIES RELATED TO CYBER SECURITY RISK MANAGEMENT. • PLANS AND CONDUCTS VULNERABILITY ASSESSMENTS • CREATED AND TUNED VULNERABILITY SCAN GROUPS AND CONFIGURATIONS. • IDENTIFICATION OF ATTACK VULNERABILITIES (OWASP) AND (ISO/IEC 15408-1:2009) • EVALUATION OF SYSTEM SECURITY CONFIGURATIONS • DEVELOPMENT AND EVALUATION OF ATTACK SCENARIOS • EVALUATES FINDINGS AND CONDUCTS ROOT CAUSE ANALYSIS • CONDUCT PENETRATION TESTING, ROUTINE EXPLOIT ANALYSIS, SYSTEMS MONITORING. • CYBER SECURITY CONTROLS CATALOG • REMEDIATION AND MITIGATION ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 10
  11. 11. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN DIGITAL DESIGN AND SYSTEMS ENGINEERING SERVICES • MEISSNER HAS EXPERIENCE WITH DESIGNING THE FOLLOWING SECURITY RELATED SYSTEMS: • NETWORK SECURITY DESIGN (LAN/WAN) • APPLICATION SECURITY DESIGN • DATA SECURITY • ELECTRONIC SAFETY AND SECURITY (ESS) - PHYSICAL SECURITY SYSTEMS AND LIFE SAFETY SYSTEMS • SECURE WIRELESS • RADIO ENCRYPTION • DATA • VOICE (PUSH-TO-TALK) • INTEGRATES SECURITY TECHNICAL CONTROLS FOR MULTIPLE PROJECTS/PRODUCTS WITH DEFINED REQUIREMENTS • DESIGN TEST PLANS TO EVALUATE CONTROL OBJECTIVES AND IDENTIFY WEAKNESSES IN THE INFORMATION TECHNOLOGY CONTROL STRUCTURE. • SECURITY OPERATION CENTERS (SOC), NETWORK OPERATION CENTERS (NOC), DATA CENTERS, TELECOM EQUIPMENT ROOMS, • ENGINEERING DRAWINGS - (T-EQP, T-PHY, T-PHY) • IDENTITY ACCESS MANAGEMENT AND AUTHORIZATION • PLANT CONTROL SYSTEMS (PCS, ICS) AND SCADA SYSTEMS IN NUCLEAR POWER PLANTS, CHEMICAL PROCESSING AND WATER TREATMENT/DISTRIBUTION CRITICAL INFRASTRUCTURE • DESIGN OVERALL DEFENSE-IN-DEPTH ARCHITECTURE FOR PLANT SYSTEMS (NIST CYBER SECURITY FRAMEWORK AND ISO/IEC 27001 COMPLIANCE COBIT, COSO). • SUPPORTING INFRASTRUCTURES (TELCOM, POWER, HVAC, DATA CENTER, CLOSETS, DAS, DISTRIBUTION SYSTEMS) • OUTSIDE PLANT (OSP) • SECURE STRUCTURED CABLING • DEFINES SECURITY PRODUCT SPECIFICATIONS • DEFINE INTRUSION/DATA LOSS TECHNIQUES. • DESIGNS, INTEGRATES AND CONFIGURES CONTROLS. • RESPONSIBLE FOR IMPLEMENTING AND TUNING THE TECHNICAL SOLUTION USED TO IDENTIFY AND MANAGE THE CONFIGURATIONS AND CONTROLS • PATCH MANAGEMENT- SATELLITE, SCCM, WSUS, SHAVLIK, SECUNIA, LANDESK ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 11
  12. 12. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN DIGITAL DESIGN AND SYSTEMS ENGINEERING SERVICES • MEISSNER HAS EXPERIENCE WITH DESIGNING THE FOLLOWING SECURITY RELATED SYSTEMS: • NETWORK SECURITY DEPLOYMENT OF NETWORK AND APPLICATION SECURITY AND AUTHORIZATION FOR PLANT CONTROL AND REPORTING SYSTEMS. • FIREWALLS • DATA DIODES • DMZ’S • ENCRYPTION • IAM • SIEMS • IDS/IPS ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 12
  13. 13. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN SERVICES • MEISSNER HAS EXPERIENCE WITH THE FOLLOWING SYSTEMS: • PHYSICAL SECURITY SYSTEMS • LIFE/SAFETY SYSTEMS – ESS SYSTEMS • ASSET MANAGEMENT • PLANT CONTROL SYSTEMS • BUILDING AUTOMATION & UTILITY MONITORING • DATA CENTER DESIGN • CABLE DESIGN – STRUCTURED CABLING • OUTSIDE PLANT - OSP • NETWORK DESIGN • CYBER SECURITY ENGINEERING • AUTHORIZATION AND CONTROL • LEED • PROJECT MANAGEMENT ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 13
  14. 14. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN OPERATIONS SERVICES • SECURITY OPERATION CENTER (SOC, ALARM STATIONS) • CYBER SECURITY MONITORING • NETWORK SECURITY MONITORING • INCIDENT DETECTION • CONTRIBUTES TO THE DEVELOPMENT AND EVALUATION OF ATTACK SCENARIOS • EVALUATES FINDINGS AND CONDUCTS ROOT CAUSE ANALYSIS • PERFORMS INCIDENT RESPONSE ACTIVITIES ACROSS BROAD TECHNOLOGY PROFILES OR MULTIPLE SYSTEMS • INTERROGATES INDUSTRY SOURCES AND EVALUATES INCIDENT INDICATORS. • COLLECTS AND PRESERVES EVIDENCE, IDENTIFIES INTRUSION OR INCIDENT PATH AND METHOD • DETERMINES NATURE, MECHANISMS, SCOPE AND LOCATION OF THE INCIDENT. • DRAFTS INCIDENT/INVESTIGATION REPORTS AND MAKES RECOMMENDATION FOR FUTURE PROCESS ENHANCEMENTS. PREPARES AND DELIVERS TECHNICAL REPORTS AND BRIEFINGS • DEPLOYMENT OF NETWORK AND APPLICATION SECURITY AND AUTHORIZATION FOR PLANT CONTROL AND REPORTING SYSTEMS. • MONITORS NETWORK AND HOST-BASED SECURITY ALERTING SYSTEMS AND EVENT LOGS. PERFORMS INITIAL EVENT/LOSS ASSESSMENT AND VALIDATION. ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 14
  15. 15. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN IT CYBER SECURITY DETECTION AND PREVENTION TOOLS • NETWORK MONITORING – SOLARWINDS • VULNERABILITY SCANNERS - NESSUS, RETINA, QUALSYS, FOUNDSTONE, NEXPOSE • SIEM – SPLUNK, IBM QRADAR • IDS / IPS – SOURCEFIRE, CISCO IPS 4200, INTRUSHIELD • PASSWORD MANAGEMENT - THYCOTIC • DEFENSE IN DEPTH ARCHITECTURE AND ADVANCED PERSISTENT THREATS (APTS) • INCIDENT MANAGEMENT AND FORENSICS - NETWITNESS • RSA SECURITY ANALYTICS, ARCHER, SECOPS • PKI - PUBLIC KEY INFRASTRUCTURE • WEBSENSE • FIREWALLS - CISCO, PALOALTO NETWORKS, CHECKPOINT • DATA DIODES - CANARY, WATERFALL • CISCO ISE • CHECKPOINT LOAD BALANCER • REMEDY NETWORKING Through education and experience Mr. Meissner has amassed skills with the following Cyber Security Tool Sets: ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 15
  16. 16. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN IT CYBER SECURITY TECHNOLOGIES • SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) • MR. MEISSNER HAS HAD A VARIETY OF EXPERIENCES WITH THE FOLLOWING SIEM SOLUTIONS IN ORDER TO SUPPORT REAL-TIME ANALYSIS OF SECURITY ALERTS GENERATED BY NETWORK HARDWARE AND APPLICATIONS: • QRADAR • SPLUNK • MCAFEE ENTERPRISE SECURITY MANAGER • IDS/IPS • MR. MEISSNER HAS EXPERIENCE IN EVALUATING AND DEPLOYING SEVERAL IDS AND IPS TOOLS THAT HAVE ASSISTED ORGANIZATIONS IN THE IDENTIFICATION AND PROTECTION OF THEIR WIRED AND WIRELESS NETWORKS AGAINST SEVERAL TYPES OF SECURITY THREATS. MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING IDS/IPS/SIEM SOLUTIONS: • MCAFEE'S INTRUSHIELD/MCAFEE NETWORK SECURITY PLATFORM (NSP) • SOURCEFIRE • SNORT • TIPPINGPOINT • JUNIPER IPS Through education and experience Mr. Meissner has experience with the following Cyber Security Technologies: ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 16
  17. 17. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN IT CYBER SECURITY TECHNOLOGIES • ENDPOINT SECURITY TOOLS/ANTI-VIRUS/ANTIMALWARE • MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING ENDPOINT SECURITY SOLUTIONS: • MCAFEE • SYMANTEC • RSA ECAT • MOBILE DEVICES MANAGEMENT (MDM) • MR. MEISSNER HAS EFFECTIVELY DEPLOYED MDM SOFTWARE O BOLSTERS NETWORK SECURITY THROUGH REMOTE MONITORING AND CONTROL OF SECURITY CONFIGURATIONS, POLICY ENFORCEMENT AND PATCH PUSHES TO MOBILE DEVICES. DEPLOYING SYSTEMS THAT REMOTELY LOCK LOST, STOLEN OR COMPROMISED MOBILE DEVICES AND, IF NECESSARY, WIPE ALL STORED DATA. MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING MDM SOLUTIONS: • BLACKBERRY ENTERPRISE SERVER BES10 • AIRWATCH • IBM MAAS360 MDM • CITRIX XENMOBILE • SYMANTEC MOBILE MANAGEMENT • MCAFEE EMM • MICROSOFT ENTERPRISE MOBILITY SUITE (EMS) • CISCO ISE Through education and experience Mr. Meissner has experience with the following Cyber Security Technologies: ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 17
  18. 18. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN IT CYBER SECURITY TECHNOLOGIES • NETWORK ACCESS CONTROL/IDENTITY ACCESS MANAGEMENT (IAM) TOOLS • MR. MEISSNER HAS EVALUATED AND DEPLOY MULTIPLE IDENTITY ACCESS MANAGEMENT (IAM) SYSTEMS AT MULTIPLE ENTERPRISES TO ESTABLISH A FRAMEWORK FOR BUSINESS PROCESSES THAT FACILITATES THE MANAGEMENT OF ELECTRONIC IDENTITIES. TO INITIATE, CAPTURE, RECORD AND MANAGE USER IDENTITIES AND THEIR RELATED ACCESS PERMISSIONS IN AN AUTOMATED FASHION. UTILIZING IAM TECHNOLOGIES MR. MEISSNER EFFORTS HAVE ENSURED THAT ACCESS PRIVILEGES ARE GRANTED ACCORDING TO ONE INTERPRETATION OF POLICY AND ALL INDIVIDUALS AND SERVICES ARE PROPERLY AUTHENTICATED, AUTHORIZED AND AUDITED. MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING NETWORK ACCESS CONTROL/IAM SOLUTIONS: • IBM'S SECURITY IDENTITY MANAGER • TOOLS4EVER'S • CENTRIFY IDENTITY SERVICE • THYCOTIC SECRET SERVER • CISCO ISE • NEXT GENERATION FIREWALLS AND DATA DIODES • MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING NEXT GENERATION FIREWALLS AND DATA DIODES: • JUNIPER • PALO ALTO NETWORKS (PAN) • CANARY • WATERFALL ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 18
  19. 19. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN IT CYBER SECURITY TECHNOLOGIES • AUTHENTICATIONS, AUTHORIZATION AND CONTROL • MR. MEISSNER AUTHORED AUTHENTICATION, AUTHORIZATION AND CONTROL FOR EARLY INTERNET OF THINGS (IOT) IN THE EARLY 1990. UNITED STATES PATENT: 6070001. • COMPUTER FORENSICS • MR. MEISSNER HAS EXPERIENCE WITH DIGITAL COMPUTER FORENSIC TOOLS USED TO PRODUCE EVIDENCE FOUND ON DIGITAL STORAGE MEDIA UTILIZING TECHNIQUES AND PRINCIPLES TO FOR DATA RECOVERY, IN ORDER TO IDENTIFY, PRESERVE, RECOVER, ANALYZE DIGITAL INFORMATION DESIGNED TO CREATE A LEGAL AUDIT TRAIL. MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING COMPUTER FORENSIC SOLUTION: • ACCESSDATA • VULNERABILITY SCANNING TOOLS: • MR. MEISSNER HAS EVALUATED AND DEPLOY MULTIPLE VULNERABILITY SCANNING TOOLS AT MULTIPLE ENTERPRISES TO IN ORDER TO ASSESS COMPUTERS, COMPUTER SYSTEMS, NETWORKS OR APPLICATIONS FOR WEAKNESSES. MR. MEISSNER HAS PERFORMED 1000’S OF SCANS BOTH PROTECT CRITICAL DIGITAL ASSETS WITH THE ENTERPRISE AND TO EVALUATE ABILITY OF NON-AUTHORIZED ATTACKERS LOOKING TO GAIN UNAUTHORIZED ACCESS. MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING VULNERABILITY SCANNING TOOLS: • RETINA • NEXPOSE • OTHERS: • MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING ADDITIONAL TOOLS TO ASSIST THE ENTERPRISE WITH ESTABLISHING A SOUND DEFENSE IN DEPTH ARCHITECTURE: • WIRESHARK • NMAP ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 19
  20. 20. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN REGULATORY REQUIREMENTS AND BEST PRACTICESName: Regulation, Pub, Doc #: Website: PCI DSS Payment Card Industry Data Security Standard https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu rity_Standard ISO 27001:2013 Specification for an information security management system (ISMS) https://en.wikipedia.org/wiki/ISO/IEC_27001:2013 HIPAA Health Insurance Portability and Accountability Act of 1996 https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Acco untability_Act NIST Special Publication 800-53 Revision 4 NIST Special Publication 800-53 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 53r4.pdf NIST Special Publication 800-37 Revision 1 NIST Special Publication 800-37 Revision 1 http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37- rev1-final.pdf Managing Information Security Risk NIST Special Publication 800-39 http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security NISTIR 7628 http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf Electric Infrastructure Protection and Substation Perimeter Security. CIP-014 https://secureusa.net/energy-sector-cip-014-compliance/ Third part (of 8) of the open international standard IEC 61131 for programmable logic controllers, IEC 61131-3 http://en.wikipedia.org/wiki/IEC_61131-3 Role Engineering and RBAC Standards Role Based Access Control (RBAC) http://csrc.nist.gov/groups/SNS/rbac/standards.html Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model ISO/IEC 15408-1:2009 http://www.iso.org/iso/catalogue_detail.htm?csnumber=50341 * Meissner has experience with many regulatory and best practice requirements related to Cyber Security ** Non-Exhaustive List: Requirements vary by Industry, Business Risk, and Local AHJ *** Ethernautics, Inc. – Meissner: Cyber Security Standards, Best Practices and PRADL for Water Utilities http://wp.me/p2xZpH-1g ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 20
  21. 21. CYBER SECURITY ENGINEERING SECURITY-BY-DESIGN REGULATORY REQUIREMENTS AND BEST PRACTICESName: Regulation, Pub, Doc #: Website: ITIL General ITIL https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu rity_Standard 10 CFR 73.54 “Cyber Security Rule https://en.wikipedia.org/wiki/ISO/IEC_27001:2013 Safe Guards (10 CFR 73.51) https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Acco untability_Act NIST Special Publication 800-53 Revision 4 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 53r4.pdf Cyber Security Training and Awareness http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37- rev1-final.pdf NIST And other security frameworks. http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf * Non-Exhaustive List: Requirements vary by Industry, Business Risk, and Local AHJ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 21
  22. 22. DESIGN STANDARDS • MEISSNER HAS EXPERIENCE WITH THE FOLLOWING DESIGN STANDARDS: • ANSI/TIA/EIA STANDARDS • ANSI/TIA/EIA-568-C: COMMERCIAL BUILDING TELECOMMUNICATIONS CABLING STANDARD • ANSI/TIA/EIA-569-C: TELECOMMUNICATIONS PATHWAYS AND SPACES • ANSI/TIA/EIA-606-B: CABLE LABELING STANDARDS • ANSI/TIA/EIA-607-C: GENERIC TELECOMMUNICATIONS GROUNDING (EARTHING) AND BONDING FOR CUSTOMER PREMISES • ANSI/TIA/EIA-942: TELECOMMUNICATIONS INFRASTRUCTURE STANDARD FOR DATA CENTERS • TELECOMMUNICATIONS DESIGN MANUAL (TDM) - BICSI (BUILDING INDUSTRY CONSULTING SERVICE INTERNATIONAL) • NATIONAL ELECTRIC CODE (NFPA 70) - NEC • MASTER FORMAT • DIVISION 27 • DIVISION 28 • ASHRAE GUIDELINES • STANDARD 135 – BACNET - A DATA COMMUNICATION PROTOCOL FOR BUILDING AUTOMATION AND CONTROL NETWORKS • STANDARD 189.1 – STANDARD FOR THE DESIGN OF HIGH PERFORMANCE, GREEN BUILDINGS EXCEPT LOW-RISE RESIDENTIAL BUILDINGS • LEED – USBC US GREEN BUILDING COUNCIL ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 22
  23. 23. REGISTRATIONS AND CERTIFICATIONS • REGISTERED COMMUNICATIONS DISTRIBUTION DESIGNER (RCDD) • ELECTRONIC SAFETY AND SECURITY (ESS) – IN PROCESS • OUTSIDE PLANT SPECIALIST (OSP) – IN PROCESS • CERTIFIED NETWORK ASSOCIATE (CAN) – IN PROCESS • CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) – IN PROCESS • PMP – PROJECT MANAGEMENT PROFESSIONAL – IN PROCESS • LEEDS – LEADERSHIP IN ENERGY AND ENVIRONMENTAL DESIGN – IN PROCESS©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 23
  24. 24. CLIENTS ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT 24
  25. 25. REFERENCE PROJECTS • MICHAEL W. MEISSNER WITH ETHERNAUTICS, INC. CONTRACTED TO CALIFORNIA WATER SERVICES GROUP (CWS) FOR CYBER SECURITY PROGRAM DEVELOPMENT, SCADA NETWORK SECURITY, VULNERABILITY MITIGATION FOR PROTECTION OF CRITICAL ASSETS IN WATER TREATMENT/DISTRIBUTION PLANTS. (2015) (CLICK HERE) • MICHAEL W. MEISSNER WITH ETHERNAUTICS, INC. CONTRACTED THROUGH AREVA, NP TO SOUTH TEXAS PROJECT (STP) FOR PROGRAM IMPLEMENTATION OF 10CF73.54 PROTECTION OF CRITICAL ASSETS IN NUCLEAR POWER PLANTS. (2012-2015) (CLICK HERE) • MICHAEL W. MEISSNER WITH ETHERNAUTICS, INC. CONTRACTED THROUGH CSC TO URENCO- USA/(LES) FOR PROGRAM IMPLEMENTATION AND PROTECTION OF CRITICAL ASSETS IN NUCLEAR ENRICHMENT FACILITIES.(2007-2012) (CLICK HERE) • MICHAEL W. MEISSNER WITH INFORMATION MECHANICS, INC. CONTRACTED BY TELECOMMUNICATION CORPORATION INC. (TCI) FOR DEVELOPMENT OF SECURE ENCRYPTED COMMUNICATIONS TO DIGITAL SET TOP BOXES (CLICK HERE) - ADDRESSABILITY SYSTEMS: US PATENT NUMBER #6070001 (CLICK HERE)Hello 25
  26. 26. PATENTS AND PUBLISHED ARTICLES Expert Systems and Knowledge Engineering IBM RedBook 1988 A Business Case for an Education Network Channel Jones International University 1993 Addressability Systems US Patent #6070001 1993 Product, Packages, and Promotions Functions Telecommunications Inc. Business Function Document 1994 Triple Play Billing Telecommunications Inc. Business Function Document 1994 Designing for Performance in Credit Card Transactions Telecommunications Inc. Business Function Document 1994 The Pitfalls of Automating Inefficient Processes Information Mechanics, Inc. 1996 Data Centre Design and Consolidation Information Mechanics, Inc. 1997 Best Practices in Service Catalog NetCracker Marketing 2006 Best Practices on OSS Deployment NetCracker Marketing 2007 Best Practices in SLA’s NetCracker Marketing 2007 Defined KPI’s • MTBF – Mean Time Between Failure • MTTR – Mean Time To Repair • SCCT – Supply Chain Cycle Time • IRCT – Inventory Replenishment Cycle Time • IMOS- Inventory Months of Supply • ITO – Inventory Turnover www.kpilibrary.com 2008 Cabling Specifications Urenco Ltd – Design Document 2009 Cable Testing Specifications Urenco Ltd – Design Document 2010 PLC’s – The greatest Cyber Security Risk to the Nation’s Infrastructure DEF CON Presentation 2012 Wikipedia Articles • Electrode ionization • Addressability • Addressability Systems • Cable Converter Box • Descramble • Solutions Architect • FTTLA Wikipedia.com http://en.wikipedia.org/wiki/Electrodeionization http://en.wikipedia.org/wiki/Addressability http://en.wikipedia.org/wiki/Addressable_system s http://en.wikipedia.org/wiki/Cable_Converter_Bo x http://en.wikipedia.org/wiki/Descramble 2008-2012 ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 26
  27. 27. PATENTS AND PUBLISHED ARTICLES Title Address Year Ethernautics, Inc.: Cyber Security Database Threats https://ethernautics.wordpress.com/2015/ 06/13/database-security-threats/ 2013 Glossary of Terms - Cyber Security At Nuclear Power Plants http://wp.me/p2xZpH-c 2013 Secure Encrypted communications to Digital Set Top Boxes - Addressability Systems: US Patent Number #6070001 http://wp.me/p2xZpH-V http://patents.com/us-6070001.html https://en.wikipedia.org/wiki/Addressability 1993 Ethernautics, Inc. – Meissner: Cyber Security Standards, Best Practices and PRADL for Water Utilities http://wp.me/p2xZpH-1g 2015 Cyber Security in the Automobile: Automobile/Vehicle Protocol Buses http://infrastructurecybersecurity.blogspot. com/2015/06/automobilevehicle-protocol- buses.html 2014 Communications Protocols Utilized in Plant Control Systems are a key component in the development of a Cyber Security Controls Catalog - Quora https://industrial-cyber- security.quora.com/Communications- Protocols-Utilized-in-Plant-Control- Systems-are-a-key-component-in-the- development-of-a-Cyber- Security?srid=7rIp&share=1 2014 ©1994-2016 Copyright Michael W. Meissner – Ethernautics, Inc. Author: Michael W. Meissner Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7) 27

×