Derek Mezack is an experienced security professional seeking a versatile role involving research, development, and training. He has extensive experience developing security solutions like SIEM platforms and intrusion detection signatures. He also led large penetration tests and provided security consulting, compliance assessments, and incident response. Mezack holds patents for threat modeling and security information management technologies. He aims to further his skills while taking on leadership, individual contributor, or training responsibilities.

1. Derek John Mezack
Woodstock, GA | 678-871-7566 hm | derek@mezackgroup.com
http://www.linkedin.com/in/derekjmezack/
Objective
· To further my skills and experience in security, development, and training in a versatile environment with opportunities
as an individualcontributor, team leadership, and/or training responsibilities.
Skills & Abilities
RESEARCH AND DEVELOPMENT
· Provided research leading to numerous discoveries in both the private sector and while under defense commission.
· Inventor and developer of multiple patents and patent-pending technologies in security information management and
threat protection. (See Patents)
· Developed over 400 intrusion detection system signatures, including development of the first cryptographic signature
for TFN2K when used by terrorists during Y2K
· Hands-on development of enterprise security information and event management (SIEM) solutions in a combination of
C#, WPF/XAML, C++, PowerShell, and Java.Application architecture featuring use of the .Net Enterprise Framework,
PRISM, Unity, Microsoft Entity Framework 4.0, and JNI.
· Vender Neutral and agentless security and network architecture, having one to many distributed collectors that tie to
best of breed vender devices, 12 common data types, and fully integrated Identity Management.
· Mass data management architecture with scalable delivery of near realtime features for alerting and analysis.
· First SIEM to be fully cloud ready, with multi-tenant SaaS features and each component delivered by default as a
virtual machine appliance.
· Abstract Threat Modeling – First to combine threat and fraud detection by allowing customers to model threat and
fraud strategies in an easy to understand security language that crosses and operates on all supported types of
information.
· Implementation of SIEM technology in enterprise,environments.
· Research integrating Tails privacy cloud solution with software defined radio,OpenBTS, and Asterisk solutions for
privatized and anonymized phone operations.
PROFESSIONAL SERVICES
· Led large-scale penetration tests including financial, health, and government institutions
· Assessment and custom remediation experience with enterprise,security, and cloud applications
· Compliance gap assessment for PCI-DSS,HIPPA, SOCS,FISMA, and Cloud Security Standards
· Provided incident response and forensics in a number of high profile and large scale cases for such organizations as
Chicago Board of Trade, Robins Federal Credit Union, Surgical Information Systems, and government crisis under
commission of the NSA.
· Experienced in application code assessment
· Working knowledge of numerous programming languages,technologies, as well as security frameworks.
· Inventor of methodology for application misuse and fraud assessment using the Scenario Based Security Model
· Specialized testing experience with emphasis on espionage, zero-day preparedness,amplification testing, and
evaluation of security operations management.
APPLICATION SECURITY

2. Page 2
· Invention of the Scenario Based Security Model in 1999,adopted by Microsoft’s SQL Server team, numerous enterprises,
and more recently the Cloud Security Alliance. Provided updates to the community with example security architectures
and sample code for enterprise systems.
· First to discover cryptographic flawin TFN2K while under defense commission during terrorist attacks on air traffic
control towers.
· Advanced pattern and regular expression development
· Over 400 IDS signature decodes
· Numerous data collection, translation, and analysis patterns for SIEM platforms. and used in products such as IBM/ISS
Real Secure today.
· Successful application penetration test on TecSec’s application privacy suite used by the NSA, including discovery of one
way hash vulnerability that allowed compromise of primary privacy content by a non-user.
· Development of first SIEM technology to combine threat and fraud management; incorporating 12 types of data,
including both network threat detection, DLP, system sources, web, and custom applications.
· Development of gap assessment methodology for use with the Scenario Based Security Model for fraud assessment and
security lifecycle evaluation within enterprise and cloud environments.
· Developed material and taught Secure Application Development as well as Advanced Assessment and Information
Management since 1999 with enterprise development and security auditors attending from the Air Force, Navy, US Post
Office, Credit Processors, Banks, MedicalTechnology, and numerous other continued sources.
· Successful application penetration test on airport, including penetration of widely used fingerprinting system
TRAINING
· Delivered seminars and training on information security, the state of the hack, threat management,advanced
penetration testing, and threat analysis to the US Air Force, Federal Trade Commission, NSA, SITA, GA Department of
Audits, US Post Office, and numerous others.
· Developed and provided XForce Boot camp training, Secure Application Development training, and ISS Connect
cryptography training while at ISS.
SECURITY OPERATIONS / ADMINISTRATION
· SOC oversight and management of hundreds of security devices and related threat data for managed security services
· Management of product-first based business maintaining profitability for 4 years.
· SOC Policy planning and development of service level agreement as well as policies and procedures for PCI-DSS, HIPAA,
SAS70 compliance as a managed security service provider as well as part of professional services for customers
· Vender neutraland best of breed integration and management of 12 types of security devices, including intrusion
detection/protection, data loss prevention,firewall, system logs, web logs, authentication/authorization (AAA) services,
custom applications, switches, routers, and more.
· SOC security architecture and standardization of virtualization infrastructure for cloud implementation, reduced cost,
and high availability
Experience
DIRECTOR OF SECURITY RESEARCH & DEVELOPMENT | MEZACK GROUP LLC – ACQUIRED BYFLYING CLOUD
TECHNOLOGIES | JULY 2009 – PRESENT (5 YEARS, 2 MONTHS)
Started corporation in mid-2009 without venture capitaland maintained profitability, while successfully developing one
of the first cloud SIEM products and managed services, including over 5.5 million lines of code in a combination of C#,
XAML, Java,and C++.
 Integrating managed services, consulting, education as well as ongoing research and development, allowing
clients to achieve security and privacy measures while meeting high performance business objectives through
engineered solutions.

3. Page 3
o Mass data management and architecture featuring hybrid performance modelallowing distributed
translation of collected data, secure and scalable storage of each common data type per tenant, while
offering transparent,centralized, information access, alerting, and analysis.
o Comprehensive integration and analysis of 11 major types of security data. First to integrate raid data
caching with distributed security data collection (See LSI Publication).
 Integrated Identity Management virtualappliance with cross platform and language options supporting Open-
ID, Federated,mixed authentication as well as cloud integration with Azure, AWS and VMWare. Integration
options for Windows LDAP and custom applications with tight SIEM integration allowing central and granular
reporting and response capabilities at an identity and session level.
Directed security research and development of continued features supporting multitenant managed security service. Lead
incident response during numerous enterprise cases.
SENIOR RESEARCH SCIENTIST | ENTEREDGE TECHNOLOGY | JUNE 2003 – JULY 2009 (6 YEARS 2 MONTHS)
Fulfilled chief technical research, and development role for the company. Provided research leading to a patent in Real
Time Threat Modeling. Received approvalby Nir Zuk for my modified implementation of statefulinspection for real time
activity analysis and persistent tracking of multi-stage threats across big data.
Developed entire SIEM solution and played key technical sales role in its presentation to analysts as well as enterprise
clients. Headed penetration test team, developing the criteria framework for all related deliverables and structured
service offerings. Performed numerous successfulnetwork, application, and wireless/mobile penetration tests as well as
providing design and implementation of enterprise and cloud security architecture and controls. Designed security
architecture and lead implementation of intrusion detection, DLP, identity management,and SIEM solutions for
enterprise clients. Became a partner in the firm 2 years into the position and played key role in partner decisions leading
to company growth and business development.
SENIOR RESEARCH SCIENTIST | GUARDENT (NOW VERISIGN) | FEBRUARY2001 – NOVEMBER 2002
75 3RD AVE, WALTHAM, MA
Provided security research and design of Managed Security Services as well as related supporting technology. Led
numerous successful penetration tests against large financialinstitutions, as well as application penetration tests against
software used by various defense agencies. Provided education and incident response for the Federal trade commission
leading to a Certificate of Appreciation from the Federal Trade Commissioner.
XFORCE SENIOR RESEARCH SCIENTIST | INTERNET SECURITYSYSTEMS (ISS/IBM) | JANUARY 1999 – FEBRUARY
2001
Development of newlicensing crypt-architecture that resolved software "crack" and allowed distributed licensing key
management.Designed first firewall to use block spoofed traffic leveraging TTL fingerprinting,passive fingerprinting.
Invented signatures of over 400 intrusion detection signatures,including TFN2K. Coinventor for Method and system for
managing computer security information, including some of the first correlation, anomaly detection, and analysis
technologies.
APPLICATION SECURITY ENGINEER | CONTINENTAL DATAGRAPHICS | JANUARY 1997 – JANUARY1999
9920 JEFFERSON BLVD, CULVER CITY, CA
Security Administrator for internalnetwork and hosted applications to Boeing and the ATA. Participated as lead security
architect and component developer for applications developed for the ATA and various airlines and manufacturers.
Developed numerous security components including web authorization system and interface to Secure Computing
SafeWord product, allowing web application usage of Tokens and strong authorization.
ERP/MRP MIDDLEWARE DEVELOPER | CHATSWORTH PRODUCTS INC. | FEBRUARY1996 – JANUARY 1997
TELEPHONE: 1-800-834-4969
SUPERVISOR: PETER STACIA

4. Page 4
 Developed cross-platform middleware applications in C/C++,Java,Visual Basic, and scripting languages,
allowing simultaneous operations of PowerCerv, running on NT, and MAS90,running on SCO Unix,for long term
transition to PowerCervERP/MRP system
 Designed security architecture for implementation of both ERP/MRP systems across multiple locations,
including near real-time synchronization and related security awareness.
 Developed numerous custom ERP/MRP applications, including Capacity Planner and Available to Promise.
WEB ARCHITECT | GLOBAL PACIFIC TECHNOLOGY| JANUARY 1995 – FEBRUARY1996
SUPERVISOR: BRANT DEBOW
 Website design and programming using HTML, Java, ASP, and CGI.
 Programmed also in C++,Visual Basic 4, and Cold Fusion.
 ASP, CGI, JNI, and JDBC multiplatform transactions.
 Consulted and serviced clients
Patents
System and method for definition and automated analysis of computer security threat models
United States 20080148398,Filed June 19, 2008
Method for automated threatmodeling with supportfor attribute based correlation across multiple devices,data types,
recursive attack tracking, and persistentreal-time updates atevery pointof the threat.
Method and system for managing computer security information
United States 20060265746, Issued November 23, 2006
Research in securityinformation and event managementleading to the firstSIEM technologies.Research included
both bulk data flow and managementconcepts as well as correlation and strategic threatidentification.
Honors & Awards
· Certificate of Appreciation from the Federal Trade Commission for Information Security 11/2001
· Technology Association of Georgia Top 40 Most Innovative Businesses for 2 years while starting Vault Ecommerce Inc.
· Listed in 4th place by Linked-In for The Top 25 Application Security Engineer’s profiled by their site. At this time,
Linked-In profiled over 9000 application security engineers worldwide.
· Awarded technology partnership with LSI for tackling mass data security challenges by combining my SIEM technology
with LSI’s Cachecade raid technology.
· Selected speaker and trainer for the National Association of State Auditors, Controllers, and Treasurers 2005 on the
“state of the hack”
Education
1998 | CALIFORNIA POLYTECHNIC UNIVERSITY POMONA
· Computer Information Systems
· Minor: Epistemology