This document contains the resume of Dr. Charles Pak, which includes the following key details:
- Dr. Pak has over 30 years of experience in cybersecurity and holds several certifications including CISSP, CISM, and CRISC. He has a Ph.D. in Information Assurance and teaches cybersecurity courses.
- Currently Dr. Pak works as a Senior Cybersecurity Solution Architect, where he develops cybersecurity solutions for federal agencies and commercial clients.
- Prior to his current role, Dr. Pak held positions including Cybersecurity Director and Technical Program Manager, where he managed cybersecurity contracts and conducted security assessments for organizations.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
The WITDOM first project presentation has been updated to include a summary of the results corresponding to the first 18 months of the project. The presentation includes a high-level overview of the project scenarios, methodologies to elicit requirements and to formalize them into technical requirements, as well as the initial architecture.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
The WITDOM first project presentation has been updated to include a summary of the results corresponding to the first 18 months of the project. The presentation includes a high-level overview of the project scenarios, methodologies to elicit requirements and to formalize them into technical requirements, as well as the initial architecture.
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
How to ensure that security implemented in IoT devices and systems is up to the provider's requirements and yet don't mean over-spending on unnecessary mechanisms? That's what the Security Maturity Model, developed by Industrial Internet Consortium with our contribution, is about.
Read more at http://iiconsortium.org/.
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
Wearable Technology also called wearable gadget, is acategory of technology devices with low processing
capabilities that can be worn by a user with the aim to provide information and ease of access to the master
devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable
technology becomes significant when people start their invention in wearable computing, where their
mobile devices become one of the computation sources. However, wearable technology is not mature yet in
term of device security and privacy acceptance of the public. There exists some security weakness that
prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is
authentication issue. The low processing due to less computing power of wearable device causethe
developer's inability to equip some complicated security mechanisms and algorithm on the device.In this
study, an overview of security and privacy vulnerabilities on wearable devices is presented.
Automated diagnosis of attacks in internet of things using machine learning a...journalBEEI
The Internet of Things (IoT) is the interconnection of things around us to make our daily process more efficient by providing more comfort and productivity. However, these connections also reveal a lot of sensitive data. Therefore, thinking about the methods of information security and coding are important as the security approaches that rely heavily on coding are not a strong match for these restricted devices. Consequently, this research aims to contribute to filling this gap, which adopts machine learning techniques to enhance network-level security in the low-power devices that use the lightweight MQTT protocol for their work. This study used a set of tools tools and, through various techniques, trained the proposed system ranging from Ensemble methods to deep learning models. The system has come to know what type of attack has occurred, which helps protect IoT devices. The log loss of the Ensemble methods is 0.44, and the accuracy of multi-class classification is 98.72% after converting the table data into an image set. The work also uses a Convolution Neural Network, which has a log loss of 0.019 and an accuracy of 99.3%. It also aims to implement these functions in IDS.
Improved method for image security based on chaotic-shuffle and chaotic-diffu...IJECEIAES
In this paper, we propose to enhance the security performance of the color image encryption algorithm which depends on multi-chaotic systems. The current cryptosystem utilized a pixel-chaotic-shuffle system to encode images, in which the time of shuffling is autonomous to the plain-image. Thus, it neglects to the picked plaintext and known-plaintext attacks. Also, the statistical features of the cryptosystem are not up to the standard. Along these lines, the security changes are encircled to make the above attacks infeasible and upgrade the statistical features also. It is accomplished by altering the pixel-chaotic-shuffle component and including another pixel-chaotic-diffusion system to it. The keys for diffusion of pixels are extracted from the same chaotic arrangements created in the past stage. The renovation investigations and studies are performed to exhibit that the refreshed version of cryptosystem has better statistical features and invulnerable to the picked plaintext and known plaintext attacks than the current algorithm.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
Evaluation of enhanced security solutions inIJNSA Journal
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially
vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used
to find them are mobile and easy to access. Securing wireless networks can be difficult because these
networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to
compromise it. In recent years, a range of technologies and mechanisms have helped makes networking
more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related
authentication, confidentiality and integrity problems. It discovered that strength of each solution depends
on how well the encryption, authentication and integrity techniques work. The work suggested using a
Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth
comparative analysis of each of the security mechanisms is driven by review of related work in WLAN
security solutions.
Beyond Prevention: Cisco's Next Generation Endpoint Security
The only way to defeat today’s security threats is to address them holistically across the full attack continuum—before, during, and after an attack. Cisco’s approach of continuous endpoint analysis in combination with an integrated, architectural approach to security is foundational to this model
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
This is the most essential programme of the year around the dangers of cybercrime and how to manage safety within the most indispensable digital sphere & technology system. The reason is that, “Looking beyond Internet of Things (IoT) to Internet of Everything there is a potential market that is approximately $14.4 trillion and over 99% of physical devices are still unconnected.” ~Mo Dawson. Your participation give you golden access to a transcending Cyberspace picture, enhanced solution oriented capabilities as an ICT expert or practitioner, Telecommunications Corporates & Companies
Personnel, Aviation ICT Officials, Other Transportation controls network hubs, Business dealer in Cyberspace services provider or supplier, Academicians and researchers, Government Departments & Public service ICT systems Officials & staff, Students, general ICT security involvement and on top of that your enhanced multidimensional scope & prosperity out of this untapped gold mine is guaranteed.
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
How to ensure that security implemented in IoT devices and systems is up to the provider's requirements and yet don't mean over-spending on unnecessary mechanisms? That's what the Security Maturity Model, developed by Industrial Internet Consortium with our contribution, is about.
Read more at http://iiconsortium.org/.
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
Wearable Technology also called wearable gadget, is acategory of technology devices with low processing
capabilities that can be worn by a user with the aim to provide information and ease of access to the master
devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable
technology becomes significant when people start their invention in wearable computing, where their
mobile devices become one of the computation sources. However, wearable technology is not mature yet in
term of device security and privacy acceptance of the public. There exists some security weakness that
prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is
authentication issue. The low processing due to less computing power of wearable device causethe
developer's inability to equip some complicated security mechanisms and algorithm on the device.In this
study, an overview of security and privacy vulnerabilities on wearable devices is presented.
Automated diagnosis of attacks in internet of things using machine learning a...journalBEEI
The Internet of Things (IoT) is the interconnection of things around us to make our daily process more efficient by providing more comfort and productivity. However, these connections also reveal a lot of sensitive data. Therefore, thinking about the methods of information security and coding are important as the security approaches that rely heavily on coding are not a strong match for these restricted devices. Consequently, this research aims to contribute to filling this gap, which adopts machine learning techniques to enhance network-level security in the low-power devices that use the lightweight MQTT protocol for their work. This study used a set of tools tools and, through various techniques, trained the proposed system ranging from Ensemble methods to deep learning models. The system has come to know what type of attack has occurred, which helps protect IoT devices. The log loss of the Ensemble methods is 0.44, and the accuracy of multi-class classification is 98.72% after converting the table data into an image set. The work also uses a Convolution Neural Network, which has a log loss of 0.019 and an accuracy of 99.3%. It also aims to implement these functions in IDS.
Improved method for image security based on chaotic-shuffle and chaotic-diffu...IJECEIAES
In this paper, we propose to enhance the security performance of the color image encryption algorithm which depends on multi-chaotic systems. The current cryptosystem utilized a pixel-chaotic-shuffle system to encode images, in which the time of shuffling is autonomous to the plain-image. Thus, it neglects to the picked plaintext and known-plaintext attacks. Also, the statistical features of the cryptosystem are not up to the standard. Along these lines, the security changes are encircled to make the above attacks infeasible and upgrade the statistical features also. It is accomplished by altering the pixel-chaotic-shuffle component and including another pixel-chaotic-diffusion system to it. The keys for diffusion of pixels are extracted from the same chaotic arrangements created in the past stage. The renovation investigations and studies are performed to exhibit that the refreshed version of cryptosystem has better statistical features and invulnerable to the picked plaintext and known plaintext attacks than the current algorithm.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
Evaluation of enhanced security solutions inIJNSA Journal
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially
vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used
to find them are mobile and easy to access. Securing wireless networks can be difficult because these
networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to
compromise it. In recent years, a range of technologies and mechanisms have helped makes networking
more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related
authentication, confidentiality and integrity problems. It discovered that strength of each solution depends
on how well the encryption, authentication and integrity techniques work. The work suggested using a
Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth
comparative analysis of each of the security mechanisms is driven by review of related work in WLAN
security solutions.
Beyond Prevention: Cisco's Next Generation Endpoint Security
The only way to defeat today’s security threats is to address them holistically across the full attack continuum—before, during, and after an attack. Cisco’s approach of continuous endpoint analysis in combination with an integrated, architectural approach to security is foundational to this model
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
This is the most essential programme of the year around the dangers of cybercrime and how to manage safety within the most indispensable digital sphere & technology system. The reason is that, “Looking beyond Internet of Things (IoT) to Internet of Everything there is a potential market that is approximately $14.4 trillion and over 99% of physical devices are still unconnected.” ~Mo Dawson. Your participation give you golden access to a transcending Cyberspace picture, enhanced solution oriented capabilities as an ICT expert or practitioner, Telecommunications Corporates & Companies
Personnel, Aviation ICT Officials, Other Transportation controls network hubs, Business dealer in Cyberspace services provider or supplier, Academicians and researchers, Government Departments & Public service ICT systems Officials & staff, Students, general ICT security involvement and on top of that your enhanced multidimensional scope & prosperity out of this untapped gold mine is guaranteed.
This course covers effective strategies, techniques, systems, polices, and procedures to establish stronger cybersecurity and cybercrime controls, reduce operational risk, and improve online working whilst covering international best practices, ISO standards, compliance, audit, and industry regulations.
In today’s world and further into the digital future, all organizations face an ever-increasing number of information-related security challenges and risks against a backdrop of increasing national and global compliance, and audit standards and legislation.
Cybersecurity is the protection of data from theft and damage, business information, people’s identities, and how all businesses can be better equipped to work more safely in an increasingly online world where sensitive and personal information is stored, shared, and communicated.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and cybersecurity. Participants will develop key skills and core competencies that will allow them to meet the ever-changing information security demands of the 21st century.
Course Participants will:
Understand today’s and tomorrow’s cybersecurity and cybercrime threats, issues, and risks; how to set up policies, train users, create strategies, and implement systems and tools to help protect data, information and people’s identities
Manage the growing volume of confidential, sensitive business information and data to protect, keep safe, and communicate securely against a backdrop of increasing cyber threats, as well as privacy, legal, and compliance regulations
Develop strategies and ways of working to improve detection of cybersecurity threats and improve information compliance
Understand the security-related international information compliance and regulations, including industry specific standards
Expand the expertise of personnel involved in developing skills and knowledge in the latest techniques, processes, and systems on cybersecurity
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Heads of Departments in Information Security Management Information Systems, IT Infrastructure, IT Architecture, Network Operations, IT Operations, IT Data Center, DataBase Management, IT Deployment, IT Business Enterprise, IT Risk Management, IT Quality Assurance, IT Audit, Risk Management, Internal Audit, Business Continuity Planning
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
This course covers effective strategies, techniques, systems, polices, and procedures to establish stronger cybersecurity and cybercrime controls, reduce operational risk, and improve online working whilst covering international best practices, ISO standards, compliance, audit, and industry regulations.
In today’s world and further into the digital future, all organizations face an ever-increasing number of information-related security challenges and risks against a backdrop of increasing national and global compliance, and audit standards and legislation.
Cybersecurity is the protection of data from theft and damage, business information, people’s identities, and how all businesses can be better equipped to work more safely in an increasingly online world where sensitive and personal information is stored, shared, and communicated.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and cybersecurity. Participants will develop key skills and core competencies that will allow them to meet the ever-changing information security demands of the 21st century.
Course Participants will:
Understand today’s and tomorrow’s cybersecurity and cybercrime threats, issues, and risks; how to set up policies, train users, create strategies, and implement systems and tools to help protect data, information and people’s identities
Manage the growing volume of confidential, sensitive business information and data to protect, keep safe, and communicate securely against a backdrop of increasing cyber threats, as well as privacy, legal, and compliance regulations
Develop strategies and ways of working to improve detection of cybersecurity threats and improve information compliance
Understand the security-related international information compliance and regulations, including industry specific standards
Expand the expertise of personnel involved in developing skills and knowledge in the latest techniques, processes, and systems on cybersecurity
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Heads of Departments in Information Security Management Information Systems, IT Infrastructure, IT Architecture, Network Operations, IT Operations, IT Data Center, DataBase Management, IT Deployment, IT Business Enterprise, IT Risk Management, IT Quality Assurance, IT Audit, Risk Management, Internal Audit, Business Continuity Planning
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and cybersecurity. This course covers effective strategies, techniques, systems, policies, and procedures to establish stronger cybersecurity and cybercrime controls, reduce operational risk, and improve online working whilst covering international best practices, ISO standards, compliance, audit, and industry regulations.
Course Participants will:
- Develop strategies and ways of working to improve detection of cyber security treats and improve information compliance
- Understand the security-related international information compliance and regulations, including industry specific standards
- Expand the expertise of personnel involved in developing skills and knowledge in the latest techniques, processes, and systems on cyber security, which will enable teams to become more effective
- Align cybersecurity, cybercrime and information compliance within the organization with related initiatives, including HR training and legal departments
- Help managers gain more confidence in cyber security awareness and understand information compliance in their industries
- Improve the overall process for secure working and reducing risk when dealing with different kinds of information such as confidential and sensitive data
Contact kris@360bsi.com to register.
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
"There are a variety of careers within this field that you can pursue after earning an M.S. in
Cyber and Information Security. Click here to learn more"
1. 1
Dr. Charles Pak
3224 Eleanors Garden Way, Woodbine, MD 21797
charlespak@verizon.net; charles.pak@faculty.umuc.edu; (443)610-7986
SECURITY CLEARANCE
Active DOD TOP SECRET
ACADEMIC DEGREES AND TECHNICAL CERTIFICATIONS
Ph.D. in Information Assurance (IA), Cyber, and Information Security research fields. Completed all required doctoral course works, the final dissertation, and published his work in 2011.
Master’s in Network Security (currently Information Assurance) with class Honors, Curriculum mapped to the committee on National Security Systems and National Security Telecommunica- tions and Information Systems Security Instructions (CNSS/NSTISSI)
CISM, Certified Information Security Manager, (CISM#1117661), October, 2011
CRISC, Certified in Risk and Information Systems Control, (CRISC#1115022), September 2011
CISSP, Certified Information Systems Security Professional (CISSP#256490), June, 2008
SSCP, Systems Security Certified Practitioner (SSCP#256490), July, 2008
Security + Certification, (#COMP001006531743), 2007
Information Technology Infrastructure Library (ITIL) Foundation Certification, (ID#6241)
MCSE 2000, Microsoft Certified Systems Engineer, 2001 (MCP#21660)
MCT, Microsoft Certified Trainer 1994 (MCP#21660)
MCSE 4.0, Microsoft Certified Systems Engineer, 1995 (MCP#21660)
MCSE 3.51, Microsoft Certified Systems Engineer, 1994 (MCP#21660)
CCNA, CISCO Certified Network Associate (#CSCO10350538)
Department of Army Certificate as Security Systems Administrator, Ft. Monmouth N.J. 4/2002
Department of Army Certificate as Network Security Management, Ft. Monmouth N.J. 4/2002
PUBLICATIONS
Pak, C. (March, 2014). Resolving the Critical Infrastructure Cybersecurity Puzzle. The Armed Forces Communications and Electronics Association. p. 2, Retrieved March 5, 2014, from: http://www.afcea.org/content/?q=node/12350
Pak, C. (2011). Near real-time risk assessment using hidden Markov models. Nova Southeastern Univer- sity, ProQuest Dissertations and Theses,ISBN:9781124992945.
Pak, C. & Cannady, J. (2010). Risk Forecast Using Hidden Markov Models. Research in Information Technology, ACM, SIGITE, 7(2), 4-15.
Pak, C. & Cannady, J. (2009). Asset Priority Risk Assessment Using Hidden Markov Models, ACM SIG- ITE’09, 65-73, October 2009 – (Ranked as one of the highest by the conference’s peer reviewers and re- ceived an invitation for submission to the next issue of Research in IT)
Pak, C. (2008). The Near Real Time Statistical Asset Priority Driven Risk Assessment Methodology (NRTSAPD), ACM SIGITE’08, 105-112, June 2008
ACM SIGITE 2008 SIGITE Conference Paper Reviewer
ACM SIGITE 2009 SIGITE Conference Paper Reviewer
ACM SIGITE 2010 SIGITE Conference Paper Reviewer
Information Security Journal (ISC2): A Global Perspective, Paper reviewer.
PRESENTATION
2. 2
The Maryland Higher Education Information Assurance Academic Society, Pak, Charles (2008). Two Factor Authentication using smart cards, Towson University, Maryland.
Villanova University, Pak, Charles (2014). Cyberterrorism Attacks on National Critical Infrastructure Systems.
BUSINESS & TECHNICAL EXPERTISE
Cyber Security New Business Development Solution Architect, Cloud Computing Security, Mo- bile Security, Big Data, National Critical Infrastructure Protection, Homeland Security, and Win- ning (Technical and Pricing) Proposal Effort for Federal and Commercial clients.
Cyber Security, Network Security and IA Curriculum Development & Teaching Graduate School Levels with 30 years of hands-on technical & managerial experiences in industry and academia.
New Business Solution Architect from Business Development (BD), Capture, Client Relation- ships, Solution Development, Responses to RFI, RFQ, and RFP with technical solutions and pric- ing.
CISSP, CISM, SSCP, ITIL, CEH, MCSE, CCNA, Security+ Certification Track Educator
Vulnerability/Risk Assessment, Ethical Hacking, Penetration Test Techniques
Defense Messaging System (DMS) Design and Implementation
Microsoft, CISCO, EMC, RSA Technologies
Over 20 years of Computer & Network Data Center Management (SOC, NOC, & Service Desks)
Network Information System Protection Security Expert
Information Technology Infrastructure Design and Implementation
Securing and Protecting IT Computer Data with Cryptology
Secure Network, Perimeter Protection, Fire-Wall, LAN-WAN, Remote Access, Server Hardware Management (Blade Servers, SAN Storage, VMWARE, CISCO, EMC) Design and Implementa- tion
TEACHING EXPERIENCE
Adjunct Professor, Towson University, Maryland.
Adjunct Assistant Professor, Information Assurance (IA) Course Chair, University Maryland University College (UMUC), Delphi, Maryland
Adjunct Professor, Johns Hopkins University, Baltimore, Maryland
Research Fields: Cyber-Terrorism, Cybersecurity, National Critical Infrastructure Protection, Cyber Vulnerabilities, Cyber warfare. Taught and supervised doctoral students for their dissertation processes: Idea paper, Proposal, and Dissertation product. Supervised Cybersecurity doctoral students for their dissertation processes from the idea paper, proposal, and the dissertation product delivery.
EXPERIENCE SUMMARY
Over 30 years of hands-on business and technical experience, Dr. Pak is a New Business Solution Archi- tect in Information Security in both the private and public sectors, most recently provided cyber security solutions to large government agencies with technical management and consulting for large, diversified global clients in the healthcare, financial services, and communication sectors. Dr. Pak provides vision and leadership in transforming, conducting internal IT programs globally. Dr. Pak has responsibility for aligning IT and business strategies, driving innovation and ensuring transparency and effective communi- cation with all relevant stakeholders. His special focus areas include leading cloud solutions, harnessing business intelligence for improved decision-making, implementing growth-enhancing emerging technolo- gies and managing the rollout of innovative financial and enterprise systems and processes.
Further, Dr. Pak is a seasoned Sr. Cyber Security Solution Architect, Cyber Security Director, Technical Program Manager, and a Scholar with close to 30 years of hands-on technical background from a low-
3. 3
level microprocessor design to a high level Web application programming and cloud computing. He is a world recognized IA research scholar and published several novel conference and journal papers. He is an invited speaker in IA education. He is a hands-on practitioner who holds industry certifications such as CISSP, CISM, CRISC, SSCP, ITIL, MCSE, MCT and CCNA with more than 20 years of leadership in engineering, supporting, and servicing complex centralized and distributed Information Technology envi- ronments; Windows 2012/2008/2003/2000/NT LAN/WAN/MAN and, IBM Blade Center, EMC Virtual Center, Cloud Computing, SAN, PKI, CISCO Network design, development, testing, installation, config- uration, operation, and support; working with a wide range of network protocols and topologies; systems reengineering; user training; and mini/micro-computer multi-tier Help Desk support environments. Dr. Pak is also experienced in program management including the performance of staffing, workload fore- casting, budgeting, scheduling, customer relations, proposal-writing and performance evaluation.
PROFESSIONAL EXPERIENCE
CSC Oct. 2010 – Present, Sr. Cyber Security New Business Development Solution Architect. As New Business Development Solution Architect, Dr. Pak architected and provided cyber security solutions to the Federal and Commercial clients as EPA, FBI, FSA, HHS, CDC, GSA, DOT, DOD, DHS and CMS. He provided cost effective security solutions to the client by identifying, analyzing security requirements that is most beneficial to the clients in cost and technology. He is specialized in Cloud Computing solu- tions as part of the FDCCI. He provided health security solutions to the NIAID, NIH, DHSS agencies for their Cyber Technologies (CT) initiatives to protect their information system confidentiality, integrity, and availability. He ensured the agency Security & Privacy (S&P) are protected from data breach, com- promise, or destruction. He recently provided cyber solutions for a winning Federal Deposit Insurance Corporation (FDIC) proposal effort for a total contract value of $495 million; of which $14.9 million was cyber security solutions. His cyber solutions include the entire contract technical and pricing model for a winning proposal. Among awarded contracts include the Centers for Medicare & Medicaid Services (CMS) Security Operations Center (SOC) services in Baltimore Data Center. He has responded to many RFI, RFQ, RFP and knows the each client’s requirements. He provided total solutions to the client re- quirements by writing proposals, solutions, and pricing.
As Cyber Security Director, Dr. Pak managed Cyber Security Contract with 3 sub-contractors for the De- partment of Education/FSA that encompassed over 55,000 computer network nodes throughout the U.S. LAN/WAN. He designed Cyber Security measures to safeguard the department assets and operation. He conducted IA security scans of several dispersed datacenters to discover vulnerabilities on perimeter pro- tection, boundary networks, internal business applications, authentication and authorization policies, standards, and procedures, using security tools such as Metasploit, Nexpose, Nipper, Fluke Etherscope, Retina and Nessus. He completed project management plan, staffing, network discovery and mapping, IT enterprise security profile and vulnerability assessment, remediation of risks and vulnerability, strategy for maintenance of the enterprise model to represent the department’s changing security posture. He briefed the department CIO weekly on the IA project status.
General Dynamics Information Technology, Feb. 1997 – Oct. 2010, Technical and Business Pro- gram Manager and Sr. Principal Security Architect.
Dr. Pak was an expert in the areas of client/server technology and was experienced in managing both on- site and off-site technical and business support projects. Dr. Pak was highly respected by his customer for both his technical expertise and his ability to communicate with all levels of systems administrators, us- ers, and project personnel. Dr. Pak served as General Dynamics Information Technology (GDIT) in-house network and system engineering subject matter expert and extended his expertise on a number of in-house and client projects in addition to his normal project management assignments. As business manager, he has generated a year-after-year renew of the 7-year contract for the U.S. Army Night Vision Network
4. 4
Management contract. The success of the contract stems from his onsite technical and business manage- ment, staffing up to 25 engineers to support a 4-tier IT infrastructure. He not only acquired continuous contract works but received outstanding past performance ratings from the clients.
As a Sr. Principal Security Architect, he supported the DIACAP process to ensure the appropriate risk management is applied to the Pentagon Telecommunication Center (PTC) infrastructures and to maintain the C&A process for the Pentagon affiliated agencies such as OSD, AF, Navy, Army, Coast Guard, WHS, etc. As part of the C&A process, he ensured continuous vulnerability scanning, assessment, mitigation and validation to maintain the IA posture for the Pentagon Telecommunication Center (PTC). Further, he supported the Pentagon E-mail Infrastructure and Defense Messaging System (DMS) project. He man- aged 55 Microsoft Exchange E-mail sites for 95,000 mail users in the organization. Managed Messaging backbone infrastructure includes all Intra/inters site messaging connectivity within/to the Pentagon net- work infrastructure. Implemented Cipher Trust Iron Mail SPAM filter to block email SPAMS inbound to the Pentagon Email infrastructure. He supported all DMS implementation with new product develop- ments. He resolves all types of E-mail Related problems from all Pentagon related agencies. He manages all in/out of Pentagon SMTP email messages. He ensured all SMTP messages are delivered without inter- ruption. He maintained all Pentagon Email Messaging (DMS/Commercial) infrastructures, installations and upgrades on Blade Servers and SAN Storage. He migrated legacy systems to the latest state of the art systems that include Exchange 55 to Exchange 2003, 2007, Windows 2000, 2003 to Windows 2008 oper- ating systems and the IBM Blade Servers to virtual servers (VMWARE). Designed and implemented NIPR and SIPR National Security Agency’s Secure Mobile Environment Portable Electronic Device (SMEPED). He performed IA tasks by scanning numerous computers assets, mitigating any discovered vulnerabilities, ensuring all network assets are secure. Conducted a regular vulnerability scan, risk mitiga- tion, DISA STIG application, patch management, and monitoring the organizational assets on a daily ba- sis to build knowledgebase in IA. He is a proponent of real-time IA vulnerability discovery, assessment, and mitigation to proactively countermeasure real-time threats. Dr. Pak also designed and implemented Public Key Infrastrucure (PKI) on all production servers and removed username and password vulnerabil- ities by implementing digital two-factor authentication smart cards – common access cards (CAC). He managed all Pentagon Telecommunication Center (PTC) users’ digital certificates and enabled their smart cards authentication to access the PTC assets rather than using username and passwords.
Dr. Pak managed 21 General Dynamics Network Systems on-site engineers in support of Night Vision & Electron Sensors Directorate (NVESD) at the U.S. Army Ft. Belvoir, VA. He managed all incoming and outgoing technical issues with users for their technical and personnel problems. He also architected Mi- crosoft Technology deployments to better support NVESD user community. He ensured all network con- nectivity is up 100% and managed all Network Support Branch staff. He worked closely with DOIM, PMNV, PEOSOLDIERS and the US ARMY VPS (Virtual Prototyping and Simulation) to provide better engineering support to their group. He deployed many Night Vision Modeling and Simulation equipment and programs to other Army Battle Labs such as Ft. Knox and Ft. Bennings via DREN (Defense Research and Engineering Network). He is very knowledgeable with the U.S. Army Modeling and Simulation Re- search Projects. He also upgraded, managed, and maintained the Veteran Affairs (VA) networks with the newest CISCO technologies as a CISCO channel partner.
Dr. Pak possesses extensive technical knowledge in the Army C4I Programs, DMS Architecture and Mi- crosoft Exchange Mail connectivity among Pentagon, Ft. Monmouth, Ft. Myers, Ft. Meade and other Mil- itary District Washington (MDW) sites. He migrated legacy email systems to Exchange Systems and con- solidated all Email Servers onto Ft. Monmouth Mail Organization. He managed all site crypto communications over the military TECHLANE crypto devices in a secure connection. He generated crypto keys and established secure communication lines from one crypto device to the next and resolved any cryptology related problems. He has played a vital technical and logistic management point of con- tact among all these branch organizations.
5. 5
Dr. Pak improved and enhanced the NVESD network and its UNIX/Windows NT/2000 operations. He enhanced the NVESD Microsoft Windows operating systems by improving their configurations and by conducting a good system performance tunings. He consolidated Night Vision’s Email Servers onto CECOM U.S. Army Enterprise Exchange Domain and configured all mail connectivity among multiple Exchange Mail sites. He worked with DOIM (Ft. Belvoir Govt. Network Management Group) very closely to enhance existing network connection and its equipment. The network equipment he monitored and supported are FORE ASX1000 and CISCO 5500/6500 series systems. SGI, Linux and SUN systems were predominant UNIX machines that his UNIX engineers managed to support the NVESD Network activities.
Dr. Pak served as Project Manager and technical lead for General Dynamics Information Technology’s 10-person Standard Army Ammunition System Modernization (SAAS-MOD) contract team. Dr. Pak’s team performed the successful consolidation of Windows NT workstations/servers and UNIX work- stations into a Microsoft Windows NT network as a single domain model, then integrated non-network workstations/servers into a campus network over TCP/IP. Dr. Pak’s team also redesigned the legacy net- work infrastructure integrating all servers/workstations to have Internet connectivity with Defense Mes- sage System (DMS) servers and present a true client and server development environment. His team also applied information engineering techniques to reengineer Army’s ammunition supply system and imple- ment a new ORACLE database solution.
Dr. Pak also served as Project Manager on a Coast Guard Research and Development Center (RDC) con- tract. Dr. Pak’s five-person project team supported Coast Guard systems end users based in Groton, CT during their participation as part of Coast Guard on-going migration from CTOS-based information man- agement systems to Microsoft NT platforms. Dr. Pak’s five-person team upgraded all on-site LAN net- works, installed and tested 130 NT workstations, and established an on-site Help Desk at the Research and Development Lab in Groton, CT. Dr. Pak managed the scheduling, staffing, tracking, and support of all required post-implementation service requirements.
Decision Systems Technologies, Inc., 1996 – 1997, Project Manager/Senior Technical Manager. Dr. Pak served as Project Manager and technical lead for Office of Naval Research (ONR) MIS department with a team of 19 hardware and software engineers who integrated, tested, implemented, and supported a Microsoft Windows NT metropolitan network (MAN) and its associated applications software over a FDDI backbone supporting ONR Headquarters and seven field locations located in major cities nation- wide via communication media such as FDDI, 100Base Fast Ethernet, 10BaseT Ethernet, TCP/IP, Net- BEUI, Frame Relay, routers, bridges, CSU/DSU, ISDN line, and the dial-up modems. His team imple- mented Microsoft Exchange Server Messaging Systems to all users across the ONR network infrastructure. Dr. Pak re-engineered and upgraded 7 remote ONR locations’ hardware, software, and communication devices. He managed these 7 field installations via WAN connections, and also supported all trouble calls originating from these sites. Dr. Pak scheduled, staffed, tracked, and provided technical support required in conjunction with post-implementation service calls.
Dr. Pak also served as Project Manager and technical lead tasked with managing the design and imple- mentation of the Bay State Health Systems’ Windows NT MAN used to deploy Windows NT serv- ers/workstations, Windows 95, Exchange Server, and BackOffice applications to 27 remote site locations and more than 25,000 end users. Dr. Pak’s seven-person team created a Windows NT network that coex- isted with a NetWare IPX/SPX environment on 10BaseT Ethernet and heterogeneous LANs connected to a 100 Mbps FDDI ring. Dr. Pak managed the scheduling, staffing, tracking, and technical support of all required post-implementation service calls.
Dr. Pak was Project Manager and technical lead providing Defense Message System (DMS) support at the Columbia Pike DISA office. Dr. Pak’s five-person team developed SUN SPARC 1000-based scripts to improve and maintain DMS development including SUN SPARC stations, Windows NT workstations
6. 6
and servers, AUTODIN, STU-III and CSU/DSU across classified and unclassified DISA communication lines connecting Scott AFB, the DISA Regional Control Center at Columbus, OH, Arlington VA, Reston VA, Columbia Pike (Arlington), VA, and locations in Germany and Hawaii. Dr. Pak provided both tele- phone and on-site technical support during post-implementation service calls performed at any and all of the remote locations.
Northrop Grumman, 1992 – 1996, Technology Manager. Dr. Pak served as a technical lead in charge of project personnel charged with designing the hardware, software, and telecommunications architec- tures for a number of Department of Defense (DOD), federal, and commercial applications. For the De- partment of Agriculture and Social Security Administration (SSA), Dr. Pak served as technical lead in charge of a five-person integration team. Dr. Pak’s team installed 45,000 Microsoft NT workstations and associated hardware/software and communication devices in 60 locations spread across the continental US, Europe, and the Far East. This project was performed in support of AT&T. Dr. Pak was responsible for providing technical input, project staffing, and the scheduling and performance of all post-installation service call support efforts.
Dr. Pak also was the technical lead during the design of Department of State Network Infrastructure em- ploying DEC SMP servers and workstations with communication equipment over TCP/IP to support worldwide operations. Dr. Pak directed the system architecture development for the Department of Veter- ans Affairs in support of the migration of previously non-networked systems to a network environment incorporating state-of-the-art capabilities. Dr. Pak also supported a National Institutes of Health effort by designing network architecture to move from the legacy mainframe SNA infrastructure to a DEC Alpha open computing environment interfacing with PCs over TCP/IP.
Northrop Grumman, 1984 – 1992, Senior Systems Engineer. Dr. Pak gained “first-hand” service call experience while serving as a Field Engineer supporting the Air Force’s deployment of engineering test support equipment and semi-automatic support equipment at customer sites around the world. Dr. Pak performed “hands-on” equipment-related servicing and problem resolution and also trained Air Force per- sonnel in the use of this equipment. The combined equipment service support and customer training effort required service calls to various Air Force facilities located in the U.S., Europe (England), the Middle East (during Operations Desert Shield and Desert Storm), and Korea.
Dr. Pak developed, integrated, and tested a real-time artificial intelligent system in embedded firmware to counter jam radar systems as part of the power management system for F-16, F-14, and F-111 aircraft. He designed and developed a number of software and hardware systems for Navy electronic warfare applica- tions. He also used information-engineering techniques to develop object-oriented software in Atlas, FORTRAN, Pascal, Ada, Assembler, and C languages. He developed real-time transmitter software in “C” on an HP-UX 9000 to test the transmitter section of the power amplifier and Sonar Power conditioner of MK 48/50 Torpedoes. He developed, integrated, installed, modified, and maintained state-of-the art HP-UX 9000, DEC, and IBM computer systems using UNIX, VAX/VMS, and DOS/Windows operating systems. He installed, maintained, modified, and supported electronic counter measure pods such as ALQ119 and ALQ131 ECM (Electronic Counter Measure).
EDUCATION
Ph.D. in Information Security, Nova Southeastern University, Ft. Lauderdale, Florida, October 2011: A National Center of Academic Excellence in Information Assurance Education
MS, Network Security, Capitol Technology University, Laurel, Maryland, 2005, with class Honors GPA=4.0: A National Center of Academic Excellence in Information Assurance Education
BS, Electrical Engineering, The Pennsylvania State University, State College, Pennsylvania,1984
Member of IEEE, ACM (Association for Computing Machinery), ISACA, and (ISC)2