This document contains the professional profile and work history of Mike Miller, an IT security veteran of 20 years. He has extensive experience in security roles such as responding to incidents, building infrastructures to protect data, detecting attacks, analyzing incidents, halting enemy actions, and recovering from security events. Miller is fluent in many security technologies including Palo Alto, Security Onion, SIEM tools, forensics tools, vulnerability scanning, and network/OS management. His work history includes positions as a Principal CSIRT Engineer and Senior Security Engineer for IHS Markit and Colorado state agencies.

1. Mike Miller
720-308-0795
10146 Amethyst Way, Parker, Co 80134
mike@millertwinracing.com
Professional
Profile
As a 20 year veteran in IT, 10 in varyingsecurity roles,I have been instrumental in
detecting, advising,and protecting the data of my Employer, and their customers. In
this capacity,I have:
 Responded to security incidents,
 Builtinfrastructures to protect data,
 Detected when assets areunder attack,
 Analyzed the extent of an incident,
 Halted enemy action,and
 Recovered when security events occur.
As a leader and mentor, I have often
 Explained technical concepts to leadership,staff and customers,
 Provided multiplesolutions with costbenefit ratios for each,
 Created occupational processes and procedures for incidentresponders and
Colleagues
 Created automated processes so that the network is self-defending
 Reported on the status of attacks and provided recommendations on
preventing further attack.
I am fluent with the followingtechnologies:
Networking
Palo Alto:
Panorama/PanOS
 Wildfire
 AutoFocus
 MindMeld
Security Onion
 Snort
 Barnyard
 Pulledpork
 pfring
 Salt
 Bro
CISCO (CCNP/CCSP -
expired)
SIEM
 RSA Security
Analytics/Archer
 CS-Mars (Cisco,
defunct)
 Splunk
 Elsa
 Qradar
 Awk/Sed/Grep -
flat/archival log
file analysis
Forensics:
 Encase
Enterprise using
Digital
Intelligence
Endpoint Protection
 Symantec
Endpoint
Protection
 Symantec
Critical System
Protection
 Damballa
 RSA ECAT
 Palo Alto
Networks -
TRAPS
 Tanium
Application Level
Protections
 Apache/Apache

2. Page 2
Professional
Accomplishments
Migrate IHSMarkitto Two Factor authentication (2fa) to reduce risk of external attack.
Migrate IHSMarkitSecurity detection to one of Active and Automated threat
protection
 Migrated perimeter security from Snort IDS to Palo Alto IDP
 Created and productionized profiles of attackers to allowRSA and firstlevel
supportto recognize and react.
 Created effective responses to skilled Spear-phishingCampaignsto recover
compromised accounts as they were used.
 Assisted in trainingFirsttier responders to self-help when anomalies were
detected (DDOS, Data leakage, Download thresholds exceeded)
Example compromise: Application exploited.Severity of attack measured, I then
headed up the rapid responseteam that included:
 Credential resets
 Forensically examining servers to determine loss
 Recommend applicationsto development includingautomated password reset
processes and storageof passkeys as PBKDF2
 Implemented and tuned WAF to protect application whileitwas rewritten.
ProvideForensic services to Legal, HR, and Security response
 Three labs in Englewood, UK and Penang
 Remote 'instanton' temporary examiners when bandwidth was limited
 Formal Fireproof, Waterproof, Evidence retention with full chain of custody.
Threat and
Vulnerability
Management
 Nessus/Security
Center
 Qualys
 OpenVAS
Network
Intelligence/mapping
 Nmap/Zenmap
 Wireshark
 Tcpdump
 netcat
FREDDIE
hardware
 Digital
Intelligence UTK
Access
Management/VPN
 Symantec VIPS
Authentication
 Secure
Computing
(defunct - now
McAfeee)
 Modsecurity
(apache)
 Nginx
OS and OS
management
 RHEL
 Ubuntu 12.04-
16.
 All Windows
Sever and
Workstation
versions
 Microsoft SCCM
Note: Whileprogramming has not been a primary duty, I have used C, Bash,
PowerShell, Python, and other languages as needed to complete tasks.I have
contributed back to the Open Source community where my discoveries could beused
by other people.

3. Page 3
Work History July 2013-Aug 2016
Principal CSIRTEngineer, IHS Markit,Englewood Co
March 2008- Jun 2013
Agency ISO – Colorado Department of Labor and Employment, Denver Co
Senior Security Engineer – OIT, Officeof the CISO
April 1996 - March 2008 -
SeniorSecurity Engineer–ColoradoDepartmentof Laborand Employment,
Denver, Co
February 1993 – April 1996
Webmaster, Colorado Department of Transportation,Denver, Co
Education Trustwave SpyderlabsIncidentResponseandReadiness(Dec2015)
PaloAltoNetworkAdministration(Feb2015),
CiscoCertifiedSecurityProfessional,Formal traininginEthical Hacking
methodsfromEC-Council (CEH) andSANS,Forensictechniquesandtools
trainingfromAccessData, Snort/IDScertificationfromSANS(twice),Ultimate
Hacking- Foundstone
BS – Civil Engineering
Colorado State University
Ft. Collins Colorado
1992