Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon
Advanced Persistent Threat Life Cycle Management
This presentation will cover the full Advanced Persistent Threat (APT) Life Cycle and Management of the resulting intrusions. It will cover both what the APTs are doing as attackers and what we as defenders should be doing for both the APT Mission Flows and the Computer Network Defense (CND) Mission Flows.
Network Security protects your network and data from breaches, intrusions and other threats. View this presentation now to understand what is network security and the types of network security.
Happy learning!!
Incident handling of intrusions related to cyber espionage operations is a complex and challenging task. As a national CERT with a unique national early warning detection system, NSM NorCERT has detected and responded to incidents that vary from traditional incident response and abuse handling to counter-intelligence operations. Based on some real-world examples, this talk will be about incident handling of cyber espionage intrusions. What are the most common pitfalls and how can companies be better prepared?
Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon
Advanced Persistent Threat Life Cycle Management
This presentation will cover the full Advanced Persistent Threat (APT) Life Cycle and Management of the resulting intrusions. It will cover both what the APTs are doing as attackers and what we as defenders should be doing for both the APT Mission Flows and the Computer Network Defense (CND) Mission Flows.
Network Security protects your network and data from breaches, intrusions and other threats. View this presentation now to understand what is network security and the types of network security.
Happy learning!!
Incident handling of intrusions related to cyber espionage operations is a complex and challenging task. As a national CERT with a unique national early warning detection system, NSM NorCERT has detected and responded to incidents that vary from traditional incident response and abuse handling to counter-intelligence operations. Based on some real-world examples, this talk will be about incident handling of cyber espionage intrusions. What are the most common pitfalls and how can companies be better prepared?
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
Each SCADA network, in a healthy state, presents a specific quality of service (QoS) which rarely changes given the repetitive process of the IACS operations. The continuous monitoring of QoS parameters of an automation network may anticipate problems such as malware contamination and equipment failures like switches and routers. It is very important to be aware of these changes in behavior in order to receive alerts and promptly handle them, avoiding incidents that could compromise the operation of the network and be financially or environmentally costly.
In this session Mr. Branquinho presents the results of tests to measure the performance of a simulated automation network parameters using a small SCADA network sandbox. First, the normal operating parameters of the network were measured. Next, several attacks were launched against the simulated automation network. At the conclusion of the work the graphs of the network in healthy state with the graphs of the network with the security incidents described above. The session will show how the network parameters were affected by each kind of incident and built a table showing the way the main parameters of an automation network were affected by the attacks.
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
Dave Frymier's, Unisys Vice President and CISO, presentation at Interop 2014 in Las Vegas.
Today’s media frenzy around consumerization of IT, APTs, Edward Snowden, retail hacks, and other security issues have board rooms buzzing. Hear why many security breaches simply don’t need to happen – and what you can do to protect your most sensitive assets.
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Website: https://samsclass.info/123/123_F16.shtml
Hem Infotech was founded in 2002 with Main Focus Area Of computer sales and maintenance.
Currently We operate under Five verticals namely Computer Maintenance - AMC, Thin Client - World's Smallest & Lowest Energy Computing, Telephony - Crm/Erp Integration, It Consultancy - AUDIT & SOLUTION SUPPORT & Public Wifi.
We r Business Associates & Oem Service Partner For Brands Like Hp, Ncomputing, Qnap, Sophos, Enjay, Purple Etc.
Currently Maintaining 20000+ Hardwares With 1000+ Customers.
18+ Well Experience, Certified Technical Team Focusing Govt., Banking, Education, Finance, Hospitality Etc..
We r Gujarat's One Of Very Few Companies Using Crm Based Systematic Mechanism For Quick & Accurate Support.
In this report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.
Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild. As a result, we encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source.
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
Each SCADA network, in a healthy state, presents a specific quality of service (QoS) which rarely changes given the repetitive process of the IACS operations. The continuous monitoring of QoS parameters of an automation network may anticipate problems such as malware contamination and equipment failures like switches and routers. It is very important to be aware of these changes in behavior in order to receive alerts and promptly handle them, avoiding incidents that could compromise the operation of the network and be financially or environmentally costly.
In this session Mr. Branquinho presents the results of tests to measure the performance of a simulated automation network parameters using a small SCADA network sandbox. First, the normal operating parameters of the network were measured. Next, several attacks were launched against the simulated automation network. At the conclusion of the work the graphs of the network in healthy state with the graphs of the network with the security incidents described above. The session will show how the network parameters were affected by each kind of incident and built a table showing the way the main parameters of an automation network were affected by the attacks.
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
Dave Frymier's, Unisys Vice President and CISO, presentation at Interop 2014 in Las Vegas.
Today’s media frenzy around consumerization of IT, APTs, Edward Snowden, retail hacks, and other security issues have board rooms buzzing. Hear why many security breaches simply don’t need to happen – and what you can do to protect your most sensitive assets.
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Website: https://samsclass.info/123/123_F16.shtml
Hem Infotech was founded in 2002 with Main Focus Area Of computer sales and maintenance.
Currently We operate under Five verticals namely Computer Maintenance - AMC, Thin Client - World's Smallest & Lowest Energy Computing, Telephony - Crm/Erp Integration, It Consultancy - AUDIT & SOLUTION SUPPORT & Public Wifi.
We r Business Associates & Oem Service Partner For Brands Like Hp, Ncomputing, Qnap, Sophos, Enjay, Purple Etc.
Currently Maintaining 20000+ Hardwares With 1000+ Customers.
18+ Well Experience, Certified Technical Team Focusing Govt., Banking, Education, Finance, Hospitality Etc..
We r Gujarat's One Of Very Few Companies Using Crm Based Systematic Mechanism For Quick & Accurate Support.
In this report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.
Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild. As a result, we encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source.
1. 1 of 3 Urooj Pasha
UROOJ PASHA
51/40 Philip Hodgins Str eet WRI GHT ACT 2611 | 0425 216 82 3 | pasha45@hotmail.com
C A R E E R O V E R V I E W
An NV1 (Secret) cleared Senior Cyber Security Analyst with 9+ years of experience. I have proven success in
managing, monitoring, configuring and maintaining the security of LANs and WANs on large Networks. I am
currently employed as a full-time Senior-Level Cyber Security Analyst for Telstra.
Q U A L I F I C A T I O N S
• July 1999 – June 2001 Graduate Diploma in Information Systems
University of Canberra, ACT Australia
• Sep 1996 – June 1998 Master of Business Administration (Finance)
Peshawar University, Peshawar, Pakistan
• Sep 1994 – June 1996 Bachelor of Business Administration (Accounting)
Peshawar University, Peshawar, Pakistan
• Sep 2004 – May 2005 Certificate IV in Client Support
Computer Power Institute of Technology, ACT
C E R T I F I C A T I O N S
• Certified Information Systems Security (CISSP) in progress
• Certified Ethical Hacker (CEH)
• Cisco Certified Network Associate (CCNA)
• Microsoft Certified Professional (MCP)
D A T E P O S I T I O N S O R G A N I S A T I O N S
Apr 10 – Current Senior Security Analyst Telstra
Nov 12 – Apr 13 Acting Team Leader Telstra
Nov 08 – Apr 10 Gateway Admin Fujitsu Department of Defence
Nov 07 – Nov 08 Anti Virus Admin Fujitsu Department of Defence
Feb 06 – Nov 07 Desktop Analyst KAZ Department of Defence
Jun 05 – Feb 06 Service Desk Analyst Teletech International
K E Y C O M P E T E N C I E S
• IDS/IPS – Security Monitoring • ArcSight – IDS Monitoring
• McAfee – Antivirus • Arbor Peakflow – Denial of Service
• Net forensics - IDS Monitoring • Huntsman Tier 3 – IPS Monitoring
• Mime Sweeper – Email filtering • Content Keeper – Content filtering
• Endace Security Manager – Packet Analysis • Windows/UNIX Platforms
• OSI Model – TCP/IP • Splunk – IDS Monitoring
• ITIL • Wireshark – Packet Analysis
• Postfix – Mail Transfer Agent • Tripwire
• Nagios/Cacti/Tivoli – Monitoring Tools • SNORT
• Trend Micro - Antivirus • Phishing/SpamNoc
2. 2 of 3 Urooj Pasha
E M P L O Y M E N T H I S T O R Y
April 2010- Current – Telstra PTY LTD
Senior Security Analyst - Permanent (Full time)
• Monitoring 2nd
and 3r d
level Security Incidents and data forensics for internal Telstra platforms
utilising industry standard SIEM and technologies such as ArcSight, Splunk, Netforensics and SNORT
for Intrusion Detection Analysis.
• Supporting Telstra’s host based Denial of Service product using Arbor Peakflow to ensure maximum
availability of customer’s network infrastructure by monitoring and fault resolution of security
triggered network attacks and behaviour anomalies.
• Investigating any actually or potential information security incidents.
• Participation in pilot program for Telstra’s cloud computing product using Tier-3 Huntsman for in
depth analysis of host based infrastructure supporting both Telstra’s internal core and customer
facing network appliances.
• Ensuring consistent and professional communication with internal and external clients and
stakeholders.
• Assurance support for Government Data Networks utilising Cisco technologies providing fault
management and troubleshooting of onsite Telstra installed routers and switches.
• Monitoring and fault management of Telstra’s Government data centre products utilising Windows
and UNIX technologies.
• ITIL compliant fault management utilising core record management systems such as Remedy,
InfraEnterprise and Amdocs, ensuring accurate data exchange between Telstra’s internal support
groups and key external vendor partners.
• Monitoring Antivirus, Anti Phishing and Anti Spam support for Telstra’s internal network.
• Assisting in creation of reports for internal and external clients and stakeholders.
Nov 2012- April 2013– Telstra PTY LTD
Acting Team Leader -
• Monitored the workflow and assigning each team member duties every morning.
• Attended operation meetings to provide Daily Security Activities to the General Manager and
improving business processes.
• Delivered Power point presentations for the above mentioned meetings
• Looked after the Roster and took calls outside business hours and each time someone was not
available to work I would shift staff to fill the gap.
• Created Monthly Reports and generally dealing with all the queries for Reporting.
• Managed workflow and would report to the manager.
Nov 2008- Mar 2010 – Department of Defence HMAS Harman, KAZ PTY LTD & Fujitsu PTY LTD
Network Security Administrator (Gateway) - Permanent (Full time) Contractor
• Assisted with development, implementation and maintenance of IT security solutions including
firewalls, antivirus solution, and intrusion detection/prevention systems.
• Managed the information System Security Request form for account creation and deletion.
• Investigated, resolved or escalated Network Security Operations related outages or service
degradations.
• Provided a client access to a blocked site by using Content Keeper and effectively manage Internet
resources.
• Documented Procedures, Knowledge Base Articles and Network Diagrams if they correct and up-to-
date.
• Kept our database up to date use Tier 3 to gather information on the emails that are sent and
received around the Defence Network.
3. 3 of 3 Urooj Pasha
Nov 2007- Nov 2008 – Department of Defence HMAS Harman, KAZ PTY LTD
Network Security Administrator (Anti Virus) - Permanent (Full time) Contractor
• Maintained and troubleshoot Antivirus Software on multiple Australian Defence Networks.
• Provided training to the new Employees on Antivirus in a Network Environment to get them ready to
be able to do their day to day work.
• Confirmed daily if Antivirus Pattern files are up-to-date on all Defence servers/hosts.
• Installed and updated relevant Antivirus software on all servers.
• Updated the knowledge database, so that the department is able to use it as an accurate
knowledge base.
Achievements
• Written acknowledgment from the Senior Executive Officer regarding the significant increase in
skill levels of those personnel who participated in the training program.
• Significant product improvements initiated during the course of the training program.
Feb 2006- Nov 2007 – Department of Defence Deakin, KAZ PTY LTD
Desktop Support - Permanent (Full time) Contractor
• Maintained, troubleshoot, and repaired desktop computers, laptop/notebook computers, printers,
peripheral hardware and software.
• Provided first level IT technical support for customers in Defence Restricted Network environment.
• Configured and installed operating systems, desktop applications, and network software
• Troubleshoot research, diagnose and resolve technical issues surrounding Windows NT, 2000 and XP.
• Supported a wide range of Microsoft Products, Applications and Lotus Notes.
• Received and accurately record IT incidents and requests reported by the clients, if necessary
assigned incidents to appropriate areas for action.
Jul 2005- Feb 2006 - Teletech International PTY LTD, Canberra
Help Desk Permanent (Full time)
• Served as the initial point of contact for resolution of desktop country wide for Telstra
environment.
• Troubleshoot research, diagnose, document, and resolve technical issues surrounding Windows 98,
Windows 2000, Windows NT, Windows ME, Windows XP, Internet Explorer, Microsoft Outlook and
Microsoft Outlook Express for Dial up and Broadband connections.
• Organised technical meetings and presentation with network support department also provided
training to the new employees.
• Provided technical advises on hardware problems which included Dialup and Broadband modems
and other computer related hardware problems.
S O F T S K I L L S a n d A T T R I B U T E S
• Excellent communication skills, both written and oral.
• Strong analytical approach to solving problems with high attention to detail.
• Outstanding interpersonal skills – dedicated to meeting customer needs.
• Motivated by teamwork and collaboration – sharing of knowledge.
• Committed to leadership and mentoring of junior staff.
L A N G U A G E S
English, Urdu, Pashto and Hindi
R E F R E E S
Available on Request