PDF of resume Available: HERE

Critical Infrastructure Cyber Security Resume

(Top Secret Clearance, Prior SCI, SABSA Certified Security Architect)

Jack Whitsitt | sintixerr@gmail.com | 703-409-9366 | Washington, DC

NOTABLE SUCCESSES 

  • Collaborative strategy for cyber security in the transportation sector to be used by industry and government (2012)
  • Improved, more strategic TSA approach to cyber security and risk management in the private sector (2012)
  • TSA adoption and implementation of collaborative business-driven risk management initiative supporting the national Pipeline industry (2012)
  • First ever transportation cyber security exercise (2011)
  • 2011 Cyber Security in Transportation Summit with 300+ attendees from private industry and government and 30+ speakers (2011)
  • Volunteer Chairman of the Board of a 501c3 Arts non-profit (2007)

TECHNICAL ACHIEVEMENTS 

  • Software which makes art out of brainwaves recorded by consumer EEG-reading headset (2010)
  • Open-source software implementing completely new method for visualizing network packet captures (Pkviz, 2008)
  • Large data security visualization methodologies ultimately used by ArcSight in developing their Interactive Discovery tool (2004/6)
  • Statistical anomaly detection & correlation add-on to ArcSight SIEM (still in use today) using log distance calling fraud detection engine (2004/5)
  • Groundbreaking open-source active-response honeypot security software (Bait and Switch, 2003)

SPEAKING ENGAGEMENTS

  • Cyber Security in Transportation Summit, Moderated Risk Management Panel, Washington DC, 2012
  • NATO – Emerging Security Challenges, Cyber Security Isn’t Really Cyber, Tbilisi, 2011
  • B-Sides Chicago Hacker Con, Human Attribute Cyber Security, Chicago, 2011
  • Energysec Summit, Executive Responsibility in Cyber Security, Denver, 2010
  • DoD/JTF-GNO Joint Information Assurance Tech Exchange, Data visualization for network security, Washington DC, 2005
  • Recon Reverse Engineering Conference, Massive Data Visualization for the purposes of monitoring IDS, Montreal, 2005
  • Northeastern University‘s ACM Speaker Series, Massive Data Visualization for the purposes of monitoring IDS, Boston MA, 2005
  • Rubicon Hacker Con, Aggressive Honeypots, Detroit MI, 2003

REFERENCE QUOTE

“You and the team applied creativity and new techniques that have proven to be successful.  I know the task has not been easy or without struggle on many fronts.  But it was clear…that your efforts have been effective.  Not just in completing your mission but in improving a much larger mission.  You have influenced government and private industry to at least turn their wheelhouses in the right direction, as the ADMRL would put it… But the larger change that you may not see is you have begun to improve the overall security of the United States.  I cannot say that about many people or many programs.  The efforts you have taken you should be proud of, it is making a difference and people are listening.” Senior Colleague

 

EMPLOYMENT AND WORK HISTORY

TSA | National Cyber Critical Infrastructure Protection, Awareness, Outreach (Team Lead)

11/2010 – PRESENT

Enhance TSA’s cyber security role with private industry as the Transportation Sector Specific Agency (SSA) under the National Infrastructure Protection Plan (NIPP)/Homeland Security Presidential Directive 7 (HSPD-7). Responsibilities include:

  • Develop strategic consensus on cyber security topics across multiple organizations, industries, stakeholder seniority levels, and backgrounds
  • Facilitate identification, prioritization and coordination of federal cyber security activities within transportation sector
  • Design and gain support for implementation of sector-wide risk management program
  • Promote and coordinate cyber security awareness of owners, operators
  • Provide program level guidance for Critical Infrastructure (CIKR) protection to transportation and cross-sector communities
  • Encourage private industry participation in non-mandatory initiatives
  • Facilitate development of sector information sharing programs and mechanisms
  • Develop agenda for and co-lead monthly national Transportation Systems Sector Cybersecurity Working Group (TSSCWG)
  • Provide cyber security training to 60,000+ TSA employees as well as external stakeholders

 

Kingfisher Systems – TSA Contract | National Critical Infrastructure Cyber Security Expert

08/2010 – 11/2010

Contracted to enhance TSA’s cyber security role with private industry as the Transportation Sector Specific Agency (SSA) under the National Infrastructure Protection Plan (NIPP)/Homeland Security Presidential Directive 7 (HSPD-7)

 

Securicon (1099) | Control Systems Incident Consultant

06/2010 – 08/2010

Short 1099 contract to Securicon to investigate customer control systems (SCADA) incident. Utilized technical log analysis, scripting, visualization, presentation, and control systems security knowledge to determine potential root cases and present to executive leadership.

 

Idaho National Lab (INL) | ICS-CERT Liaison to DHS NCCIC/US-CERT

09/2009 – 06/2010

Supported Industrial Control Systems CERT (ICS-CERT) at the DHS National Cybersecurity and Communications Integration Center. Responsibilities included respond to and analyze control systems (SCADA) related incidents, providing situational awareness in the form of actionable intelligence, coordinating the responsible disclosure of vulnerabilities/mitigations, sharing and coordinating vulnerability information and threat analysis through information products and alerts, contributing to ICS-CERT & NCCIC CONOPS, and providing ICS-CERT briefings to senior cyber leadership of DHS, FBI, DOD including ongoing investigations and onsite incident response efforts

 

KCG – TSA Contract | National Critical Infrastructure Protection Cyber Security Expert

09/2008 – 09/2009

Contracted to enhance TSA’s cyber security role with private industry as the Transportation Sector Specific Agency (SSA) under the National Infrastructure Protection Plan (NIPP)/Homeland Security Presidential Directive 7 (HSPD-7)

 

KCG – TSA Contract | Senior Enterprise Information Security Architect

09/2006 – 09/2008

Contracted to utilize Federal Enterprise Architecture (FEA) and SABSA Enterprise Security Architecture knowledge to provide NIST and FISMA-driven security policy, engineering, and compliance services to TSA.

Lockheed Martin | SOC Shift Lead

07/2006 – 09/2006

Contracted to use ArcSight SIEM correlation and SOC CONOPS experience to enhance the FBI’s internal SOC team. Work with ArcSight administrator, ESOC lead, and other team members to develop ArcSight rules, channels, and analysis methodology. Oversee second-shift contractors and provided senior level analysis escalation.

 

Netsec | Correlation Architect, CSIRC Lead, Security Engineer, SOC Analyst

10/2003 – 07/2006

Hired by NetSec MSSP (now a part of Verizon Business) as a senior SOC analyst. Repeatedly rewarded for outstanding analysis capability and then promoted to multi-disciplinary Tier 3 team charged with improving the SOC through technology, process, training, and customer service.  Specialized in developing analysis methodology, advanced automated data correlation and filtering techniques, and leading development/selection and integration of custom tools. Also led client operational relationship with large government Incident Response Coordination contract.

 

Perot Systems | IT and Desktop Engineer

10/1998 – 10/2003

Provided desktop, IT, development, system administration to large IT consulting firm in multiple locations throughout the US, including an Army Depot location tasked with neutralizing VX nerve agent.

 

PREVIOUSLY USED TECHNOLOGY (Not exhaustive)

  • SEM / SIM: ArcSight, NeuSecure, Custom correlation tools
  • Enterprise Architecture: MEGA tool, SABSA methodology, FEA Framework
  • IDS / IPS / HIDS / NIDS: ISS, Enterasys Dragon, NFR, Sourcefire, McAfee (Intrushield), Cisco , Intrusion, Snort
  • Scripting and Programming: C, Bash Shell Scripting, Python, PHP
  • Vulnerability Scanning: Nessus
  • Services: Postfix, Apache, IIS, MySQL, Oracle, others
  • Firewalls: Checkpoint, Cisco Pix, iptables
  • Ticketing: Remedy
  • Visualization: Advizor Solutions’ “Advizor” visualization tool
  • Server Platforms: Linux (various flavors), Windows 2000, Windows NT
  • Protocols: TCP/IP (OS, network, and packet analysis), Custom developed TCP/IP extensions
  • Honeypots / Honeynets: various flavors