John Rehagen

Information Security Engineer with expertise in Network Security, Database security and Compliance mitigation with exceptional interpersonal skills built from a presales, customer support background. Over 10 years experience analyzing, planning, designing, proposing, implementing and securing new and existing IT solutions.

MAJOR ACCOMPLISHMENTS

• Responsible for developing and implemention of a database security program. This included database asset risk profiling, implementing advanced database monitoring tools, and develop policies an procedures for DB access controls.

• Responsible for setup up of a major portion of a new data center site consisting of over 100 servers, VMWare environment, routers, firewalls and content load balancing devices. This included planning, analyzing requirements, designing complex internetworking, installation and configurations of these devices as well as setting up Internet connectivity, racking hardware and wiring.

• Created a secure computer environment in a corporate setting by analyzing and reconfiguring firewall, routers, intrusion detection devices, content devices, desktop policies and domain permissions. This environment was biannually submitted to an independent security audit test in which each time was passed with 100% score being able to prevent any major security breaches or exploitations.

PROFESSIONAL EXPERIENCE

StrataCare, Irvine, CA 2012 – Current
Security Engineer

StrataCare is a major medical billing review service company.

Provided Checkpoint Security Appliances expertise, improving and tuning security features.
Led implementation of security initiatives by providing design, implementation and project managment.

HireRight, Irvine, CA 2010 – 2012
Security Engineer

HireRight is a major employee screening service company, under Altegrity, which includes clients like Apple, American Express and Sears.

Developed and implemented a MSSQL/Oracle database security plan to protect millions of PII records, utilizing and tuning products like Guardium, Imperva and other data masking products.
Completed a mobile device (IPhone, Android) risk assessment and authored requirements for instituting a secure mobile messaging solution for data loss prevention (DLP). Developed and created a proof of concept plan to implement this solution.
Created PII masking requirements, and ensured implementation through the project completion.
Assisted in development and authoring of an incident response procedural workbook.
Completed compliancy required reviews of firewalls with recommendations for improvements.
Strong knowledge of ISO 27001,2, HIPAA, SOX, GLBA and PCI compliance and policies/standards directed by NIST, SANS, OWASP, IETF, TMForum, ISSA, CERT and SOA.
Led vulnerability management scanning and assessment.
Performed project management tasks for implementation of security controls.

Wells Fargo, Irvine, CA 2010
Information Security Architect
Wells Fargo Dealer Services (#1 used car financing institution in theU.S.Wachovia contract through Apex Systems)

Assisted in a Checkpoint PointSec desktop encryption deployment project for over 100,000 systems as the lead security expert for Wells Fargo Dealer Services, developing security controls and reporting requirements for the local line of business.
Co-authored an annual firewall review document detailing analysis requirements for access control lists and the process to validate; verify the accuracy, efficiency and current business justification of each rule.
Advised different solutions and ensured adherence to corporate control standards in an encryption key management project which included VPN, database encryption, PGP encryption, web application, disk encryption and Public Key Infrastructure (PKI).
Analyzed key file transport solutions for Data-in-Motion, Data-at-Rest utilizing SFTP, FTPS, PGP and Connect:Direct.
Achieved the Wells Fargo Bronze level Information Security Credential.

Rehagen Consulting 2009 – 2010
Provided IT security and network consulting services. Some projects include:

Advanced Data Systems, Fountain Valley, Ca – Business process improvement consulting for IT systems and security related issues. Completed technical documentation; analysis for network improvements; assisted in designing a secure online tape-less data backup strategy to increase efficiency and lower financial risks.
State of California EDD – Created a data parsing and matching program; contributed design and functional ideas for a departmental websites.
SmartEduTech, Irvine, Ca – Designed and documented a proof of concept for 802.11 secure wireless data transfer system; trained executives on utilizing latest wireless technology working with ASIC devices.

Advanced Access, Anaheim Hills, CA 2005 – 2008
Network Administrator
Advanced Access is the #1 Real Estate website hosting/marketing companies, hosting over 60,000 clients, two Data Centers, over 150 Servers; Cisco routers, firewalls switches; SAN and NAS; and multiple VMWare clusters.

Planned, directed and organized projects for the information security function of two data centers. Reorganized, reconfigured, maintained and stabilized problematic high availability systems such as VMWare ESX, Cisco Pix-ASA firewalls, Tipping Point IPS, IPSEC VPNs, Solar Winds IPmonitor software, routers, switches and an IronPort HA system that transferred 25 million emails per day while achieving a 97% SPAM blockage rate.
Responsible for setup of a major portion of a new data center consisting of over 100 servers, routers, firewalls, load balancing devices and a VMWare environment. This included planning; analyzing requirements; designing complex internetworking; installation; configurations of these devices; setting up Internet connectivity; racking hardware and wiring.
Utilized “best practices” implementing IT security concepts adhering to isc2’s 10 domain guideline.
Knowledge of ITIL V3, change management process and CMDB tools.

KPMG (Arthur Andersen), Cypress, CA 2000 – 2005
Senior Associate / System and Network Engineer
KPMG LLP is a fortune 500 Company with a forensics data center hosting electronic discovery services, which served major clients such as Eli Lilly Pharmaceutical as well as major law firms.

Lead security engineer in charge of penetration testing, analyzing, recommending improvements; designed future security enhancements. Utilized security vulnerability scanning tools such as Foundstone SuperScan, Nessus, Retina, Nmap, Metasploit, Wireshark to identify and report on likely risks.
Managed the threat and vulnerability process by reviewing alerts from SANS, CERT, security vendor’s advisories and internal logs; communicated with security managers; took protective actions.
Improved MS Active Directory and MS Windows 2003 security by monitoring and reviewing data using Symantec SCC/Bindview’s auditing tools, analyzing access control and file share permission vulnerabilities, then took corrective actions by implementing new groups, corrected OU structures, and set new GPO’s to the remediate security issues across the enterprise
Designed, created and implemented a central logging report system which utilized live and historical data showing trend graphs and security anomalies. Consolidated data from firewalls, IDS and system logs.
Saved $100,000 a year and solved application slowness leading to implementation of a more efficient ISP connection with less hops, better latency and higher bandwidth.

Previous Experience:

Over 10 years presales engineering, customer support in the industrial automation / process control industry.

Provided RFP/RFQ and presales support.
Assisted in implementation and setup of equipment.
Provided presentations and training.

TECHNICAL SUMMARY

Operating Systems: Windows, NT, 2000, 2003, 2008 and Novell, Linux, Unix, and Apple’s OS X.
Security Software: Ciscoworks, HP Openview, Nessus, Ethereal, Wireshark, Snort, Languard, Tripwire, Kismet, Superscan, l0phtcrack, Airsnort, Solarwinds, Ntop, Brutus, Guardium, Imperva, Rapid7, TrendMicro, Ironport, Barracuda,
Applications: Microsoft Office Suite (97-2003) – Excel, Word, Access, Outlook, Project, Visio. Vmware, SMTP servers, Syslog servers, SEIM,CRM.
Hardware: Cisco Firewalls, Intrusion Detection systems, Routers, 802.11 wireless devices, Content Delivery Systems, Load Balancers, Switches; Compaq/HP, Dell servers, IBM servers, HP servers; Frame Relay Multiplexers; Network General Distributed and Portable Sniffers.

EDUCATION
Bachelor of Science Degree in Organizational Leadership from Biola University,La Mirada, CA

CERTIFICATIONS
Certified Information Systems Security Professional (CISSP)  Obtained 6/2003
Cisco Certified Network Professional (CCNP)                           Obtained 12/2000
Citrix Certified Administrator (CCA)                                            Obtained 9/2000
Certified Novell Administrator (CNA)                                          Obtained 5/1998
Microsoft Certified Systems Engineer (MCSE)                           Obtained 3/1997
Also in current training for:
• Lean Six Sigma Black Belt focusing on implementing and maintaining continuous process improvement.
• Completed Certified Information Security Manager (CISM) training and plan take exam in the future.

PROFESSIONAL ORGANIZATIONS
Information Systems Security Association (ISSA) of Orange County
Secret Service Electronic Crimes Task Force – Los Angeles
DHS/Secret Service Global CyberSecurity Conference DC/2009
Orange County OWASP

John Rehagen

Checkpoint URL Filtering, 2 Factor Authentication

Working on Checkpoint firewall gateways/ Virtual Work-space

Information Security Engineer

Follow me on Twitter

Rehagen RT’s