Download PDF

LinkedIN

Education

19941997

B.Sc

University of Bergen
19911993

Career College, Bergen Technical School

Languages

Norwegian

  • Native language

English

  • Proficient in writing
  • Proficient in reading
  • Proficient in speaking

English is second language

French

  • Conversational

Objective

To join a company that offers career and opportunities to express my creativity and passion for technology, as well as to utilize my computer security and project management skills.

Preferred Work Locations

Boston, MA USA

Summary

CORE STRENGTHS

  • Fully committed to the best practices of security testing methodology while bringing application to higher security level
  • Developed application within Perl, Java, PHP
  • Creative, eye for details, dynamic and hard working
  • Excellent project mediator, resolving daily challenges, disputes and misunderstandings
  • Implemented and worked with ITIL
  • Quick learner of new technology

Work History

2015

Information Security Engineer

Information Security Engineer■ (Designed and implemented Threat hunting solution using Splunk, IDS/IPS solution, PCAP data, credential scanning, Windows Sysmon monitoring, anomaly detection and procedures to detect and identify intruders) ❑ Vulnerability management. Developed vulnerability management solution, IDS/IPS solution, Capturing PCAP data and implemented SIEM log correlation solution. ❑ Threat Hunting. Developed and implemented a Threat Hunting solution based on open source software and in-house developed methodology. ❑ Penetration testing. Performed periodic internal penetration test of network and application. ❑ Coordination of security activity. Coordinated all security activity in all project making sure that projects incorporate security into the final products. ❑ Securing the People. Started security awareness program making the fellow employer aware of the risk we all are exposed to on a daily basis. ❑ Demo of End-point security. Created demo of how easy it is, once a host is exploited, to elevate access rights and eventually get domain admin. Showed how one unpatched endpoint or a download of malicious code may have devastating results. ❑ Designed, coded and implemented network access detection. The solution checks if the connected device is authorized to be on the network. The solution is a light weight solution and alerts are sent as text messages. ❑ Designed, programed and implemented management solution. These programs is part of the day to day job from doing updates of inventory, host detection, database management etc.

20002015

Senior Security Consultant

NTT Com Security■
Senior Security Consultant■ (Consult on data and system protection for this $20MM digital security company. Testing IT security system for clients throughout several industries and perform 24/7 network surveillance. Handle complete project phases, overseeing several concurrent projects with budgets ranging from $1,000 up to $100,000, focusing on customer satisfaction and results.) ❑ Performed 300+ applications, penetration and social engineering tests. Used and developed method like, SQL, HTML-, LDAP-, CRLF-injection, Cross Site Scripting attacks and more in order to gain control over customers applications, customer networks and customer client computers ❑ Completed GXPN certification. Passed the GIAC GXPN certification exam as number 173 in the world. A GXPN candidate has the knowledge, skills, and ability to conduct advanced penetration tests, models the abilities of an advanced attacker to find significant security flaws in systems, and demonstrates the business risk associated with these flaws ❑ Developed applications test Methodology according to the best practice on the Internet, OWASP top 10(www.owasp.org). Improve time spent analyzing network traffic, deterring and reporting security violations. Reduced costs associated with network penetration testing by 60%. Process up to 15 PCI tests, Penetrations test, application test and reports each month. ❑
19962000

System Engineer/production Support

Den Norske Bank■
System Engineer/Production Support■ (Supported, maintained, and developed PKI infrastructure. Introduced personal computer/network firewalls and internal operating procedures in compliance with the bank's data security and data integrity policies. Advised development teams during the development of a banking solution; consulted on security issues during the development stage. Introduced Information Technology Infrastructure Library(ITIL), integrating critical IT practices with comprehensive checklists, tasks and procedures tailored to the company's infrastructure.) ❑ Tier 3 and system administrator for AIX, Sun Solaris, HPUX and SCO UNIX operating systems. Administration of banking application(ATM-application, internet banking application, firewalls) ❑

Skills

Application test

Certifications

PCI DSS

Payment Card Industry