MS, Management, Information System Security @
Colorado Technical University
Brian Kirouac is a highly skilled, experienced information security professional with education and certifications in both information security and project management. He possesses a high degree of expertise in technical security assessments and penetration testing. He has over twenty years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse
Brian Kirouac is a highly skilled, experienced information security professional with education and certifications in both information security and project management. He possesses a high degree of expertise in technical security assessments and penetration testing. He has over twenty years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations.
As an experienced Project Manager and Certified Project Management Professional (PMP), Brian is dedicated to providing high-quality support for all tasks. He has managed projects that include multi-state and international resources. His Project Management skills have ensured the success of numerous information security assessments for both government and commercial entities.
Brian’s security expertise enables him to review existing infrastructure to identify potential security threats, identify events that might threaten critical equipment, operations, or processes, and determine appropriate responses to these events. His unique combination of security technical experience and project management experience enables him to effectively manage all aspects of security related projects to include penetration testing, assessments, evaluations, and IA-CMM appraisals.
Brian's publication history includes being a frequent contributor to "The Security Journal", a contributor to Usenix's ;login, being both a refereed and invited speaker for SANS, a refereed presenter for a NASA Conference on tethered satellites, and a co-author for "IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job" (Wiley, ISBN 978-0-471-77987-2).
Brian's certifications include:
Information Security Specialist @ All things information security related to include:
- PCI Compliance
- - create, update, and enforce
- Vulnerability scans
- - Coordination and/or perform Internal, External, ASV, and Pentests
- Architecture review to include participating in architecture review boards
- Daily Operations, primarily third level support with occasional regular support as needed
- design and implement geographically disperse ldap authentication system
- XEN design and configuration
- Security and/or Network Design review
- - Security Awareness
- - Developer security training
- Security Alert monitoring
- answer random technical questions
- Product Security Response Team From November 2013 to Present (2 years 2 months) Head InfoBooth Goon @ Responsible for the dissemination of miss-information to humans at DEF CON. Design, build and maintain website used by attendees to stay current with the happenings at the con. From February 2006 to Present (9 years 11 months) Adjunct Professor @ Instructor for distance classes.
Courses include: Information Security Project Management, Perl, Introduction to Information Security From February 2008 to Present (7 years 11 months) CTO / Principal Security Consultant @ • Involved in corporate strategic planning for operation and administration.
• Recruit, Train and Manage employees and team members.
• Manage group, organizational and corporate related projects to ensure completion on time and within budget.
• Develop project requirements, statements of work (SOW), request for proposals (RFP), responses to proposals and negotiate contracts
• Performed and coordinated problem management/resolution of server, network and security issues
• Create, review, update and administer organizational security policies, procedures, and standards.
• Train and instruct team members on day-to-day duties as well as special projects, security concepts, standards, and best practices.
• Assist customers in compliance efforts for multiple regulations to include: PCI-DSS, HIPAA, FERPA, COPA, NERC, ISO.
• Perform security risk assessments providing cost-benefit analysis, and formal recommendations to mitigate security threats to the customer environments.
• Write scripts and programs to automate time consuming, manual processes.
• Perform security vulnerability scanning to discover and resolve any potential threats before they become security incidents.
• Develop custom processes, scripts and applications to aid in the vulnerability scanning and penetration testing processes.
• Conduct Assessment for customers; PCI QSA Assessments, Technical Vulnerabilty Assessments, Penetration Testing.
• Design, Install, and Document secure mutlti-tier networks based on customer operational requirements and appropriate risk posture.
• Primary instructor for Information Security Red Team Methodology (ISRM) and Information Security Assessment Methodology (ISAM) classes.
• Develop and deliver Security Awareness classes appropriate for client organizations.
• Build and maintain databases running either Mysql or Postgresql and accessed with Perl, C and PHP. From February 2006 to October 2013 (7 years 9 months) Information Security Specialist @ • Primary security contact for SCADA issues and concerns.
• Design and implement multilayer network architecture to isolate SCADA networks from corporate network.
• Create, review, and update process documentation.
• Develop and implement information security standards and procedures.
• Create and administrate corporate security policies, procedures, and standards.
• Manage all group related projects to ensure completion on time and within budget.
• Train and instruct team members on day to day duties as well as special projects.
• Mentor junior team members in security concepts, standards, and best practices.
• Perform security risk assessments using qualitative and quantitative methods, providing cost-benefit analysis, and formal recommendations to mitigate security threats to the corporate environment.
• Maintain a working knowledge in IT networking, operating systems, databases, and applications.
• Continually monitor security related mailing lists and web sites to acquire information on new security technologies and to discover new security related threats.
• Proactively assess the corporate environment to determine the criticality of any newly discovered security threats.
• Design, build, configure, and maintain the firewall infrastructure and the high availability firewall management infrastructure.
• Write shell scripts to automate time consuming, manual processes.
• Perform proactive security vulnerability scanning to discover and resolve any potential threats before they become security incidents.
• Generate incident reports based on alerts received from monitoring systems.
• Participate as a member of the corporate incident response team. From April 2003 to January 2006 (2 years 10 months) Lead System Administrator @ • Managed all IT staff and projects. Staff located in Denver, San Jose, and Bangalore, India.
• Ran a web server farm of 40 plus servers with greater than 50,000 customers and 39,000+ domains.
• Created security policies.
• Created scripts to automate server operating system upgrades.
• Implemented problem tracking system.
• Created customer database.
• Installed new mail servers with unsolicited bulk email (UBE) and virus filtering software.
• Interviewed, hired, trained and mentored new employees.
• Created training documents for new customer service representatives.
• Implemented messaging schemes to increase information flow within the company.
• Worked directly with CTO and CEO on company direction and future plans. From June 2001 to December 2003 (2 years 7 months) Principal Consultant @ • Designed and installed multi-site JumpStart environments, including build scripts that spanned multiple reboots.
• Updated and fixed a JumpStart procedure to handle multiple operating system versions.
• Designed and built an automated system install tool for DIGITAL UNIX, written in a combination of Perl, ksh, and shell.
• Developed and taught a 5-day Sendmail class.
• Installed and configured sendmail.
• Audited sendmail installations providing recommendations for performance improvements.
• Installed/configured mailing list software
• Supported strategic client customers in the design and implementation of their eCommerce Web sites, running on Sun SPARC Enterprise machines with external RAID devices, Web/FTP servers, application servers, database servers, mail servers, firewalls, and dedicated backup devices with tape changers.
• Served as Project Manager, assisting with the design and build out of a new Data Center. Was the construction on-site company representative during build out.
• Helped design the network layout of Web farms and their integration into the building network.
• Built core infrastructure machines for new Web farms, installed Kerberos and SSH on systems.
• Create heterogeneous networks running various Unix and Windows operating systems.
• Built various firewalls using TCP Wrappers, ipchains, iptables, ipfw.
• Performed site audits providing recommendations for improvement to system and network.
• Maintained a Web farm of over 800 Web servers with Apache and Netscape Enterprise HTTP servers.
• Provided daily systems and network support in a heterogeneous UNIX environment running AIX, DIGITAL UNIX, HP-UX, IRIX, Solaris, SunOS, Linux, and Windows NT/2000/95/98.
• Implemented new trouble ticket systems,
• Created a "virtual logbook" that enabled remote administrators to make entries about client boxes via the web, and wrote CGI scripts, using Perl.
• Wrote various scripts in Perl, sh, csh, ksh From February 1996 to July 2001 (5 years 6 months) Principal Consultant @ From February 1996 to June 2001 (5 years 5 months) Principal Consultant @ From February 1996 to June 2001 (5 years 5 months) Consultant @ I had several long consulting gigs with both Digex east and Digex west From February 1996 to June 2001 (5 years 5 months) System Administrator @ Responsible for all aspects of system administration for small network with multiple Unix variants and Microsoft Windows. Upgraded firewall, upgraded website and created one of the first "Text to Speech" dynamic web pages. Upgraded network from thin-net to 10baseT. From February 1995 to February 1996 (1 year 1 month) Unix System Administrator @ Unix system administrator for LTP 920.2 on Goddard Space Flight Center From August 1993 to February 1995 (1 year 7 months) Intern @ Worked in Computer Services. From June 1990 to August 1993 (3 years 3 months)
MS, Computer Science, Computer System Security @ Colorado Technical University From 2005 to 2007 MS, Management, Information System Security @ Colorado Technical University From 2005 to 2006 BS, Computer Science @ Radford University From 1990 to 1993 Virginia Polytechnic Institute and State University From 1989 to 1990 HS @ Rampart High School From 1984 to 1988 Brian Kirouac is skilled in: Unix, Security, IPS, CISSP, Information Assurance, Servers, Penetration Testing, Vulnerability Assessment, Firewalls, Network Security, Computer Security, Web Application Security, Linux, TCP/IP, Network Architecture
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension