” White Hat “, ” Principled Ethical Hacker “, ” Slicer “, or ” Socketguard ” whatever you want to term me — “cool”, “hip”, or other, — as an Information Security Professional, all titles serve the same role having one common goal: protect the Client from the “threat landscape” while ensuring complete customer and staff protection and empowerment to take future action with confidence.
To summarize, I service protective operations as I continually am present in the moment applying my studies in psychology, forensics, and criminology applied to technology know-how to culminate comprehensive enrichment for Client safety. I am an Emergency Management : Threat Analyst who protects systems, business processes and event locations. From my novel perspective as a formally trained certified legal paraprofessional, I consider implications of actions taken in abductive scenarios applying latest technology stacks to establish insurance claim risk viability and actively maintain an updated training on the evolutionary mindset of perpetrators including virtual data crackers, cyber bullying, cases of insurgent disruption, and physical assailants.
Historical field expertise
My first “ official ” experience in this line of fieldwork was when the Cincinnati Ohio Police District 1 Investigations Bureau came to the service bureau I worked at in 1997 and asked if their Detectives could meet with the Agency’s “best graphics person” on analyzing some digital images for them. That was (of course) me! I was supplied with three ATM camera photos of a bank robber. He had parked his car just barley in frame view during the robbery for me to get to work on immediately as it was in the first 24 hours of the crime. I took the images of the car and re-constructed the anti-alias on the car’s license plate which had pulled up in frame and the perpetrator has exited straight to the machine; in half an hour I presented my findings to the Detectives. A month went by when I learned that my work was used as evidence and the criminals were apprehended; traced by my good work !
Another interesting more high profile case study in digital forensic imaging later serviced my public community when I investigated a purposed ghost in a photo that had become social trending due the details of the local recent gruesome murder. Sometimes histograms or vector scope analysis can be performed to distinguish abnormal chroma and irregular hue shifts to aid in determining if the image was an overlay or actually a natural exposure. Applying reductio ad absurdum when considering even most simply the phantom figure arrangement; its uncanny to consider that in such a small space between two controversial people (in context) a ghost “flying by” would be caught in such a “ P E R F E C T ” clearly visible little background of available visual gestalt amongst a crowd of mourners. Outcome of this image was exposed as a hoax due to leveraging exifdata.com and later validated congealed fundamental presuppositions confirmed by character profiling of the photograph presenter during the investigation. To prove photo legitimacy and eradicate the claimants “circular reasoning”; that is to say “the photo is, because here is the photo I took” cannot stand with countering evidence, such assertion cannot be validated. Her purposeful actions to hinder fact-finding contributed to obfuscate truth surrounding how and when the photo was taken. Her attitudes toward my investigation evidenced effort inadequacies in the time for need for certainty, control and simplicity. In conclusion regardless, the forensic evidence of anti alias re-compression “stepping” in the EXIF meta data confirmed from the sample all that needs to be said.
As an IT professional in 2000, I held low level FBI security clearance for a SIDA badge in my past to be able to walk on air strip runways and operate on IT in secure MAF and DFW authorized only locations. I worked in wireless microwave P2P and POE frequencies and determined that a dirty playing commercial competitor was scrambling my Client Line of Sight Signal so we realigned and changed frequencies to circumvent brute force scrambling attacks. In 2001 I began in Healthcare vertical with aquiring wifi access using AirSnort then pth-winexe to scrape sensitive data from a Physician’s parking lot. I then went in and consulted how to secure the environment with a mostly air-gap strategy coupled with SSLVPN.
Since then my production company I co-founded worked to secure website clients on medical patient HIPPA compliance data and related info-sec services including data encryption and authentication access. I also had the privilege to serve the USMC Marine Heritage Foundation in Quantico, VA for three years with ecommerce before to turning the website over to Ogilvy Worldwide. Then in 2005, my film crew colleagues and I re-created the Columbine Shooting as an educational awareness drama-documentary, winning the Tribecca iFilm festival!
Since then I have found deeper purpose in this line of work after interviewing the parents on how they want their children remembered in contrast to how social media portrayed them. Since this reinforcing inspiration and since becoming a father myself, Ive wanted to perpetuate effective stewardship for the prevention of violations of all sorts of deviance upon those trying to live their daily lives or for once relax and have a good time in a safe environment.
I have served as an authority in digital forensic cases in a number of ways including recreating crash scenes in Midland, Texas courts to show the events of a car accident based on calculating impact forces that took lives derived by required speeds to yield such velocities required to produce the ultimate unfortunate effects of crash sites. Ive also performed statistical analysis and strike-force animation presentations from supplied intelligence for the DEA in Dayton, Ohio.
I have helped design country music and fairground location scouting and event security consultations (in Texas) for crowd flow, traffic fencing and parking control as well as scheduling door money transfers; reporting on number of guards required at different posts along event timelines and local police coordination accompanied with experienced municipal permit acquisition. Delivering aerial security from unauthorized unmanned aerial vehicles (UAVs) overhead intrusion from such foreign robots as drones or shooting from sniper superior higher-ground positions like in Vegas is a ever-growing pressing sensitive inclusion in this planning scope.
For Homeland Security Ive been the Project Director and co-animator of weather animations which calculated physical force for explosion deterministics of variable input magnitudes from which my render engine played out and reported on how fast those different impacting fueled fires would spread and reach other potentially vulnerable explosive “hot spots” down-wind across real geographical targeted terrains giving first-respondents an idea of how much time there is to act.
InfoSec Skill overview
Over the last 10 years I have supported RBL white-listing, email filtering and end-user best practice advocacy as well as now my majority of security efforts have been in concentration of web application security and help aid my leading Information Security Officer (protecting a user base of over 17,000 users) on zero day log reconnaissance when needed in emergent just-in-time lockout responses and advocating new policy design to enact with established user culture(s). I also program serialized D/Crypt and SSO authentication for profile identity and password automation and Administer ADFS and Shibboleth Relational Trusts.
As opportunities present themselves, I am actively venturing deeper into ethical practice of the following services :
- Analyze and protect systems and locations:
- Authentication Strategy: password restriction consultation, multi-factor implementation, authentication analysis, crunch list building, metasploit site culture analysis, rainbow tables & rsmangler dictionary testing, and password management.
- Reconnaissance: Assess currency of crisis strategy approaches : trashing, phreaking, profiling targets, botnet port scanning, IP scam response check, and other public investigations etc. as well as privatized (owned) / internal system targets using WCE, John and other shadow-recovery shell tools.
- Analysis and Scientific Interpretation: verify and establishing authenticity and identity of audio recordings and photographic sampling while maintaining no circular reasoning. Conduct holistic reviews of existing programs and recommended upgrades accordingly.
- Weaponization: exploit design planning to a hone-in target
- Delivery: email phishing, malware, bug/flaw holes, internal usb, ftp down, extra-net file share, test for injection exploits, identify “beachheads”, location distribution and drop
- Exploitation: evaluate all entry/exit points of software to memory or disk or location points of exposed vulnerability from a myriad of potential influencers, conducting penetration tests, and pattern cryptography
- Installation: registry to auto-run payload opportunities such as advanced persistent threat (APT) malware and potentially unwanted programs (PUP) optimization.
- Command & control: Develop protection enhancement strategies for operational governance long term of Business Process Management, Information I/O, Traffic Flow, and Crowdsourced Jeane Dixon Effect Response.
- Computer Forensic Investigations: Preserving Data for Legal Case evidence if compromised but also in advance of cyber attacks draft Business Continuity (BC) outlines for acquiring and analyzing that data for normalization and centralization. Drafting Disaster Recovery (DR) plans of Action (POA) for each Information Hub for preventive measure not just reactive public response and private forensic reconnaissance.
- Legal implications and Insurable Claim viability
- Evidence: I know how to maintain a sterile admissible evidence vault which would not get thrown out of court. Reproducability and verifiability are mantras of my efforts.
- Fourth Amendment authorization: I carefully act on behalf of the authorizing client on concrete evidence alone as Im trained on the ability to not infuse attribution bias nor presentism in my case investigations. WriteBlockers, Chains of Custody documentation, Evidence containers, Affidavits, Warrants, field-kit software and hardware and other tools of information integrity shall be secured for private investigations as required.
- Evaluations: I am versed in reporting on civil damages, calculating compensatory damage value and designing constructive delivery options while also for clients effectively establishing liability coverable grounds when identifying perpetrator “mens rea” (purposefully knowing) and such drawing willful and deviant intent (at the time of events) to a concluding argumentative preponderance to the evidence of an outlined “actus reus” (bad behavior) occurrence(s).
- Active ongoing Training
- Organization: I bring Harvard University certified lectured MBA organization trained best-of-breed processes coupled with my vast real world Information Technology application experience to data related issues and physical location and event planning.
- Concentrations: Im privileged to learn from national leading professors at the Widener Law School (where VP Biden teaches) in their respective fields on areas of legal paraprofessional concentrations including:
- Dr. David Arena PsyD, JD, MBA who taught me White Collar Crime, Gang Crime in America, Forensic Psychology featuring Criminology and Victimology.
- Dr. Cipparone, PhD, JD, MBA who instructs much of the regional police cadets in civilian field engagement and taught me Torts, Statues, Doctrines and Paralegal Analysis for case preparation.
- Dr. Smith PhD, JD, MBA who taught me Advanced Patent Law.
- Dr. David Fendrich PhD, who taught me Evolutionary, Paranormal and Cognitive / Behavioral Psychology and shifted me to advocate skeptical thinking applied to all matters, thanks to networking with Micheal Schemer of Skeptic Magazine for my capstone paper.
- Dr. Malcolm Shore PhD, Security Advisor certified virtual cybersecurity coursework
- Intellectual Virtues: Id be remiss if I did not also express a working knowledge of Kantian Ethics, Sociology and Anthropology applicable to this field.
- Maintain updated evolutionary sensitivity / knowledge of perpetrators such as shooters, hackers and other insurgent disruption
- Action: hackivist motives, espionage, more cause-driven subversive goals; mining for psycho fallacy of Effort Inadequacies and the Need for Certainty, Control, and Simplicity
- Behavioral Forensics: patterning analysis for pre-attack escalation prevention while maintaining a healthy lens against agency infusion of false dilemmas.
- Criminology: psychological reporting on post-occurence debrief and victimology
- Featured Tools/Wares Experience:
- Kali Linux
- Metaploit
- Maltego
- Wifite
- Oracle VM
- DMitry
- DNSenum
- OpenVAS
- Vega
- Adobe Creative Suite
- Photoshop
- Illustrator
- Dreamweaver
- Premiere
- Microsoft 365
- Azure / AD
- Admin Console
- Teams
- Flow
- Stream
- Planner
- Excel & Forms
- Powerpoint
- Word
- SharePoint & Lists
- Planner
- Tasks
- Camtasia Training
- Knowb4 Training Campaign Design
- Site 24 X 7 Infrastructure Monitoring
- Sassafras Software: IT Asset Management
- Automation Identity Portal and User Management
- Kali Linux