Chris Carpinello
About Chris Carpinello
I create solutions to reduce, streamline and automate security operations in order to:
* Maintain business system availability
* Protect intellectual property
* Limit corporate liability
* Safeguard the corporate brand
* Ensure compliance
* Information Assurance Vulnerability Management (IAVM)
* Network behavior analysis (NBA)
* Network intrusion prevention systems (IPS)
* Host and network intrusion detection systems (IDS)
* Regulatory Compliance Controls and Frameworks: PCI DSS, HIPAA, NIST SP 800, DIACAP, DISA STIG, Army Regulations (AR 25-2), DoD 8500
Contents at a Glance
Experience
Where I've made a difference
Information Security Principal at Sage Software, Atlanta GA, March 2010 - Present
This public UK company with 14,500 employees and $2.2B in revenue is a world-leading supplier of accounting and business management software to small and medium-sized businesses. While supporting the Director of Enterprise Security and Architecture in North America, provided incident response, risk management, vulnerability scanning, and comprehensive policies to meet PCI and HIPAA compliance objectives.
* Reduced PCI compliance costs by 50%.
Senior Information Assurance Engineer at Rockwell Collins, Atlanta GA, 2008 - March 2010
Focusing on military, civilian government and commercial organizations, this public 21,000 person company with $4B in revenue is a global leader in creating satellite-based network solutions that solve the toughest communication challenges. Worked with a team of seven to deliver information assurance solutions ensuring confidentiality, integrity and availability on Windows and Solaris platforms for federal and military customers.
* Rearchitected security update service as technical lead to allow scaling for new business opportunities, significantly increasing quality, reducing maintenance and streamlining testing.
* Created a competitive differentiator by providing security architecture guidance, secure coding practices and threat modeling during software development lifecycle.
* 100% on-time delivery of vulnerability assessments and remediation solutions adherent to NIST SP 800, Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), DISA Security Technical Implementation Guide (STIG), Army Regulations (AR25-2) and DoD 8500.
* Maintained secret clearance and 93% time and materials contract billing rate, exceeding 85% goal.
Information Security Specialist at Lancope, Atlanta GA, 2002 - 2008
Focusing on Fortune 500 customers, this privately held 60 person company consistently outperformed competitors to remain on the network behavior analysis short list of industry analysts. Researched and developed enterprise security products with the Founder and Chief Research Officer using C and Perl on Linux and Cisco platforms.
* Architected new security product with Cisco to bring their threat mitigation Adaptive Control Technology to market.
* Increased revenue through prototype development and productization of NetFlow technology into StealthWatch, the company's flagship product.
* Enabled business by providing technical security expertise during request for proposals and Common Criteria evaluation.
* Optimized testing and manufacturing processes through creation of custom Linux platform, increasing quality and reducing rollout time from hours to minutes.
Software Engineer at Internet Security Systems, Atlanta GA, 1997 - 2001
As a public company with 1,500 employees and $250M revenue, ISS dominated the vulnerability prevention enterprise market. Produced high quality deliverables for host and network information prevention products with application development teams of five to twelve engineers using C/C++, Tcl and Perl on Unix platforms.
* Awarded Product of the Year in 1999 and 2000 by Network Magazine for RealSecure IDS.
* Engineered Nokia OEM partnership solution for RealSecure, porting from Solaris to FreeBSD.
Software Engineer at Nortel Networks, Atlanta GA, 1995 - 1997
Nortel Networks is a publicly owned telecomm giant catering to the enterprise and carrier markets with $15B revenue and 70,000 employees. Provided services to engineers and quality assurance teams totaling 300 people as one of two configuration management developers using Perl and Tcl on Unix and VMS platforms.
* Lead critical migration project with a $600K project deadline penalty, delivering three weeks ahead of schedule.
* Exceeded performance ratings as recognized by 18 "thank you" emails, 1 peer award and 1 management award in a one-year period.
System Administrator at NASA Langley Research Center, Hampton VA, 1993 - 1994
Aerospace pioneering and atmospheric sciences are the core disciplines amongst NASA LaRC's 3,300 civil service and contract employees. Administered 100 Unix workstations in the Fluid Mechanics division, working with two IT operations personnel.
* Improved customer service satisfaction level resulted in a full-time job offer at the end of this internship position.
System Administrator at Old Dominion University, Norfolk VA, 1991 - 1994
The academic computing network at this 60-year old state institution brought together 3,000 faculty, undergraduate and post-graduate students. Cooperatively administered 300 Unix workstations with eleven other undergraduate students.
* Awarded highly competitive internship at NASA Langley Research Center after reducing helpdesk turnaround time and increasing uptime of computing resources.
This public UK company with 14,500 employees and $2.2B in revenue is a world-leading supplier of accounting and business management software to small and medium-sized businesses. While supporting the Director of Enterprise Security and Architecture in North America, provided incident response, risk management, vulnerability scanning, and comprehensive policies to meet PCI and HIPAA compliance objectives.
* Reduced PCI compliance costs by 50%.
Senior Information Assurance Engineer at Rockwell Collins, Atlanta GA, 2008 - March 2010
Focusing on military, civilian government and commercial organizations, this public 21,000 person company with $4B in revenue is a global leader in creating satellite-based network solutions that solve the toughest communication challenges. Worked with a team of seven to deliver information assurance solutions ensuring confidentiality, integrity and availability on Windows and Solaris platforms for federal and military customers.
* Rearchitected security update service as technical lead to allow scaling for new business opportunities, significantly increasing quality, reducing maintenance and streamlining testing.
* Created a competitive differentiator by providing security architecture guidance, secure coding practices and threat modeling during software development lifecycle.
* 100% on-time delivery of vulnerability assessments and remediation solutions adherent to NIST SP 800, Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), DISA Security Technical Implementation Guide (STIG), Army Regulations (AR25-2) and DoD 8500.
* Maintained secret clearance and 93% time and materials contract billing rate, exceeding 85% goal.
Information Security Specialist at Lancope, Atlanta GA, 2002 - 2008
Focusing on Fortune 500 customers, this privately held 60 person company consistently outperformed competitors to remain on the network behavior analysis short list of industry analysts. Researched and developed enterprise security products with the Founder and Chief Research Officer using C and Perl on Linux and Cisco platforms.
* Architected new security product with Cisco to bring their threat mitigation Adaptive Control Technology to market.
* Increased revenue through prototype development and productization of NetFlow technology into StealthWatch, the company's flagship product.
* Enabled business by providing technical security expertise during request for proposals and Common Criteria evaluation.
* Optimized testing and manufacturing processes through creation of custom Linux platform, increasing quality and reducing rollout time from hours to minutes.
Software Engineer at Internet Security Systems, Atlanta GA, 1997 - 2001
As a public company with 1,500 employees and $250M revenue, ISS dominated the vulnerability prevention enterprise market. Produced high quality deliverables for host and network information prevention products with application development teams of five to twelve engineers using C/C++, Tcl and Perl on Unix platforms.
* Awarded Product of the Year in 1999 and 2000 by Network Magazine for RealSecure IDS.
* Engineered Nokia OEM partnership solution for RealSecure, porting from Solaris to FreeBSD.
Software Engineer at Nortel Networks, Atlanta GA, 1995 - 1997
Nortel Networks is a publicly owned telecomm giant catering to the enterprise and carrier markets with $15B revenue and 70,000 employees. Provided services to engineers and quality assurance teams totaling 300 people as one of two configuration management developers using Perl and Tcl on Unix and VMS platforms.
* Lead critical migration project with a $600K project deadline penalty, delivering three weeks ahead of schedule.
* Exceeded performance ratings as recognized by 18 "thank you" emails, 1 peer award and 1 management award in a one-year period.
System Administrator at NASA Langley Research Center, Hampton VA, 1993 - 1994
Aerospace pioneering and atmospheric sciences are the core disciplines amongst NASA LaRC's 3,300 civil service and contract employees. Administered 100 Unix workstations in the Fluid Mechanics division, working with two IT operations personnel.
* Improved customer service satisfaction level resulted in a full-time job offer at the end of this internship position.
System Administrator at Old Dominion University, Norfolk VA, 1991 - 1994
The academic computing network at this 60-year old state institution brought together 3,000 faculty, undergraduate and post-graduate students. Cooperatively administered 300 Unix workstations with eleven other undergraduate students.
* Awarded highly competitive internship at NASA Langley Research Center after reducing helpdesk turnaround time and increasing uptime of computing resources.
Affiliations
LinkedIn Answers
I routinely contribute to the LinkedIn Answers community. Below are just a few responses that have been recognized as "Best Answers".
Computer Networking
Surviving a denial-of-service attack, what are your options?
Job Search
Tough times for commuters
Information Security
What are the top 10 required features when selecting a network security product?
Intrusive testing professional tools
Software Quality
How do you measure software quality?
Software Security
What does the phrase secure coding practices mean to you?
Computer Networking
Surviving a denial-of-service attack, what are your options?
Job Search
Tough times for commuters
Information Security
What are the top 10 required features when selecting a network security product?
Intrusive testing professional tools
Software Quality
How do you measure software quality?
Software Security
What does the phrase secure coding practices mean to you?
Networking and Security
Optimizing security and network operations is what I've done for almost a decade. These are the best technical titles I've come across.
Software Engineering
Essential components of any software developer's reference library.
Software Security
Building Security In!
Use software security to create a competitive differentiator.
Unix Software Development
POSIX is your friend!
Invaluable technical references for all things POSIX and Unix.
The Zone
Music to code by
Mostly trance, techno, industrial and dance with high beats per minute and few lyrics.
Business Management
Essential business reading.
Challenge the way you think!
Productivity, Organization, Simplicity and Interaction
Books that have changed the way I fundamentally think.
My kind of funny
Ninjas > Pirates
When I need to unwind, I spin up one of these for a good laugh.

