About Chris Carpinello
I create solutions to reduce, streamline and automate security operations in order to:
* Maintain business system availability
* Protect intellectual property
* Limit corporate liability
* Safeguard the corporate brand
* Ensure compliance
* Information Assurance Vulnerability Management (IAVM)
* Network behavior analysis (NBA)
* Network intrusion prevention systems (IPS)
* Host and network intrusion detection systems (IDS)
* Regulatory Compliance Controls and Frameworks: PCI DSS, HIPAA, NIST SP 800, DIACAP, DISA STIG, Army Regulations (AR 25-2), DoD 8500
Where I've made a difference
This public UK company with 14,500 employees and $2.2B in revenue is a world-leading supplier of accounting and business management software to small and medium-sized businesses. While supporting the Director of Enterprise Security and Architecture in North America, provided incident response, risk management, vulnerability scanning, and comprehensive policies to meet PCI and HIPAA compliance objectives.
* Reduced PCI compliance costs by 50%.
Senior Information Assurance Engineer at Rockwell Collins, Atlanta GA, 2008 - March 2010
Focusing on military, civilian government and commercial organizations, this public 21,000 person company with $4B in revenue is a global leader in creating satellite-based network solutions that solve the toughest communication challenges. Worked with a team of seven to deliver information assurance solutions ensuring confidentiality, integrity and availability on Windows and Solaris platforms for federal and military customers.
* Rearchitected security update service as technical lead to allow scaling for new business opportunities, significantly increasing quality, reducing maintenance and streamlining testing.
* Created a competitive differentiator by providing security architecture guidance, secure coding practices and threat modeling during software development lifecycle.
* 100% on-time delivery of vulnerability assessments and remediation solutions adherent to NIST SP 800, Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), DISA Security Technical Implementation Guide (STIG), Army Regulations (AR25-2) and DoD 8500.
* Maintained secret clearance and 93% time and materials contract billing rate, exceeding 85% goal.
Information Security Specialist at Lancope, Atlanta GA, 2002 - 2008
Focusing on Fortune 500 customers, this privately held 60 person company consistently outperformed competitors to remain on the network behavior analysis short list of industry analysts. Researched and developed enterprise security products with the Founder and Chief Research Officer using C and Perl on Linux and Cisco platforms.
* Architected new security product with Cisco to bring their threat mitigation Adaptive Control Technology to market.
* Increased revenue through prototype development and productization of NetFlow technology into StealthWatch, the company's flagship product.
* Enabled business by providing technical security expertise during request for proposals and Common Criteria evaluation.
* Optimized testing and manufacturing processes through creation of custom Linux platform, increasing quality and reducing rollout time from hours to minutes.
Software Engineer at Internet Security Systems, Atlanta GA, 1997 - 2001
As a public company with 1,500 employees and $250M revenue, ISS dominated the vulnerability prevention enterprise market. Produced high quality deliverables for host and network information prevention products with application development teams of five to twelve engineers using C/C++, Tcl and Perl on Unix platforms.
* Awarded Product of the Year in 1999 and 2000 by Network Magazine for RealSecure IDS.
* Engineered Nokia OEM partnership solution for RealSecure, porting from Solaris to FreeBSD.
Software Engineer at Nortel Networks, Atlanta GA, 1995 - 1997
Nortel Networks is a publicly owned telecomm giant catering to the enterprise and carrier markets with $15B revenue and 70,000 employees. Provided services to engineers and quality assurance teams totaling 300 people as one of two configuration management developers using Perl and Tcl on Unix and VMS platforms.
* Lead critical migration project with a $600K project deadline penalty, delivering three weeks ahead of schedule.
* Exceeded performance ratings as recognized by 18 "thank you" emails, 1 peer award and 1 management award in a one-year period.
System Administrator at NASA Langley Research Center, Hampton VA, 1993 - 1994
Aerospace pioneering and atmospheric sciences are the core disciplines amongst NASA LaRC's 3,300 civil service and contract employees. Administered 100 Unix workstations in the Fluid Mechanics division, working with two IT operations personnel.
* Improved customer service satisfaction level resulted in a full-time job offer at the end of this internship position.
System Administrator at Old Dominion University, Norfolk VA, 1991 - 1994
The academic computing network at this 60-year old state institution brought together 3,000 faculty, undergraduate and post-graduate students. Cooperatively administered 300 Unix workstations with eleven other undergraduate students.
* Awarded highly competitive internship at NASA Langley Research Center after reducing helpdesk turnaround time and increasing uptime of computing resources.
Surviving a denial-of-service attack, what are your options?
Tough times for commuters
What are the top 10 required features when selecting a network security product?
Intrusive testing professional tools
How do you measure software quality?
What does the phrase secure coding practices mean to you?