Curriculum Vitae 26 July 2007

Curriculum Vitae – Eideard “Ted” Mac Daibhidh, C.D. 18 Sampson Street, Ottawa, Ont. Canada K1V-7L4 613-277-4335 [email protected]

FORMAL AND MILITARY EDUCATION Sydney Academy, Sydney, NS Nova Scotia University Preparatory Programme – Grade 12 Graduate

1988

Canadian Forces Recruit School, Cornwallis, NS Basic Training

1990

Canadian Forces School of Military Intelligence, Kingston, ON Communications Research Operator – Apprentice Level

1990

Canadian Forces School of Military Intelligence, Kingston, ON Communications Research Operator – Journeyman Level

1994

Canadian Forces School of Military Intelligence, Kingston, ON Signal Development – Digital Communication Analyst and Reverse Engineer

1999

Canadian Forces Peacekeeping Support Centre, Kingston, ON Peace Support Operations Military Observer Course

2001

Canadian Forces Joint Signal Regiment, Kingston, ON Mobile Electronic Warfare Team Course

2001

West Point Military Academy, West Point, NY Quinquepartite Computer Network Defence Workshoppe

2003

Canadian Forces Connaught Range and Primary Training Centre Primary Leadership Qualification Course

2004

INFORMATION TECHNOLOGY TRAINING Acerra CISSP Training Programme

2005

Global Knowledge Interconnecting Cisco Network Devices

2003

InfoPeople Security Solutions Intellitactics NSM 102 Cisco Security Agent – Administration Cisco Security Agent – Introduction

2003 2006 2006

Intellitactics Intellitactics NSM5101 - Introduction to NSM Intellitactics NSM5400 - NSM 5

2005 2005

Learning Tree International Unix System Administration Introduction to TCP/IP Deploying Intrusion Detection Systems Unix and Linux Security Assessing Network Vulnerabilities Deploying Internet and Intranet Firewalls Computer Forensics & Incident Response

2002 2002 2003 2003 2004 2004 2006

Military Introduction to Linux Introduction to Network Security Introduction to Unix Introduction to Computer Networking Introduction to Network Protocols Introductory Unix - User Level COMSEC Custodian Course Introductory Unix - System Administration Level Unix Shell Scripting VIRT (Virus Incident Response Team) Course IAccess Project Familiarization Training

1997 1998 1998 1999 1999 1999 2001 2001 2001 2004 2007

Rigel Kent Security Services Malicious Code Analysis Ethical Hacking

2005 2006

SANS Institute SANS GIAC Certified Intrusion Analyst Track

2003

United States Military Academy Computer Network Defence Track

2005

EMPLOYMENT HISTORY 2006 - 2007 Department of National Defence Special Operations Analyst •

Provide direct analysis support to national intelligence & counter-intelligence entities (e.g. CFNCIU, CSE, RCMP) in support of special operations.

•

Facilitate ongoing sensitive investigations and special operations correlating and analyzing evidence and network activity while observing proper chain of custody and light of law.

•

Liaise as directed with national and international law enforcement, investigative, military, intelligence and counter-intelligence entities (AusCERT, CFNCIU, CSE, DSD, FBI, GCHQ, MoD CERT, NSA, RCMP, UKJIC) in the capacity of SME (Subject Matter Expert).

•

Provide direct DND representation within the CSE Cyberlab as a military augmentee.

2005 - 2007 Department of National Defence Senior IH/AA (Incident Handling/Advanced Analysis) Analyst •

Supervise incident report taskings, providing guidance and direction where required.

•

Provide operational support and feedback to IDS Analysts.

•

Provide immediate response to all incidents, generating and maintaining requisite documentation and reports.

•

Utilize all available resources to perform advanced/long term analysis of unusual network activity, generating all requisite reports.

•

Maintain and update all CIRT databases, report templates and standard operating procedures.

•

Prepare and/or contribute to all CIRT products (Alerts, Advisories, Admin Notes, Incident Reports, etc.).

•

Perform advanced/long term analysis on potential attack vectors and emerging technologies that threaten operational and classified networks.

•

Assist with the preparation and facilitation of CIRT training initiatives.

•

Exercise strategic/tactical awareness with regards to emerging threats and DND's defensive infrastructure.

•

Maintain working familiarization with DND policies, guidelines and procedures pertaining to IT security.

•

Initiate and maintain effective working relationships with departmental, national and international entities.

•

Monitor OSINT (Open Source Intelligence) resources for I&W (Indications & Warnings) regarding potential threats to DND and national assets.

•

Contribute to operational efficiency by noting potential areas for improvement in all areas relating to the CIRT mission.

•

Advise chain of command regarding technical issues and security policy.

•

Initiate, prioritize and perform assigned tasks without supervision.

2003 - 2005 Department of National Defence Senior Intrusion Detection Analyst •

Duties as "Intrusion Detection Analyst" below.

•

First level quality control of incident reports and related correspondence.

•

Supervision of 2-4 member analysis team.

•

Liaise with senior staff & external parties in the capacity of SME (Subject Matter Expert).

•

Provide effective administrative support to subordinates and team members.

•

Ensure judicious and appropriate application of Canadian Forces regulations with regards to subordinates and team members.

•

Ensure team discipline is maintained.

•

Generate initial, quarterly and annual performance assessments for all subordinates.

2002 - 2003 Department of National Defence Intrusion Detection Analyst •

Drafting of security advisories and incident reports.

•

IDS monitoring using Intellitactics Network Security Manager, Cisco NetRanger/Secure IDS and SHADOW IDS.

•

Perform in-depth packet analysis and incident forensics.

•

Assist in the development of juniour analysts performing mentoring and providing training support as necessary.

•

Research and evaluation of network security/hacking tools and emerging threats.

•

Trained in the use of various analysis tools (e.g. Snoop, TCPDump. Wireshark, Snort).

•

First line attack assessment, threat analysis and incident handling relating to

network security events as they occur on operational and classified DND networks. 2001 - 2002 NATO Stabilization Force Bosnia-Herzegovina Mobile Electronic Warfare Team 2I/C •

Duties as “Senior Digital Communications Analyst” below.

•

Provide support to MEWT Commander performing duties of MEWT Commander as necessary.

•

Provide first line technical support and system administration for UNIX and Windows based National Command Element information systems.

•

Perform Comsec Custodial duties for the National Command Element’s Electronic Warfare troop.

•

Act as technical Subject Matter Expert for NATO “Tiger Team” raids on belligerent communications facilities.

•

Perform tactical communications overwatch for NATO combat elements and missions within the theatre of operations.

•

Prepare highly detailed analysis reports for dissemination to the District Electronic Warfare Commander and Supreme Headquarters Allied Powers Europe.

2000 - 2001 Department of National Defence Interim Collection & Intercept Support Supervisor •

Duties as “Senior Digital Communications Analyst” below.

•

Liaise daily with senior staff in support of the mission.

•

Evaluation and management of new and ongoing tasks.

•

Perform mentoring of junior analysts.

•

Responsible for generation and release of all reports, first level quality control, training, and section continuity.

•

Supervision of 10-15 person section comprising 5 shifts.

•

Provide effective administrative support to subordinates and team members.

•

Ensure judicious and appropriate application of Canadian Forces regulations with regards to subordinates and team members.

•

Ensure team discipline is maintained.

1999 - 2002 Department of National Defence Senior Digital Communications Analyst/Reverse Engineer •

Bit level analysis and reverse engineering of complex digital signals, protocols and C2C (computer to computer) signaling techniques.

•

Primary R&D lead performing evaluation, development and review of new equipment and software.

•

Perform mentoring of junior analysts.

•

Provide first line UNIX system administration and troubleshooting support to the Signals Development Team.

•

Prepare highly detailed first and second line analysis reports.

•

Perform first level quality control of all internal and external reports.

1998 - 1999 Department of National Defence Interim Collection & Intercept Support Operator •

Perform interim collection and development of new targets.

•

Perform first line analysis of communication systems and networks.

•

Maintain all ICIS databases.

•

Prepare all mission related reports and supporting documentation.

•

Perform mentoring of junior operators.

•

Provide intercept support to other sections as required.

1990 - 1998 Department of National Defence Communications Research Operator •

Perform collection and first line analysis of tasked targets.

•

Perform duties of HFDF operator in support of the mission.

•

Preparation and first line quality control of mission related reports.

•

Perform duties of Communication Centre duties as required.

AWARDS AND DECORATIONS Commanding Officer's Certificate of Appreciation Information Management Group Certificate of Appreciation NATO Medal with Former Yugoslavia Bar Canadian Forces Decoration Canadian Peacekeeping Service Medal Commanding Officer’s Commendation Supplementary Radio System Oldtimers Association Commendation United Nations Peacekeeping Medal – UNDOF Special Service Medal with Alert Bar

PUBLICATIONS AND PAPERS •

“Binary to ASCII Encoders – The Missing Equation” Service paper, 1998.

•

“Open Source Intelligence – The New Intelligence Paradigm” Service paper, 1998.

•

“Open Source Intelligence and the Kosovo Crisis” Service paper, 1999.

•

“Digital Network Intelligence – The Future is Now” Service paper, 2000.

•

“Analysis Report – Grim’s Ping: A Weapon of Mass Distribution” Attack analysis report, 2002.

•

“h4X0R – Know Your Enemy: The Anatomy of a Hack” Training presentation, 2002.

•

“h4X0R – Know Your Enemy: Footprinting” Training presentation, 2002.

•

“h4X0R – Know Your Enemy: Scanning” Training presentation, 2003.

2007 2007 2002 2001 2000 2000 1999 1995 1994

•

“h4X0R – Know Your Enemy: Enumeration” Training presentation, 2003.

•

“Analysis Report – Blended Threats and Hostile Code: Wolves in Website’s Clothing” Threat analysis report, 2003.

•

“Executive Summary – Today’s Menu Special: Phish and Spam” Executive summary, 2004.

•

“Analysis Report – We Like Our Sploits Extra Chunky” Attack analysis report, 2004.

•

“h4X0R – “Know Your Enemy: Building Your Lab” Training presentation, 2005.

•

“I&W Analysis – Onion Routing and TOR” Indications and warning report, 2006.

•

“I&W Analysis – Covert Channels: Cloak & Dagger in the Information Age” Indications and warning report, 2006.

•

“I&W Analysis – Virtual Machine Rootkits: Follow the White Rabbit” Indications and warning report, 2006.

•

“Analyst Working Aide” Working aide, 2006.

•

“Analysis Report – Hostile Script (CVE 2006-003)” Emergency analysis report, 2006.

•

“I&W Analysis – Mobile Malware: Please Leave Your Rootkit at the Tone” Indications and warning report, 2007.

SECURITY CLEARANCE •

Currently cleared to secret.

•

Held top secret special access clearance for 17+ years.

•

Held various SCI clearances throughout career.

•

NISA (NSM Intellitactics Security Analyst)

•

NISM (NSM Intellitactics Security Manager)

PROFESSIONAL CERTIFICATIONS

PROFESSIONAL DEVELOPMENT INITIATIVES •

Maintains personal virtual machine based network security computer laboratory.

•

Maintains personal information security library (50+ titles).

•

Preparing for ISC2 CISSP certification examination.

PROFESSIONAL ASSOCIATIONS •

Armed Forces Communications and Electronics Association (member)

•

Information Systems Security Association (member)

•

Supplementary Radio System Oldtimers Association (honourary life member) Association (Vice-President)

•

Whitehat s.ca Ethical Hacking