Expert, May 2008 – Present

Deloitte, Tokyo, Japan

Manage a team of approximately 30 security professionals in vulnerability management, identity and access management, and security management. Directly manage a team of five security technicians in research and development of various security devices for application in penetration testing services; or to present at seminars in proof-of-concept attacks. Devices include RFID spoofing, custom wireless microphones interfaced with Bluetooth for remote control and SD card interfaces for mass storage, office emissions analysis of keystroke and computer monitor emissions, employing radar and spread spectrum analysis principles. Other projects include rogue key logging devices combined with RF remote control for data recording and acquisition. Other related projects include digital and logical analysis of ‘unknown’ communications.Other responsibilities involve working with a team of five security technicians in research and development of various security devices for application in penetration testing services, or to present at seminars in proof-of-concept attacks. Devices include RFID spoofing, custom wireless microphones interfaced with Bluetooth for remote control and SD card interfaces for mass storage, office emissions analysis of keystroke and computer monitor emissions, employing radar and spread spectrum analysis principles. Such projects include rogue key logging devices combined with RF remote control for data recording and acquisition and design of encrypted keyboards.

Senior Manager, IT Quality Control, May 2007 – May 2008

ING Direct, Tokyo, Japan

In charge of development and infrastructure IT quality and overall information security of the bank. This position required strong knowledge of applicable standards and local financial industry compliance requirements, while applying knowledge of operating systems, database, network, firewall, intrusion detection systems, remote access systems, and encryption. This position was a one-year contract to build the bank that would lead to a permanent position. ING initiated a closing of Japan business in October 2008, and formally announced close of business in February 2009.

Program Manager, Technical Services Group, April 2006 – April 2007

EMC² Japan, Tokyo, Japan

Implemented and managed a team in a project management office to oversee over 200 projects executed on a monthly basis. This work required budget control and tracking knowledge and heavy use of Excel and databases. Applied both electronics and networking knowledge as a field engineer and project manager in the installation, configuration, and delivery of fibre networked and IP networked storage. Responsibilities included troubleshooting operating system issues, network issues, as well as analyzing boards for component faults in the field and in a laboratory environment. Left this position at the close of a one-year contract.

Senior Manager, June 2002 – February 2006

PricewaterhouseCoopers, Tokyo, Japan

Performed security and consulting services, including Sarbanes-Oxley, internal audit, and risk consulting to financial institutions in this position. Work included a variety of penetration testing, incident response, audit, fraud investigation, and perimeter security consulting.Other assigned projects included J-Phone, Vodafone, and Softbank to perform a variety of technical support services, cellular and intranet security assessments, billing system development, testing and implementation project management, compliance management, site assessments, and RF systems changeover planning. Left this position because PricewaterhouseCoopers was shut down temporarily in Japan in 2006 due to an accounting fraud incident.

Manager, Information Risk Management, June 2000 – June 2002

KPMG, Tokyo, Japan

Performed a variety of security research utilizing network hardware, software, and RF tools to interrogate systems as part of vulnerability testing for Japanese and foreign financial industry clients. Designed tools to exploit initial wireless LAN WEP attack vectors, analysis of RF feedback using spread spectrum capture technology on financial and other secure data centers, building-to-building microwave systems security analysis, VSAT security analysis, and attacks on various cellular billing systems. Work required extensive knowledge of electronics, computer systems, application programming, network protocols, attack vectors and exploitation frameworks, and RF knowledge.

Education:San Francisco State University, San Francisco, CA

B.A., Japanese, minor Chemistry, 1992

DeVry Institute of Technology, Atlanta, GAElectronics Engineering, 1985

Military:

United States Marine Corps, Test Measurement and Diagnostic Equipment Technician, Honorable Discharge, 1987

Certifications:

US FCC General Radio Operator License, Radar and GMDSS Endorsement, 2009 (DM00000845)

US FCC Amateur Extra, 2009, NH2GX

Certified Information Systems Security Professional, 2003Certified Information Security Manager, 2003

Certified Information Systems Auditor, 2001

Microsoft Certified Systems Engineer, 2000

Computer Languages and Micro Controllers:C, C++, Objective C, Java, Visual Basic, REALBasic, Perl, Python, Javascript, SQL, and many related frameworks.PIC, AVR microcontrollers – Assembler, PICBasic, and C

Spoken Languages:English – NativeJapanese – Speaking, reading, and writing fluent (beyond JLPT Level One)

Diagnostics:Digital and analog multimeter, oscilloscope, logic analyzer, spectrum analyzer, frequency generator, various antenna analyzers and network analysis equipment.