Joel
D. Kinard CISSP
1501 Old Charlotte Highway | Suite A-148
| Monroe, NC 28110
jdkinard@gmail.com
(843) 991-4444
CERTIFICATIONS:
·
CISSP (Certified Information
Systems Security Professional, registration number 108647)
·
CIAM (Identity
Management Institute, registration number = 3530)
·
CISCO Number =
CSCO10610786
o CCNA (Cisco-Certified Network
Associate)
o CWLSS (Cisco Wireless LAN Support
Specialist)
·
EIT (Engineer in Training)
March
2021 to June 2021 – Information Security Analyst SME - NCI = Navigate.
Collaborate. Innovate. TM
·
I provided Information Security services
for NCI on Federal contracts. One interesting
project we were working on is the $807M DIGIT engagement for the U.S. General
Services Administration (gsa.gov).
·
Automated company processes using Tenable software, PowerShell scripts and other tools.
·
Contributed Security best practices as a member of
the UNIX support team.
·
Worked remotely from
my private office in Monroe NC, within a geographically-distributed workforce
·
**This
role was unfortunately cut short, when NCI conducted an I.R.I.F. and asked
several people to leave.
October
2018 to June 2020 –
Information Security Analyst 4 – Wells Fargo
·
In
Enterprise Key Management we handled the entire lifecycle of various types of encryption
keys. Types of keys included Mainframe,
Debit & Credit cards, etc. Creation,
installation, secure transport, protection, storage, and destruction of
Production and Development encryption keys across all of Wells Fargo's data
centers.
·
Installed encryption keys on IBM z/OS hosts
·
Assisted IBM’s Garry Sullivan during initial build
of a new Trusted Key Entry (TKE) appliance
·
Managed the team’s access to encryption key
vaults at North Carolina’s data centers.
·
Assigned physical brass keys and vault
combinations.
·
Maintained security badge readers.
·
Created documentation using Visio.
·
Worked on-site and remotely from my private office in Monroe NC, within
a geographically-distributed workforce.
August 2018 – October 2018
– Information Security Analyst III – Contract: INT Technologies for
client Wells Fargo
·
Investigated Privileged Access abuse at Wells Fargo
using Splunk SIEM within Wells Fargo's CTFC (Cyber Threat Fusion Center)
·
Completed week-long instructor-led Splunk SIEM course:
"Using Splunk Enterprise Security 5.0", Dedicated Virtual (Date 26
September 2018)
Jun 2017 to Aug 2017 – Vulnerability
Management SME – Contract: Apex Systems for client Wells Fargo
· Involved with vulnerability processes and timelines, application patching tasks, scheduling, planning and coordination for Wells Fargo’s Technology Health Refresh (THR) initiative. Collected Qualys scan data for application vulnerabilities and populated Excel workbooks with this information. The workbooks were then formatted for clarity before meeting with application owners to discuss scan findings, remediation strategies and schedules.
·
Worked on-site and
remotely from my private office in Monroe NC, within a geographically-distributed
workforce
Feb 2016 to Present – Co-owner
– Private Equestrian Facility (Kinard Horse Riding and Boarding)
·
Manage projects and tasks for horse farm that conducts lessons and boarding in
Monroe, NC.
Sep 2015 to Jan 2016 – NERC-CIP
Compliance Analyst & QA Partner – Contract: CRG (Computer Resource
Group) for client Duke Energy
·
Location
= 400 S. Tryon Street, 32nd floor, Charlotte, NC
·
Exposure to NERC-CIP standards
·
Provided Compliance reviews for Fossil Hydro
Generation (FHO).
·
Performed Business Continuity Planning and
Disaster Recovery procedures
·
Performed NERC-CIP Quality Assurance measures to assure
Duke Energy generating stations provide reliable delivery of electricity to
consumers and businesses.
·
Assisted in delivering NERC-CIP Compliance
training at generating stations in Florida, Indiana and North Carolina.
·
The
late Daphne Pinchback supervised my QA Reviews for FHO.
May 2015 to Jul 2015 – Cyber
Security Engineer – Contract: Matlen Silver for client Babcock & Wilcox
·
Managed a Data Loss Prevention (DLP) system,
protecting data from escaping over various protocols such as SMTP & FTP, on
removable USB storage and printed copy. Began
architecting an enterprise DLP system upgrade to v14.
·
Used IBM Unified Endpoint Management systems
·
Leveraged Splunk to aggregate and correlate a
variety of system events for analysis
·
Examined Cloud-based CASB solutions such as
Bitglass, to check the efficacy of compromise detection and prevention
mechanisms.
Dec 2013 to Feb 2015 – Sr.
Network Security Engineer – for client Bank of America
Dual contract management: Dell
Secureworks (2013-2014) and TEKsystems (2014-2015)
·
Managed an enterprise firewall consulting queue
·
Perimeter security
engineering solutions and cyber security services
·
Articulated differences between Maximo software and
new Remedy ITSM package
·
Shepherded project requests through correct channels
insuring on time delivery of services
·
Worked both remotely from my private office and on-site in
Charlotte, NC, within a geographically-distributed workforce.
Jul 2012 to Sep 2013 – Systems
Security Engineer III – Honeywell – North Charleston, SC
·
Obtained a Secret
Security Clearance from the United States Department of Defense (DoD)
·
Provided Cyber-Security and Information
Assurance expertise for the Department of Defense, protecting critical systems
and other assets utilized by the warfighter in combat missions.
·
Protected the Confidentiality, Integrity and
Availability of information systems for federal government agencies, public and
private sector clients.
Specific
IA experience:
·
Served as IAO for SPAWAR supporting the ISSM in two Marine Corps
taskings (AFATDS and TLDHS).
·
Engaged in Risk Management Framework (RMF)
architecture/planning; Leveraged NIST 800-53 and ISO 27001 guidelines.
· Participated in Baseline and IV&V activities for JTF Capital Medical systems
May 2007 to Jul 2012 – Information
Security Analyst II: Santee Cooper – Moncks Corner, SC
·
Attained the CISSP (Certified Information
Systems Security Professional, #108647) credential by examination September 29,
2007
·
Worked with NERC-CIP
standards
·
Created Visio master LAN maps for firewall
router and switch documentation at Headquarters and the Standby Control Center,
SCADA Control Systems’ network security upgrades, regional water systems and
all electric cooperatives, plus Antivirus/Antimalware & RSA Appliance deployment
and management.
·
On-Call 1: Participated
in Annual rotation as primary BCP & DR response analyst for potential Coastal
storm events during hurricane season
·
On-Call 2: Participated
in weekly rotation as the primary response analyst for Security-related network
and systems events, escalated by Secureworks and other technical groups
·
Change
Management: processes, policies and procedures
·
Encryption: Project
manager for the assessment phase of a laptop encryption project
·
Antivirus: Designed,
launched, upgraded and solely managed a redundant enterprise antivirus
protection schema for all corporate Windows, Citrix and Linux servers, desktops
and laptops, using Symantec Endpoint Protection. Implemented & administered other
antivirus & management products such as Trend Micro, IBM/Tivoli Endpoint
Manager (TEM), and IBM/BigFix.
·
Malware: Procured supported version of
Malwarebytes version with full documentation, then set up full scans at various
intervals; Utilized TDSS Killer by Kaspersky to eliminate boot sector
infections common on internet-facing endpoints; Fine-tuned detection and
sensitivity thresholds of Symantec Endpoint Protection and Trend Micro to the
highest levels, minimizing effects of malicious malware and other devious
applications on production endpoints and servers
·
Firewalls: Upgraded numerous end-of-life Nokia
appliances on IPSO 3.x in our inventory to their latest Nokia IP-series hardware,
eventually running IPSO v4.2. After
Check Point purchased Nokia’s line of IP-series firewall appliances we began to
roll out some Check Point-branded hardware running SPLAT, as its versioning
steadily progressed from NGX R60 up to NGX R75.30. I specified, ordered,
received, built, implemented, installed and managed Check Point and Nokia
firewalls for use at 1. Fossil Hydro (FHO) Generating Stations in Power
Generation Process Control networks, and 2. CEMS (Continuous Emissions
Monitoring Systems). These firewalls were
also used with IP Metering systems at electric cooperatives, each transmitting
monthly/hourly power billing data securely over Check Point VPN’s. (See VPN’s below.)
·
VPN’s: Created, implemented and administered Tunnel-mode IPSec
VPN’s for the electric cooperatives using IP Metering firewalls.
·
Network Address Translation (NAT): Created a NAT table to prevent
IP address conflicts. A new electric
cooperative wished to join my IP Metering program, but its existing address
configuration was the same as one of our generating stations. I created a translated IP schema on our
network using a new 10.x.x.x format.
This segmented all traffic destined for the generating station away from
traffic to the cooperative.
·
Occasionally
during troubleshooting and configuration I utilized
“expert-mode” CLI on Check Point w/SPLAT and CLISH on Nokia w/IPSO.
·
Authentication: Managed RSA SecurID two-factor authentication system upgrade from old virtual
server-based systems to new Appliances; integrating disaster
recovery/redundancy/failover capabilities; management; upgrades, service packs
& patches; agent configuration/distribution, etc.
·
Vulnerability Management: Scanning, remediation and reporting
with eEye Retina
·
Patching: Managed security updates & patching
for all HP-UX servers (which housed existing Development and Production Oracle
databases), Redhat Linux and
Windows development and production servers
·
Monitoring: Managed perimeter network monitoring
services provided by Dell-Secureworks
·
Deployed Symantec Anti-Virus For Linux (SAVFL) onto
RHEL4 (32-bit) and RHEL5 (64-bit) servers. Authored an installation guide
describing this process in detail.
·
Metrics Reporting: Monthly/quarterly reporting on
Internet and Firewall Availability, Kiwi, FTP, antivirus coverage
·
Hardening: Secured new HP-UX servers (deployed to
house new Oracle databases) using Bastille, SUDO and Trusted System
·
VMWare: vSphere Host and Guest Management
·
Security
representative on various project
teams
·
Coordinated security
vendor relationships
Jul 2005 to Apr 2007 – Network
Engineer: Decore-ative Specialties – Monroe, NC
·
Network engineering and
administration for national wood products manufacturing company
·
Executed Business Continuity/Disaster Recovery
plan for production manufacturing computers
·
Configured Zebra devices for use on assembly lines
·
Wireless: Designed and implemented improvements
to 802.11 / 802.1x wireless LANs and numerous handheld devices
·
Site Maps: Created master LAN maps and device
documentation using Visio and Autocad
·
Process Improvements: Conceived and executed strategy to
mediate detrimental effects that extreme temperatures and wood dust have on
Technology equipment in harsh manufacturing environments
·
Patching: Applied security vulnerability updates using HFNetChk Professional
·
Data
Protection: Scripted daily archival of data from manufacturing computers on
XP/Windows2000
·
Served as East Coast technical liaison for peers in California
·
Backup Systems: Managed Tivoli Storage Manager (TSM)
data backup system
·
Scripting: Developed shell and command-line scripting with
VBScript modules, automating repetitive administration tasks
·
Service: Diagnosed issues and coordinated
factory service of servers, workstations, laptops, switches, wireless access
points and StorServer tape drive
Feb 2004 to Jul 2005 – Security
and Systems Administrator: Global
Compliance Services – Charlotte, NC
·
Responsible for Information Security, System Administration,
and User Administration using Role-based Access Control (“RBAC”).
·
Policies 1: Discussed with the CEO the
importance of having solid policies to guide Technology management, practices
and decisions, which shall be implemented after obtaining Senior-level review
and approval
·
Policies 2: Conceived and authored Information Security, Internet Usage, BCP & DR
(Business Continuity Planning/Disaster Recovery) and Microcomputer policies
·
Policies 3: Created new password expiration
policies and logon banners and implemented them into production use
·
Policies 4: Created new password complexity requirements
and implemented them into production use by installing passflt.dll on the Primary and Backup NT4 domain controllers
·
Patching: Created and
managed a Microsoft Software Update Services (SUS) server, and used it to
distribute security patches
to Windows servers and end-user computers/laptops
·
Active Directory: Coordinated conversion of old Windows
NT 4.0 domain to hybrid Active Directory.
Created default Group Policy, GPO’s and OU’s
·
Standardized Windows 2000/XP workstation
builds/images using local Group Policy
·
Antivirus: Introduced
and managed McAfee Active Virus Defense systems, including ePolicy Orchestrator
consoles
·
Email: Used ExMerge to migrate Outlook clients from Exchange 5.5
email server (used with NT4) to Exchange 2000 email server (used with hybrid
Active Directory)
·
Leadership:
Recruited/managed/mentored one direct report for technical support services
·
Scripting: Developed shell and command-line scripting using
VBScript modules, automating repetitive administration tasks
·
Coordinated vendor
relationships
·
Built these twelve (12) servers:
Windows 2000:
** One Exchange 2000 server
** Three Nortel Symposium servers (1-web server & 2-database servers)
** One McAfee ePolicy Orchestrator server
** One WSUS (Windows Software Update Services) server
** One Client Reports server
Windows 2003:
** Two domain controllers
OpenBSD:
** One FTP server (v. 3.5)
** One MTA server (v. 3.5)
** One SysLog server (v. 3.6)
Apr 2001 to Nov 2003 – Network
and Security Administrator & End-user Support: Sharonview Federal Credit Union – Charlotte,
NC
·
Network
and user administration
·
Increased awareness of Information Security;
attended two security conferences
·
Check
printing: Configured method for
credit union tellers to view and print copies of processed/cleared checks for
members upon request
·
Web
filtering: Implemented SuperScout Internet usage monitoring system to enforce
corporate browsing policy
·
Monitoring: Established
and managed network monitoring system using IP Monitor, to ensure availability
of network devices and promote uptime awareness
·
Antivirus: Introduced
and managed McAfee Active Virus Defense systems, including ePolicy Orchestrator
consoles
·
Standardized Windows NT4.0, 2000 and XP workstation
builds using imaging
·
Installed and
administered Windows 2000 Terminal Services
·
Scripting: Developed shell and command-line scripting using
VBScript modules, automating repetitive administration tasks
·
Accounts: Managed network accounts using Role-based Access
Control (“RBAC”), and Exchange user accounts
·
LAN/WAN: Performed Cisco
router and switch
configuration and deployment at credit
union branches
·
Site
work: Coordinated installation
of data and voice wiring at credit
union branches
·
Built branch and corporate servers
·
Evaluated/rebuilt
crashed workstations and
deployed new units
·
Installed/updated
end-user software
·
Fixed network connectivity problems
·
Interfaced with vendors/suppliers
·
Documentation: Created/updated network documentation/diagrams
·
Policy & Policies:
While working with the
Business Continuity/Disaster Recovery manager I began examining policies, and
drafted several “sample” IT Security policies
Sep 1998 to Apr 2001 – Assistant
Vice President, Network and Security Operations Center Administration: Bank of America – Charlotte, NC
·
Accounts: Administered user accounts using Role-based
Access Control (“RBAC”), data access management, NTFS/Share security & DFS
for client base of 15,000 users on a hybrid Windows 2000/NT4 domain
·
Policy & Policies:
Implemented domain security policy best practices, including hardened domain
passwords and procedures for terminating access of former employees
·
Change Management:
processes, policies and procedures
·
Web server:
Set up Global Corporate
Investment Bank (GCIB) Client Administration Intranet web server and site for
Accounts Administration use
·
Two-factor authentication: Set up and administered
an enterprise RAS solution using RSA’s SecurID security tokens
·
Rights management: Cooperated
in a project to lock down domain rights
·
Set up and managed DFS shares for centralized
control of data
·
Troubleshooting: Worked with the Network Security/Operations
teams to diagnose and troubleshoot Security issues, data processes and hardware
resources
·
Backups: Facilitated a secure backup tape
rotation and ensured proper off-site storage/retrieval standards
·
Scripting: Developed shell and command-line scripting,
automating repetitive administration tasks
May 1992 to Sep 1998 – Structural
Engineer, Various civil and structural engineering firms in North and South
Carolina
EDUCATION:
UNIVERSITY
OF SOUTH CAROLINA
Bachelor
of Science in Civil & Structural Engineering