Michael Douglas Weisberg

michael@weisberg.org

Skills Summary

Senior manager, consultant and engineer with extensive experience in the development of staff, markets and technology. Skilled in advising state and local government entities on the subjects of information security, identity management and technology deployment. Excellent background in both hands-on and managed technology evaluation. Experienced with scheduling, project planning and budgeting. Comfortable with public speaking, presentation and education of both internal and client resources.

Employment

Principal Consultant, Information Security NYSTEC

May 2001-Present

Albany and Rome, NY

  • Project developer and technical resource to the New York State office of the CIO committee on identity management

  • Developed and implemented the New York State Department of Taxation and Finance eMPIRE portal security architecture

  • Designed, and provided Quality Assurance for, a HIPAA compliant reduced sign-on and user provisioning system for the New York State Department of Health

  • Infrastructure redesign consultant to the New York State Department of Public Service

  • Technical adviser to, and trusted agent for, multiple New York State entities including health, finance and law enforcement agencies

  • Conducted and coordinated penetration testing and vulnerability analysis for multiple agencies

  • Provide technical and project leadership advising to agencies deploying new security related technology. This includes diverse opportunities ranging from firewalls and intrusion detection systems to WiFi and LDAP directories.

Director of Technology Services

Rhythms NetConnections, Inc.

April 2000-April 2001

Englewood, CO

  • Originated and managed support structures for both the current production environment and the new operational support system environment including third level support, database application support and information security support.

  • Managed a 43 person staff including a nationwide team of Unix, NT, Security and Database Administrators.

  • Established a policy of redundant (clustered) hardware and disk systems to promote 24x7 operations and minimize batch window requirements

  • Authored the corporate information security policy including network security, document retention, encryption and acceptable use

  • Designed and implemented a corporate incident response methodology (CIRT) to address virus containment, hacking, abuse and data theft

  • Deployed an auditable and consistent telecommunication policy that included oversight of circuit ordering and monitoring of corporate long distance use

  • Implemented a program of information security education and awareness for the corporation

  • Managed both expense and capital budgets

Vice President, Information Security;

Assistant Vice President, Technology Architecture;

Assistant Vice President, Operating Systems Support

Bank of America and predecessors

January 1995-April 2000

Richmond, VA

  • Developed corporate policy on the use of security data analysis tools

  • Established a uniform metric for the evaluation of threat and a consistent method of report to senior corporate management

  • Participated as a member of the Bank of America Computing Incident Response team, a post incident response and review organization

  • Engineered and deployed a worldwide network of intrusion sensors, reporting to a secure but remotely accessible collection point

  • Developed process and control documentation for the handling of intrusion evidence

  • Reviewed and recommended the safe, short-term (6 to 24 month) deployment of new banking technology

  • Gathered business requirements of the client community and recommended appropriate products to resolve the technology issues

  • Provided technical leadership to the Operating Systems Support team

  • Coordinated the Compute Services function in the Bank South consolidation. This $8B bank was fully integrated into the NationsBank environment

  • Participated as a senior technician and resource on the MVS Version 5.2 project

Software Engineer III

Corporate Information Technology

General Electric Company

September 1989-Dec. 1994

Schenectady, NY

  • Project Leader for the Corporate Research and Development Data Center integration

  • Project Leader for the National Broadcasting Company MVS 4.3 Upgrade

  • Client Technical Focus for the National Broadcasting Company

Senior Systems Programmer

Office of Management and Budget

New York State Assembly

October 1984-Sept. 1989


Albany, NY

  • Installation and support of a newly established data center

  • Evaluation and recommendation of software and hardware for general use by the New York State Assembly.

Consultant

Software Solutions Inc

August 1983 –September 1984


Kensington, MD

  • Coding of mailing, reply and correspondence software

  • Design of sorting and query modules for mailing systems

Presentations and Papers

New York State Security Day 2005

Developing an Identity Management Infrastructure

New York State Security Day 2004

Leveraging Information Security Assets using Open Source Software

New York State Security Day 2003

Hoping for the best, Planning for the worst: Contingency Preparedness and Business Resumption Planning


New York State Security Day 2002

Developing a 24x7 Incident Response Organization


Mohawk Valley IEEE Conference 2005

Securing Linux on the Desktop

Information Security – Attending to the Basics


Management of Self Signed Certificates in a Multi-server Environment

Whitepaper 2005


New York State Temporary Joint Committee on Cybersecurity and Infrastructure Protection

Offered testimony on cyber-terrorism preparedness to the committee at the December 2003 session


Duchess County Infrastructure Protection Conference (2003)

Information Security, What’s Next?


SHARE Inc.

Best of Session Award Winter 2000. “Linux Networking and Firewalls”


SHARE Inc.

Best of Session Award Summer 1999, “Linux Distributions – What’s New”


Guide International – Engage! Conference (1999)

Keynote Address: Overlooking the Obvious: What Should We REALLY Be Securing In Our Enterprises?


Information Security Advisor 2005 (Newsletter)

Working on the Road (4 columns)


Information Security Advisor 2004 (Newsletter)

Open Source Information Security Tools (4 columns)


Information Security Advisor 2003 (Newsletter)

Information Security On The Cheap (4 columns)



Professional Memberships and positions

SHARE Inc.

Applications Systems Program Manager (1999-2000)

Internet Applications Project Manager (1997-1999)


IEEE Computer Society

Member since 2001


NaSPA

Member since 1991

Education

B.S. in Chemistry 1983

Rensselaer Polytechnic Institute, Troy, NY