Michael W. Meissner - Cyber Security Engineering Biography

MICHAEL W. MEISSNER, RCDD
CYBER SECURITY SERVICES
CYBER SECURITY PROGRAM AND PROJECT MANAGEMENT
CYBER SECURITY SOLUTIONS ARCHITECTURE
CYBER SECURITY DESIGN ENGINEERING

MICHAEL MEISSNER
SUMMARY
• MR. MEISSNER IS A HIGHLY MOTIVATE CYBER SECURITY PROGRAM MANAGER AND CYBER SECURITY
ENGINEER AND HAS OVER THIRTY YEARS OF EXPERIENCE AS A MANAGING PROGRAMS AND
PROJECTS.
• MICHAEL W. MEISSNER LEADS ETHERNAUTICS, INC.'S CYBER SECURITY PRACTICE. MR. MEISSNER HAS
OVER 30 YEARS OF IT, ENGINEERING AND MANAGEMENT EXPERIENCE. THROUGHOUT HIS CAREER HE
HAS PROVIDED EXCEPTIONAL CLIENT SERVICE AND COMMUNICATION SKILLS WITH A
DEMONSTRATED ABILITY TO DEVELOP AND MAINTAIN OUTSTANDING CLIENT RELATIONSHIPS.
• HIGHLY ORGANIZED, RESULTS-ORIENTED AND ATTENTIVE TO DETAILS. SELF-MOTIVATED,
PROACTIVE, INDEPENDENT AND RESPONSIVE. REQUIRES LITTLE SUPERVISORY ATTENTION.
EXCELLENT PRESENTATION, FACILITATION AND DIPLOMACY SKILLS
• MEISSNER HAS EXECUTED END TO END PROGRAM MANAGEMENT AND PROJECT MANAGEMENT OF
LARGE AND/OR MULTIPLE LARGE PROJECTS. MR. MEISSNER HAS MANAGED PROJECTS FROM A FEW
INDIVIDUALS TO TEAMS OF OVER 100 INDIVIDUALS AND VENDORS.
©1994-2016 Copyright Michael W. Meissner –
Ethernautics, Inc.
Author: Michael W. Meissner
Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT
–7)
2

MICHAEL MEISSNER
SUMMARY
• MR. MEISSNER DESIGNS AND IMPLEMENTS ALL FACETS OF CYBER SECURITY PROJECTS, PROGRAMMATIC AND TECHNICAL
DETAIL MANAGEMENT TO ENSURE DELIVERABLES ARE MET WITHIN SCHEDULE, BUDGET, AND QUALITY GOALS. HE IS ABLE
TO EXPRESS A CLEAR UNDERSTANDING OF THE BUSINESS, OPERATIONAL AND HUMAN IMPACT OF TECHNOLOGY AND THE
CYBER SECURITY THREATS THEY EXPOSE.
• MR. MEISSNER HAS MANY YEARS OF EXPERIENCE WORKING IN A COMPLEX, MULTI TASKING TYPE ENVIRONMENTS.
• DEMONSTRATED TRACK RECORD ASSISTING CLIENTS WITH IDENTIFYING AND ASSESSING INFORMATION SYSTEM RELATED
RISKS AND DEFINING BEST PRACTICES AS A TRUSTED ADVISER.
• HANDS-ON EXPERIENCE WITH INFORMATION SECURITY STANDARDS AND TECHNOLOGY
• EXPERIENCE WITH SECURITY STRATEGIES AND/OR SECURITY ARCHITECTURE.
• EXPERTISE IN IT POLICY AND PROCEDURE DEVELOPMENT.
• MEISSNER HAS EXECUTED PROJECTS THRU THEIR COMPLETE LIFE-CYCLES (SDLC)
• IT PROCESSES (I.E., ITIL) INCLUDING INCIDENT, PROBLEM, DEFECT, CHANGE AND RELEASE MANAGEMENT.
Ethernautics, Inc.
–7)
3

MICHAEL MEISSNER
SECURITY DOMAINS
• EXPERIENCE WITH THE FOLLOWING SECURITY DOMAINS:
• AUDIT AND MONITORING,
• RISK RESPONSE & RECOVERY
• CRYPTOGRAPHY
• DATA COMMUNICATIONS
• COMPUTER OPERATIONS SECURITY
• TELECOMMUNICATIONS & NETWORK SECURITY
• SECURITY ARCHITECTURE & MODELS
• MEISSNER MAINTAINS EXPERIENCE IN SEVERAL INDUSTRY VERTICALS
Ethernautics, Inc.
–7)
4

WORK HISTORY
08/2007 - Present Ethernautics, Inc. California Water Services
Areva
Computer Sciences Corporation
Telcordia
Global Telcom Limited (GTL)
US Cellular
Urenco/LES
ETUS
STP – South Texas Project
Verizon Wireless
JoAnn’s Stores
01/2007 – 08/2007 NetCracker,
Technologies
US Army
Time Warner
One Communications
Covad
Telus
Nextel/Sprint
Verizon Business
Horry Telephone Cooperative
Comcast
11/1993 – 01/2007 Information
Mechanics, Inc.
Comcast (TCI)
AT&T Broadband
MetroList
Mobeo
GTE
AT&T Wireless
Bell South
Continental Cable
Lafarge Concrete
Denver Post
US Park Service
Across Media Networks
Telcordia (Belcore) – SAIC
TECO/Peoples Gas
Cable Services Group (CSG)
AMDOCS
Cable Data
Kenan
AT&T Broadband
MediaOne
USWest/Qwest
Ticketmaster/Pacer Cats, AMC, United Artist
02/1992 – 11/1993 Berger & Co Region Transportation District (RTD)
Lipper Analytical
Aspen Ski Corp
Obeymeyer Sports
USWest
Jones Cable
Xcel Energy
Frontier Communications
Optimus Technologies
Ticketmaster/Pacer Cats
Trinidad Benham
Territory Agent IBM – Oil & Gas/Mining/AEC
05/1987 – 02/1992 IBM Department of Transportation
Department of Health and Human Services
Department of Labor
Rocky Flats – Rockwell International
Public Service Company of Colorado
Kaiser Permanente
St. Anthony’s Hospital
St. Luke’s Hospital, Veterans Hospital
Colorado School of Mines
05/1987 – 10/1988 Colorado School of
Mines
Research Development
Data Center Management
06/1985 – 05/1987 Schlumberger Measurement While Drilling (MWD)
01/1988 – 06/1985 Mammoth
Information Services
Calaway Oil & Gas
Bird Oil Corporation
Amselco Minerals
Amoco
Microgeophysical Corp
Max P. Arnold & Associates
* See Project References for details: (Click Here)
Ethernautics, Inc.
5

GOVERNANCE
PROGRAM AND PROJECT MANAGEMENT
• CYBER SECURITY PROGRAM
LEADERSHIP AND MANAGEMENT
• CYBER SECURITY STRATEGY
• CYBER SECURITY PROJECT
MANAGEMENT
• REGULATORY COMPLIANCE
• POLICY AND PROCEDURE
DEVELOPMENT
• CHANGE MANAGEMENT -
CONFIGURATION MANAGEMENT
• TECHNICAL SPECIFICATIONS AND
BEST PRACTICE DEVELOPMENT
• INCIDENT RESPONSE DISASTER
RECOVERY
• REPORTING AND KPI’S
Ethernautics, Inc.
–7)
6

GOVERNANCE
PROGRAM AND PROJECT MANAGEMENT
• CUSTOMER FACING – WORKS ACROSS
ORGANIZATION
• PROJECT MANAGEMENT
• DEVELOP AND TRACK SCHEDULES
• TRACK RESOURCES
• KPI’S
• RFP PREPARATION, BID PREPARATION AND
RESPONSE
• JOB COSTING AND BUDGET TRACKING
• PROFICIENT IN DESIGN, PRESENTATION, AND
PROJECT MANAGEMENT TOOLS (MS OFFICE,
WORD, EXCEL, POWER POINT, VISIO,
PROJECT)
• PROJECT AND CONSTRUCTION
MANAGEMENT, IT ENGINEERING
MANAGEMENT, FIELD ENGINEERING AND
“CRAFT” MANAGEMENT
• LABOR/UNION RELATIONS
Ethernautics, Inc.
Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –
7)
7

TECHNICAL CAPABILITIES
• LOW VOLTAGE DESIGN - REGISTERED
COMMUNICATIONS DISTRIBUTION DESIGNER
(RCDD) CERTIFICATION
• OUTSIDE PLANT DESIGN
• ELECTRONIC SAFETY AND SECURITY
SYSTEMS DESIGN (LIFE SAFETY)
• WIRELESS DESIGN (DAS, CELLULAR, ANALOG
RADIO)
• INTELLIGENT BUILDINGS, BUILDING
AUTOMATION, UTILITY MONITORING
DESIGNS
• CYBER SECURITY DESIGN – CISSP
CERTIFICATIONS
• RIGHTS OF WAY, PERMITTING, AND
AUTHORITIES HAVING JURISDICTION (AHJ)
• CUSTOMER FACING SALES AND SUPPORT –
TECHNICAL PRESENTATIONS
• PROFICIENT IN DESIGN TOOLS (ACAD, VISIO,
EXCEL)
• FIELD ENGINEERING, DESIGN VERIFICATION,
AND "AS-BUILTS"
• CYBER-PHYSICAL SYSTEMS
• CYBER SECURITY ASSESSMENT
Hello 8

TECHNICAL CAPABILITIES – CYBER SECURITY
• CYBER-PHYSICAL SYSTEMS -
ELECTRONIC SAFETY AND SECURITY
SYSTEMS DESIGN (LIFE SAFETY)
• WIRELESS DESIGN (DAS, CELLULAR,
ANALOG RADIO) - ENCRYPTION
• CYBER SECURITY DESIGN – CISSP
CERTIFICATIONS
• REGULATORY REQUIREMENTS
• BUSINESS REQUIREMENT
• CUSTOMER FACING SALES AND SUPPORT –
TECHNICAL PRESENTATIONS
• RISK ASSESSMENT
• CRITICAL DIGITAL ASSET MANAGEMENT
• CYBER SECURITY ASSESSMENT
Ethernautics, Inc.
Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –
7)
9

CYBER SECURITY ENGINEERING
SECURITY-BY-DESIGN SERVICES
• CYBER SECURITY ENGINEERING
• CYBER SECURITY ARCHITECTURES (PCI, NIST, ISO
ETC.)
• BUSINESS AND REGULATORY REQUIREMENTS
• SYSTEM ANALYSIS USING MULTIPLE TECHNOLOGIES
IN HETEROGENEOUS ARCHITECTURES AND WIDE
SYSTEM FUNCTIONALITY
• ELECTRONIC SAFETY AND SECURITY (ESS) -
PHYSICAL SECURITY SYSTEMS AND LIFE SAFETY
SYSTEMS
• CRITICAL DIGITAL ASSET DETERMINATION
• ANALYZES NETWORK SECURITY DESIGN
• RISK ASSESSMENT AND MANAGEMENT
• WORK WITH CLIENTS IN IDENTIFYING AND
ASSESSING INFORMATION SYSTEM RELATED
RISKS RELATED TO CYBER SECURITY.
• CREATING STRATEGIES RELATED TO CYBER
SECURITY RISK MANAGEMENT.
• PLANS AND CONDUCTS VULNERABILITY
ASSESSMENTS
• CREATED AND TUNED VULNERABILITY SCAN
GROUPS AND CONFIGURATIONS.
• IDENTIFICATION OF ATTACK VULNERABILITIES
(OWASP) AND (ISO/IEC 15408-1:2009)
• EVALUATION OF SYSTEM SECURITY
CONFIGURATIONS
• DEVELOPMENT AND EVALUATION OF ATTACK
SCENARIOS
• EVALUATES FINDINGS AND CONDUCTS ROOT CAUSE
ANALYSIS
• CONDUCT PENETRATION TESTING, ROUTINE
EXPLOIT ANALYSIS, SYSTEMS MONITORING.
• CYBER SECURITY CONTROLS CATALOG
• REMEDIATION AND MITIGATION
Ethernautics, Inc.
Last revised: 02/17/2016 4:16:59 PM PDT
(UTC/GMT –7)
10

SECURITY-BY-DESIGN
DIGITAL DESIGN AND SYSTEMS ENGINEERING
SERVICES
• MEISSNER HAS EXPERIENCE WITH DESIGNING THE FOLLOWING SECURITY RELATED SYSTEMS:
• NETWORK SECURITY DESIGN (LAN/WAN)
• APPLICATION SECURITY DESIGN
• DATA SECURITY
• ELECTRONIC SAFETY AND SECURITY (ESS) - PHYSICAL SECURITY SYSTEMS AND LIFE SAFETY
SYSTEMS
• SECURE WIRELESS
• RADIO ENCRYPTION
• DATA
• VOICE (PUSH-TO-TALK)
• INTEGRATES SECURITY TECHNICAL CONTROLS FOR MULTIPLE PROJECTS/PRODUCTS WITH DEFINED
REQUIREMENTS
• DESIGN TEST PLANS TO EVALUATE CONTROL OBJECTIVES AND IDENTIFY WEAKNESSES IN THE
INFORMATION TECHNOLOGY CONTROL STRUCTURE.
• SECURITY OPERATION CENTERS (SOC), NETWORK OPERATION CENTERS (NOC), DATA CENTERS,
TELECOM EQUIPMENT ROOMS,
• ENGINEERING DRAWINGS - (T-EQP, T-PHY, T-PHY)
• IDENTITY ACCESS MANAGEMENT AND AUTHORIZATION
• PLANT CONTROL SYSTEMS (PCS, ICS) AND SCADA SYSTEMS IN NUCLEAR
POWER PLANTS, CHEMICAL PROCESSING AND WATER
TREATMENT/DISTRIBUTION CRITICAL INFRASTRUCTURE
• DESIGN OVERALL DEFENSE-IN-DEPTH ARCHITECTURE FOR PLANT SYSTEMS
(NIST CYBER SECURITY FRAMEWORK AND ISO/IEC 27001 COMPLIANCE
COBIT, COSO).
• SUPPORTING INFRASTRUCTURES (TELCOM, POWER, HVAC, DATA CENTER,
CLOSETS, DAS, DISTRIBUTION SYSTEMS)
• OUTSIDE PLANT (OSP)
• SECURE STRUCTURED CABLING
• DEFINES SECURITY PRODUCT SPECIFICATIONS
• DEFINE INTRUSION/DATA LOSS TECHNIQUES.
• DESIGNS, INTEGRATES AND CONFIGURES CONTROLS.
• RESPONSIBLE FOR IMPLEMENTING AND TUNING THE TECHNICAL SOLUTION
USED TO IDENTIFY AND MANAGE THE CONFIGURATIONS AND CONTROLS
• PATCH MANAGEMENT- SATELLITE, SCCM, WSUS, SHAVLIK, SECUNIA,
LANDESK
Ethernautics, Inc.
–7)
11

SECURITY-BY-DESIGN
DIGITAL DESIGN AND SYSTEMS ENGINEERING
SERVICES
• MEISSNER HAS EXPERIENCE WITH DESIGNING THE FOLLOWING
SECURITY RELATED SYSTEMS:
• NETWORK SECURITY DEPLOYMENT OF NETWORK AND
APPLICATION SECURITY AND AUTHORIZATION FOR PLANT
CONTROL AND REPORTING SYSTEMS.
• FIREWALLS
• DATA DIODES
• DMZ’S
• ENCRYPTION
• IAM
• SIEMS
• IDS/IPS
Ethernautics, Inc.
–7)
12

SECURITY-BY-DESIGN SERVICES
• MEISSNER HAS EXPERIENCE WITH THE FOLLOWING SYSTEMS:
• PHYSICAL SECURITY SYSTEMS
• LIFE/SAFETY SYSTEMS – ESS SYSTEMS
• ASSET MANAGEMENT
• PLANT CONTROL SYSTEMS
• BUILDING AUTOMATION & UTILITY MONITORING
• DATA CENTER DESIGN
• CABLE DESIGN – STRUCTURED CABLING
• OUTSIDE PLANT - OSP
• NETWORK DESIGN
• CYBER SECURITY ENGINEERING
• AUTHORIZATION AND CONTROL
• LEED
• PROJECT MANAGEMENT
Ethernautics, Inc.
–7)
13

SECURITY-BY-DESIGN OPERATIONS SERVICES
• SECURITY OPERATION CENTER (SOC, ALARM STATIONS)
• CYBER SECURITY MONITORING
• NETWORK SECURITY MONITORING
• INCIDENT DETECTION
• CONTRIBUTES TO THE DEVELOPMENT AND EVALUATION OF ATTACK SCENARIOS
• EVALUATES FINDINGS AND CONDUCTS ROOT CAUSE ANALYSIS
• PERFORMS INCIDENT RESPONSE ACTIVITIES ACROSS BROAD TECHNOLOGY PROFILES OR MULTIPLE SYSTEMS
• INTERROGATES INDUSTRY SOURCES AND EVALUATES INCIDENT INDICATORS.
• COLLECTS AND PRESERVES EVIDENCE, IDENTIFIES INTRUSION OR INCIDENT PATH AND METHOD
• DETERMINES NATURE, MECHANISMS, SCOPE AND LOCATION OF THE INCIDENT.
• DRAFTS INCIDENT/INVESTIGATION REPORTS AND MAKES RECOMMENDATION FOR FUTURE PROCESS ENHANCEMENTS. PREPARES AND DELIVERS
TECHNICAL REPORTS AND BRIEFINGS
• DEPLOYMENT OF NETWORK AND APPLICATION SECURITY AND AUTHORIZATION FOR PLANT CONTROL AND REPORTING SYSTEMS.
• MONITORS NETWORK AND HOST-BASED SECURITY ALERTING SYSTEMS AND EVENT LOGS.
PERFORMS INITIAL EVENT/LOSS ASSESSMENT AND VALIDATION.
Ethernautics, Inc.
–7)
14

SECURITY-BY-DESIGN
IT CYBER SECURITY DETECTION AND PREVENTION
TOOLS
• NETWORK MONITORING – SOLARWINDS
• VULNERABILITY SCANNERS - NESSUS, RETINA,
QUALSYS, FOUNDSTONE, NEXPOSE
• SIEM – SPLUNK, IBM QRADAR
• IDS / IPS – SOURCEFIRE, CISCO IPS 4200,
INTRUSHIELD
• PASSWORD MANAGEMENT - THYCOTIC
• DEFENSE IN DEPTH ARCHITECTURE AND
ADVANCED PERSISTENT THREATS (APTS)
• INCIDENT MANAGEMENT AND FORENSICS -
NETWITNESS
• RSA SECURITY ANALYTICS, ARCHER, SECOPS
• PKI - PUBLIC KEY INFRASTRUCTURE
• WEBSENSE
• FIREWALLS - CISCO, PALOALTO NETWORKS,
CHECKPOINT
• DATA DIODES - CANARY, WATERFALL
• CISCO ISE
• CHECKPOINT LOAD BALANCER
• REMEDY NETWORKING
Through education and experience Mr. Meissner has amassed
skills with the following Cyber Security Tool Sets:
Ethernautics, Inc.
(UTC/GMT –7)
15

SECURITY-BY-DESIGN
IT CYBER SECURITY TECHNOLOGIES
• SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
• MR. MEISSNER HAS HAD A VARIETY OF EXPERIENCES WITH THE FOLLOWING SIEM SOLUTIONS IN ORDER TO SUPPORT REAL-TIME ANALYSIS OF
SECURITY ALERTS GENERATED BY NETWORK HARDWARE AND APPLICATIONS:
• QRADAR
• SPLUNK
• MCAFEE ENTERPRISE SECURITY MANAGER
• IDS/IPS
• MR. MEISSNER HAS EXPERIENCE IN EVALUATING AND DEPLOYING SEVERAL IDS AND IPS TOOLS THAT HAVE ASSISTED ORGANIZATIONS IN THE
IDENTIFICATION AND PROTECTION OF THEIR WIRED AND WIRELESS NETWORKS AGAINST SEVERAL TYPES OF SECURITY THREATS. MR. MEISSNER
HAS EXPERIENCE WITH THE FOLLOWING IDS/IPS/SIEM SOLUTIONS:
• MCAFEE'S INTRUSHIELD/MCAFEE NETWORK SECURITY PLATFORM (NSP)
• SOURCEFIRE
• SNORT
• TIPPINGPOINT
• JUNIPER IPS
Through education and experience Mr. Meissner has
experience with the following Cyber Security Technologies:
Ethernautics, Inc.
Last revised: 02/17/2016 4:16:59 PM PDT (UTC/GMT –7)
16

SECURITY-BY-DESIGN
• ENDPOINT SECURITY TOOLS/ANTI-VIRUS/ANTIMALWARE
• MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING ENDPOINT SECURITY SOLUTIONS:
• MCAFEE
• SYMANTEC
• RSA ECAT
• MOBILE DEVICES MANAGEMENT (MDM)
• MR. MEISSNER HAS EFFECTIVELY DEPLOYED MDM SOFTWARE O BOLSTERS NETWORK SECURITY THROUGH REMOTE MONITORING AND CONTROL
OF SECURITY CONFIGURATIONS, POLICY ENFORCEMENT AND PATCH PUSHES TO MOBILE DEVICES. DEPLOYING SYSTEMS THAT REMOTELY LOCK
LOST, STOLEN OR COMPROMISED MOBILE DEVICES AND, IF NECESSARY, WIPE ALL STORED DATA. MR. MEISSNER HAS EXPERIENCE WITH THE
FOLLOWING MDM SOLUTIONS:
• BLACKBERRY ENTERPRISE SERVER BES10
• AIRWATCH
• IBM MAAS360 MDM
• CITRIX XENMOBILE
• SYMANTEC MOBILE MANAGEMENT
• MCAFEE EMM
• MICROSOFT ENTERPRISE MOBILITY SUITE (EMS)
• CISCO ISE
Through education and experience Mr. Meissner has
experience with the following Cyber Security Technologies:
Ethernautics, Inc.
–7)
17

SECURITY-BY-DESIGN
• NETWORK ACCESS CONTROL/IDENTITY ACCESS MANAGEMENT (IAM) TOOLS
• MR. MEISSNER HAS EVALUATED AND DEPLOY MULTIPLE IDENTITY ACCESS MANAGEMENT (IAM) SYSTEMS AT MULTIPLE ENTERPRISES TO
ESTABLISH A FRAMEWORK FOR BUSINESS PROCESSES THAT FACILITATES THE MANAGEMENT OF ELECTRONIC IDENTITIES. TO INITIATE, CAPTURE,
RECORD AND MANAGE USER IDENTITIES AND THEIR RELATED ACCESS PERMISSIONS IN AN AUTOMATED FASHION. UTILIZING IAM
TECHNOLOGIES MR. MEISSNER EFFORTS HAVE ENSURED THAT ACCESS PRIVILEGES ARE GRANTED ACCORDING TO ONE INTERPRETATION OF
POLICY AND ALL INDIVIDUALS AND SERVICES ARE PROPERLY AUTHENTICATED, AUTHORIZED AND AUDITED. MR. MEISSNER HAS EXPERIENCE
WITH THE FOLLOWING NETWORK ACCESS CONTROL/IAM SOLUTIONS:
• IBM'S SECURITY IDENTITY MANAGER
• TOOLS4EVER'S
• CENTRIFY IDENTITY SERVICE
• THYCOTIC SECRET SERVER
• CISCO ISE
• NEXT GENERATION FIREWALLS AND DATA DIODES
• MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING NEXT GENERATION FIREWALLS AND DATA DIODES:
• JUNIPER
• PALO ALTO NETWORKS (PAN)
• CANARY
• WATERFALL
Ethernautics, Inc.
–7)
18

SECURITY-BY-DESIGN
• AUTHENTICATIONS, AUTHORIZATION AND CONTROL
• MR. MEISSNER AUTHORED AUTHENTICATION, AUTHORIZATION AND CONTROL FOR EARLY INTERNET OF THINGS (IOT) IN THE EARLY 1990. UNITED STATES
PATENT: 6070001.
• COMPUTER FORENSICS
• MR. MEISSNER HAS EXPERIENCE WITH DIGITAL COMPUTER FORENSIC TOOLS USED TO PRODUCE EVIDENCE FOUND ON DIGITAL STORAGE MEDIA UTILIZING
TECHNIQUES AND PRINCIPLES TO FOR DATA RECOVERY, IN ORDER TO IDENTIFY, PRESERVE, RECOVER, ANALYZE DIGITAL INFORMATION DESIGNED TO CREATE
A LEGAL AUDIT TRAIL. MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING COMPUTER FORENSIC SOLUTION:
• ACCESSDATA
• VULNERABILITY SCANNING TOOLS:
• MR. MEISSNER HAS EVALUATED AND DEPLOY MULTIPLE VULNERABILITY SCANNING TOOLS AT MULTIPLE ENTERPRISES TO IN ORDER TO ASSESS COMPUTERS,
COMPUTER SYSTEMS, NETWORKS OR APPLICATIONS FOR WEAKNESSES. MR. MEISSNER HAS PERFORMED 1000’S OF SCANS BOTH PROTECT CRITICAL DIGITAL
ASSETS WITH THE ENTERPRISE AND TO EVALUATE ABILITY OF NON-AUTHORIZED ATTACKERS LOOKING TO GAIN UNAUTHORIZED ACCESS. MR. MEISSNER HAS
EXPERIENCE WITH THE FOLLOWING VULNERABILITY SCANNING TOOLS:
• RETINA
• NEXPOSE
• OTHERS:
• MR. MEISSNER HAS EXPERIENCE WITH THE FOLLOWING ADDITIONAL TOOLS TO ASSIST THE ENTERPRISE WITH ESTABLISHING A SOUND DEFENSE IN DEPTH
ARCHITECTURE:
• WIRESHARK
• NMAP
Ethernautics, Inc.
–7)
19

SECURITY-BY-DESIGN
REGULATORY REQUIREMENTS AND BEST
PRACTICESName: Regulation, Pub, Doc #: Website:
PCI DSS Payment Card Industry Data Security Standard https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu
rity_Standard
ISO 27001:2013 Specification for an information security management system (ISMS) https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
HIPAA Health Insurance Portability and Accountability Act of 1996 https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Acco
untability_Act
NIST Special Publication 800-53 Revision 4 NIST Special Publication 800-53 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
53r4.pdf
NIST Special Publication 800-37 Revision 1 NIST Special Publication 800-37 Revision 1 http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
Managing Information Security Risk NIST Special Publication 800-39 http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security NISTIR 7628 http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf
Electric Infrastructure Protection and Substation Perimeter Security. CIP-014 https://secureusa.net/energy-sector-cip-014-compliance/
Third part (of 8) of the open international standard IEC
61131 for programmable logic controllers,
IEC 61131-3 http://en.wikipedia.org/wiki/IEC_61131-3
Role Engineering and RBAC Standards Role Based Access Control (RBAC) http://csrc.nist.gov/groups/SNS/rbac/standards.html
Security techniques -- Evaluation criteria for IT security -- Part 1:
Introduction and general model
ISO/IEC 15408-1:2009 http://www.iso.org/iso/catalogue_detail.htm?csnumber=50341
* Meissner has experience with many regulatory and best practice requirements related to Cyber Security
** Non-Exhaustive List: Requirements vary by Industry, Business Risk, and Local AHJ
*** Ethernautics, Inc. – Meissner: Cyber Security Standards, Best Practices and PRADL for Water Utilities
http://wp.me/p2xZpH-1g
Ethernautics, Inc.
(UTC/GMT –7)
20

SECURITY-BY-DESIGN
REGULATORY REQUIREMENTS AND BEST
PRACTICESName: Regulation, Pub, Doc #: Website:
ITIL General ITIL https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu
rity_Standard
10 CFR 73.54 “Cyber Security Rule https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
Safe Guards (10 CFR 73.51) https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Acco
untability_Act
NIST Special Publication 800-53 Revision 4 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
53r4.pdf
Cyber Security Training and Awareness http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
NIST And other security frameworks. http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
* Non-Exhaustive List: Requirements vary by Industry, Business Risk, and
Local AHJ©1994-2016 Copyright Michael W. Meissner –
Ethernautics, Inc.
–7)
21

DESIGN STANDARDS
• MEISSNER HAS EXPERIENCE WITH THE FOLLOWING DESIGN STANDARDS:
• ANSI/TIA/EIA STANDARDS
• ANSI/TIA/EIA-568-C: COMMERCIAL BUILDING TELECOMMUNICATIONS CABLING STANDARD
• ANSI/TIA/EIA-569-C: TELECOMMUNICATIONS PATHWAYS AND SPACES
• ANSI/TIA/EIA-606-B: CABLE LABELING STANDARDS
• ANSI/TIA/EIA-607-C: GENERIC TELECOMMUNICATIONS GROUNDING (EARTHING) AND BONDING FOR CUSTOMER PREMISES
• ANSI/TIA/EIA-942: TELECOMMUNICATIONS INFRASTRUCTURE STANDARD FOR DATA CENTERS
• TELECOMMUNICATIONS DESIGN MANUAL (TDM) - BICSI (BUILDING INDUSTRY CONSULTING SERVICE INTERNATIONAL)
• NATIONAL ELECTRIC CODE (NFPA 70) - NEC
• MASTER FORMAT
• DIVISION 27
• DIVISION 28
• ASHRAE GUIDELINES
• STANDARD 135 – BACNET - A DATA COMMUNICATION PROTOCOL FOR BUILDING AUTOMATION AND CONTROL NETWORKS
• STANDARD 189.1 – STANDARD FOR THE DESIGN OF HIGH PERFORMANCE, GREEN BUILDINGS EXCEPT LOW-RISE RESIDENTIAL BUILDINGS
• LEED – USBC US GREEN BUILDING COUNCIL
Ethernautics, Inc.
–7)
22

REGISTRATIONS AND CERTIFICATIONS
• REGISTERED COMMUNICATIONS DISTRIBUTION DESIGNER (RCDD)
• ELECTRONIC SAFETY AND SECURITY (ESS) – IN PROCESS
• OUTSIDE PLANT SPECIALIST (OSP) – IN PROCESS
• CERTIFIED NETWORK ASSOCIATE (CAN) – IN PROCESS
• CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) – IN
PROCESS
• PMP – PROJECT MANAGEMENT PROFESSIONAL – IN PROCESS
• LEEDS – LEADERSHIP IN ENERGY AND ENVIRONMENTAL DESIGN – IN PROCESS©1994-2016 Copyright Michael W. Meissner –
Ethernautics, Inc.
(UTC/GMT –7)
23

CLIENTS
Ethernautics, Inc.
24

REFERENCE PROJECTS
• MICHAEL W. MEISSNER WITH ETHERNAUTICS, INC. CONTRACTED TO CALIFORNIA WATER SERVICES
GROUP (CWS) FOR CYBER SECURITY PROGRAM DEVELOPMENT, SCADA NETWORK SECURITY,
VULNERABILITY MITIGATION FOR PROTECTION OF CRITICAL ASSETS IN WATER
TREATMENT/DISTRIBUTION PLANTS. (2015) (CLICK HERE)
• MICHAEL W. MEISSNER WITH ETHERNAUTICS, INC. CONTRACTED THROUGH AREVA, NP TO SOUTH
TEXAS PROJECT (STP) FOR PROGRAM IMPLEMENTATION OF 10CF73.54 PROTECTION OF CRITICAL
ASSETS IN NUCLEAR POWER PLANTS. (2012-2015) (CLICK HERE)
• MICHAEL W. MEISSNER WITH ETHERNAUTICS, INC. CONTRACTED THROUGH CSC TO URENCO-
USA/(LES) FOR PROGRAM IMPLEMENTATION AND PROTECTION OF CRITICAL ASSETS IN NUCLEAR
ENRICHMENT FACILITIES.(2007-2012) (CLICK HERE)
• MICHAEL W. MEISSNER WITH INFORMATION MECHANICS, INC. CONTRACTED BY
TELECOMMUNICATION CORPORATION INC. (TCI) FOR DEVELOPMENT OF SECURE ENCRYPTED
COMMUNICATIONS TO DIGITAL SET TOP BOXES (CLICK HERE) - ADDRESSABILITY SYSTEMS: US
PATENT NUMBER #6070001 (CLICK HERE)Hello 25

PATENTS AND PUBLISHED ARTICLES
Expert Systems and Knowledge
Engineering
IBM RedBook 1988
A Business Case for an
Education Network Channel
Jones International University 1993
Addressability Systems US Patent #6070001 1993
Product, Packages, and
Promotions Functions
Telecommunications Inc. Business Function
Document
1994
Triple Play Billing Telecommunications Inc. Business Function
Document
1994
Designing for Performance in
Credit Card Transactions
Telecommunications Inc. Business Function
Document
1994
The Pitfalls of Automating
Inefficient Processes
Information Mechanics, Inc. 1996
Data Centre Design and
Consolidation
Information Mechanics, Inc. 1997
Best Practices in Service Catalog NetCracker Marketing 2006
Best Practices on OSS
Deployment
NetCracker Marketing 2007
Best Practices in SLA’s NetCracker Marketing 2007
Defined KPI’s
• MTBF – Mean Time Between
Failure
• MTTR – Mean Time To Repair
• SCCT – Supply Chain Cycle Time
• IRCT – Inventory Replenishment
Cycle Time
• IMOS- Inventory Months of
Supply
• ITO – Inventory Turnover
www.kpilibrary.com 2008
Cabling Specifications Urenco Ltd – Design Document 2009
Cable Testing Specifications Urenco Ltd – Design Document 2010
PLC’s – The greatest Cyber
Security Risk to the Nation’s
Infrastructure
DEF CON Presentation 2012
Wikipedia Articles
• Electrode ionization
• Addressability
• Addressability Systems
• Cable Converter Box
• Descramble
• Solutions Architect
• FTTLA
Wikipedia.com
http://en.wikipedia.org/wiki/Electrodeionization
http://en.wikipedia.org/wiki/Addressability
http://en.wikipedia.org/wiki/Addressable_system
s
http://en.wikipedia.org/wiki/Cable_Converter_Bo
x
http://en.wikipedia.org/wiki/Descramble
2008-2012
Ethernautics, Inc.
–7)
26

PATENTS AND PUBLISHED ARTICLES
Title Address Year
Ethernautics, Inc.: Cyber
Security Database Threats
https://ethernautics.wordpress.com/2015/
06/13/database-security-threats/
2013
Glossary of Terms - Cyber
Security At Nuclear Power Plants
http://wp.me/p2xZpH-c 2013
Secure Encrypted
communications to Digital Set
Top Boxes - Addressability
Systems: US Patent Number
#6070001
http://wp.me/p2xZpH-V
http://patents.com/us-6070001.html
https://en.wikipedia.org/wiki/Addressability
1993
Ethernautics, Inc. – Meissner:
Cyber Security Standards, Best
Practices and PRADL for
Water Utilities
http://wp.me/p2xZpH-1g 2015
Cyber Security in the
Automobile:
Automobile/Vehicle Protocol
Buses
http://infrastructurecybersecurity.blogspot.
com/2015/06/automobilevehicle-protocol-
buses.html
2014
Communications Protocols
Utilized in Plant Control
Systems are a key component in
the development of a Cyber
Security Controls Catalog -
Quora
https://industrial-cyber-
security.quora.com/Communications-
Protocols-Utilized-in-Plant-Control-
Systems-are-a-key-component-in-the-
development-of-a-Cyber-
Security?srid=7rIp&share=1
2014
Ethernautics, Inc.
–7)
27

Michael W. Meissner - Cyber Security Engineering Biography

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (18)

Ähnlich wie Michael W. Meissner - Cyber Security Engineering Biography

Ähnlich wie Michael W. Meissner - Cyber Security Engineering Biography (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Michael W. Meissner - Cyber Security Engineering Biography