Martial Arts Instructor, Computer Programmer, Web Developer/Designer, and Cyber Security Enthusiast. Has been teaching since 1993, working with computers since DOS, developing for the web since HTML 2, received a Bachelor's degree in Computer Science in 2011, and founded Need to Know Designs, LLC the same year.
james@needtoknowdesigns.com
2014 to Present
Assist as-needed on Website Penetration Testing projects
Assist as-needed on Mobile Application code reviews
Work on System Admin hardening quizzes
2014 to Present
Attend meetings, or watch recordings, to learn about new technologies/exploits
Present on different projects and tools, such as Raspberry Pi and Maltego
Assist with A/V for TriKC and meetings as-needed
Send out Monthly Cyber Security news Swath
Practice different security techniques in a semi-friendly environment
2015 to Present
Work with others in the security community to solve a variety of security related problems
Learn from board postings about new security vulnerabilities and how to use tools
Respond to SANS questions about courses, and policies
2015 to Present
Combining Raspberry Pi projects into simple executable scripts
Have a DNS server to block ads, and free up resources on your computer. However, this only works on networks you have. Whereas, the hosts files works on your computer on any network.
Set up personal networks and a guest network to route traffic through TOR. However, it also makes traffic hit local DNS before going into TOR to keep you on local sites, and still block ads.
Automatic updates for the Raspberry Pi. Allows you to turn it on, and ensure that updates are regularly received.
2019 to present
Earned GSEC certification from GIAC after taking SANS course
Enhance and tune Splunk queries based on best practices for Splunk Enterprise Security
Analyze requests from business stakeholders for new and existing content, and develop solutions
Work through Agile processes to generate actionable content for myriad security teams
Act as Subject Matter Expert for information, or creation, requests on Splunk Data, Dashboards, and Queries
Review content generated by others for quality, consistency, resource usage, and ability to meet original request
Began work toward Master's Degree in Information Security Engineering
Review existing content for applicability to enterprise needs, and consistent functionality
2017 to 2019
Earned GCCC certification from GIAC after taking SANS course
Implemented Information Security Program using Center for Internet Security controls, and set in motion multi-year plan to implement
Improved Information Security Awareness Program for all employees with computer-based training, monthly phishing campaigns, newsletters, and annual events
Automated tasks across myriad security tools using python, ruby, and PowerShell
Networked with other teams to move security initiatives forward, such as Vulnerability Management, Hardware/Software Asset Management, and Secure Configurations
Developed incident response processes for known incidents with tiered triage levels
Leveraged vendor contracts to update and enhance overall security toolsets
Administered and tuned security devices: NeXpose, LogRhythm, ForcePoint, & FirePOWER
2016 to 2017
Active Threat Monitoring to categorize, prioritize, investigate, document and escalte, as necessary, incoming threat notifications
Active Threat Hunting throughout multiple environtments using multiple tools to review ongoing processes, OS access, Logs, and application activity
Set up Splunk for use as a SIEM
Work with multiple teams to ensure events are getting into Splunk
Work cross-shifting with other teams to define processing of events into Splunk
Work with vendors to determine SIEM requirements, troubleshoot data feeds, enrich datasets, and customize code base as-necessary.
Earned AWS Certified Solutions Architect - Associate certification
Gave multiple technical talks about AWS Security, Regular Expressions, and outreach to UTSA (University of Texas, San Antonio) Cyber students about Penetration Testing
Volunteered for full 24-hour hack-a-thon at UT-Austin (University of Texas, Austin) to assist over 30 teams with diverse technical questions from python, security, database design, database setup, AWS, javascript, iOS Programming, and Android
Mentor incoming analysts, set up onboarding documentation, and train new analysts on toolset
Develop automation tools for processing API streams, alerting teams to daily tasks via Slack, and scraping tools without APIs
Develop SOC (Security Operations Center) internal communication tools for multi-national, cross-shifting teams
Perform code reviews, introduce other analyst-developers to standard programming practices, work with senior members to develop appropriate processes around development
Act as an escalation point for level 1 analysts for incoming alerts and active hunting
Generate customer facing documentation about incidents
Perform duties of Team Lead during Team Lead absence to ensure proper incident handling, appropriate task load, and to hand-over daily summary at shift change
2011 to 2016
Created interactive 97 field form, that exported to Excel for same "look-and-feel" for business unit
Broke the browser upload limitation on server side with JAVA and Glassfish; on the client side with javascript (showing progress, start, stop, and resume functionality in compatible browser) for files in excess of 16 GB in all browsers.
Rebranded SharePoint 2010 for different sections of business
Leveraged Confluence and javascript to deliver cross page updating of employee statistics
Used jQuery to write image slider, common code libraries, and SharePoint interactivity
Administrator of Maximo installation for different customer groups
Liasion between developers and Cyber Security
Continuous improvement of legacy applications through updates, performance enhancements, or rolling into current software packages with Python, JAVA, Visual Basic, Access 2007/2010 Databases, Oracle 11g, and C#
Quality Assurance on multiple business critical applications, ensuring a balance between code correctness, timely delivery and customer satisfaction
Earned GWEB and GCIH certifications from GIAC after taking SANS courses
Assist with mobile strategy, and developing proof-of-concept applications for cross-platform development
Work on internal penetration testing team
Attend additional SANS courses such as SEC 561 for more hands-on penetration testing experiences
Review 3rd-party code and applications for functionality and vulnerabilities
Develop internal branding library using responsive web-design principles
Lead, present at, or assist in monthly IT security and logging meetings to keep community apprised of ongoing technologies and security needs
Automated more tasks from user testing to annual security testing
Work with other developers to compete in hackathons to build applications in 24 hours
Utilize Splunk for complex data mining
Presented at the DoE Cybersecurity Conference in 2015
Collaborated with security, networking, system administrators, and developers on recommendations for data breach at government oversight body
2013 - Enabled 18 pages of forms witihin an exisiting web design
Oversaw security requirements
Created modular code base for future growth and development including office personnel readable settings
Enabled JSON objects for multiple identical validations and ease to change required fields and acceptable values
Generated Documentation for ease of update and future project
Created backend PHP processor for the form validation
Assisted with HTML form generation, and client side validation troubleshooting
Troubleshot and recommended appropriate solution to insecure hosting environment
Created Excel Template for Office Staff to continue internal process
Helped export fields from form into Excel document, and created JSONs for mapping majority of fields
2012 (updated often) - With an initial push to block ads from my Hulu viewing experience without any extensions in my browser dragging down the speed of my PC, and a hand from Mr. Balman, I have successfully blocked all ads from Hulu, many other video viewing websites, and some other trackers as well. While not all ads can be blocked at the domain level, I have instructions inside the file on how to block Pandora ads from playing inline as well, but you have to do this at your internet router through specific URL filtering. There is an opitonal section, that blocks some facebook items, as I don't facebook.
To use, determine where the hosts file is on your computer, and how to run an editor as administrator (if needed), then copy and paste the contents into your hosts file and save. You will then have blank spots where ads used to be. Feel free to contact me if you come across more sites to be blocked.
2012 - Updated - December 7, 2012 to remove the toolbar icon, and make automatically engage when you visit pandora.com. Get verion 2.0 now to get Pandora to continue past the 1 hour marker using custom written Chrome Extension. Starting at version 1.4 this extension successfully works around the fringe case of clicking continue before the Pandora-code knows it was clicked. Great for your background music at work, home, or parties. This extension for Chrome was written in encapsulated custom javascript, and is free for distribution. Also works for abacast.net too. However, on abacast.net it is not able to block the "interjections" as local radio stations don't just play music 100% of the time.
2012 - As Chrome updates, their documentation doesn't quite follow. This extension was built to work around Chrome's dropping of multiple tab creation from the home button. For those who don't want a plethora of page to open upon opening Chrome, but rather, like myself, have a bevy of sites we visit daily, when time allows. From the extensions menu you can add as many "home pages" as you want via the options menu. This extension for Chrome was written in encapsulated custom javascript, and is free for distribution.
2010 - Updated website with new email form, new information, and more interactive directions
2011 - Gathered requirements and designed database for scheduling system.
2011 - Gathered Requirements, designed functional layout, integrated jQuery and jQuery add-ons, created database, implemented PHP interaction with database, created interactive forms for ordering and questions, and troubleshot compatibility issues
2010 - Created database, designed website, allowed for bidding of items in real time, and protected bidders information both during and after close of auction
2010 - Went through over 1,000 images to sort out duplicates and remove those not "web ready," then updated website with new images
Creating shareable, subscribable, and community bookmark listings
Copyright (c) 2014 Need to Know Designs, llc. All rights reserved. | Customer Login
