Tag Archives: duties

[ISN] Time for a U.S. Cyber Force

http://www.usni.org/magazines/proceedings/2014-01/time-us-cyber-force Proceedings Magaizine – January 2014 Vol. 140/1/1,331 By Admiral James Stavridis, U.S. Navy (Retired) and David Weinstein Instead of each armed service having its own version of a cyber command, why not create a separate entity altogether that would serve all branches? In November 1918, U.S. Army Brigadier General Billy Mitchell made the following observation: “The day has passed when armies of the ground or navies of the sea can be the arbiter of a nation’s destiny in war.” General Mitchell’s comments came in the context of a vigorous debate involving a then-new domain of warfare: the skies. Nearly a century later, we are confronted with yet another contested domain. Cyberspace, like airspace, constitutes a vital operational venue for the U.S. military. Accordingly, it warrants what the sea, air, and land each have—an independent branch of the armed services. Eight months before Mitchell’s clairvoyant statement, President Woodrow Wilson had signed two executive orders to establish the U.S. Army Air Service, replacing the Aviation Section of the U.S. Signal Corps as the military’s aerial warfare unit. This small force served as a temporary branch of the War Department during World War I and looked much like the Pentagon’s joint task forces of today. It was relatively small and consisted of personnel on assignment from the different services. In 1920, the Air Service’s personnel were recommissioned into the Army. The decision was backed by the popular belief that aviation existed exclusively to support ground troops. A significant debate was under way within the armed services. The minority camp, led by Mitchell, advocated on behalf of establishing an independent service for aerial warfare. He contended that air power would serve a purpose beyond supporting the Army’s ground movements, and that gaining and maintaining preeminence of the skies required an entirely autonomous branch with indigenous manning, personnel, logistics, and acquisition duties. His opponents, on the other hand, favored integrating aviation into the existing services. Budgets were tight, and Army brass were eager to garner additional funding streams. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Worker said he downloaded data to work from home (fwd)

http://www.tennessean.com/article/20131216/NEWS/312160048/1972/NEWS02?nclick_check=1&utm_content=buffer58453 By Joey Garrison and Chas Sisk The Tennessean Dec. 16, 2013 A state employee who resigned last week told investigators that he downloaded data on 6,300 Nashville teachers so he could work from home, despite having been warned to keep his computer secure. Steven T. Hunter, a 24-year-old former information technology worker for the state Department of Treasury, told the Tennessee Bureau of Investigation that he emailed information from a state computer system using a personal account “to perform his duties at home,” TBI spokeswoman Kristin Helm said Monday. But a personnel file released Monday shows that Hunter had been reprimanded, in November, for leaving a state laptop on his desk after work, violating rules meant to protect state computers and data. That incident, combined with other warnings about interoffice communications, appear to have led to Hunter’s resignation Thursday. The Department of Treasury and the TBI announced over the weekend that Hunter had illegally uploaded a Tennessee Consolidated Retirement System file containing Social Security numbers, full names and dates of birth on active Metro Nashville teachers from a work email to a personal email address before leaving state government. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

What is a “Separation of Duties”?

Often, I find in my job as a security professional that I must explain what a separation of duties is and why it is necessary in an organization. The term “separation of duties” seems a little nebulous for many but it is the act of separating a business process into several distinct parts. These distinct parts of a business process that are normally separated are the execution, approval and audit functions of the process.

Examples of Separation of Duties:

1. Security incident investigation – Typically, an investigation is initiated by a security operations function (CSIRT) and then after an investigation is completed the assessment of the incident response process is performed by IT Audit or an Internal Audit department to ensure the process is being executed based on the documented procedure.

2. Payroll – Typically, payroll departments are responsible for the distribution of checks, the manager of the employee being paid approves the hours worked and then an Internal Audit function may check to ensure all the processes are being followed and the appropriate payment amounts are being completed.

3. Vulnerability Management – Security operations or engineering functions typically use a scanning application such as a Rapid7, McAfee Vulnerability Manager or QualysGuard scanning engine to scan devices on the network for security vulnerabilities, once a scan is completed tickets may be created to address these vulnerabilities. An IT Audit department may come in and request a “sample” of the tickets to ensure that proper remediation is being performed and that tickets are not being closed without an actual remediation of the vulnerabilities.

The Goal:

The primary goal for implementing proper separation of duties should always be the prevention of fraud. By separating business processes into these segments, we can ensure that a business process is efficiently executed and checked by an independent party that can assure the execution is appropriately. Implementation of a separation of duties prevents a single business process to be completely managed by a single individual and thus requires collusion to occur before fraud can take place. In most cases, it is more difficult (however not impossible) to enlist the help of others to perform fraud. The primary goal is to reduce the risk of fraud, not to completely prevent it.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

What’s so good about vulnerability management?

Image Source: Darkreading

Many corporations in the world are now mandated by PCI to perform at least quarterly scans against their PCI in-scope computing systems. The main goal of this activity is to ensure vulnerabilities in systems are identified and fixed on a regular basis. I myself think this is one of the more important provisions of PCI and one that I believe is tantamount to maintaining a secure environment.

What most corporations initially do is start by using simple scanning tools such as nessus, Gfi languard, ISS scanner etc and perform on-demand scans. While this is all well and good and provides an immediate snapshot of a particular point in time. There are several major flaws that must be addressed through richer tools.

First, it is great to get vulnerability and patch data, however providing a systems engineer or administrator with only one single report with many if not hundreds of things to fix this method becomes quickly unreasonable for them to track and respond to. We often forget that this systems engineer is often tasked with many other duties they must prioritize including new installs, troubleshooting, bug patching, administration, configuration etc that demands most of their time. These activities are often far more time sensitive in their eyes as projects etc have people bugging them regularly for completion. It is also important to note that the business is pushing them for ever greater functionality/features.

Given this fact, a simple scan report is just not viable for them to prioritize and track against existing workload. this has givrn rise to vulnerability management a.k.a. the process of managing vulnerabilities to remediation through the use of ticketing/reporting to management.

Secondly, another important flaw that exists with just simple scanning is the lack of overall metrics with regard to measuring risk. Measuring risk is hard is hard to do in security, but if you have an automated scanning process that is scheduled on a regularly occuring basis (i.e. more than once every 3 months) your vulnerability data over that time can be measured as systems become either more exposed or less exposed as they are patched or new vulnerabilities are found. This is one way you can effectively measure the effectiveness of your patch management and your security program.

Thirdly, this ensures your company clearly see’s that security is a process and not just a one time effort. This distinction is important because you as a security practitioner will need data to prove you need a consistent and ongoing supply of money to maintain security. Security is continuous and ever changing, stagnation is a guarentee of breach.

Moral of this story… manage security, don’t just triage it and forget it.

Great tools for managing vulnerabilities are:
-Rapid7
-McAfee Vulnerability Manager
-Qualys


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My Resume

Lawrence Pingree – CISSP


View my video resume by clicking here.

Summary

Lawrence , has many years of experience within organizations of varying sizes with an extensive background in engineering, technical architecture, networking, security policies, procedures, systems analysis and auditing. Throughout his career, Lawrence has  engaged in extensive consulting efforts for organizations of all sizes, he and  is  an active member of multiple non-profit organizations. Lawrence was a founding board member of the Digital Forensics Association where he served as Vice President and he is currently working as a Research Director and Market Analyst at Gartner, Inc. At Gartner, Lawrence continues to engage daily as a strategic advisor for literally hundreds of organizations worldwide and enjoys helping  individuals become more successful with their businesses.

Industry Participation

• Served as Vice President of the Digital Forensics Association

• Member of the Silicon Valley chapter of the ISSA (Information Systems Security Association).

• Member of the Open Web Application Security Project (OWASP)

• Served as Vice President of the Springtown Association Board of Directors

Industry Awards

ISSA_HonorRoll7.31.12

 

ISSA_VolunteerOfYear10.16.13

Publications

Book: “The Manager’s Guide to Becoming Great” by iUniverse Publishing – Author

Book: “CCSA Study Guide” by Syngress Media/McGraw Hill – Author and Technical Editor

White Paper: Analysis of VRRP v2 Issues and Solutions

Blog: LawrencePingree.com “Pingree on Security”

Special Talents

Vendor Negotiations, Contract Negotiations, Budget Management, Program Management, Goal development, Technology Roadmap Planning and Business Strategy.

Certifications

CISSP CCSA CCSE

CCSI NSA ICE

NSS NCSA NCSP

CISA – Pending

Knowledge

BGP OSPF IGRP EIGRP

RIP v1 & v2, and PIM 802.11 PKI

RADIUS AAA IKE 802.1x

GLBA Sarbanes Oxley (SOX) Common Criteria

SB1386 COBIT ISO 17799 ISO 27001 FISMA

Select Experience

Research Director –  Security Technologies at Gartner, Inc.

Nov 2010 – Present

(Research Available here)

Responsibilities include the coverage of information security technologies and markets, security program execution, advanced threats, network-based security technologies, mobile device security and cloud-related security issues. The emphasis of his research is on providing insights to the security vendor community. His inquiry and research goals are to provide technology providers with critical insights on the latest security market trends, technology alignments and potential partnerships and to aid technology providers competing in the security markets. He achieves these goals for technology and service providers by reviewing their businesses. This includes examination of their marketing efforts, go-to-market strategy, currently employed technologies, technology development plans and various other business attributes to identify the key competitive differentiation and competitive strategies that providers should use to navigate the market. On inquiry with end users, Mr. Pingree is focused on identifying the best opportunities and technologies to address strategic customer requirements and providing insights into the strategies they may need to employ in order to successfully combat the advancing threat landscape by leveraging security technologies.

Sr. Security Engineer at Williams-Sonoma, Inc.

June 2009 – August 30th 2010

• Responsible for the review of security alerts originating from our MSSP security monitoring service including triage, investigation and root cause analysis

• Instrumental in coordinating compliance remediation efforts effectively raising our systems configuration compliance levels from approximately 40% compliant to over 98% compliance in just 6 months for over 200 systems.

• Participated in the prioritization and planning for our $1.6 million capital expense budget aligning it to both business and information security program goals.

• Responsible for Corporate Security Policy development

• Developed Security Operations procedures to maintain regulatory compliance in accordance with prescriptive PCI controls

• Assisted in the internal review of corporate information security policies in cooperation with key systems administration departments in alignment with PCI, SOX and future regulatory frameworks utilizing CIS as a guideline for their provisions

• Participated extensively with external PCI and SOX audits by developing audit evidence and coordinating with internal compliance teams

• Actively Participated in corporate PCI Compliance initiatives and assessment

• Responsible for managing the corporate Tripwire Enterprise file integrity management product

• Responsible for RSA Envision SIEM monitoring and configuration aligned to internal PCI and SOX controls

• Evaluated the selection of Managed Security Services for key IT security systems

• Responsible for corporate Cryptographic tools (Safenet Appliances) and key management processes/procedures.

• Acted as Sr. Security Engineer, Security Analyst and Security Architect for IT projects

• Managed extensive PCI remediation efforts across IT

• Deployed corporate Intrusion Prevention systems for all corporate and ecommerce DMZ environments.

• Evaluated data loss prevention technology for future deployment and budget needs

• Responsible for review/monitoring of corporate Symantec (SEP11) virus/malware remediation efforts

Vice President at Digital Forensics Association (DFA)

July 2007 – Present

  • Responsible for the development of internal policies and procedures for chapter startup
  • Responsible for Member Services
  • Responsible for Member Recruitment
  • Member Collateral & Promotion
  • Advertising and Evangelizing the Organization

Chief Information Officer (CIO) at BuddyFetch, Inc.

August 2007 – July 2009

  • Currently serving in an advisory capacity while the company looks for funding sources.
  • Provides strategic and tactical planning, development, evaluation, and
  • coordination of the information and technology systems for the network.
  • Facilitates communication between staff, management, vendors, and other technology resources within the organization.
  • Oversees the back office computer operations of the affiliate management information system, including local area networks and wide-area networks.
  • Responsible for the management of multiple information and communications systems and projects, including voice, data, imaging, and office automation.
  • Designs, implements, and evaluates the systems that support end users in the productive use of computer hardware and software.
  • Develops and implements user-training programs.
  • Oversees and evaluates system security and back up procedures.

Sr. Security Engineer at McAfee, Inc.

October 2007 – April 2009

  • Responsible for McAfee Competitive Analysis for Enterprise Products
  • Act as liaison to Internal and External Sales staff
  • Responsible for Evangelizing Enterprise Security Products & Services

Sr. Security Architect at Safeway, Inc.

August 2004 – October 2007

  • Served as Security Evangelist for Safeway Information Security program
  • Managed over $1 Million in budget for Application Security Program, Information Security Lab and Forensics/Investigations
  • Managed complete eDiscovery Process for IT and Legal
  • Responsible for over 52 Safeway Information Security policies for the Overall Safeway Security Program
  • Responsible for risk assessment and remediation recommendations of all IT applications assessed by risk assessment process
  • Responsible for SOX Compliance Audit and Assessment
  • Liaison to the Business to promote security within Safeway
  • Responsible for Training Classes for IT to ensure Information Security Standards are communicated and adopted
  • Responsible for developing Safeway’s Vulnerability Assessment Program
  • Responsible for Safeway’s Intellectual Property Monitoring Program
  • Safeway Forensics & Investigations team lead
  • Responsible for assessing application security and compliance

Chief Security Architect at Netscreen Technologies

2003 – 2004

  • Managed over $600,000+ budget for the Information Security Program
  • Responsible for Information Security Program
  • Responsible for Creation of Information security policies
  • Responsible for Security assessment and audit of IT Projects
  • Responsible for the Security Awareness training program
  • Responsible for New Hire Training
  • Completed the rollout of a SSL VPN Solution
  • Successfully deployed TWO-Factor authentication system.
  • Successfully deployed corporate wide intrusion detection and prevention devices
  • Successfully deployed vulnerability assessment software
  • Responsible for the creation and implementation of the IT Change Management plan, schedule.
  • Participated extensively in the review of the companies Sarbanes/Oxley audit.
  • Reduced overall corporate systems patch level non-compliance from 70% to 10%
  • Implemented processes to provide investigatory services to other departments.
  • General Network troubleshooting and support across global architecture.

Chief Network Security Architect at PeopleSoft, Inc.

October 2001 – June 2003

  • Lead for PeopleSoft Network Infrastructure Security Group.
  • Provided enterprise networking experience to troubleshoot network and security related events.
  • Designed implemented and maintain the PeopleSoft worldwide firewall security and Network
  • architecture.
  • Provided design and support for customer and internal IT related security solutions.
  • Provided top-level support in the creation of company-wide security policies and procedures.
  • Developed Unix Security standards
  • Participated in the forensics, tracking and assessment of threats to PeopleSoft’s global network.
  • Provided security auditing services
  • Multiple Installations of Cisco PIX firewall for internal access controls.
  • PIX VPN integration with Checkpoint firewall-1
  • Responsible for Perimeter access controls
  • SecureID strong authentication controls with Cisco routers and layer 3 switches.

Sr. Security Consultant at Siegeworks, Inc

January 2001 – October 2001

  • Responsible for Training Room Setup and maintenance at the main corporate campus
  • Customer Firewall Deployment
  • Provided essential Pre and Post sales customer support for security products
  • Network Vulnerability Assessments
  • Physical security evaluations
  • Taught certification courses in Check Point Firewall-1 and the Nokia Security Administrator for many large scale customers

Sr. Network/Security Engineer at Avantgo, Inc

June 2000 – January 2001

  • Designed and supported the Avantgo corporate Network infrastructure on Cisco 7206 and 2621 routers
  • Wide Area Network planning and support of DS3 Circuits for national infrastructure.
  • Installation of corporate security infrastructure using Check Point Firewall-1(Nokia Ipsolon platform).
  • Management, configuration, installation and maintenance of National and International Virtual Private Network.
  • Responsible for the management and monitoring of the Avantgo National Intrusion Detection deployment.
  • Created project management plans for national Intrusion detection deployment.

Sr Security Engineer at Nokia, Inc

May 1999 – June 2000

  • Supported Value added resellers and end customers of the Checkpoint firewall-1 Nokia Security Appliance.
  • Supporting all Network components of the Nokia product family, which included supporting OSPF,
  • RIPv1, RIPv2, DVMRP, T-1 Serial Lines, Frame-Relay, CSU/DSU, Fast Ethernet and other complex environments.
  • Installed 150+ Check Point firewalls across the country on Solaris, NT, and Nokia Platforms.
  • Team lead for USinternetworking upgrade project. The project consisted of coordinating and assisting the upgrade of approximately 120 firewalls nationwide.
  • Trained Customer Support engineers for the Nokia UK and Singapore Support centers
  • This included interviewing potential candidates for each site and helping the launch of each support center.
  • Developed in-house documentation and lab testing for Ipsolon integration with other security products (e.g. Cisco PIX and Axent Raptor.

Sr. Security Consultant at Verisign, Inc

December 1997 – March 1999

  • Responsible for Management of San Diego Office location
  • Duties included, firewall installations, technical support, pre-sales, network vulnerability assessment and physical security evaluations.
  • Network and Security architecture, design and implementation for customers.
  • Taught certification courses in Firewall-1, Internet Security Systems ISS product and a course in advanced hacking techniques and methodology.
  • Consulted for the National Security Agency, Federal Bureau Of Investigation, Department of Defense – Defense Information Systems Agency, and other related agencies and companies about hacker attack scenarios and abilities and methods.
  • Certified and taught Check Point Firewall-1 to over 400 people across the country including many large banks, Government Agencies, and fortune 500 and 100 companies.

Sr. Security Consultant at Websense, Inc

November 1996 – November 1997

  • Duties included design, implementation and installation of 3 different Firewall Software packages for customers
  • Responsible for troubleshooting and support for existing customers.
  • Consulted in the implementation of the following technologies: Checkpoint’s Firewall-1,Borderware, and Raptor.
  • Responsible for the maintenance of all NetPartners# Internal Workstations, Servers, and Internet connections using Cisco 2501 routers.
  • Responsible for internal NetPartners# machines including Windows 95, Windows NT Workstation and Server.
  • Responsible for implementing a clear and concise backup policy for our networked machines.
  • Responsible for implementing a standard WinNT Login and Drive mapping policy, and administration our Corporate SQL Server.
  • Final duty included the management of our corporate computer security policy and our corporate Firewalls.

Education

Las Positas Community College, Criminal Investigations, 2007 – 2007

Las Positas Community College, Criminal Evidence, 2006 – 2006

El Capitan 1990 – 1994

Honors and Awards

2009 – Participated in ISACA 26th Anniversary Winter Conference PCI Panel Discussion with other industry leaders

2007 – Presented at SecureWorld Expo – eDiscovery and Forensics

2007 – Presented at ISACA 25th Anniversary – Penetration testing panel

2006 – Presented at Cornerstones of Trust Conference on Emerging Firewall Technologies

Interests

Computers, Electronics, Hiking, Biking & Exploring the Wilderness

23 people have recommended Lawrence

“Lawrence is a highly technical, highly motivated individual who gets the job done. His passion for information security is second to none and his knowledge in the space is incredible. Lawrence would be a great addition to any security marketing or technical team.”

— Scott Emo at McAfee, Inc., Group Product Mkting Manager, Network Security, McAfee, worked with Lawrence

“Lawrence is an excellent professional with a breadth of knowledge of the Security Industry and its players that is second to none. While working with him at McAfee, I saw him bring a level of exposure and credibility to the company that I know would not have had been possible without him.”

— Afonso Infante worked with Lawrence at McAfee, Inc.

“I have not known Larry Pingree all that long, but from what I have seen of him, I would like to learn much more. He demonstrates great professional maturity as well as outstanding communication and people skills. I am amazed at how many information security professionals who work in Silicon Valley know and respect him.”

— Eugene Schultz when working with Lawrence at McAfee, Inc., Chief Technology Officer, Emagined Security, was with another company

“I had the greatest opportunity to work and partner with Larry Pingree at PeopleSoft. A master and intellect in information security practices, Larry was incredible in his ability to quickly analyze a situation and create solutions. In the mist of building our information security organization, Larry immediately stepped-in to plan, architect, and implement a secure network environment and developed key partnerships with critical IT and business organizations. He is an exceptional talent, professional, and a visionary leader. I would consider myself fortunate to have the opportunity to work with him again in the future.”

— Kimberly Trapani – CISO at PeopleSoft, Inc., CISO / Director Information Security, PeopleSoft, managed Lawrence

“Larry is a professional and skilled network and security engineer. He is highly motivated and driven to succeed. He keeps abreast of new technologies and is always evaluating new solutions. I wish Larry all the best in his professional career.”

— Timothy Brush Inc, Web Operations Manager, AvantGo, worked with Lawrence at Avantgo

“Lawrence is a pleasure to work with. He is always professional and comes prepared to his meetings. His competitive intelligence research has been a great asset to me and my team contributing to the success of my product. Lawrence is a keeper.”

— Harold Toomey Inc., Group Product Manager, Governance, Risk & Compliance, McAfee,, worked directly with Lawrence at McAfee, Inc.

“Larry is an asset to any team. He brings energy and a fantastic team approach to challenging situations and is ready to tackle problems. I hope to work with Larry again in the future.”

— Phil Agcaoili SecureIT), Chief Information Security Officer & Co-Founder, VeriSign (formerly, managed Lawrence indirectly at SecureIT, Inc.

“If I had to pick a single word for Larry, it would be this: Focus. Incredibly potent, laser-like focus that cuts right through “to the chase” – in the time it takes most people to realize a chase is even afoot. If that sounds like the sort of person you need (who doesn’t need him?) then you will find him to be among your most valued resources.”

— Gary Arthur Douglas II

Lawrence at PeopleSoft, Inc., Sr. Security Systems Engineer, PeopleSoft, worked directly with Lawrence at Peoplesoft

“Larry is truly an asset to any Information Security organization. His wealth of technical knowledge combined with big business know-how enables him to succeed in any diverse, high impact environment”

— Woody Hughes

Safeway, Inc., Information Security Analyst, Safeway, Inc., worked directly with Lawrence at Safeway

“PeopleSoft was moving to a complete architecture and platform change for our support systems and our customer support website. Larry worked on the project team to design security for our customer facing applications. Larry’s prior experience and understanding of how we wanted to conduct business with our customers was critical to releasing the project and new capabilities on time with minimal impact to our customer base. Larry possessed a business focus and a could relate real risks back during the process, which minimized debate as we planned, configured and communicated.”

— Sean Bingham, PeopleSoft, Inc., Director, Service Readiness, PeopleSoft, Inc., worked with Lawrence at   Peoplesoft

“Larry was a highly valued security thought leader at Safeway. He is an extremly well versed computer security professional who provided superior customer service to a wide variety of internal customers.”

— Colin Anderson, Director Information Security, Safeway, managed Lawrence at Safeway, Inc.

“Larry has a great passion about what he does. He is also willing to take the time to teach anyone who will listen. If you go to Larry needing help, he will teach how to solve your problem. He would make a great manager.”

— Benjamin Woodford

Lawrence at Safeway, Inc., Information Security Analyst, Safeway Inc., worked indirectly for Lawrence

“Larry is an incredibly sharp and well rounded information security and technology professional. In working with Larry, no matter what the technology issue was at hand, he always seemed to have a very insightful and visionary perspective. I quickly learned that he is a very valuable resource and his willingness to go above and beyond to help others makes him that much more valuable.”

— James (Jim) Range

Lawrence at Safeway, Inc., Senior Consultant, PwC, was with another company when working with Lawrence

“Larry is a technologist, very personable, creative strategist who can execute and implement the solution meeting the business needs. I know him for long time from his days at Nokia when we were building Global Firewall Management Solution and partners trust model at Applied Materials. He was, always, out there to understand our technical/complex global blue print architecture and surprised us every time with the solution. He was a life saver for my team and highly respected. I am very impressed with his progress over these years and helping companies succeed and expand globally. I highly recommend him for a leadership role in the area of security requiring to bridge the gap between business, IT and spearhead security program/product.”

— Jit Singh, was Lawrence’s client

“Larry is a brilliant Security Architect who I first met while trying to sell him NetScreen security solutions while he worked at PeopleSoft. I recall very clearly how impressed I was with his depth of knowledge, penetrating questions, wit, and engaging personality. I was thrilled when not long after Larry ended up working at NetScreen! When I moved into a Business Development and Solutions Strategy position at NetScreen, Larry became one of my most reliable and effective advisors whom I routinely sought for feedback and counsel on my most important strategic initiatives and projects. I strongly endorse Larry as a top tier player in the security industry.”

— Vince Barboni,Lawrence at Netscreen Technologies, Sr. Solution Architect – Corp Dev Strategist, Juniper / NetScreen, worked with Lawrence at Netscreen

“I worked with Larry for almost 4 years at two different companies. Larry is an extremely intelligent, dedicated, and passionate IT professional. Larry cares about continuously improving the organization and himself. I would hire Larry (and have) in a heartbeat!”

— Joshua Mauk PeopleSoft, Inc., Manager, Information Security, Safeway, Inc., worked directly with Lawrence at Safeway

“Larry was a fantasic coworker–knowledgeable, dependable, and a sincere personal interest in his field of expertise and expanding it. I knew that if I asked him something, he either knew the answer or knew where to find it. Any company would benefit from having Larry on board!”

— Laura Leff, PMP, Safeway, Inc., Director, Vendor Management Office, Safeway, worked with Lawrence at Safeway

“Larry is an excellent engineer whose passion for excellence leads him to deploy the right solution with the right components in the right way. He was a pleasure to manage, both professionally and interpersonally. I look forward to working with him again sometime.”

— Sean Casey, Avantgo, Inc, Manager of Networks and Information Security, Avantgo, managed Lawrence at Avantgo

“Larry has a lot of expertise of information security. He is very dedicated to his work at Safeway. He has contributed to the improvement of enterprise security posture.”

— Lena Shey, Supervisor Sr. IT Auditor, Safeway, worked with Lawrence at Safeway, Inc.

“Larry has been the lead engineer for digital forensics and workplace investigations for our team. His customer focus and dedication have been instrumental in handling many large scale cases. He is a skilled mentor for junior members of the team, as well as an excellent educator for raising security awareness among business groups. He is one of those rare breeds–a person with strong technical knowledge and the soft skills to interface well with all levels of management.”

— Suzanne Widup, Safeway, Inc., Sr. Information Security Analyst, Safeway, worked directly with Lawrence at Safeway

“Larry is a down to earth, very detail oriented, technical person, who knows how to get the job done. He is always ready to go the extra mile to get the job done.”

— Eric Locastro, Account Rep, Netscreen, worked with Lawrence at Safeway, Inc.

“Larry is a strong security expert. Many people know him and respect him in the area. I always heard great things about Larry.”

— Norman Girard with Lawrence at Netscreen, Technical Product Manager, Qualys, was with another company when working

“Larry made an immediate impact when he joined Netscreen. Working in the Legal Department, I soon had my consciousness raised to the significance of security awareness not just for our network but also for every aspect of our information handling. Larry weaves together threads from many disciplines into one comprehensive picture. And he’s fun, too.”

— Alex Rathbone, with Lawrence at Netscreen