Timothy K. Van Cleave Resume
Google Voice Phone: (720) 381-1132
IT Audit Leader - Wells Fargo, Denver, CO (10/2005 - 6/2009)
As an IT Audit Leader I Participate in audits and leads (in-charge) execution of the audit process, in accordance with WFAS policy. With guidance/support from the Engagement Supervisor or IT Senior Audit Manager, I am responsible for
Other responsibilities include:
I have trained and mentored junior staff regarding required knowledge and skills. Lead projects that are generally small to moderate in size and complexity. Often, I handle multiple assignments but generally lead one project at a time. My goal is to demonstrate professional skepticism and present audit results in an objective and unbiased manner. Finally, escalate significant risks and loss exposures to appropriate levels of management.
Security Analyst - NexGen Technologies Inc., Westminster, CO 80234 (03/2004 – 10/2005)
NexGen Technologies, Inc. under contract to the Bureau of Land Management (BLM) conducts Security Testing and Evaluation (ST&E) audits of BLM Networks and Major Applications.
As a Security Analyst, I determine the information technology (IT) system’s compliance with the security requirements documented in the NIST SP 800 Series and to verify that the minimal security controls identified in the BLM Security Plan are correctly implemented and effective. Specifically, the ST&E is intended to:
I conduct ST&E on new or upgraded systems (after delivery and installation) during the test phase of the lifecycle or on legacy systems during the operation/maintenance phase of the lifecycle.
I create ST&E reports that contain the results of testing and evaluation conducted on the IT system at the site where the system is deployed for operation to verify that the technical, management, and operational security controls are implemented correctly. Testing includes: functional testing, penetration/vulnerability testing, Risk Assessment, Remediation Recommendations, and vulnerability analysis.
In conjunction with my normal duties:
·A co-worker and I conducted training for BLM operations staff on issues dealing with weak encryption methods for passwords and how to resolve them,
·I regularly use social engineering to test if the clients education is adequate,
·Conduct wireless auditing of the surrounding area of client offices and overlay the signal range on a satellite maps,
·I also have used many other tools and have written simple Perl scripts to automate testing.
Network Analyst - City of Flagstaff, Flagstaff AZ (07/1996 – 10/2003)
Working with management, I helped develop policy and I was personally responsible for developing many of the procedures pertaining to the network. In addition, I worked with the Client Services manager and helped design and implement the auditing software to track software licenses on specific hardware. From my work with management during my employment, I was selected to attend a supervisor’s academy to advance my skill in managing city PC technicians.
As part of my primary duti
In addition to my duties and other accomplishments I received the following training and certifications:Foundstone Hand’s on Hacking class to become aware of how attacks occur on networks, Intense School’s boot camp style class to prepare for my CISSP exam, training and testing for the NSA IAM (National Security Agency Infosec Assessment Methodology), which can be validated by visiting http://www.iatrp.com/indivu2.cfm and finally, I also became certified in managing a Xiotech Storage Area Networks.
Aviation Boatswains Mate Aircraft Handler - U.S. NAVY, ALAMEDA CA (06/1993 - 06/1995)
I worked on the flight deck of the aircraft carrier USS Carl Vinson CVN 70. Relevant security experience included Physical Security (sentry duty), Advanced Damage Control, Advanced Fire Fighting, and Contingency Plan and Continuity of Operations Execution in high stress situations.I left the Navy with an Honorable Discharge in 1995.
Information Systems Security Association (ISSA)
Flagstaff Security Group - Founder
Sanoran Desert Security Users Group (SDSUG)