8/7/2019 SchmidtVinicius_SecResume

http://slidepdf.com/reader/full/schmidtviniciussecresume 1/4

Schmidt, Vinícius Abrahão Bazanavinicius.schmidt@gmail.com [Positions Handled / Wanted]

Security information analyst;Senior Linux/BSD administrator;Senior system analyst/developer;Technical coordinator;Technology researcher/prospector;

[Personal information]

Indaiatuba, SP, Brazil, Married, 28 years old;mobile: +551981665517phone: +551938167994skype: vischmidt

PresentationIf you want to hire a strong and skilled IT Consultant you will find a true one in me. Taking a closer look atthese pages, you will find a driven, hard-working analyst/engineer who is always looking for innovative waysto improve processes and systems.Information Technology is one of my passions with particular emphasis on Unix-like operational systems andsecurity development.

Summary

Graduated Technician in Data Processing at Unicamp (Cotil).I have very practical and broad knowledge in IT businesses:

•

Professional system analyst and developer since 2000;

•

Skilled technician in Unix environment since 1999 until present day, having deep skills in that platform;

•

Experienced in web development, for heavily accessed and interactive sites;

•

Logs analysis and interpretation;

•

Open Source enthusiast, since 1998 (but I’m not a radical);

•

Extensive experience (almost 8 years) in designing and implementing highly efficient and reliable database solutions;

•

Capacity to understand users' needs, conciliate conflicts and developing/customizing solutions;

Specialties•

Unix/FreeBSD & Linux ( C/C++ development, administration and automation with shell scripts) ;

•

Web development using Java, Perl and PHP;

•

Linux security hardening;

•

Information security analysis (with Open Source tools);

•

Network development, analysis, monitoring and provisioning;

•

Data Base Architecture (design, creation, monitoring and tuning);

•

DB Modeling (ER) with OracleDesigner, JDeveloper and others;

•

KornShell (ksh93) and Bash;

•

Regex, Perl and Data Mining/Transform (ETL);•

Version Control Systems with CVS;•

Object Oriented Analysis with Unified Modeling Language (UML);

Qualifications in Security Information Area•

Broad and practical knowledge about vulnerabilities and risks;

•

S.I. evangelist and enthusiast since 1997 (explaining about risks with computer virus, lost information,suggest a government institution the creation of a CSIRT, etc) ;

•

Cryptographic libraries and workflows like GPG, OpenSSL libmcrypt and geli(bsd/file-system);

•

Knowledge on IPSec (linux/bsd) and others VPN services like OpenVPN and SSH;

•

Basic knowledge on ISO27k standard series;

•

Good risks analysis evaluation and penetration tests;

•

Good understanding about security issues on several IT areas and service layers including: development,production, network and management;

•

Intrusion Detection Systems and Reactive Defense;

8/7/2019 SchmidtVinicius_SecResume

http://slidepdf.com/reader/full/schmidtviniciussecresume 2/4

•

Firewalls: Linux’s iptables/netfilter, OpenBSD’s PF and basics on Microsoft’s ISA;

•

Techniques using exploits and frameworks like owasp and metasploit to prove concepts;

•

Security Analisys Tools:

o

Network Layer: nmap, Nessus, core-impact, snort, ettercap, pftop and many others;

o

Operational Layer: tripwire, rkhunter, portaudit, vuxml and many others;

Tech qualifications•

Other operational systems: Microsoft Windows (since 3.11, DOS since 6.20), OpenBSD and MacOS X;

•

Oracle’s Toolkits: SQLplus, PRO*C, JDeveloper, TOAD and Designer 2000, OAS, Portal and OID;•

Advanced databases knowledge: Oracle, PostgreSQL and MySQL;

•

HTTP Server: deep skills on Apache’s httpd;

•

Single Sing-On using OpenLDAP;

•

Mail Stuff: exim, postfix, dovecot, SpamAssasisn, spamd, mailman, berolist, horde/imp, squirrelmail;

•

CMS: joomla, word press; Instant Messenger Server: OpenFire;

•

Cache systems: squid with dansguardian content filter;

•

Network management and tools: net-snmp, bind, cacti, nagios, tcpdump and many, many others;

•

File System Sharing & Management: Samba, NFS, Bacula, FTP, Novell;

Current Developments•

pgpool-II (PostgreSQL’s cluster workflow);

•

CakePHP;

•

Spring + ZKoss (Java patterns andframework);

•

Dynamic routing with BGP (quagga);

•

Ruby (to use with rails and metasploit);

•

AJAX and jQuery;

Professional Historical/Experience•

System Analyst-Web Developer / Security Analyst

Abril Publisher (Privately Held; Publishing industry) Apr 2010 Present (3 months )

Web-developer allocated mainly on Exame.com.br, a huge web operation, providing diversified solutions;

Security relevant tasks: Response on invasions; Team conscientization; Code auditing;

•

IT Manager / System Analyst-Developer / Security Analyst

Triarius Consultoria em Tecnologia e Sistemas (Information Technology and Services industry) June 2006 Present (4 years 1 month)

Since my partner and I have founded Triarius, we have been working with special projects which haveallowed us to explore (and challenge) our potentials.Working with the 3 major aspects of IT business (business-administration-people, technology and security)we are capable to develop a large number of IT projects that will enable your business' development and

growth.

Security relevant tasks: Head consultant & researcher;

•

Sr. IT Consultant

Angola's Metropolitan University (Higher Education industry) November 2007 November 2009 (2 years 1 month)

We have supplied a full spectrum IT consulting (through Triarius) for this Angolan university where the ITdepartment was all designed and implemented by us.

Security relevant tasks: Workshop security awareness and technical risks analysis;

8/7/2019 SchmidtVinicius_SecResume

http://slidepdf.com/reader/full/schmidtviniciussecresume 3/4

•

Consultant / Unix Developer / Database Designer

M4 Systems (Information Technology and Telecommunication Services industry) January 2006 October 2007 (1 year 10 months)

Working for M4Sistemas, I was able to learn several aspects of the Telephony Business in depth.In this project we worked for Claro (Telmex), developing a specialized provisioning system that wasresponsible for increasing the throughput from ERP to Engineering Equipments (Nokia, Nortel,Ericsson,etc).My major involvement was in writing the application using ANSI C and Oracle's PRO*C. The system wasdeveloped on Linux Red Hat, but the production environment was HP-UX.

Security relevant tasks: Provisioning Workflow Auditing based on new policital and mannagement goal,as a result, one the most important things was my capacity to learn the IT and Engineering Process and putthings together.

•

System Analyst / Developer / Database Designer

Jupiter Development Systems (Information Technology and Services industry)

June 2003 October 2005 (2 years 5 months)

Based at Angola, Jupiter has big clients such as MINFIN ( Ministério das Finanças da Repulica de Angola )and other government institutions.I worked with Oracle and PL/SQL (+WebTookit) to develop financial systems. Also, I worked on the teamresponsible for designing the major data base, along with FMI consultants, contributing many times andpermitting that our sponsor would fulfill the deadline.Further activities include development processes, APIs and batch process to integrate MINFINdepartments with estate and private banks on a single financial system.Other small but relevant tasks: implementing the CVS server, allowing better teamwork integration,Installing the 1st. Linux-webmail-server in an emergency situation; Conducting a small study class onJDeveloper and OC4J.

Security relevant tasks: provide technical and analitical data on possible threats; creation of a proposal tocreate the MINFIN’s CSIRT; member of task force on systems security;

•

System Analyst / Web Developer / System Administration

Abril Publisher (Privately Held; Publishing industry) July 2000 June 2003 (3 years )

Work environment running Linux, Apache, CVS, PHP, bash, Perl, MySQL, PostgreSQL and Oracle.First, I was responsible for the maintenance of a newsletters server (sending approx. 600.000 solicitedemails/day) and the development of a dozen tools to optimize my work.

When the mailing server was running by itself, my priority changed to developing a custom CMSto publish static html on our servers and WAP content as well (using and PERL and PHP, with MySQLand Oracle databases).

Other special tasks in which I participated: writing a framework to permit selling web content (collectioncontent project); implementing the first CVS server, which was extensively used by our team; Web Serveraudience analysis (using 2 different tools);

Security relevant tasks: Approaches on security web-development with PHP/Perl and hardening Linuxservers for file-sharing and huge traffic mail system); Working directly with critical systems based on

HTTP service integration using cryptographic libraries and protocols;

8/7/2019 SchmidtVinicius_SecResume

http://slidepdf.com/reader/full/schmidtviniciussecresume 4/4

•

Trainee

State University of Campinas – Unicamp – Computer Center (Higher Education industry) January 2000 June 2000 (6 months)

Working as trainee at CCUEC/Unicamp has been my dream since I first visited their installations in 1997.It is one of the most highly developed Computer Centers in Brazil.

My primary task was to develop a special Linux course that we used to train the university systemadministrators. One of many tasks assigned to me was to offer a webmail service tostudents/professors/researchers. In order to achieve that, I learned how to install, configure and customizethe horde/imp - a webmail toolkit, which has allowed me to learn more about PostgreSQL, PHP, PHP-extensions LDAP) and send my notes to the support team; these notes were used to assist them during theimplementation of a webmail solution to serve the whole university.

Security relevant tasks: I had start my study routine in information security techniques, with OpenBSDand Linux/LIDS (firewalls too, of course) and PostgreSQL crypt functions.

•

Trainee at Computers Department

State University of Campinas – Tech School of Limeira (Cotil) (Higher Education industry) July 1999 December 1999 (6 months)

I was responsible for maintaining 2 computer labs (around 30 PCs each). Researching, installing andadministrating Linux servers as an alternative to Novell 4.11. After the first 3 months I was required to doa "special trainee job" installing a new router + firewall + squid that was used by the entire school.

Security relevant tasks: campus firewall manteining using old ipchains/nat; maintain the sanity onstudent’s labs; Novell 4.11 X Linux integration;

Formal EducationState University of Campinas - Technician in Data Processing – 1997 – 1999Focus on Operation Systems, Networks, System Analysis & Development and DatabasesUnicamp - Universidade Estadual de Campinas – Cotil – Colégio Técnico de Limeira

Professional Honors iBest2001 – working to Abril Publisher at Info website [www.infoexame.com.br]

Relevant Conferences Participations •

Semana da Segurança de Informação – Unesp - Rio Claro – 1999

•

H2HC – Hackers to Hackers Conference – São Paulo – 2009

HobbiesPhilately, Astronomy, Music, Physics, Photography, Traveling;