- Certifications: CISSP, CompTIA Security+ and CCNA
- Broala trained Bro analyst
- Puppet, Bash/Ksh, SQL, PHP, AutoIt, PowerShell, Bro, Python, and Ruby.
- Red Hat/CentOS, Debian/Raspbian, Ubuntu, FreeBSD, Kali/Backtrack, HP-UX, AIX, and Mac OS X.
- Apache, Nginx, Mod-SSL, Mod-Security, Squid, HAProxy, WHM/cPanel, MySQL, SQLite, and Oracle.
- Postfix, Dovecot, Spamassassin, and RBLDNS.
- HP EVA SAN, IBM DS Storage, NetApp, FreeNAS, OpenFiler, and DRBD.
- VMWare vSphere, AWS, Rackspace Cloud, Digital Ocean, and Vagrant/Virtualbox.
- TS-SCI Investigation in progress.
Defensive Cyber (Hunt) Operator/Analyst, Hunt Team Lead, MO Army National Guard Cyber Team
St Louis, MO — 2013
I lead a team of analysts, using a custom built hardware/software stack, to detect evil on the wire. Our team seeks, finds, and recommends/implements countermeasures to stop or previntrusions without actively participating in the target network.
- Proved that a Hunt/NSM methodology can be ridiculously effective at National Guard Bureau’s Cyber Shield ‘13 exercise.
- Developed scripts to allow junior analysts to better interpret Bro logs.
- Incorporated Logstash, Statsd, and Graphite into our stack to provide visual cues and situational awareness to support the hunt mission. Scripted generation of Logstash config and Gpatterns from Bro log headers.
- Authored scripts to pull data from our custom Bro log interface (Elastic Insight) and insert them into the Bro intelligence framework, allowing analysts to better track indicators in netflow.
- Developing a cyber lab environment to provide the team with training that better reflects real world attack scenarios, eclipsing the current commercial tools provided by National GuBureau.
System Administrator, Firespring
Lincoln, NE — 2013
In charge of all things web and email. Squashing spam, gluing disparate systems together, and using Puppet to automate “all the things”. Supporting over 3,000 small business and non-proclients on five continents, with over 30K mail users.
- In my first 30 days, I got our mail servers off all of the major blacklists and reduced support calls by over 50%.
- Implemented a collection of ruby scripts we dubbed the “suspendinator” to detect and quash accounts with compromised credentials, further reducing blacklisting and improving mail reputation.
- Used open source tools to identify compromised sites in our shared hosting environment and to proactively scan for vulnerabilities.
- Deployed a Heroku ruby application using published API’s to provide support personnel with better visibility.
- Currently migrating our remaining physical server infrastructure to AWS.
- Working on an API to share the botnet IP’s identified by the “suspendinator” to the greater security community.
AIX System Administrator, Nebraska Book Company
Lincoln, NE — 2013
While officially titled as an “AIX System Administrator”, my purview was all things “not Windows”. CentOS, Debian, and BSD were par for the course.
- Migrated stove pipe AIX environment with over 1500 users to a clustered file system with Kerberos and LDAP integration backed by Active Directory.
- Published an IBM Developerworks article detailing how to Integrate AIX with Active Directory using native AIX tools.
- Implemented Splunk log retention and analysis to support intelligence based system monitoring.
- Programmed a desktop interface for support personnel to manage AIX user attributes in Active Directory.
- Using the Active Defense Harbinger Distribution, used the Project Nova honeypot system to identify malicious traffic on the corporate network.
Division Manager / Sr. System Admin / Information Assurance Manager, NE Army National Guard
Lincoln, NE — 2005-2013
During my tenure with the NE Army National Guard, I drove the adoption of Linux and open source software both within the state and at the national level.
- Programmed web interfaces to provide visualization tools for pay and personnel data for full time staff, monitoring data for admins, and high level summaries for senior leaders.
- Managed the migration of all NE Army National Guard email accounts from a local Exchange stack to DISA’s Enterprise Email, using Powershell and other scripting to automate the procesRecognized by NGB as an SME.
- Scripted a Samba-based network TIFF/PDF printer that saved 35,000 pages and 3 man/months in the first year.
- Served as lead admin for several major system deployments involving HP-UX, VMware, Oracle, SQL Server, IIS, and Solaris. Took on several projects in the pilot stage and wrote documentatfor follow on deployments.
- Acted as the primary in-state POC for National Guard Bureau on all vulnerability assessment, compliance, and incident response matters.
Co-founder / VP / Director of Network Operations, RCOM, L.L.C.
Kearney, NE — 2004-2005
RCOM is a wireless internet service provider that I co-founded with two partners. We provided broadband Internet, VoIP, and web hosting for clients in Central Nebraska.
- Grew the subscriber base to over 1,000 customers and coverage of nearly 6,000 square miles.
- Awarded a contract to provide mobile Internet to the Buffalo County Sheriff’s Department.
- Programmed a PHP interface to manage subscribers in the MySQL backend of freeradius.
Kansas City, MO — 2008-2013
Bachelor of Science in Computer Science – Magna Cum Laude – February 2013
IT Systems Technician, US Army Warrant Officer Basic Course
Fort Gordon, GA — 2008-2009
Distinguished Honor Graduate
AWARDS, ACCOMPLISHMENTS, AND INVOLVEMENT
- Article published in IBM Developerworks on AIX Active Directory Integration – July 2013
- Selected to join the MO National Guard’s Cyber Incident Response Team – 2013
- Chief Warrant Officer 2, NE and MO Army National Guard, 1998 – Present
- Member, US Mensa, Nebraska-Western Iowa Chapter, 2007 – Present
- Member, Usenix/SAGE, 2010 – 2012
- Member, LOPSA 2008 – 2011
- Volunteer/IT Liaison, St. Joseph Elementary , 2008 – 2011
- Volunteer, St. Michael Catholic Church Technology Committee, 2011 – Present
- Secretary, St Michael School Family Association, 2012 – Present
- 734th Transportation Battalion NCO of the Year – 2004
- NE Meritorious Service Medal for file server implementation and Oracle/HP-UX conversion – 2007
- Federal Employee Sustained Superior Performance Award for job performance – 2008 and 2012
- Distinguished Honor Graduate, 251A Information Systems Technician WOBC -2009
- Army Commendation Medal and NE Achievement Medal for VMware deployment -2010
- Army Commendation Medal for performance as IT Officer for NE Ag Development Team – 2012
- Army Meritorious Service Medal for job performance – 2012
PERSONAL PROJECTS AND PRODUCTS
- System to parse Bro log headers and generate Logstash Grok filters and configs.
- IBM Developerworks Article – http://www.ibm.com/developerworks/aix/library/au-active_directory_integration/
- https://gist.github.com/jeffgeiger – Various bits and pieces I’ve shared
- http://jeffgeiger.com – My personal blog