here - iVeritus

aliveboonevilleΔίκτυα και Επικοινωνίες

28 Οκτ 2013 (πριν από 4 χρόνια και 13 μέρες)

286 εμφανίσεις

PROFESSIONAL PROFILE

OF

ERIC STEWART

INTRODUCTIO
N

Mr. Stewart

is a senior level Network Security Specialist and Cis
co Subject Matter Expert with 23
+
year
s in the IT industry including
11

years in IT Security. He currently
is a top ranked
Cisco
Certified Systems Instructor
(
CCSI
)

in Global Knowledge (Canada)

where he
delivers
advanced
technical courses in the areas of IT Security analysis, design and implementation.
He holds
certificat
ions as a CCNA (Cisco Certified Network Architect)

for Security and
CCSP (
Cisco
Certified Security
Professional
)
.
His most recent experience is heavily focused on integration of
Cisco technologies within security solutions. He has had specific experienc
e in designing and
implementing SSL VPN.solutions in conjunction with Cisco ASA 5500

UTM firewall appliances

and Next Generation Firewalls
.


Mr. Stewart has appeared on national TV on several occasions in recent months, most recently with
Global National w
here he was asked to use his IT security expertise to comment on recent (and
successful) cyber attacks on Canadian Federal Government departments as well as the hijacking of
a national political party’s website. He also contributed to a documentary piece o
n wireless network
security and the ease of eavesdropping on users of wireless hotspots. His commentary has also
appeared in print media, specifically in newspapers owned by Post Media. In September of 2010,
Mr. Stewart was a guest speaker at the DND ISSO
Conference at the Conference Centre in Ottawa
where he shared a presentation on enterprise network security.

Relevant and noteworthy experience include
:



D
esign and implement
ation of

security architectures including IDSs, VPNs, firewalls and
content filters
.(
CheckPoint Firewall
-
1, Cisco PIX and ASA security appliances and 3000 series
VPN Concentrators
;

Cisco IDS/IPS servers
,

SSM modules and various protocol analyzers
)



Design

and implement
ation of

security architectures including hands
-
on installation and su
pport
of SSH Client/Server, HTTPS on Apache web server, Certificate Authorities and AAA servers
using respectively MS CA and Cisco ACS 3.x and 4.x and Radius and LDAP integration.



VPNs secured between CheckPoint and Cisco PIX and ASA security appliances using
IPSec/IKE and between MS RAS servers and clients using MS PPTP (point
-
to
-
point tunneling
protocol) and L2TP.



Deliver
y of

workshops on Cisco’s security blueprint, “SAFE” and S
elf Defending Network and
vulnerability and Threat Risk Assessments using a variety of tools including nmap, Nessus, etc.



Extensive hands
-
on in teaching the building of multi
-
platform workstation and switch/router
TCP/IP networks, both enterprise and backb
one.



Firm grounding in TCP/IP applications (SMTP, DNS, FTP, Telnet, etc.) as well as IP routing
protocols such as RIP, OSPF, BGP, IGRP and EIGRP.



Taught

Cisco CCNA, CCSP, CCNP and CCIE advanced curriculum as well as non
-
vendor
Wireless Security (WPA, 8
02.11i, 802.1x, LEAP, PEAP, WEP and site survey tools)



Thorough and fundamental knowledge of the cryptographic concepts and systems behind many
modern implementations of encryption technology including IPsec VPNs, S
-
HTTP, SSH and
S/MIME and their component

ciphers and crypto systems
.



Extensive hands
-
on and lab
-
based experience implementing secure architectures using intrusion
detection/protection systems and firewalls in a comprehensive network design.



Extensive experience with PKI/LDAP and X.509 integratio
n with remote access client
authentication using digital certificates and extended authentication in Active Directory with
Cisco PIX and ASA firewalls as well as IOS devices including routers and switches.



Subject matter expert and presenter on network har
dening principles, not only in Cisco but in
heterogeneous networks.



Noted speaker, author and instructor on network security policies, vulnerability and threat
-
risk
assessments and attack methodologies.



Taught

and implement
ed

labs where firewall policies, ACLs, Stateful Packet Inspection and
UTM principles and operation are demonstrated.



Aut
hored an exam preparation guide for Cisco’s new CCNA Security certification for Cisco
Press. This book is currently on store shelves and
also online.



Recent and practical knowledge with Cisco ISE (Identity Services Engine), Wireless LAN
controllers and BYOD framework.



Security Clearance: Secret (Level II) File:
95
-
22
-
7957
,
Expiry date: September 16, 2019


EMPLOYMENT HISTORY

(INCL. CONCURRENT WO
RK)

Fastlane Education

July 2011


Present

Cisco Security Instructor

Bell Canada (various projects)

July 2008




Present

Senior Network
Security
Engineer

Marine Atlantic

Apr. 2011


Aug. 2011

Security Consultant

Department of
National Defence

Oct. 2010


Present

Senior Network Security Engineer

Office of the Information
Commissioner of Canada (OIC)

Nov. 2009


Jan. 2010

Security Consultant

Public Health Agency Canada
(PHAC)

Apr. 2009


Oct. 2009

Senior Network Engineer

NAV
Canada

Nov. 2008


Nov. 2009

Senior Network Security Engineer

Loyalist College

Dec. 2008

Senior Network Security Architect

Bank of Canada (BoC)

Jul. 2008


Sep. 2008

Senior Cisco Network Security
Analyst

Cisco Systems Inc.

Apr. 2008


Oct. 2008

Cisco
Press Author

Canadian Air Transport Security
Authority (CATSA)

Jan. 2008


May 2008

Senior Network Security Architect

Francis Fuel and Freightliner of
Ottawa

Nov. 2007


Dec. 2007

Senior Security Consultant

Loyalist College

Oct. 2007

Network Consultant

Cisco Systems Inc.

Apr. 2007


Jul. 2007 and
Sep. 2007


Nov. 2007

Press Development Editor

IBM Canada and CTE Solutions

Jun. 1995


Present

Senior Network Architect and CCSI

Loyalist College

May 2006


Jul. 2006

Cisco Architect

Alcatel
-
Lucent Networks

Aug. 2005


Sep. 2006

Senior Course Designer and SME

Loyalist College

Jun. 2005


Aug. 2005

Cisco Architect

Freightliner Trucks

Jul. 2005

Cisco Engineer

Elytra Enterprises

May 2005


Jul. 2005

Senior Network Security Consultant

JDS Uniphase

May 2003


Aug. 2003

Network Consultant

Canadian Network Data Solutions
(CANDS)

Sep./Oct. 2002, Jun./Jul.
2003 and Apr./May 2004

Cisco Engineer

Northland Systems Inc.

Jan. 2001


Aug. 2001

SME and eLearning Consultant

Department of Foreign Affairs and
International Trade (DFAIT)

Jul. 1993


Jul. 2000

LAN/WAN Network Architect

Revenue Canada, Customs and
Excise (RCCE, now CRA)

May 1992


Jan. 1993

Project Manager and Technical Lead

Department of National Defence
(DND)

1991


1992

Architect

Ontario Pro
vincial Ministry of Heath

1990


1991

Systems Engineer/Project Leader

Revenue Canada Customs and
Excise (RCCE, now CRA)

1989

Systems Anaylst

Supply and Services Canada (now
PWGSC)

1989


1991

Programmer/Analyst

Micro Support Services

1987


1989

Programmer Analyst

Department of National Defence
(DND)

1979


1986

Commissioned Naval Officer
(Lieutenant)


BUSINESS EXPERIENCE

(INCL. CONCURRENT PR
OJECTS)

Project
1

(
November

2012


February 2013
)

Corporate Security and Facility Services of the Bank of

Canada (w/ Juno Risk LLC)

Network Security Architect


Mr. Stewart was

part of a team which
conducted

a thorough review of the Bank’s
virtualized data
centre
network infrastructure which
culminated

in a detailed gap analysis as well as specific
recommendat
ions as to how these security gaps may be closed. Extensive use of Cisco and other
vendors’ best practices as well as ITSG
-
22 and
-
38 are crucial, as is knowledge of the Cisco ASA
firewalls, virtual contexts, Nexus switches and Cisco VDC (Virtual Data Cen
ter) architecture and
TrustSec that are employed in BoC’s highly virtualized architecture.

Project
(s)

2

(July 2012


September 2012
, and January 2013 to present
)

University of Ottawa
and International Joint Commissions
(w/ Bell Canada)

Network Security A
rchitect


Mr. Stewart reviewed uOttawa’s network security architecture and implemented two Cisco Firewall
Services Modules (FWSMs) in an Active/Standby Failover configuration at the Internet perimeter.
As part of the effort he rationalized and simplified
the rule set logic of a cutover from the pre
-
existing DrawBridge firewall to the new firewall architecture.


At the IJC, Mr. Stewart installed and integrated an A/S FO Cisco ASA pair supporting both gate
-
to
-
gate and client
-
to
-
gate VPN functionality using r
espectively IPsec and Cisco AnyConnect Secure
Mobility Client solutions. Subsequently scaled the solution by adding remote access by Cisco VoIP
phones via AnyConnect and integrating with Cisco UCS at the client headend in both Ottawa,
Windsor and Washingt
on DC


Project

3

(January 2012


August 2012)

Corporate Security and Facility Services of the Bank of Canada (w/ Juno Risk LLC)

Network Security Architect


Mr. Stewart did a thorough analysis of the newly implemented virtual data centre (VDC)
architecture
and identified gaps in the security architecture when measured against Bank policy. He
also made specific recommendations on how these gaps might be closed
as well as the risk
associated with the gaps.


Project
4

(concurrent)
(
Apr
.

2011


Aug. 2011)

Marine Atlantic

IT Security Analyst

Mr. Stewart p
rovided hands
-
on design, configuration and implementation services in support of a 5
-
phase network security architecture renewal at Marine Atlantic in Port
-
Aux
-
Basques
Newfoundland. The project started wi
th an architecture review, followed by specific
recommendations for the acquisition of new technology to replace outdated equipment. The
technology was acquired

by the customer
, and subsequently
was
implemented
by Mr. Stewart
per
the five phases outlined
below:


Phase 1:

Designed and i
mplemented a Cisco ASA 5585
-
X SSP
-
20 security appliance/firewall to
replace the existing Cisco PIX 525. This phase also involved the configuration of a Cisco WebVPN
portal for clientless SSL VPN access as well the Cisco An
yConnect Secure Mobility Client client
-
based

SSL solution
(
client
-
to
-
gate
)
to support IT Staff and teleworkers. Recommendations were
made for proper zone
-
based network security policies per CSE ITSG
-
22 and ITSG
-
38

Phase 2:

Designed and i
mplemented a Cisc
o 4255 IDS appliance to detect and prevent network
-
based attacks from both outside of Marine Atlantic’s network as well as attacks originating on the
inside.

Phase3:

Designed and i
mplemented a Cisco Ironport C370 Cluster of two Ironport Email Security
App
liances (ESAs) to provide anti
-
spam, anti
-
malware, and reputation based scanning and detailed
reports of all inbound email traffic to Marine Atlantic’s mail servers.

Phase 4:

Designed and i
mplemented a pair of Cisco Ironport S160 Web Security Appliances
(WSAs) to provide for reputation based scanning and content filtering as well as detailed reports of
all outbound web traffic from Marine Atlantic’s fixed facilities and ferry boats.

Phase 5:

Designed, i
mplemented and integrated Tenable Security’s
Security Center 4.2 SIEM
(Security Intrusion and Event Monitoring) solution to provide for realtime monitoring, analysis and
reporting of security events based on correlated information from all of Marine Atlantic’s network
devices (IDS/IPS, firewalls, swi
tches, VPN endpoings, WSAs, and ESAs, etc.)


Project #5



34
mths

(Oct. 2010


Present
)

Department of National Defence (DND)

Network
Security
Analyst / Architect

Mr. Stewart
designed and then
conducted
a test plan
to choose betwe
en
Fortinet
Fortigate
UTM
d
evice and Cisco ASA 5500 series solutions
in support of a SSL VPN remote access VPN portal

for
the

Enclave Convergence Initiative (ECI
)
.


S
ubsequently
he designed and
implemented

a Cisco

SSL VPN remote access

(
client
-
to
-
gate
)

VPN
Web

portal in support of
the Enclave Convergence Initiative (ECI)
. ECI is a high profile project
whose
Q
1 2013

implementation will result in the consolidation of disparate networ
ks into a
Classified
R
estricte
d Z
one

(RZ)
protected by
two
clustered
Cisco ASA 5585
-
X
UTM firewall / S
SL
VPN servers and using common services such as email and file sh
are repositories.
The
design/implementation required in
-
depth knowledge of both CLI and ASDM.

Users within the
existing DND Operations Zone (OZ) will be able to connect to the VPN cluster w
here they will be
authenticated and their workstations
’security
posture

assessed for access to RZ services
.
Features
(and technology used) of the solution include:



Integration with existing Entrust enterprise PKI solution

including authentication using device
X.509 identity certificates
.




Cisco Secure Desktop pre
-

and post
-
login posture assessment
.



Load
-
balancing and high
-
availability through the implementation of two Cisco ASA 5585
-
X
SSP
-
20 UTM firewall / VPN gateways in
a

cluster.




WebVPN (thin) and AnyConnect Secure Mobility Client (thick)
SSL remote access VPN

solution

(
client
-
to
-
gate
)
.




Design of a gate
-
to
-
gate (
site
-
to
-
site) IPsec VPN between the clustered ASAs and an IEG
(Internet Exchange Gateway) to support SMTP em
ail from the RZ MS Exchange 2010 server
into the DND OZ.




Design of a high
-
availability layer 3 switch stack solution in the RZ which provides for intra
-
chassis redundancy and routing offload for all intra
-
RZ traffic such as vMotion, management
protocols a
nd backup jobs.



Two
-

and one
-
factor authentication options leveraging on SmartCard technology and integrating
with Active Directory (AD) services in the RZ.
]



IEEE 802.1Q VLAN trunk to core switch services in the RZ providing for logical separation of
manag
ement, data and control plane traffic
.



Extensive documentation
of all implemented and tested technology
per DND engineering
process documentation standards

including
: System Design Specifications;

V&V

Plans; System
Interface Requirements; Test Plans; and Proofs of Concept.



Documented adherence to GSP, ITSG
-
22, ITSG
-
38 and Cisco best practices as contained in
Cisco’s “Self
-
Defending Network”.



Designed and implemented a remote access

(
client
-
to
-
gate
)

Cis
co IPsec VPN for
OZ
management

users into the RZ, authenticating from a RADIUS server integrated with the RZ
AD.




Designed and implemented a
Cisco
DMVPN solution integrated with Cisco’s GETVPN
technology on top of DND’s CSNI and DWAN network and supporting

client connectivity on
top of TACLANE.


Project #6

-

4mths

(Nov. 2009


Jan. 2010)

Office of the Information Commissioner of Canada (OIC)

Network Security Analyst / Architect

Mr. Stewart conducted
IT Security analysis including
a Threat Risk Assessment
(TRA) of OIC IT
infrastructure which included a review and gap analysis of present OIC security policy, Business
Continuity Plans and Disaster Recovery Plan
.



Report resulted in a technical strategy for remediation to ensure that the residual risk was
acce
ptable to responsible stakeholders.



Gaps were measured against Government Security Policy (GSP) as well as Cisco’s Self
-
Defending Network (SDN) and uses metrics and zoning recommendations contained in CSE’s
ITSG
-
22 and ITSG
-
38.



The technology involved in this work was: CISCO
IOS

routers, Fortinet Fortigate 300
-
A (UTM)

with remote access SSL VPN client connectivity
, and Zywall
-
70 firewall.




Technology Environment
: OIC’s network devices are managed in
-
band in a separate

management

VLAN using SSH and S
-
HTTP for encryption and protection against MITM (man
-
in
-
the
-
middle) attacks. OIC used Cisco 800
-
series ISR routers and Catalyst 2950 and 2960
series switches. The OIC’s Intranet used Microsoft Active Directory for user login. AD was

used to store users’ credentials and other attributes in an X.509 compliant directory. ZyWall
and Fortinet firewall UTM appliances were used, with signature
-
based intrusion detection
system configured on a hardware module on the ZyWall firewall. Nessus,

Nmap and
WireShark were used to assess the network’s vulnerability to common technical threats targeted
on information assets and network integrity. Nmap Scripting Engine (NSE) shell scripting was
used to scan for vulnerable network services as was Tenab
le Nessus.


Project #7

-

6
mths

(Apr. 2009


Oct. 2009)

Public Health Agency Canada (PHAC)

Senior Network Engineer

/ Network Security Analyst

Mr. Stewart
performed security gap analysis on
an
as
-
built application hosting environment called
PHACNET.

Subsequ
ently, Mr. Stewart:



D
eveloped
new

network architecture and installed and configured Cisco IDSM
-
2 IPS modules
in 6 Cisco Catalyst 6509 core switches in both Winnipeg and Ottawa, configured CS
-
MARS
SIEM solution integration with existing network devices and
designed and configured
management network including integration with RSA Authentication Server central AAA
solution
.



C
reated thorough documentation of as
-
built as well as reconfigured network while comparing
against CSE/RCMP and vendor best practices stat
ements as well as GSP
; this was implemented

in a
heterogeneous network of Nortel Contivity
IPSec
VPN gateways
(configured gate
-
to
-
gate in
Secure Channel)
,Cisco / Check Point / RSA / Sourcefire / Symantec and Websense devices as
well as other vendors.




Implemented Cisco IDSM
-
2 intrusion detection modules in core switches and configured
security policies and clustering on PHAC’s Checkpoint firewalls. Also implemented Sourcefire
IDS appliances in several security zones.



Implemented/
i
ntegrated access to No
rtel Contivity 1760 gateways (to PWGSC Secure Channel)
which used FIPs
-
compliant
IPsec encryption for a gate
-
to
-
gate
VPN.




I
nstalled, configured and trained IT staff on Cisco Security Manager (CSM) version 4.



Technology Environment
: PHAC’s network devices

are managed in
-
band in a separate
management VLAN using SSH and S
-
HTTP for encryption and protection against MITM (man
-
in
-
the
-
middle) attacks. AD was used to store users’ credentials and other attributes in an X.509
compliant directory.AD was used with RS
A Authentication Server to authenticate
administrators of network devices on an internal AAA server. PHAC used redundant (intra
-
chassis) Cisco 7200
-
series supervisor modules in their core 6509 switches for Intranet/Internet
access. ISP
-
managed Cisco 2800
-
s
eries ISR routers were used for Secure Channel access and
Cisco Catalyst 3750 (discrete and stacked) and Cisco 6509 series switches were used in the
access and core layers respectively.


Project #8



5m
ths

(Nov. 2008


Nov. 2009)

NAV Canada

Senior Network
Security Engineer

Mr. Stewart assessed t
he network from both architecture and a configuration (technical) standpoint
for its vulnerability against inside and outside threats
.



E
valuated software and installed upgrades to CiscoWorks LMS, and CSACS 1113 Solut
ion
Engi
ne.



Compiled and installed RADIUS integration from Sun Solaris OS devi
ces to the Cisco CSACS
server.



D
ocument
ed

the architecture of the Perimeter Security Network (PSN) and perform
ed

a security
impact analysis of network changes
.



Implemented and

c
onfigured Nortel
Contivity IPsec/

and Alteon
client
-
to
-
gate
SSL VPN
gateway
s


for

authentication to
CSACS.




Cisco
’s

Security MARS
, CSACS and

CSM
products as well as
an internal syslog server were
installed to report and do trend an
alysis of network
-
based a
ttacks.



Technology Environment
:
NAVCAN’s network devices are managed in
-
band in a separate
management VLAN using SSH and S
-
HTTP for encryption and protection against MITM (man
-
in
-
the
-
middle) attacks. S
-
HTTP was also used for both thin
-

and thick
-
client S
SL VPN access to
the NAVCAN HQ network on Nortel Alteon switches
. NAVCAN used a combination of Top
Layer and Snort IDS. Perimeter firewall services were provided by two Checkpoint NG
-
X
clusters: one internal and another external. Nortel Contivity 1760 g
ateways (to PWGSC Secure
Channel) which used FIPs
-
compliant IPsec encryption gate
-
to
-
gate. AD was used to store
users’ credentials and other attributes in an X.509 compliant directory. NAVCAN used Cisco
2800
-
series ISR routers (for Secure Channel access)

and Catalyst 2960 and 3750 (stacked) and
6513 series switches



Project #
9



1

m
on
th

(Dec. 2008)

Loyalist College

Senior Network Security Architect

Mr. Stewart
performed an IT Security analysis of the existing infra
s
tructure; and

re
-
engineered,
evaluated,
configured, integrated and implemented an overhaul of Loyalist’s entire switched
campus infrastructure and completed on
-
time and on
-
budget in December 2008.

Loyalist’s network
devices are managed in
-
band in a separate management VLAN using SSH a
nd S
-
HTTP for
encryption and protection against MITM (man
-
in
-
the
-
middle) attacks.



Consulted
and provided advice
on the specification of equipment to purchase in support of the
procurement of over $250,000 of new Cisco equipment.



Implement
ed

Catalyst 6509 c
ore switch and
a
FWSM firewall module and new GigabitEthernet
switches
in
the core and edge of the campus network.



Configured contexts (virtual firewalls) between different VLANs.
Established separate VLANs
for security zone architecture to support Cisco
Aironet 802.11 b/g/n autonomous AP
implementation in public zones throughout Loyalist campus.



Evaluated multiple vendor solutions for best fit.



Loyalist College has 15,000 users
, comprising both day and night division students as well as
faculty.



IPsec was

used for remote access Cisco hardware client
-
based VPN

access

(
client
-
to
-
gate
)

from
several remote sites to the campus Cisco 3030 VPN Concentrator.


Technology Environment
: Loyalist’s network devices are managed in
-
band in a separate
management VLAN
using SSH and S
-
HTTP for encryption and protection against MITM (man
-
in
-
the
-
middle) attacks. IPsec was used for remote access Cisco hardware client
-
based VPN
access from several remote sites to the campus Cisco 3030 VPN Concentrator. Loyalist used a
Cisc
o 7200
-
series supervisor module for Intranet/Internet routing and Catalyst 2950 and 2960
switches (access layer) and a 6509 series core switch.


Project #
10

-

3
mths

(Jul. 2008


Sep. 2008)

Bank of Canada (BoC)

Senior Cisco Network Security Analyst

Mr. Stew
art performed an IT Security analysis
(including a design and architecture review)

of the
High Availability Deployment
P
roject

(HADP)
;
the analysis involved a thorough IT security review
of the network design and implementation plan, prior to the
implementation phase.

The analysis
determined
the network security posture

as well as
adherence with
GC policies and standards
.

HADP is a
highly virtualized

protected “B”
-
certified network accessible over the Internet by the
Bank’s p
artner financial inst
itutions.

The
IT Security review

included all components
of the network
including:

Catalyst 6509 switches,
ACS 1113 solution engines, IDS 4255 appliances, VRFs, Security Contexts on FWSM, ASA 5500
series security appliances, Cisco Security Manager (CSM) an
d Cisco
Secure Monitoring Analysis
a
nd Reporting System (MARS) and
remote
-
access

(client
-
to
-
gate)

AnyConnect SSL VPN solution
.

The assessment required in
-
depth knowledge of both CLI and ASDM.




Technology Environment
: BoC’s network devices are managed in
-
band in a separate
management VLAN using SSH and S
-
HTTP for encryption and protection against MITM (man
-
in
-
the
-
middle) attacks. PKI is used to issue identity certificates to devices and users and to
perform message
encryption and signing using X.509 certificates and S/MIME. Evaluated a
Cisco AnyConnect ASA SSL VPN solution. BoC used Cisco FWSMs (firewall services
modules) in core switchs and configured contexts (virtual firewalls) between different VLANs.
Cisco ID
SM
-
2 modules were used and deployed as multiple virtual sensors between different
VLANs. BoC used redundant (intra
-
chassis) Cisco 7200
-
series supervisor modules in their core
6513 switches for Intranet/Internet access. ISP
-
managed Cisco 2800
-
series ISR ro
uters were
used for Secure Channel access and Cisco Catalyst 29xx and Cisco 6513 series switches were
used in the access and core layers respectively. Nmap Scripting Engine (NSE) shell scripting
was used to scan for vulnerable network services as was Tena
ble Nessus. Reports were
exported into .csv format for importing into spreadsheets and other software. Cisco Security
MARS and Cisco CSM were configured to manage devices via SNMP and Netflow.


Project #
11

-

4m
ths

(Apr. 2008


Oct. 2008)

Cisco

Systems Inc.

Press Author, CCNA Security Certification Guide

Mr. Stewart a
uthored an exam preparation guide for Cisco’s new CCNA Security certification for
Cisco Press. This book is currently on store shelves and also online. Book title is CCNA Security

Exam Cram, ISBN 0789738007
.

Technology Environment
: This book provides a very comprehensive
analysis and
practical
guidelines
,

and discusses the following

areas in
-
depth
:



SSH and IPsec operation as well as network hardening and security using S
-
HTTP and
S/MIME signatures for non
-
repudiation and origin authentication for messaging
security.
ASA AnyConnect SSL VPN solutions, both thin and thick clients.




Principles of TCP/IP operation, securing and encryption as well as zone
-
based security
architecture are d
iscussed in the book including well
-
known protocols such as UDP, DNS,
SMTP and SNMP version 3 for secure reporting.



IDS/IPS systems in general as well as specific examples in Cisco’s product line including
IOS IPS, hardware
-
based IDS/IPS modules for ASA se
curity appliances, 6500
-
series
switches and modular IOS routers.



U
nsecure network protocols such as HTTP, FTP, and Telnet and their specific
vulnerabilities in the context of MITM attacks.Book discusses network security principles
for routers, switches, fi
rewalls and other network devices.



Describes

and d
isc
usses the “bastion” process for network device and server hardening as
well as means to secure routers using Cisco autosecure and one
-
step lockdown CLI tools
.




Presents
an extensive survey to threats
against the network infrastructure as well as
safeguarding and classifying IT assets and information. Technical threats and network
remediation are discussed in the context of best practices and over
-
arching security
principles.



Cisco’s System Development

Life Cycle approach, Self Defending Network (SDN) and
SAFE blueprint as well as
industry

best practices

for implementing protocol, password and
hardware and software security are discussed in depth in the book.



Firewall policies, ACLs, Stateful Packet I
nspection and UTM principles and operation are
explained.


Project #1
2

-

5
m
ths (Jan. 2008


May 2008)

Canadian Air Transport Security

Authority (CATSA)

Senior Network Security Architect

Mr. Stewart provided
IT security analysis including
expert oversight
and technical assistance for the
design
,
implementation

and integration of a
gate
-
to
-
gate

IPsec
VPN Protected B secure architecture
utilizing

Cisco ASA 5520 UTM appliances

on the Protected A, Canada
-
wide CATSA intranet.




Evaluated, procured and then implemented a secure reporting and event management system
(Tenable Security Center) to ensure public sector MITS and GSP compliance.



Implemented Cisco ASA Security Appliances into the existing network.Network comprised of
Nor
tel ERS, Tipping Point IDS/IPS appliances, McAfee (ePolicy Orchestrator) Servers and
Secure Computing WebWasher and
Cisco PIX firewalls in Class

1 and Class 2 airport facilities.



Part of the project included the establishment of CATSA intranet OSPF areas u
sing the PWGSC
TELUS IP/MPLS core as the backbone area.



Configured and

i
mplemented 2
-
factor authentication using RSA Secure ID smart card token
technology for the Cisco IPsec remote access(client
-
to
-
gate) VPN client
solution

(Used CA and
X
.509)
.

FIPS

comp
liance was required for CATSA’s Cisco’s IPsec VPN client solution.




IPsec VPNs were designed

and implemente
d

for protected
-
B “islands” to transmit classified
data in gate
-
to
-
gate VPNs over CATSA’s protected
-
A intranet
.




SNMP reporting, syslog, and Netflow
with Tenable

Network Security’s “Security Center”
SIEM
product was evaluated against Cisco Security MARS
.



CATSA’s Tipping Point IDS/IPS appliances were evaluated as were Cisco PIX firewalls at the
Internet perimeter in both HQ and satellite sites
.



Technol
ogy Environment
:
CATSA’s network used TCP/IP for transport both in their intranet as
well as for connection to the Internet. DNS name resolution was configured on an internal
server to resolve both internal and external domains. SMTP was used for inbound

and outbound
email from a DMZ to and from the Internet.
CATSA used Cisco 2800
-
series ISR routers (for
Secure Channel access) and Catalyst 2960 and 3750 (stacked) and 6513 series switches


Project #1
3

-

0.5m
ths

(Nov. 2007


Dec. 2007)

Francis Fuel and
Freightliner of Ottawa

Senior Security Consultant

Mr. Stewart
evaluated an as
-
built security architecture and subsequently

implemented/
integrated a
secure network of Cisco ASA

firewalls
(UTM

devices)
at
3

separate sites connected with

a
dedicated full
-
mesh
T1 WAN.



Presented
option

analysis

for technology integration.



De
-
commissioned Cisco ASA firewalls in a full
-
mesh
IPsec VPN solution

between three sites,
created network security policies and architecture to support the secure transmission of VoIP
between satellite offices and headquarters.




Integrated a secure Bell
-
supplied VoIP solution between the remote sites and a central office
w
hich uses Nortel BCM 4000 solution and Nortel VoIP phones integrated into a Layer 3
Cisco
Catalyst switch backbone.



Executed a penetration test to test the solution’s security including an inside AS/400 mainframe
Lotus Notes and Domino Mail Server and Blac
k
Berry Enterprise Server (BES).



Designed
,

implemented/i
nstalled and configured a Cisco ASA
550
5

remote access

(client
-
to
-
gate)

SSL VPN solution

using both the ASDM (Adaptive Security Device Manager) and the
command line interface (CLI).




Integrated Cisco AnyConnect
Client
-
to
-
gate SSL VPN

client solution to HQ.
Client
-
to
-
gate
Cisco client IPsec VPN

solution for teleworkers and sales




Basic threat detection was configured on Cisco ASA 5505 firewalls as well as access lists on a
Cisco 3620 I
OS router.



Implemented 802.11n wireless network in a separate VLAN at a satellite office using a Cisco
Aironet captive access point on an Cisco 881W wireless router.



Technical Environment
:
IBM MVS on AS/400, Microsoft Server 2008. HTTP, FTP, and Telnet
wer
e used to connect to both intranet and internet servers. SIP protocols were used for VoIP
traffic in the with the Nortel BCM solution. D
-
link and Linksys LAN switches, and Cisco ASA
5505 firewalls with Security Plus licenses. Also Cisco 3620 and 881W wir
eless routers and
Cisco Catalyst 3560 PoE switch with full layer 2 and 3 QoS configuration.


Project
#1
4

-

0.5mths (Oct. 2007)

Loyalist College

Network Consultant

This was a t
roubleshooting contract involving a QoS (Quality of Service) issue with a dedicat
ed
remote access Cisco VPN solution and a proprietary central site server. Tools used included the
Wireshark Protocol Analyzer and Cisco switches using SPAN
and RSPAN. Also installed and
configured a Cisco VPN 3030 concentrator head end device for a remot
e access

(client
-
to
-
gate)


IPsec and SSL VPN solution, authenticating with RADIUS/LDAP

and integrated the VPN solution
into a DMZ to pass through a Cisco PIX 525 UTM firewall deployed at the network perimeter
.


Transport layer flows in the TCP/IP stack wer
e analyzed carefully to determine where QoS issues
were occurring in a client
-
server flow inside a previously implemented remote
-
access IPsec VPN
solution.


Project #
1
5

-

2 months

(Apr. 2007


Jul. 2007

/ Sep. 2007


Nov. 2007)

Cisco Systems Inc.


Press
Development Editor

Mr. Stewart was responsible for the technical content of the 2nd edition of the official
Designing for
Cisco Internetwork Solutions (DESGN)

book. This material is required reading for the CCDA
(Cisco Certified Design Associate) curricul
um.



Required expertise in switching, wireless LAN design, routing and Cisco network security as
well as in
-
depth understanding of Cisco’s Life Cycle Design and Self Defending Network.
ISBN 978
-
1
-
58705
-
272
-
9



Edited a new title called
Router Security Strateg
ies

ISBN 978
-
1
-
58705
-
336
-
8. This book was
released in Q1 2008.




Project #16
-

90

months
(
on average 6

months per year
)

(
Jun. 1995


Present)

IBM Canada and CTE Solutions

Senior Network Architect and CCSI, Global Knowledge Network

One of only a handful of
CCSIs in North America, Mr. Stewart provided
hands
-
on advanced
training and Subject Matter Expertise
for Glob
al Knowledge in the areas of Network Security
analysis, design and implementation including:
the design, evaluation
and implementation of
security
architectures including IPS/IDSs, VPNs, firewalls and content filters
.



Delivered hands
-
on technical design and implementation seminars for Global Knowledge. This
experience included the design, configuration, maintenance, testing (planning and execution)
and troubleshooting of lab environments; the environment included leading edge technologies
and featured more specifically a blend of Microsoft and Cisco technologies
.
The seminars
designed and implemented various security solutions including: IPS/IDSs, IP
sec and SSL
VPNs; Cisco 3000 series concentrators (initially) and (later)
CISCO ASA 5500 in
conjunction with Cisco’s WebVPN, SSL VPN Client (SVC) and AnyConnect Client SSL
VPNs;

as well as firewalls and content filters.




Over the past 6 years (since 2004),

Mr. Stewart has been preparing and delivered hands
-
on
advanced level technical seminars in the areas of network security analysis, design and
implementation.



As a SME responsible for training often senior level students, he has built and maintained
se
veral lab environments within Global Knowledge premises as part of the teaching process; as
well as on his own business premises for analysis, knowledge advancement and research
purposes. The labs that he
has been

maintaining include leading edge technolo
gies and feature
more specifically a blend of Microsoft and Cisco technologies
.
Instruction was predominantly
using the Cisco CLI for configuration, though Cisco has taken a more blended approach with
their new SNAF and SNAA courses where the ASDM is bein
g used extensively in addition to
the CLI for all configurations, especially tasks like SSL VPN which have multiple component
steps.




The labs that he has been maintaining include leading edge technologies and feature more
specifically a blend of Microsof
t and Cisco technologies.



As part of this hands
-
on instruction work, Mr. Stewart
has been teaching i
mplementation of
PKI for
authentication

of network devices and end
-
users in the majority of the IT security
courses he teaches. PKIs
configured and

impleme
nted include MS CA and OpenSSL. Recently,
he has
guided
groups of
experienced students through
the implementation of technology
solutions including most recently, a PKI to support remote access
(client
-
to
-
gate)

SSL and
IPSEC VPN solutions; the solutions included both CA and active directory (
X
.509)



His work also included analysis, design and advanced troubleshooting of Global Network
infrastructure as and when required. For example: he r
edesigned
,
implemented

and
documented a full
-
mesh, redundant
remote access

(client
-
to
-
gate)

IPSec VPN solution between
the Canadian operation’s satellite offices and the HQ in Raleigh, North Carolina. (2006); he
solved a number of difficult
-
to
-
troubleshoot firewall and VPN conf
iguration issues and other
network issues that threatened the Canadian operation with lost productivity.




Delivered workshops on Cisco’s Self Defending Network and vulnerability and Threat Risk
Assessments.



Provided hands
-
on teaching on the building of mul
ti
-
platform workstation and
switch/router

TCP/IP networks, both enterprise and backbone with a firm grounding in TCP/IP applications
(SMTP, DNS, FTP, Telnet, etc.), as well as, IP routing protocols such as RIP, OSPF, BGP,
IGRP and EIGRP.



Taught Cisco CCNA,

CCSP, CCNP and CCIE advanced curriculum as well as non
-
vendor
Wireless Security (WPA, LEAP, PEAP, WEP and site survey tools)



Constantly learnt, evaluated and certified on leading edge technology including network
hardware, end
-
user workstations, client
-
se
rver and operating systems.



On
-
going testing (including test planning and execution) of all security solutions being designed
and deployed in the teaching labs’ network.



Products worked with include Check Point Firewall
-
1, Cisco ASA
5500

series
, PIX and VPN

concentrators and PIX in
-
line IDS and various protocol analyzers.

He designed and
implemented security architectures including hands
-
on installation and support of SSH
Client/Server, HTTPS on Apache web server, Certificate Authorities and AAA servers usin
g
respectively MS CA and Cisco ACS 4.x and LDAP integration. VPNs were secured between
Check Point and Cisco PIX firewalls using IPSec/IKE and between MS RAS servers and clients
using MS PPTP (point
-
to
-
point tunneling protocol) and
L2TP.



Experience gained

in the following IT security areas:



Extensive experience in designing and implementing security architectures including IDSs,
VPNs, firewalls and content filters Products where expertise was gained include CheckPoint
Firewall
-
1, Cisco PIX and
ASA
5500

series
security

appliances and 3000 series VPN
Concentrators and Cisco IDS/IPS servers and SSM modules and various protocol analyzers.



Extensive experience in designing and implementing security architectures including hands
-
on installation and support o
f SSH Client/Server, HTTPS on Apache web server, Certificate
Authorities and AAA servers using respectively MS CA and Cisco ACS 3.x and 4.x and
Radius and LDAP integration.



VPNs secured between CheckPoint and Cisco PIX and ASA security appliances using
IP
Sec/IKE and between MS RAS servers and clients using MS PPTP (point
-
to
-
point
tunneling protocol) and L2TP.



Extensive hands
-
on and instructional experience with Microsoft OS’s including Windows
2000 (incl. server) and Windows XP.



Deliver workshops on Cisc
o’s security blueprint, “SAFE” and Self Defending Network and
vulnerability and Threat Risk Assessments using a variety of tools including nmap, Nessus,
etc.



Extensive hands
-
on in teaching the building of multi
-
platform workstation and switch/router
TCP/IP

networks, both enterprise and backbone.



Firm grounding in TCP/IP applications (SMTP, DNS, FTP, Telnet, etc.) as well as IP
routing protocols such as RIP, OSPF, BGP, IGRP and EIGRP. Teach Cisco CCNA, CCSP,
CCNP and CCIE advanced curriculum as well as no
n
-
vendor Wireless Security (WPA,
802.11i, 802.1x, LEAP, PEAP, WEP and site survey tools)
.


Pr. 16
.1


Lab design, implementation, upgrade and maintenance



As a SME responsible for training often senior level students, Mr.

Stewart has
designed,
implemented a
nd upgrades/maintains

on an on
-
going basis
a comprehensive
lab environment

on
his own business premises for analysis, knowledge advancement and research purposes.
The
network architecture design includes CISCO ASA Unified Threat Management devices using
S
SL VPNs.

Th
e design and implementation work

involved configuring
CISCO ASA 5500 series
of devices using ASDM and CLI
.



The lab includes leading edge technologies
,
within an all virtualized environment
, including the
following
:



Cisco AnyConnect SSL VPN,



Ci
sco IPsec VPN clients as well as
Gate
-
to
-
gate

IPsec VPNs,



Active Directory / LDAP (Microsoft and Open Source implementations),



RADIUS AAA server,



Squid web proxy, caching, content and URL filtering server with Cisco WCCP v2
transparent proxying,



Cisco Ironport
C10
messaging gateway,



Cisco 871 IOS routers configured in an HSRP cluster, dual
-
homed to the Internet on Static
IP addresses
,



Cisco Catalyst 3524
-
XL
-
EN series IOS switches,



ASA 5505 (w/ Security Plus License) UTM security appliance acting

as both an IPsec VPN
server and SSL VPN server and IPsec
gate
-
to
-
gate

VPN endpoint
,
and
a
n

AIP
-
SSC5
IPS
module

providing perimeter intrusion prevention services



WPA2
-
Enterprise wireless acess point,



VMware Server 2.1

and VMWare ESXi

4.2
,



Ubuntu, Solaris,

Fedora, CentOS and FreeBSD Linux O
S
s
,



Microsoft Server 2003 and OpenSSL CAs operating in a hierarchical PKI and issuing
X.509v3 identity certificates to servers (mail, web, FTP, etc.) and users within privately
hosted domain
;
MS Server 2010 and Exchange 2
010,



McAfee VirusScan Enterprise (VSE) v 1.6 Linux Server



2 Microsoft 2003 Servers (Enterprise) as domain controllers and configured with Group
Policy Objects (GPOs) within test lab domain.



BlackBerry Enterprise Server Express (BESx) and
three

registered B
lackBerry 9700
, 9800,
9810
smartphones.



Zenoss SNMP Network Management Server



Tenable Security Nessus Server


Project #17



1

m
on
th

(May 2006


Jul. 2006)

Loyalist College

Cisco Architect

Mr. Stewart conducted
IT Security analysis including
a Threat Risk A
ssessment (TRA)
;

on existing
infrastructure and
subsequently designed and implemented a remote access

(client
-
to
-
gate)

and site
-
to
-
site

(gate
-
to
-
gate)

IPSec VPN between Loyalist College’s central campus in Belleville and
satellite campuses across the province.




Implemented a Cisco
-
proprietary WebVPN and SSL VPN solution.




Implemented security zones at the central campus and controls for traffic moving b
etween the
zones including wireless hotspots.



Installed and configured a Cisco VPN 3020 Concentrator into the DMZ and PIX
525 firewall

and RSM at the central office.



Designed and implemented campus VLAN design and inter
-
VLAN routing on Loyalist’s RSM.



Loya
list College has 15,000 users.

Project #18

-

8 months

(Aug. 2005


Sep. 2006)

Alcatel
-
Lucent Networks


Network
Architect/Analyst

Mr. Stewart worked as part of a team to design a new advanced network certification track for
Alcatel’s core
service router of
ferings.



Technologies included QoS, IP/MPLS, GRE, IPsec VPNs
, dynamic routing protocols.




Courseware, lab fit
-
out and other materials delivered according to an aggressive timeline and to
the highest quality standards.



This project advanced Alcatel’s
presence in the networking community with a suite of courses
to compete in this important global market space.



The work involved
80% design


20% instruction.


Project #
19

-

0.5 months

(
Jun. 2005


Aug. 2005)

Loyalist College


Cisco Architect

Mr. Stewart c
onducted
IT Security analysis including
a Vulnerability Assessment (VA) and
implemented a complete Local Area Network VLAN overhaul of the college’s core network. The
redesign involved a review of the
current collapsed backbone and Novell client/server, f
ollowed by
a phased implementation which involved core and internal VLAN architecture with Cisco Catalyst
LAN switches, a Cisco 7206 edge BGP router and Cisco PIX 525 firewall.

Project #
20

-

0.5 months

(Jul. 2005)

Freightliner Trucks


Cisco Engineer

Mr. St
ewart c
onducted
security analysis including
a threat risk assessment (TRA) and
option
analysis; he
designed
;
procured equipment
;
and
then implemented a full
-
mesh site
-
to
-
site

(gate
-
to
-
gate)

VPN solution for Freightliner Trucks with several sites using Cisco
PIX firewalls and Linksys

wireless VPN gateways. Solution also support
ed

remote access for a number of teleworkers. The
project involved requirements definition, a statement of work, and a phased implementation plan.


Project #
21

-

c
oncurrent

(
May 2005


Jul. 2005
)

Elytra Enterprises


Senior Network Security Consultant

Mr. Stewart wrote a research whitepaper on the security, privacy and legal implications for VoIP as
relates to the introduction of infrastructure VoIP in North America. This extensive rese
arch was
conducted for Lucent Technologies Japan.

The report was extremely well received by the customer. Research into the security and privacy
implications of VoIP within the (then) current regulatory and legal frameworks was either non
-
existent or poor
ly conceived. The report, a 500
-
page document, drew from a number of experts in
both areas and involved extensive interviewing and research.

Project #22

-

4 months

(
May 2003


Aug. 2003
)

JDS Uniphase


Network Consultant

Mr. Stewart c
onducted
IT Security
analysis including
a Vulnerability Assessment (VA)
,
designed
,
and tested(including test planning and execution)
the fit
-
out

of, and costing of a remotely
-
accessible
optical fiber lab with WDM (Wave Division Multiplexing) equipment.
He s
eparately
recommended
learning objectives and provided detailed incremental costing and security risk analysis for
delivering a series of JDSU
-
proprietary courses over the Internet on encrypted links using the
eLearning instructor
-
led modality.


Project #23

-

1 mont
h

(
Sep./Oct. 2002,

Jun./Jul. 2003 and Apr./May 2004)

Canadian Network Data Solutions (CANDS)


Cisco Engineer

Mr. Stewart c
onducted
IT Security analysis including
a TRA and based on
its recommendations
,
implemented Cisco
PIX 506E firewall and Site
-
to
-
Site V
PN installation at Francis Fuels and
Freightliner Trucks Ottawa.



Provided for firewall screening private subnets of several interconnected enterprises as well as
providing for secure, MS PPTP and Cisco VPN clients remote access to company network.



Impleme
nted SSH (Secure Shell) and HTTPS access to PIX firewall. Configured

remote access
solution to allow secure access from VAR through PIX to AS/400 ser
ver at Freightliner Ottawa
site.


Project #
24

-

1 month

(
Jan. 2001


Aug. 2001
)

Northland Systems Inc.


SME and eLearning Consultant

Mr. Stewart co
-
authored a number of proprietary online advanced TCP/IP and WAN networking
courses for Northland as a Network SME (Subject Matter Expert) and QA lead. These courses are
offered to Alcatel to their network engine
ers worldwide.


Project #25

-

72

months

(
Jul. 1993


Jul. 2000)

Department of Foreign Affairs and

International Trade (DFAIT)


LAN/WAN Network Architect, SIGNET Project

On contract to SPS Engineering and Computer Consultants,
Mr. Stewart was
part of the original
tactical team which architected and rolled out the departmental global WAN. Secure Intranet, the
Secure Integrated Global Network (SIGNET) at Department of Foreign Affairs and International
Trade (DFAIT).
This infrastructure (SIGNET C
)
was leveraged by DND for
connectivity to
embassies abroad.

Technologies included
Cisco routers, Frame Relay
, TCP/IP OSPF, and X.400
Mail.



Act
ed

as Regional Support Manager in both Europe and Southeast

Asia areas of the global
WAN.



D
eveloped a 4
-
week tec
hnology workshop and trained all implementation teams and WAN
support

teams for the global rollout.



7

years of solid and intimate experience with a geograp
hically large and diverse WAN.


Project #26

-

9 months

(
May 1992


Jan. 1993)

Revenue Canada, Customs

and Excise (RCCE, now CRA)


Project Manager and Technical Lead

On contract to Iota Consulting,
Mr. Stewart was the
project leader in charge of the design and
implementation of an Equipment Services group for RCCE (CCRA) and the LAN Integration
Centre.
He
was l
ater responsible for
20

staff who provided all network infrastructure support for the
department’s SNA mainframe and WAN networ
k across Canada.



Administered and monitored ISP Service Level Agreements (SLAs) and third
-
party support
vendors who performe
d on
-
site hardware support and installation ser
vices outside
Ottawa/Gatineau.



Supported equipment included WANs with SDLC
-
attached devices mainframe (ESCON and
Bus & Tag) and
Token Ring LAN
-
connected (LLC2) hardware and peripherals, terminals,
controllers
, gateways, bridges, routers, FEPS etc.



RCCE upgraded from 3COM 3+OPEN to MS LAN

Manager 2.1 on WaveLan and token ring
topology networks.


Project #
27

-

6 months

(
1991


1992)

Department of National Defence (DND)


Architect

At the Flight Structures and

Dyn
amics section of Aeronautical Engineering,
Mr. Stewart
performed
a feasibility study and prototyped an image data capture/retrieval system called FSDDIS (Flight
Structures and Dynamics Data Integration System). FSDDIS produced front
-
end data for a UNIX
-
ba
sed Flight Path Reconstruction Program. Table of discrete x, y data points from scanned
-
in
graphs and tabular data which represented flight test data for aircraft types in the Canadian Forces
inventory was fed to OCR front
-
end and inputted to CAD and raste
r
-
to
-
vector (R2V) technology
which was used for the conversion of the scanned graphical data. Another module of the prototype
system analyzed and graphed the data, performing simple linear regression, best
-
curve
approximations, and basic statistics.


Proj
ect #28

-

12 months (1990


1991)

Ontario Provincial Ministry of Heath


Systems Engineer/Project Leader
,
Emergency Health Services

Mr. Stewart s
et up and coordinated the implementation of a general systems support contract for the
LANs and WAN of the Emergency Health Services Branch of the Provincial Ministry of Health.
The work involved setup, repair and troubleshooting of software and hardware
as well as customer
service at several LAN/WAN installations in Eastern Ontario. Application support encompassed
custom packages as well as basic office automation products; answering user queries; and on
-
site
training as well as coordination of same thro
ughout the client's user base.


Project #29

-

3 months (1989)

Revenue Canada Customs and Excise (RCCE, now CRA)


Systems Anaylst

Mr. Stewart c
ollaborated on the rollout of a national LAN/WAN implementation based on 3COM's
3+OPEN product and interconnecting

sites in support of the GST project. The implementation
required the quick, accurate and efficient integration of remote sites over an X.25 WAN and the
training of several diverse groups including the technical support personnel, users, LAN
administrators

and Regional Support Managers as well as the trainers themselves.
He c
ollaborated
in the formative planning of an overall support organization and its staffing.


Project #
30

-

18 months

(1989


1991)

Supply and Services Canada (now PWGSC)


Programmer/Ana
lyst

The IM/IT Network Database

A logical extension of the SSC Course Training Database, this project involved the enhancement of
a single
-
user system into full network capabilities. The system required the development of a unique
"paging" menu system with

colour
-
coded navigation. A multiple
-
hierarchy password protection
system was designed as well as other security measures such as database encryption and
compilation of program source code.

SS
C/PDG Course Training Database

Mr. Stewart developed a databas
e application that gave managers, course instructors and other staff
a method to enter applications for training, as well as retrieve current and historical information on
courses offered by internal and external agencies. Reporting requirements included
course
critiques, information briefs and mailing lists.


Project #3
1

-

21 months (1987


1989)

Micro Support Services


Programmer Analyst, Customer Support

Mr. Stewart p
rovided customer services in support of both software and hardware.
Also, he was
l
arge
ly involved in troubleshooting and direct maintenance on IBM and compatible microcomputers
and peripherals, as well as set
-
up and design of Novell and Unix/XENIX loca
l area networks.



Designed backup procedures and user log
-
in interfaces as well as documen
ted n
etwork
administration manuals.



Provided
application programming in

BBx for an accounting package.



Co
-
authored a Canadian payroll module

Project #32

-

8 years (1979


1986)

Department of National Defence (DND)


Commissioned Naval Officer (Lieutenant)

M
r. Stewart s
erved in the Canadian Navy in various capacities throughout
his

tenure at Royal
Military College of Canada
where
he
studied Computer Engineering. L
ater, on the West Coast in
Victoria, B.C.,

he

served as a bridge officer, ship’s navigator
,

and
junior staff officer.

Mr. Stewart s
erved in various ship types including destroyers and minesweepers.

EDUCATION



BA,

Economics

Major/Computer Science Minor,
Carleton University

Class of ‘87

CERTIFICATION, TRAIN
ING, AND PROFESSIONA
L DEVELOPMENT



Computer Engineering
C
ourses, Royal Military College

Class of ‘83

Certifications



Cisco Certified Systems Instructor

CCSI



Cisco Certified Network Associate

CCN
A



Cisco Certified Network Associate Security
CCNA

Security



Cisco Certified Security
Professional
C
CSP
(need to re
-
certify as of November ‘11)

Professional Upgrade Courses



BSCI


Building Scalable Cisco Internetworks



ICND 1 and 2


Interconnecting Cisco Network Devices Parts 1 and 2



SNRS


Securing Networks
with Routers and Switches



IINS


Implementing
IOS Network Security



SNAF


Securing Networks with ASA Fundamentals



SNAA


Securing Networks with ASA Advanced



DLSW


Data Link Switching +



CSVPN


Cisco Secure VPN



SNAM


SNA for Multiprotocol Administrators



BCMSN


Building Cisco Multilayer Switched Net
works



ABGP


Advanced Border Gateway Protocol



MCAST


IP Multicast



OSPF Design


Open Shortest Path First



CISSP (Certified Information Systems Security Professional) Boot Camp



Many others...