Terry MacDonald

Experience

• 

  Massey University College of Education

  Nov 1996 - Oct 1997

  Computer Sppport
• 

  Advantage Computers & Network Solutions

  Oct 1997 - Jan 1999

  Computer Technician
• 

  Massey University

  Feb 1999 - Feb 2001

  Support Engineer & Web Developer
• 

  Northgate Information Solutions

  Jul 2001 - Oct 2004

  The main responsibility of this position was to protect the Wandsworth Borough Council internal network from disruption and security breaches. My job was to advise the council how best to improve its network security. This involved advising on network design, management procedures, staff training, physical site security, operating procedures and software purchasing to best achieve a secure network. Much of my responsibility was involved in the day to day monitoring, examination and control of possible security incidents. I was also responsible for detecting and reacting to possible network intrusions. Upgrading of Checkpoint Firewall-1/VPN-1, creation of a VPN and procedures for management of this system, improvement of the ISA Server, and introduction of web access controls were projects that I implemented or oversaw. My TCP/IP skills were useful in diagnosing difficult network configuration problems. Key Responsibilities: • Packet level analysis of possible security incidents.• Security recommendations to council management on large projects.• Administration and configuration of the VPN and Checkpoint Firewall-1/VPN-1.• Administration and configuration of the Proxy Server and Internet Access management.• Project management of major security projects.• Reacted to security intrusions and adjusted security configuration as new threats emerged.• Server patch management and rollouts.• Updated enterprise virus detection software and responded to virus outbreaks.• Server Performance monitoring and server purchase recommendations.• Security software evaluation focusing on interoperability and future proofing.• Production of documentation and improvement of current security management procedures.• Liaised with other support teams.• Evaluated the benefits of current security best-practice trends to the organisation. Show less

  • Security Officer

    Apr 2002 - Oct 2004

  • Systems Administrator

    Jul 2001 - Apr 2002
• 

  EDS Group

  Feb 2005 - Jul 2005

  Infrastructure Analyst

  The main responsibility of this position was to administer and protect the web based infrastructure of General Motors North America. The job was quite specific in its range of activities, and was mainly focused on engineering new standard implementations of web site protection for GM NA, and to produce new scripts for generating metrics for the Operations sections. I was involved in the new project to design the next generation web authentication and authorisation system for use by GM worldwide.

• 

  Gen-i

  Jul 2005 - Dec 2006

  Security Operations Specialist

  My role at Telecom Gen-i involved the constant monitoring of the security infrastructure (as part of a 24x7 support team), implementation of changes requested by customers, and troubleshooting connectivity issues where appropriate. I was responsible for resolving any incidents as quickly as possible, and with as minimal impact to the customer as possible. In addition to technical knowledge, the job required the ability to manage customer expectations, to work to a deadline, and to work cohesively and effectively with team members and other departments. My previous experience in a wide range of roles helped give me a fresh perspective on what customers were trying to achieve and how best to help them achieve it. My scripting and programming skills made our department more efficient, specifically by automating work, and by consolidating and refining documentation. Key Responsibilities: • Monitored security infrastructure used by some of New Zealand’s largest companies.• Rectified faults before they became a problem for customers.• Used and enforced the change control process.• Pro-actively audited customer implementations to improve efficiency and maintainability.• Ensured critical monitoring tasks were completed.• Created automated scripts to replace previously manual processes.• Improved the robustness of processes and documenting them. Show less

• 

  EDS Group

  Jan 2007 - Jul 2007

  Information Security Analyst

  My work at EDS was as a technical consultant for security matters. I worked as the only New Zealand based member of my Asia-Pacific team, and was responsible for providing customers with guidance on best practices, reviews of security designs and input into various process and procedure improvements. My role required me to have a good knowledge of EDS’s and our customer’s security policies and to make sure that any network designs that I reviewed were compliant with both. Being proactive and self-motivated was important, as my management were based in Sydney. Key Responsibilities: • Reviewed network designs for security issues and suggested improvements.• Performed vulnerability scans across various infrastructure.• Determined solutions to mitigate problems found during security audits.• Enforced network designs adherence to customers’ security policies.• Improved customers’ processes and documenting them.• Was a single national point of contact for security matters.• Was a member of the Asia-Pacific Threat and Vulnerability Management Team. Show less

• 

  Telecom New Zealand

  Jul 2007 - Apr 2014

  My role at Telecom was to roadmap, proof-of-concept, develop and architect a 1-3 year plan for security, and to ensure that we were utilising the latest security developments as best they could. I needed to juggle the long term vision of the enterprise architect with the direction the retail and corporate business units wanted to take the business, and factor in fixing the problems that hampered the operational security teams – and provided them with the latest techniques and strategies to respond to security incidents. It was my responsibility to develop a multi-year plan that improved Telecom New Zealand's security posture, and ensure that it aligned with work undertaken across Telecom New Zealand's business. This required closely following the latest trends in Security, and evaluating them for use within Telecom. As part of this process, I needed to involve all areas of the business, from our offshore departments to our enterprise facing business to our internally focussed departments. I needed to meet with business stakeholders, technical teams and subject matter experts within each area, who each feed information into the review process so that the security review was based on threats, vulnerabilities and business impacts that came from the participants themselves. In addition I created the Telecom Security Incident Response Team (T-SIRT) Incident Response Plan, integrated the VERIS framework into the corporate Ticketing System, and developed a Data-centric Security Model (integrating the Lockheed Martin Intrusion Kill Chain) to help target where we were missing Security Controls across our infrastructure. I also designed and architected the DNS Redirection Service, the Internal Sinkhole, the Enhanced Monitoring Solution and the deployment of Endace IDS sensors across the business, and was the lead architect developing our replacement SIEM. Show less My senior role within the Telecom Security Incident Response Team (T-SIRT) was to help develop and improve the types of services we could offer as part of T-SIRT. I created the first version of the Telecom Incident Response Plan, and developed our own T-SIRT Security Ticketing, extending it to leverage the VERIS incident classification framework. I was the lead developer of our open-source enterprise-wide IDS sensor design and managed to include detection functionality that many commercial products do not have. We implemented a Honeynet to improve our early warning detection, and included client honeypot technology in order to proactively detect infected internal machines. I designed a malware analysis environment for determining how malware works when we find some, and we began to design an internal penetration testing service in preparation for internally certifying some services the company offers. In addition to this development work I was responsible for reviewing vulnerability alerts from Secunia and AusCERT, and alerting management when one was critical enough to require urgent patching. I was also on constant standby to help out our 2nd Level Team if there was a security incident. Show less

  • Security SME

    Jul 2012 - Apr 2014

  • Senior Security Specialist

    Jul 2007 - Nov 2012
• 

  Cisco

  Apr 2014 - Jan 2015

  Information Security Investigator

  My role at Cisco was to provide senior technical leadership within the Cisco Managed Threat Defense (MTD) team. I was involved in finding the best ways to detect intrusions in our customers’ networks, and determining the best ways to detect them. I was hired to act as an escalation point for our US based MTD Analysts, providing them with additional insights into suspected attacks. I also provided input into the long term strategies that Cisco MTD should be working towards to ensure that they are able to compete in today’s market. An example is the integration of VERIS into our ticketing to improve the metrics that we can deliver to our customers. Another was development of the network detection playbook we used to catch bad guys, which listed the indicators of compromise we should look for and where to find them. Show less

• 

  Microsoft

  Jan 2015 - Jul 2015

  STIX Consultant

  I helped the MSRC develop STIX / TAXII functionality within their product set.

• 

  Threatloop.com

  Jan 2015 - Jun 2016

  Managing Director

  Threatloop.com was a STIX/TAXII consulting business based in Sydney, Australia. We worked with vendors to help them develop their STIX/TAXII toolset.

• 

  Cosive

  Aug 2015 - now

  Chief Operating Officer / Principal Security Consultant

  Cosive are experts at Security Guidance, Threat Intelligence and Incident Response. My role is to identify opportunities where Cosive can improve the Threat Intelligence and Incident Response processes for our customers, and then achieve those improvements. This can involve integration, workflow, guidance, training as well as developing new products.

• 

  Soltra Solutions

  Oct 2015 - Apr 2016

  Senior STIX Subject Matter Expert

  I consulted with Soltra helping spearhead their STIX community involvement.