Summary
Overview
Work History
Education
Skills
Certification
Additional Information
Timeline
Generic

Conrad Fernandes

Summary

Well rounded and versatile engineering and software professional and project lead (with over 24+ years of experience) with a wide range of expertise. Led several design efforts in DoD enterprise architecture (EA) and INFOSEC arena. 11 years of current experience in cyber intrusions and advanced persistent threat (APT) analysis, malware analysis and correlation across the Defense Industrial Base (DIB), DoD and USG Agencies. Cyber Security Operations Supervisor since 2011 at Johns Hopkins APL leading Level-1 first responders, senior Level 2 investigators and specialized forensics experts and malware reverse engineers in the area of Incident Response and Advanced threat intelligence for APL.

Overview

33
33
years of professional experience
1
1
Certification

Work History

Supervisor

Johns Hopkins University, Cyber Security Operations Center, CSOC
11.2011 - Current
  • As CSOC Supervisor, manage a small but multi-faceted team of cyber security incident responders (IR), threat intelligence processing from the Defense Industrial Base (DIB) partner companies, US intelligence agencies, threat tracking and ticketing systems, intrusion detection sensors (IDS) and related sensors for monitoring and detection of cyber threats.
  • Led the plans and development of the CSOC in Building 25 and subsequently Building 24 Live Lab from which the Security Watch and Incident Response (IR) teams operate.
  • Service Manager for FireEye systems.
  • Regular updates of custom Yara signatures based on APT that target APL.
  • Manage content for all FireEye appliances - Email (EX), Web (NX), malware analysis sandbox (MAS / AX ) for dynamic analysis, and the FE central management system (CMS).
  • Service Manager for Mandiant Intelligent Response (MIR) - comprising sweeping for threat indicators of compromise (IOC) and analysis of Windows systems information (registry, files, memory) using Mandiant provided Console and tools.
  • Detailed knowledge and use of Cybersecurity tools used in the SOC for detection and mitigation: AcrSight (SEIM, event correlation), Netwitness Informer, Investigator - full packet capture (PCAP) analysis, InfoBlox (DNS sinkholing/blackholing), Bit9 / Parity (host based whitelisting), MIR (IOC sweeps, file and memory acquisitions), Websense (Proxy, web/URL filtering), CISCO ASDM Firewall (shunning IPs), TippingPoint Intrusion Prevention system (IPS), Snort IDS (Rules conf, and Base interface), FireEye systems (EX, NX, AX and CMS), Lancope StealthWatch (Netflow analysis), Splunk (for searches and queries across multiple event logs and syslogs), Co3 Systems and Service Now (for tracking and handling incidents).
  • Lead the Classified monitoring team for intrusion prevention, detection and incident response for APL's several Classified networks.
  • Work closely with Defense Industrial Based (DIB) Partners, essentially all the major defense contractors, to share threat information and intelligence related to advanced threats.
  • Evaluating:.
  • Bro IDS for potential replacement or enhancement for Snort IDS.
  • Securonix systems for Insider Threat detection program.

Cyber Intrusions Analyst

Booz Allen Hamilton, DoD Cyber Crime Center, DC3
03.2004 - 11.2011
  • Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE).

Enterprise Architect/Principal Software Engineer

Computer Sciences Corporation
06.2003 - 03.2004
  • Modeled and designed enterprise architectures at the DoD Business Transformation Agency (BTA), aka Business Management and Modernization Program (BMMP).
  • Utilized System Architect (SA) to model DoDAF products for business and security architectures.
  • Created Operational views (OV) and System Views (SV).
  • Created Logical Data Models (LDM) via OV-7 products.
  • Generated Physical Data Models (SV-11) targeted for Microsoft SQL server databases.
  • Created custom functions in Popkin System Architect (SA) to automate import and export of BTA enterprise data from/to SQL server databases.
  • Created customized dashboards and front-end User Interfaces (UI) to facilitate importing, exporting and querying content across multiple BTA repositories.

Principal Software Engineer

Sync Corporation
05.2002 - 06.2003
  • Led engineering effort s for DV video streaming formats to Firewire (OHCI 1394) equipped DV video cameras.
  • Used UML for modeling and generating essential use-cases, activity diagrams, sequence diagrams, class diagrams.
  • Utilized "bridge" and "adapter" structural patterns to bridge legacy code with Microsoft's DirectShow filters.
  • Developed Microsoft COM interfaces for host application and plug-ins.
  • Designed multi-threading capability in C++ /WinAPI to improve performance of Blade DV products.

Contractor / Principal Software Engineer

Virtual Ink Corporation
09.2001 - 03.2002
  • Using NLE expertise, Mr.
  • Fernandes led a small engineering team in the development of mimio Xi - a capture device for whiteboards and flipcharts.

Contractor / Principal Software Engineer

Avid Technology
07.1997 - 08.2001
  • Designed user-configurable solutions that enabled multiple client access to varied media data formats, including Advanced Authoring Format (AAF) and AVI.
  • Designed / implemented / tested several security features built into software and hardware components.
  • Created (pure virtual) C++ interfaces to produce an Integration Toolkit (API) for customers.
  • Performed UML modeling using Rational Rose and Magic Draw applications.
  • Integrated QuickTime and MPEG video streaming technologies into Media Composer and other Avid applications.
  • Extended usability of AAF (Advanced Authoring Format) via COM interfaces.

Senior Software Engineer

Advanced Visual Systems, AVS
06.1995 - 07.1997
  • Created portable/abstract GUI toolkit library for visualization models.
  • Developed data visualization APIs using C++, Win32 and MFC.
  • Improved run-time performance by designing and developing multi-threaded solutions.
  • Prototyped application code in Java, and utilized Java AWT as an alternative portable UI solution.

Software Engineer

Viewlogic Systems
06.1991 - 06.1995
  • Led development, emulation and simulation efforts in Computer Aided Engineering (CAE):.
  • Developed Viewlogic applications in C, and ported application code to multiple UNIX platforms including AIX, HP UX, Ultrix, SunOS and Solaris.
  • Integrated Viewlogic's ViewSim product and MIPS' R4000 co-simulator using TCP/IP sockets API.
  • Ported sockets API from UNIX to Windows NT by utilizing Microsoft WinSock API in C/C++.
  • Developed APIs for Viewlogic products using Win32 API for the DEC Alpha and MIPS RISC processor platforms, prior to the release of the Intel Pentium.
  • Emulated hardware via simulation languages (VHDL, DECSIM) and tested hardware circuits (ASIC's and FPGA's).

Senior Intrusions Analyst

  • performed detailed analysis and authored original threat activity reports (TAR), providing in-depth analysis on the threat via the "Kill Chain".
  • Presented the analysis on "Wekby" at the July 2011 DIB Technical Exchange Conference.
  • As Risk Manager: Determines Risks to DIB/DCISE operations; Coordinates with Cell Leads and Management and Present Findings and Risk Response Solutions to the EAB (Executive Advisory Board).
  • Led the software development for DC3's threat indicators database (GOLDRUSH).
  • Worked closely with DoD Cyber Crime Center Forensics Lab (DCFL) for improved malware analysis reporting.
  • As senior analyst with the Threat Analysis Cell, analyzed various intrusions and advanced persistent threats (APT) targeting the DIB.
  • Correlated DIB incidents to DoD events and activities, and attribution to known intrusion sets.
  • On DIB -CERT, performed triage and analysis on incoming Incident Collection Forms (ICF) from DIB Partners.
  • Authored Customer Response Forms (CRFs) that provided detailed analysis and indicators to the DIB Partners on exploits, vulnerabilities and suggested mitigation techniques to prevent further attacks.
  • Helped train new NTOC Watch Floor staff on the use of Wireshark for packet capture (PCAP) analysis.
  • On critical client missions, performed APT-hunting to discover the presence of APT using custom anomaly detection tools and analysis methods.
  • Support to numerous groups within NSA / Information Assurance Directorate (IAD) -.
  • Enterprise IA and Systems Engineering.
  • Vulnerability Analysis and Operations (VAO).
  • Information Systems Security Engineering (ISSE).
  • Key Management Infrastructure (KMI).
  • Enterprise Security Management (ESM) Computer Network Defense (CND) Enterprise Architecture Team Lead.
  • Led CND Architecture Working Group (CAWG) - a joint working group comprising DoD-wide offices and agencies, OSD(NII), NSA, DISA, JTF-GNO and the Army, Navy, Air Force and Marines.
  • Actively engaged with key CND integrators such as DISA PEO-MA, JTF-GNO J34, as well as CND Service Providers (SP) including Army NETCOM and Navy Cyber Defense Operations Center (NCDOC).
  • Architected IA/CND (Cyber Network Defense) Enterprise Solutions Steering Group (ESSG) initiatives under the direction of US STRATCOM.
  • Collaborated with the Technical Advisory Groups (TAG) to create DoDAF Operational and System Views for:.
  • Enterprise Security Management (ESM), Configuration Management (CM), IA Vulnerability Management (IAVM) and Vulnerability Management System (VMS).
  • Host Based Security System (HBSS).
  • Enterprise Sensor Grid (ESG), Enterprise Collaborative Operational Sensors (ECOS) and Secure Information/Event Management (SIM), the Joint Event Detection and Diagnosis (JEDD).
  • Developed Classified system architecture for VAO CND Architecture and Data Strategy Pilot (ISSE).
  • Key contributor in the design and development of the CND Asset and Vulnerability data model for I71 CND R&T PMO office / CND Data Strategy Pilot, using UML class diagrams in Visio and Hypermodel applications.
  • Utilized Secure Content Automation Protocol (SCAP) standards (e.g., CPE, CVE, CCE) and OVAL/XCCDF checklists, while working closely with NSA and NIST/NVD on CND Data Standards.
  • As a certified SOA architect, service-enabled Army asset data repositories by utilizing web services, WSDL and SOAP over HTTP message formats; the Asset Data Service (ADS), and HBSS Asset Data Publishing Service (APS).
  • Reviewed and validated Asset and Vulnerability data types in XML Schemas (generated as XSD files) using Eclipse-based XML editors such as Hypermodel and Eclipse-WTP.
  • As an architect and modeler, created Business Processes models in Telelogic System Architect and UML models in Visio, DoDAF System Views such as the SV-1 and SV-4 using Sparx Enterprise Architect (EA).
  • Aligned the CND system views to the operational views, e.g.
  • NETOPS OV-5, GIG-IA OV-5 and OV-2 VAO Architecture (VAO).
  • Worked with stakeholders in Advanced Network Operations (ANO), Red/Blue teams, Joint COMSEC Monitoring Activity (JCMA), and VAO Fusion domain in determining requirements.
  • Mapped requirements to overarching VAO requirements.
  • Modeled existing, planned and future systems in VAO using Visio and Sparx EA.
  • Product Source Node (KMI).
  • Key role as the DoDAF enterprise architect.
  • Managed the systems/software engineering teams; developed Use Cases/scenarios, Functional Requirements, Engineering models and Test Cases/scenarios.
  • Utilized IBM's RequisitePro (ReqPro) to create and store Requirements, and linked them to engineering models developed in RSD.
  • Utilized Rational Software Developer (RSD) tool suite to create DoDAF products such as Sequence Diagrams (OV-6c, SV-10c), logical data models (OV-7), OV-2 and OV-5.
  • Utilized Rational Test Manager (TestMan) to capture test cases and linked those to Requirements in ReqPro.
  • Utilized Rational Unified Process (RUP) to plan and develop the various phases of the engineering life cycle.
  • Coached and mentored PSN Engineering team while incorporating RUP and SE processes towards achieving CMMI (Capability Maturity Model Integration) compliance.
  • DoD Acquisition, Technology & Logistics (AT&L)/ CND Policy and Doctrine:.
  • Authored white papers for NSA on the topics of IA and DoDAF within the context of Interoperability and Support (CJCSI 6212.01D), JCIDS (CJCS 3170 series), Capabilities Based Assessment (CBA) and DoD Acquisition System (DoD 5000 series) to help guide several IA-related programs.
  • Successfully achieved "Milestone B" status for capability increment (CI)-2 phase of the KMI program.
  • Utilized CND Policy: DODD 8530 series, and CJCSI 6510 series for IA and CND, while architecting and analyzing system requirements for CND systems.

Education

MS - Electrical Engineering

1991

BS - Computer Science and Engineering

Karnataka University
1989

Skills

  • acquisitions, ADS, Air Force, AIX, analyst, API, APL, APS, APT, Architect, Army, ASIC, Agency, automate, Automation, Avid, Business Management, Business Processes, C, C, CISCO, CMS, COM, hardware, Configuration Management, content, Draw, client, data visualization, databases, database, DEC Alpha, designing, DV, Diagnosis, direction, DNS, Eclipse, Email, Event Management, XML, features, Firewall, Forms, Functional, GUI, HP UX, HTTP, IBM, IDS, Information Systems, Intel, Java, Team Lead, Logistics, MA, Magic, memory, access, Exchange, MFC, office, Win, Windows, Windows NT, modeling, Navy, Composer, Enterprise, Network, networks, Pentium, cameras, processes, Proxy, Rational Rose, reporting, Risk Manager, RUP, Rational Unified Process, simulation, SOAP, sockets, software development, Software Developer, software engineering, Solaris, Microsoft SQL server, SQL server, Strategy, SunOS, Supervisor, system architecture, System Architect, Systems Engineering, TCP/IP, white papers, triage, Ultrix, UML, UNIX, VHDL, video, Visio, VMS, WinSock

Certification

  • GIAC Certified Forensics Examiner (GCFA), Sep 2015
  • CEH (Certified Ethical Hacker), Feb 2010
  • Network Analysis Cyber Bootcamp - Top Performer, (6-wk course) Jan-Feb 2010
  • Network +, Jan 2010
  • Certified SOA Architect, SOA Systems, Mar 2009
  • CCE (Certified Computer Examiner), Nov 2005
  • CISSP (Certified Information Systems Security Professional), May 2004

Additional Information

  • JHU/APL Generated CONRAD FERNANDES , Cyber Security Operations Center (CSOC) Supervisor ITSD / Information Security and Analysis (ISA) Johns Hopkins University Applied Physics Laboratory
  • SECURITY CLEARANCE Top Secret with NSA Full Scope Poly (TS/SCI), HONORS AND AWARDS , Heartbleed Incident (APL, 2014) "Enterprise Accomplishment Award" - APL-wide Honor CND Architecture Achievement Award (Booz Allen, 2011)

Timeline

Supervisor

Johns Hopkins University, Cyber Security Operations Center, CSOC
11.2011 - Current

Cyber Intrusions Analyst

Booz Allen Hamilton, DoD Cyber Crime Center, DC3
03.2004 - 11.2011

Enterprise Architect/Principal Software Engineer

Computer Sciences Corporation
06.2003 - 03.2004

Principal Software Engineer

Sync Corporation
05.2002 - 06.2003

Contractor / Principal Software Engineer

Virtual Ink Corporation
09.2001 - 03.2002

Contractor / Principal Software Engineer

Avid Technology
07.1997 - 08.2001

Senior Software Engineer

Advanced Visual Systems, AVS
06.1995 - 07.1997

Software Engineer

Viewlogic Systems
06.1991 - 06.1995

Senior Intrusions Analyst

MS - Electrical Engineering

BS - Computer Science and Engineering

Karnataka University

Similar Profiles

  • FRANKLIN HICKS

    FRANKLIN HICKSFRANKLIN HICKS

    SENIOR CYBER INTELLIGENCE ANALYST at National Security Agency, NSA, National Cyber Threat Operations Center, NCTOCSENIOR CYBER INTELLIGENCE ANALYST at National Security Agency, NSA, National Cyber Threat Operations Center, NCTOC

  • FRANKLIN HICKS

    FRANKLIN HICKSFRANKLIN HICKS

    SENIOR CYBER INTELLIGENCE ANALYST at National Security Agency, NSA, National Cyber Threat Operations Center, NCTOCSENIOR CYBER INTELLIGENCE ANALYST at National Security Agency, NSA, National Cyber Threat Operations Center, NCTOC

  • ELIANNA BERNSTEIN

    ELIANNA BERNSTEINELIANNA BERNSTEIN

    Counselor at Center for Talented Youth, Johns Hopkins UniversityCounselor at Center for Talented Youth, Johns Hopkins University

  • Kim Jackson

    Kim JacksonKim Jackson

    Supervisor at San Angelo State Supported Living CenterSupervisor at San Angelo State Supported Living Center

  • Ionut Tofan

    Ionut TofanIonut Tofan

    Supervisor at IG-OL Cladding System LTDSupervisor at IG-OL Cladding System LTD

CREATE PROFILE
Conrad Fernandes