CASE STUDY – INCIDENT RESPONSETimothy J. Nolan218 Brown Lane Shelbyville, TN 37160 931-842-0273 tim.nolan@charter.net

The Sylint GroupPerformed Incident Response on numerous occasions for various Global Fortune 500 firms and smaller organizations. These incidents often involved advanced attacks from nation state attackers and cyber criminals. Utilized advanced process-level monitoring, DNS monitoring, network and computer forensics, and threat intelligence.

Information Security Officer (ISO, ISSO)Bridgestone/Firestone, Inc.Bridgestone Americas, Inc.Served as the first Information Security Officer (ISO) for Bridgestone Americas, Inc. Bridgestone is a $35B (U.S.) “Fortune Global 500” company and is the world’s largest manufacturer of tires and rubber products. Bridgestone is also the world’s largest automotive product and services retailer, a U.S. Federal Bank (CFNA), and a data processing services provider for a U.S. Federal Bank (BFIS). BFIS also provides services to 100+ Credit Unions, a state and municipal tax authority, utility companies, etc.

Malware Prevention & Mitigation, Incident Response� Maintained visibility of new

emerging threats and notified the Americas and Global Information Security & IT leadership about new threats and vulnerabilities on a monthly and out-of-cycle basis.

� Ensured enterprise-available solutions existed to ensure that patch management was easier and more reliable, eliminating known areas of vulnerability.

� Implemented LaBrea Tarpits to “trap” TCP-based worm exploitation, and to protect the network while providing visibility of TCP, UDP, ICMP malicious activity.

� BSA implemented Blackhole DNS, to prevent malware from communicating to known malware domains.

� Implemented inline IPS to stop known malicious activity at the edge.

� Developed new solutions to “see” and rapidly identify new instances of malware infection, enabling rapid response, quarantine, or mitigation of the malicious code.

� Championed antivirus screening of inbound email using a layered series of different antivirus solutions.

� Proposed application proxy firewall solutions that ensured that communications on a given port must comply with expected RFC protocols on each port – preventing IRC based botnets from communicating using HTTP ports.

� Promoted and led the use of a forensics-based incident response capability to identify infected systems that are “quiet” and not actively communicating based on Indicators of Compromise.

� Developed a database of open source reputation & threat intelligence data, and Indicators of Compromise information.

ExperienceKey Contributions:� Primary security resource and site security team lead at Global Fortune

500 and smaller organizations during incidents involving advanced attacks.

� Led incident response activities at a $4.8B (US) Telecommunications company and at a $35B (US) Fortune Global 500 Manufacturer for over 15 years, with incidents involving malicious code, insider and outsider human malicious activity, botnets, worms, Trojan horses, and other sophisticated malicious code & attacks.

What others say…

“Tim has demonstrated his command of the security challenges facing the enterprise. Tim and his team have handled incidents on our network with incredible speed and efficiency. …we have never lost our ability to meet our business requirements.” - LW

“I can easily recommend Tim Nolan. He is one of the most capable security people I have ever worked with. Tim Nolan is at the top of his game and I am extremely glad to have him on our side.” - SZ

“Tim Nolan is an outstanding professional. I have never had the pleasure to work with a more knowledgeable, hard- working and motivated individual. Tim's tireless dedication to improving the overall security posture of his organization has achieved real results. This achievement was greatly aided by his efforts and skills in being able to proactively identify and resolve potential security risks as well as immediately reacting to incidents. Tim truly is an outstanding asset.” -SP

“Timothy is a pleasure to work with. He is the consummate security professional. Timothy accurately bears focus on the small ripples in the heartbeat of the network that could signify threats to the organization, but to many others, would go unnoticed. Timothy is the right man to be in charge of managing and responding to threats to this expansive, diverse and complex system.” - DM