Profiles search
Joshua Glemza
Chief Information Security Officer
Cleveland, OH, United States
Details
Experience:
2023 : Present
NASA Glenn Research Center
Chief Information Security Officer
2016 : 2023
NASA Glenn Research Center
IT Specialist (Security)
2015 : 2016
DB Consulting Group, Inc.
Architecture and Integration Specialist
- Web Application Firewall (WAF)
Defined and managed WAF strategy to detect and prevent nefarious traffic from exploiting application vulnerabilities in the over 460 NASA Glenn public websites.
Based on requirements and thorough pilots of 3 contending solutions, chose Imperva SecureSphere technology. Led implementation and configuration of solution working across 4 technical teams and with over 10 system owners. Responsible for continued operation and maintenance.
- Web Vulnerability Scanning
Responsible for quarterly scans of all 700 internal and external NASA Glenn websites. Designed process to detect vulnerabilities, analyze results, and track issue resolution to mitigate exploitation. Using Python, designed and scripted a solution to transform a Hailstorm vulnerability XML export into tracked issues within Redmine to ensure vulnerabilities are appropriately handled with minimal disruption to the business.
Advise web development teams and present at NASA Web Special Interest Group meetings on secure programming practices based on the Open Web Application Security Project Top 10.
- Incident Response
Responsible to confirm, contain, and resolve NASA Security Operations Center (SOC) incidents.
Performed forensic root cause analysis of network captures, system and web proxy logs, and raw physical data. Utilized an agile approach to solve each incident by working directly with the system owners and engaging appropriate resources and tools.
Improved response processes and communication by automating proxy block analysis and implementing a centralized documentation repository.
2012 : 2015
DB Consulting Group, Inc.
Senior IT Security Analyst
- System Administration
Installed, configured, and operated a VMware virtualized environment utilizing vCenter, ESXi servers, and 2 SANs for the NASA Research and Technology Directorate’s web hosting and security teams. Solution enabled enhanced resource utilization and cost savings.
System administrator for production and development web hosting environments, including the primary central web server for NASA Glenn. Configured all servers to meet and exceed NASA security guidelines, including SELinux, IP Tables, ModSecurity, TCP Wrappers, and Center for Internet Security (CIS) Benchmarks.
Provided technical support for over 80 systems in the Research and Technology Directorate’s Unix environments. Supported clusters, scientific devices, network attached storage, and desktop configurations.
- Web Development
Designed and developed an online system for securely transferring large files between NASA Glenn and its external partners. Utilized PHP, OpenSSL, Apache, and MySQL to implement symmetric encryption. Custom solution served over 2,600 NASA users, transferred over 30,000 files in 6 years, and was used as the official export controlled mechanism for electronic transfers.
Developed a Wordpress theme for NASA based on standard administration branding allowing for rapid web content creation. Template was designed to expedite development and ensure compliance. Wordpress hosting services are now offered to the entire center due to the success of the initial 30 integrated sites.
Developed a dynamic event management system to meet agency needs to host meetings and conferences. Supported conferences in excess of 900 participants. The solution encompassed attendee invitation, registrant information collection, payment processing, presentation material drop off and review, and report generation.
2000 : 2012
DB Consulting Group
Senior Analyst II
NASA Glenn Research Center
Chief Information Security Officer
2016 : 2023
NASA Glenn Research Center
IT Specialist (Security)
2015 : 2016
DB Consulting Group, Inc.
Architecture and Integration Specialist
- Web Application Firewall (WAF)
Defined and managed WAF strategy to detect and prevent nefarious traffic from exploiting application vulnerabilities in the over 460 NASA Glenn public websites.
Based on requirements and thorough pilots of 3 contending solutions, chose Imperva SecureSphere technology. Led implementation and configuration of solution working across 4 technical teams and with over 10 system owners. Responsible for continued operation and maintenance.
- Web Vulnerability Scanning
Responsible for quarterly scans of all 700 internal and external NASA Glenn websites. Designed process to detect vulnerabilities, analyze results, and track issue resolution to mitigate exploitation. Using Python, designed and scripted a solution to transform a Hailstorm vulnerability XML export into tracked issues within Redmine to ensure vulnerabilities are appropriately handled with minimal disruption to the business.
Advise web development teams and present at NASA Web Special Interest Group meetings on secure programming practices based on the Open Web Application Security Project Top 10.
- Incident Response
Responsible to confirm, contain, and resolve NASA Security Operations Center (SOC) incidents.
Performed forensic root cause analysis of network captures, system and web proxy logs, and raw physical data. Utilized an agile approach to solve each incident by working directly with the system owners and engaging appropriate resources and tools.
Improved response processes and communication by automating proxy block analysis and implementing a centralized documentation repository.
2012 : 2015
DB Consulting Group, Inc.
Senior IT Security Analyst
- System Administration
Installed, configured, and operated a VMware virtualized environment utilizing vCenter, ESXi servers, and 2 SANs for the NASA Research and Technology Directorate’s web hosting and security teams. Solution enabled enhanced resource utilization and cost savings.
System administrator for production and development web hosting environments, including the primary central web server for NASA Glenn. Configured all servers to meet and exceed NASA security guidelines, including SELinux, IP Tables, ModSecurity, TCP Wrappers, and Center for Internet Security (CIS) Benchmarks.
Provided technical support for over 80 systems in the Research and Technology Directorate’s Unix environments. Supported clusters, scientific devices, network attached storage, and desktop configurations.
- Web Development
Designed and developed an online system for securely transferring large files between NASA Glenn and its external partners. Utilized PHP, OpenSSL, Apache, and MySQL to implement symmetric encryption. Custom solution served over 2,600 NASA users, transferred over 30,000 files in 6 years, and was used as the official export controlled mechanism for electronic transfers.
Developed a Wordpress theme for NASA based on standard administration branding allowing for rapid web content creation. Template was designed to expedite development and ensure compliance. Wordpress hosting services are now offered to the entire center due to the success of the initial 30 integrated sites.
Developed a dynamic event management system to meet agency needs to host meetings and conferences. Supported conferences in excess of 900 participants. The solution encompassed attendee invitation, registrant information collection, payment processing, presentation material drop off and review, and report generation.
2000 : 2012
DB Consulting Group
Senior Analyst II
Company:
NASA Glenn Research Center
About
Technologies: Linux, VMware, Apache, MySQL, Cenzic Hailstorm, Imperva SecureSphere, EMC SAN, Splunk, Wordpress, Websense, SAMBA, Veeam
Programming Languages: PHP/CakePHP, SQL, HTML, Python, BASH
Profile Photo
