We feel strongly that customers should receive more than a report from their consultants. It is generally not in an organization's best interests to hire outsiders simply to address their information security challenges of the moment and move on. Rather, outside expertise should be utilized as needed to address issues, but also leave lasting improvements – through improved policies and procedures, or training provided to internal staff, along with the solutions recommended or implemented. This way, organizations can empower their own staff to address security challenges in the future.
We have chosen to offer only those services in which we have significant experience and skill. We do not claim to be experts in all facets of information security, and as such, we do not offer all security services. We greatly value the trust customers place in us, which we have worked hard to develop and maintain based on meticulous and diligent work, integrity, and professionalism.
DISD is a vendor-agnostic consultant and services provider. We strive to provide the highest quality solution for each unique situation, and will not be beholden to any software vendors or conflicting interests in doing so.
Experience
Robert (Bob) Dooling has worked professionally in the information security field since 2000. Bob began his security career as a member of Arthur Andersen's Technology Risk Consulting (TRC) team, where he gained auditing, risk management, and vulnerability assessment experience in diverse client engagements and on-site consultations. He has since worked on a security information and event management (SIEM) system development team as a device integration and logic developer, obtaining considerable expertise in implementing, configuring, and administering many types of security products. Bob also worked as an analyst in Symantec's 24x7x365 security operations center (SOC) identifying malicious traffic, providing mitigation and remediation advice to customers, and managing service level agreements in a fast-paced environment. He created and managed a department-wide test lab environment in his time at Symantec. More recently, Bob has focused on penetration testing – identifying and exploiting network- and application-level vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients. He has worked with customers and gained an understanding of the challenges facing IT and security teams in a wide variety of industries, including finance, law, energy, health care, technology, manufacturing, education, and government.
Credentials
Education
Bob is a Certified Ethical Hacker (CEH), a Certified Information Systems Security Professional (CISSP), Open Group FAIR-certified, and has obtained GIAC (SANS) certifications related to auditing, firewall analysis, web application and wireless network penetration testing, incident handling, and digital forensics. He is also a member of the GIAC Advisory Board, and has written papers on email encryption, firewall auditing, and wireless network analysis. Bob holds a BBA in Computer Information Systems and Finance from James Madison University.
Certifications
GIAC (Global Information Assurance) certifications – SANS Institute
CISSP (Certified Information Systems Security Professional) #121592 – (ISC)2
CEH (Certified Ethical Hacker) #ECC938401 – EC Council
Affiliations
Information Systems Security Association (ISSA)
ISSA is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
GIAC Advisory Board
The GIAC Advisory Board is made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program.
Open Web Application Security Project (OWASP)
OWASP is a not-for-profit, worldwide charitable organization focused on improving the security of application software.
Honeynet Project - Texas Chapter (RoT-1)
One of the newest chapters of an international research organization, The Honeynet Project, whose goal is "To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned."
FAIR Institute
A non-profit professional organization dedicated to advancing the discipline of measuring and managing information and operational risk.
The Open Group Security Forum
A collaborative environment for experts who share a common goal to manage and reduce IT-related risks, secure the IT environment, and raise confidence levels in business IT operations.
Publications
WiFi Security Assessment
E-Mail Encryption For Small Office / Home Office Users
External Audit Of A Network Segment's Perimeter Firewall: An Independent Auditor's Perspective
DISDefenders' Blog
In the Press
Bob Dooling has been interviewed as a technical expert for several media publications, including "Who’s on Hook for Office Cybersecurity" from Bloomberg Law; and the SC Magazine report, "The state of SIEM", discussing Security Information and Event Management (SIEM) features and functionality, differentiators, and potential pitfalls.
Secure Contact Info
To send encrypted email, please use our public PGP key. This key has the following properties:
Key ID: 0x5B1313FD
Key Fingerprint: B64B 7874 DC54 4811 61DB 497F 1B7D 3C03 5B13 13FD
Expires: 2021-01-02
These details can be verified at the MIT PGP public key server.