Home

Neal R. Champion

SKILLS SUMMARY

I have more than 35 years of experience in system analysis and development and software security for large corporations, small businesses, and U. S. Government contracts. I am focused more on getting the job done right than on knowing how to talk the technology talk; more focused on problem solving than on memorizing terms, acronyms, and syntax. Having help files, manuals, and the internet close by takes care of this.

STRONG POINTS

· Solid development background across multiple languages.

· Scripting skills in Unix/Linux shell, Windows batch, Windows PowerShell, Perl.

· DAST with Fortify WebInspect and WebInspect Enterprise including installation, configuration, automation, and usage of the products.

· SAST with Fortify SCA including installation, configuration, automation, and usage of the products.

· Results management with Fortify SSC including installation, configuration, automation, and usage of the products.

· Good rapport with user/customers.

EXPERIENCE

Micro Focus, Inc. Premium Support Engineer · Remote position supporting the same suite of Fortify products that I previously delivered professional service for. · SME for: o Fortify Static Code Analyzer (SCA) o Fortify Software Security Center (SSC) o Fortify ScanCentral SAST o Fortify ScanCentral DAST o Fortify WebInspect o Fortify WebInspect Enterprise Micro Focus Government Solutions (Carahsoft/MFGS, Inc.) previously Hewlett-Packard Enterprise previously Hewlett-Packard Senior Software Security Consultant in the Enterprise Security Division · Working mostly transactional engagements of 1 – 2 weeks in the Federal government space. Worked with all branches of the military and numerous government agencies. Assist customers with getting started using the Fortify product line. Includes installation, configuration, two-day training and hands on assistance coming up with customer solutions for their software development and application security environments. Products include WebInspect, WebInspect Enterprise, Statics Code Analyzer (SCA) and Software Security Center (SSC). · Extended engagement with the U. S. Air Force in the Application Software Assurance Center of Excellence (ASACoE). Perform security assessments of applications and databases of varying software architectures and programming languages. Assessments include static analysis of source code, web application penetration testing and scanning of databases. Perform remediation tasks on data gathered during security assessments. Tasks include elimination of false positives, commenting on vulnerabilities and suggesting a course of action to eliminate the issue. Tools used on the contract included Fortify Software Security Suite, IBM Rational AppScan (penetration testing tool) and AppSecInc AppDetective (database policy scanner).	6/2020-Present
CCMJ Consulting, LLC	11/2009-5/2012
Web Developer and Consultant
Providing business process problem solving and .Net development on an MVC application and a web forms application to implement solutions. Primary developer for web presentation layer using JavaScript (jQuery) and CSS.

Coveros, Inc.	3/2009-10/2009
Software Security Consultant
· Contract Position with the U. S. Air Force in the Application Software Assurance Center of Excellence (ASACoE). Perform security assessments of applications and databases of varying software architectures and programming languages. Assessments include static analysis of source code, web application penetration testing and scanning of databases. Perform remediation tasks on data gathered during security assessments. Tasks include elimination of false positives, commenting on vulnerabilities and suggesting a course of action to eliminate the issue. Experience with tools such as Fortify 360 Suite (include the Source Code Analyzer), IBM Rational AppScan (penetration testing tool) and AppSecInc AppDetective (database policy scanner).

Gandalf Development, Inc.	8/1997-2/2009
Senior Consultant, Lead Developer
· Developed presentation layer for websites using JavaScript and CSS. Provided custom behaviors and presentation for content delivered using Estrada content management system. Worked directly with clients to resolve issues. Traveled to client locations and provided technical training on configuration and custom development using Estrada content management system. Performed maintenance of in-house servers and local network. Included servers with the following platforms: Windows 2000 Server, Windows 2003 Server, Windows XP Pro, Linux (SUSE), Mac OS X Tiger. Developed web applications in .Net environment using C#. Developing web solutions for clients using Estrada content management system and development framework. Site content stored in MS SQL Server database. Pages rendered in XML then XSLT style sheets are applied and, finally, look and feel accomplished using cascading style sheets. · Contract positions held while employed by Gandalf Development, Inc. Java Developer for application re-write at BellSouth Contract was at the Colonnade in Birmingham, AL. Developed web application backend using Java (J2EE) that received XML data via MQ Series, processed it and inserted/updated Oracle database. Oracle Database Analyst at BellSouth Contract was at the Colonnade in Birmingham, AL. Developed a system to snapshot Oracle database tables monthly. Assisted in setting up automatic data feeds into Oracle database. Application Development and Support at BellSouth for EDS Contract was at BellSouth Data Center in Hoover, AL. Provided application support and developed new functionality. Application written in C using Informix Online Dynamic Server database. Informix 4GL reporting and terminal based table updates. Visual Basic clients for accessing application servers. Tivoli Professional Services Consultant at Defense Information Systems Agency Contract was at Gunter Air Force Base in Montgomery, AL. Assisted in developing complete Tivoli Enterprise installation procedures that were used at data centers across the country. Wrote shell scripts used in the installation. Wrote shell scripts used for maintenance purposes. Wrote documentation for describing the hierarchy of the installations. Tivoli Professional Services Consultant at GTE Internetworking Contract was in Boston, MA. Provided consulting services for an existing Tivoli installation. Created new custom monitor written in Perl for enterprise-wide distribution.

Tom McLeod Software Corporation	8/1996-8/1997
Application Developer
Designed and developed custom modifications of base product for clients. Worked directly with clients to determine the need and best solution. Coded, tested, and implemented custom changes. Unix environment C language application Informix Database accessed using C-ISAM

BellSouth	1/1986-9/1996
Staff Analyst (Application Design and Development)
Designed and developed custom application solutions for operations organization. Applications included a media management system (Hawkeye) and a task scheduling and tracking system (STAR). I was a member of a four-person team that designed and developed a computer monitoring system (CAMCS). Centrally located, it monitored computer systems that were located throughout the southeast. Unix environment C language application Informix Database accessed using C-ISAM, ESQL/C and Informix 4GL

SYSTEMS PROFICIENCY

Operating Systems

Unix (HP-UX, Sun Solaris, AT&T System V), Microsoft Windows, Linux (SUSE, Mandriva, RedHat, Ubuntu), Mac OS X

Programming Languages

C, C#, JavaScript, CSS, HTML, XHTML, XML, XSLT, Java, Microsoft Visual Basic, Microsoft Access Basic, Perl, Unix/Linux Shell

Database Systems

Microsoft SQL Server, Oracle, Informix, Microsoft Access, MySQL, dBase, FoxBase

Security Tools

Fortify Static and Dynamic Security Suite, IBM Rational AppScan, AppSecInc AppDetective

EDUCATION

B.S. in Computer Science from the College of Engineering

The University of Alabama, Tuscaloosa, AL

Graduated while participating in the Cooperative Education Program

CERTIFICATIONS

CSSLP - (ISC)² Certified Secure Software Lifecycle Professional

Fortify Foundations Specialist – Micro Focus
Fortify WebInspect Specialist – Micro Focus
Fortify SCA & SSC Certified Professional – Micro Focus

CLEARANCE

Previously held a Federal DoD Secret Level Security Clearance.
It expired due to my current employer being based offshore (UK).