Schmidt, Vinícius Abrahão Bazana

vinicius.schmidt@gmail.com

[Positions Handled / Wanted] [Personal information]

Security information analyst; Indaiatuba, SP, Brazil,

Senior Linux/BSD administrator; Married,
Senior system analyst/developer; 28 years old;
Technical coordinator; mobile: +551981665517
Technology researcher/prospector; phone: +551938167994
skype: vischmidt

Presentation
If you want to hire a strong and skilled IT Consultant you will find a true one in me. Taking a closer look at
these pages, you will find a driven, hard-working analyst/engineer who is always looking for innovative ways
to improve processes and systems.
Information Technology is one of my passions with particular emphasis on Unix-like operational systems and
security development.

Summary
Graduated Technician in Data Processing at Unicamp (Cotil).
I have very practical and broad knowledge in IT businesses:
• Professional system analyst and developer since 2000;
• Skilled technician in Unix environment since 1999 until present day, having deep skills in that platform;
• Experienced in web development, for heavily accessed and interactive sites;
• Logs analysis and interpretation;
• Open Source enthusiast, since 1998 (but I’m not a radical);
• Extensive experience (almost 8 years) in designing and implementing highly efficient and reliable data
base solutions;
• Capacity to understand users' needs, conciliate conflicts and developing/customizing solutions;

Specialties
• Unix/FreeBSD & Linux ( C/C++ development, administration and automation with shell scripts) ;
• Web development using Java, Perl and PHP;
• Linux security hardening;
• Information security analysis (with Open Source tools);
• Network development, analysis, monitoring and provisioning;
• Data Base Architecture (design, creation, monitoring and tuning);
• DB Modeling (ER) with OracleDesigner, JDeveloper and others;
• KornShell (ksh93) and Bash;
• Regex, Perl and Data Mining/Transform (ETL);
• Version Control Systems with CVS;
• Object Oriented Analysis with Unified Modeling Language (UML);

Qualifications in Security Information Area

• Broad and practical knowledge about vulnerabilities and risks;
• S.I. evangelist and enthusiast since 1997 (explaining about risks with computer virus, lost information,
suggest a government institution the creation of a CSIRT, etc) ;
• Cryptographic libraries and workflows like GPG, OpenSSL libmcrypt and geli(bsd/file-system);
• Knowledge on IPSec (linux/bsd) and others VPN services like OpenVPN and SSH;
• Basic knowledge on ISO27k standard series;
• Good risks analysis evaluation and penetration tests;
• Good understanding about security issues on several IT areas and service layers including: development,
production, network and management;
• Intrusion Detection Systems and Reactive Defense;



• Firewalls: Linux’s iptables/netfilter, OpenBSD’s PF and basics on Microsoft’s ISA;
• Techniques using exploits and frameworks like owasp and metasploit to prove concepts;
• Security Analisys Tools:
o Network Layer: nmap, Nessus, core-impact, snort, ettercap, pftop and many others;
o Operational Layer: tripwire, rkhunter, portaudit, vuxml and many others;

Tech qualifications
• Other operational systems: Microsoft Windows (since 3.11, DOS since 6.20), OpenBSD and MacOS X;
• Oracle’s Toolkits: SQLplus, PRO*C, JDeveloper, TOAD and Designer 2000, OAS, Portal and OID;
• Advanced databases knowledge: Oracle, PostgreSQL and MySQL;
• HTTP Server: deep skills on Apache’s httpd;
• Single Sing-On using OpenLDAP;
• Mail Stuff: exim, postfix, dovecot, SpamAssasisn, spamd, mailman, berolist, horde/imp, squirrelmail;
• CMS: joomla, word press; Instant Messenger Server: OpenFire;
• Cache systems: squid with dansguardian content filter;
• Network management and tools: net-snmp, bind, cacti, nagios, tcpdump and many, many others;
• File System Sharing & Management: Samba, NFS, Bacula, FTP, Novell;

Current Developments
• pgpool-II (PostgreSQL’s cluster workflow); • Dynamic routing with BGP (quagga);
• CakePHP; • Ruby (to use with rails and metasploit);
• Spring + ZKoss (Java patterns and • AJAX and jQuery;
framework);

Professional Historical/Experience
• System Analyst-Web Developer / Security Analyst
Abril Publisher (Privately Held; Publishing industry)
Apr 2010 — Present (3 months )

Web-developer allocated mainly on Exame.com.br, a huge web operation, providing diversified solutions;

Security relevant tasks: Response on invasions; Team conscientization; Code auditing;

• IT Manager / System Analyst-Developer / Security Analyst

Triarius Consultoria em Tecnologia e Sistemas (Information Technology and Services industry)
June 2006 — Present (4 years 1 month)

Since my partner and I have founded Triarius, we have been working with special projects which have
allowed us to explore (and challenge) our potentials.
Working with the 3 major aspects of IT business (business-administration-people, technology and security)
we are capable to develop a large number of IT projects that will enable your business' development and
growth.

Security relevant tasks: Head consultant & researcher;

• Sr. IT Consultant
Angola's Metropolitan University (Higher Education industry)
November 2007 — November 2009 (2 years 1 month)

We have supplied a full spectrum IT consulting (through Triarius) for this Angolan university where the IT
department was all designed and implemented by us.

Security relevant tasks: Workshop security awareness and technical risks analysis;
• Consultant / Unix Developer / Database Designer
M4 Systems (Information Technology and Telecommunication Services industry)
January 2006 — October 2007 (1 year 10 months)

Working for M4Sistemas, I was able to learn several aspects of the Telephony Business in depth.
In this project we worked for Claro (Telmex), developing a specialized provisioning system that was
responsible for increasing the throughput from ERP to Engineering Equipments (Nokia, Nortel,
Ericsson,etc).
My major involvement was in writing the application using ANSI C and Oracle's PRO*C. The system was
developed on Linux Red Hat, but the production environment was HP-UX.

Security relevant tasks: Provisioning Workflow Auditing based on new policital and mannagement goal,
as a result, one the most important things was my capacity to learn the IT and Engineering Process and put
things together.

• System Analyst / Developer / Database Designer

Jupiter Development Systems (Information Technology and Services industry)
June 2003 — October 2005 (2 years 5 months)

Based at Angola, Jupiter has big clients such as MINFIN (Ministério das Finanças da Repulica de Angola)
and other government institutions.
I worked with Oracle and PL/SQL (+WebTookit) to develop financial systems. Also, I worked on the team
responsible for designing the major data base, along with FMI consultants, contributing many times and
permitting that our sponsor would fulfill the deadline.
Further activities include development processes, APIs and batch process to integrate MINFIN
departments with estate and private banks on a single financial system.
Other small but relevant tasks: implementing the CVS server, allowing better teamwork integration,
Installing the 1st. Linux-webmail-server in an emergency situation; Conducting a small study class on
JDeveloper and OC4J.

Security relevant tasks: provide technical and analitical data on possible threats; creation of a proposal to
create the MINFIN’s CSIRT; member of task force on systems security;

• System Analyst / Web Developer / System Administration

Abril Publisher (Privately Held; Publishing industry)
July 2000 — June 2003 (3 years )

Work environment running Linux, Apache, CVS, PHP, bash, Perl, MySQL, PostgreSQL and Oracle.
First, I was responsible for the maintenance of a newsletters server (sending approx. 600.000 solicited
emails/day) and the development of a dozen tools to optimize my work.

When the mailing server was running by itself, my priority changed to developing a custom CMS
to publish static html on our servers and WAP content as well (using and PERL and PHP, with MySQL
and Oracle databases).

Other special tasks in which I participated: writing a framework to permit selling web content (collection
content project); implementing the first CVS server, which was extensively used by our team; Web Server
audience analysis (using 2 different tools);

Security relevant tasks: Approaches on security web-development with PHP/Perl and hardening Linux
servers for file-sharing and huge traffic mail system); Working directly with critical systems based on
HTTP service integration using cryptographic libraries and protocols;





• Trainee
State University of Campinas – Unicamp – Computer Center (Higher Education industry)
January 2000 — June 2000 (6 months)

Working as trainee at CCUEC/Unicamp has been my dream since I first visited their installations in 1997.
It is one of the most highly developed Computer Centers in Brazil.
My primary task was to develop a special Linux course that we used to train the university system
administrators. One of many tasks assigned to me was to offer a webmail service to
students/professors/researchers. In order to achieve that, I learned how to install, configure and customize
the horde/imp - a webmail toolkit, which has allowed me to learn more about PostgreSQL, PHP, PHP-
extensions LDAP) and send my notes to the support team; these notes were used to assist them during the
implementation of a webmail solution to serve the whole university.

Security relevant tasks: I had start my study routine in information security techniques, with OpenBSD
and Linux/LIDS (firewalls too, of course) and PostgreSQL crypt functions.

• Trainee at Computers Department

State University of Campinas – Tech School of Limeira (Cotil) (Higher Education industry)
July 1999 — December 1999 (6 months)

I was responsible for maintaining 2 computer labs (around 30 PCs each). Researching, installing and
administrating Linux servers as an alternative to Novell 4.11. After the first 3 months I was required to do
a "special trainee job" installing a new router + firewall + squid that was used by the entire school.

Security relevant tasks: campus firewall manteining using old ipchains/nat; maintain the sanity on
student’s labs; Novell 4.11 X Linux integration;

Formal Education
State University of Campinas - Technician in Data Processing – 1997 – 1999
Focus on Operation Systems, Networks, System Analysis & Development and Databases
Unicamp - Universidade Estadual de Campinas – Cotil – Colégio Técnico de Limeira

Professional Honors
iBest2001 – working to Abril Publisher at Info website [www.infoexame.com.br]

Relevant Conferences Participations

• Semana da Segurança de Informação – Unesp - Rio Claro – 1999
• H2HC – Hackers to Hackers Conference – São Paulo – 2009

Hobbies
Philately, Astronomy, Music, Physics, Photography, Traveling;