We feel strongly that customers should receive more than a report from their consultants. It is generally not in an organization's best interests to hire outsiders simply to address their information security challenges of the moment and move on. Rather, outside expertise should be utilized as needed to address issues, but also leave lasting improvements – through improved policies and procedures, or training provided to internal staff, along with the solutions recommended or implemented. This way, organizations can empower their own staff to address security challenges in the future.
We have chosen to offer only those services in which we have significant experience and skill. We do not claim to be experts in all facets of information security, and as such, we do not offer all security services. We greatly value the trust customers place in us, which we have worked hard to develop and maintain based on meticulous and diligent work, integrity, and professionalism.
DISD is a vendor-agnostic consultant and services provider. We strive to provide the highest quality solution for each unique situation, and will not be beholden to any software vendors or conflicting interests in doing so.
Robert (Bob) Dooling has worked professionally in the information security field since 2000. Bob began his security career as a member of Arthur Andersen's Technology Risk Consulting (TRC) team, where he gained auditing, risk management, and vulnerability assessment experience in diverse client engagements and on-site consultations. He has since worked on a security information and event management (SIEM) system development team as a device integration and logic developer, obtaining considerable expertise in implementing, configuring, and administering many types of security products. Bob also worked as an analyst in Symantec's 24x7x365 security operations center (SOC) identifying malicious traffic, providing mitigation and remediation advice to customers, and managing service level agreements in a fast-paced environment. He created and managed a department-wide test lab environment in his time at Symantec. More recently, Bob has focused on penetration testing – identifying and exploiting network- and application-level vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients. He has worked with customers and gained an understanding of the challenges facing IT and security teams in a wide variety of industries, including finance, law, energy, health care, technology, manufacturing, education, and government.
Recent Project Examples
Bob Dooling's Résumé / (HTML format)
Bob is a Certified Ethical Hacker (CEH), a Certified Information Systems Security Professional (CISSP), and has obtained GIAC (SANS) certifications related to auditing, firewall analysis, web application and wireless network penetration testing, incident handling, and digital forensics. He is also a member of the GIAC Advisory Board, and has written papers on email encryption, firewall auditing, and wireless network analysis. Bob holds a BBA in Computer Information Systems and Finance from James Madison University.
Information Systems Security Association (ISSA)
ISSA is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
GIAC Advisory Board
The GIAC Advisory Board is made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program.
Open Web Application Security Project (OWASP)
OWASP is a not-for-profit, worldwide charitable organization focused on improving the security of application software.
Honeynet Project - Texas Chapter (RoT-1)
One of the newest chapters of an international research organization, The Honeynet Project, whose goal is "To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned."
In the Press
Bob Dooling was interviewed as a technical expert for the SC Magazine report, "The state of SIEM" (April 2012), discussing Security Information and Event Management (SIEM) features and functionality, differentiators, and potential pitfalls. (PDF copy)
Secure Contact Info
To send encrypted email, please use our public PGP key. This PGP key has the following properties:
Key ID: 0xD650334C
Key Fingerprint: 03BB E819 79F3 C896 8933 CC5B CE2F 61C2 D650 334C
These details can be verified at the MIT PGP public key server.