Mellis and Associates, Inc.

Mark K. Mellis

Mark specializes in Information Security Architecture and Operations consulting. In his most recent consulting project for Mellis and Associates, Inc. client Cengage Learning, he served as the Infrastructure Architect, Operations Director, and Information Security Officer for a Software-as-a-Service (SaaS) web application, with responsibility for the specification, architecture, design, implementation, operations, monitoring, security, and ultimately the decommissioning of the infrastructure for a suite of products that served more than 70,000 students. These J2EE applications used Apache httpd, tomcat and JBoss Java application servers, Sun's Java 5 64 bit jvm, MySQL and Oracle 10g databases, VMWare virtualization, and RedHat Enterprise Linux on Intel hardware co-located in a commercial Internet data center. In addition to the production, staging, and development environments, Mark also designed and implemented the distributed collaboration environment used by the product marketing, support, development and QA groups. This collaboration environment employed Atlassian's Jira, Confluence, and Crucible products, as well as a Subversion source code repository, and was used effectively by more than a hundred individual contributors working for eight companies in nine states and four countries.

Mark's Information Security consulting career spans a period of fifteen years and hundreds of engagements, during which he has served clients in the higher education, financial services, manufacturing, and high-tech sectors, including more than 50 of the Fortune 500 in the US, Europe, and Australia. These engagements encompassed application security assessments, incident response, architecture reviews, firewall design reviews for Cisco, Juniper, Checkpoint, and Sonicwall firewalls, firewall policy and process design, incident response planning, intrusion detection design and implementation, information classification policy and process design, secure collaboration design, cryptography management best practices, and interdisciplinary troubleshooting. His expertise spans core Internet technologies such as the Domain Name Service (DNS,) email protocols such as SMTP, IMAP, and POP3 and their encrypted variants, the underlying transport protocols TCP, UDP, and IP, the secure shell protocol ssh, Secure Sockets Layer (SSL,) and network time protocol NTP.

Prior to focusing on consulting, Mark worked as a software developer for Stratus Computer and Silicon Valley startups Ridge Computer, Mips, and NCD. Mark began his career as a nuclear power plant operator on U.S. Navy submarines where he held a SECRET security clearance.

Mark has written for TechTarget and Usenix's newsletter ;login, and has taught for Networld+InterOp and USENIX.

Mark is a member of the ISACA (Los Angeles Chapter,) the IEEE Computer Society, and USENIX. He studied Physics at the University of Washington.