Travis is a Senior Systems Engineer and IT Manager
Travis Allitt is a Senior Systems Engineer and IT Manager at Nexia Edwards Marshall, one of the largest, most respected and professional accounting and financial services firms in South Australia.
His many years of experience has ensured that he has specialist knowledge in providing Information Technology services to a range of organisations including those in finance, healthcare, wholesale and retail trade, manufacturing and community services.
Travis is highly skilled and passionate about network security specialising in workstation, network and server hardening and providing professional ICT security-related expertise in a security consulting, advisory, analysis, and role as well as providing technical security advice as an information security subject matter expert. He is highly skilled in the use of advanced security tools and techniques including exploit protection, application whitelisting, delegated access, NGFWs and privileged access workstations and accounts.
Travis has administered, designed and deployed Microsoft systems for more than ten years and have developed a wide range of skills. He is highly proficient at implementing, managing, securing and maintaining Microsoft Windows and Windows Servers with Active Directory, Rights Management, GPOs, DNS, DHCP, IIS, WSUS, Office 365 and Azure.
As an expert in networking and computer systems for small-to-medium-sized businesses in traditional and BYOD (bring your own device) environments. He has also administered private networks, software systems and medical computers in public and private hospitals.
Travis has designed, maintained and monitored virtualized IT environments using Microsoft Hyper-V and VMWare technologies to virtualise Windows and Linux in clustered and non-clustered environments.
Travis is highly skilled in using cloud Software as a Service (SaaS) and Unified Communications as a Service (UCaaS) on major platforms including Microsoft Office 365, Microsoft Azure, Google Apps, TrendMicro and Amazon EC2.
A Microsoft Certified Professional and Technology Specialist, Travis holds formal qualifications in Server Virtualisation with Windows Server Hyper-V and System Centre, Microsoft Dynamics Retail Management System 2.0 Store Operations and Configuring Microsoft Windows Vista Client.
Implementation of secure login for privileged accounts utilising YubiKey Smart Cards
The use of YubiKey's, hardware-based security keys, has been a standard security requirement for the Nexia Edwards Marshall IT team for some time; YubiKeys ensures a high level of security for administrative accounts on services such as:
-Password Management Systems
The implementation and deployment of a Windows Certificate Server and Smart Card based authentication system utilizing YubiKey’s ensures that administrative accounts on Privileged Access Workstations have an even higher degree of security as hardware Smart Cards are now required to log on to these systems, not just a password.
Security is all about minimizing the attack surface all while maintaining the CIA Triad (Confidentiality, Integrity and Availability). Hardware security devices such as YubiKey's help ensure there is a physically separate, public key cryptography-based hardware device that ensures the entire process of user identification and authentication requires multiple factions prior to authorization; increasing integrity without effecting the availability of the systems.
Implementation of NIST Special Publication 800-63 related to increased Password Checks to maintain password security
Implementation and deployment of a technical control that checks and ensures users passwords are not part of a previous data breach as per recommendations by NIST Special Publication 800-63 https://www.nist.gov/itl/tig/projects/special-publication-800-63 that recommends user-provided passwords are checked against existing data breaches.
This check utilizes a secure and audited 3rd party application that leverages the ‘Have I Been Pwned’ password list to ensure any new password setup on the network has not been part of a data breach; any password found in the list is rejected and the user must select a new password.
Ensuring users are not using previously breach passwords helps reduce the likely hood of Credential Stuffing effecting our internal users accounts.
Implementation of Privileged Access Workstations for all privileged accounts to reduce attack surface area of internal network and exceed industry baselines
Implementation and deployment of Microsoft’s best practices related to Privileged Access Workstations (PAW) to ensure a total separation of computers and accounts between administrative and end-user tasks.
Using a Privileged Access Workstation to access servers and applications reduces the attack surface of networks servers and applications by limiting which systems can communicate with them while reducing the security risks associated with elevation of privilege attacks.
Privileged Access Workstation are locked down to reduce their attack surface and allows for better network monitoring to help discover malicious activities as all administrative tasks can be tracked and audited.
A Privileged Access Workstation (PAW) should be used by all ITC system administrators who administer High Risk servers and applications such as Active Directory, Certificate Services and finance systems.