| |
Professional Experience
[snip], Michigan, USA
March
2006 to March 2007
Senior Consultant – Information Security
Þ
Internal audit, Information Security audit, assessment and
Compliance management.
Þ
Information Risk Management including Risk Assessment,
Mitigation and Security Operations.
Þ
Act as a Project Management in-charge for all Information
Security projects.
Þ
Information Security Operations. Maintaining security clauses of
the ODC in line with regulatory requirements and international
standards.
Þ
Consulting on Information Security operations and risk
management.
Þ
Act as a mentor in Information Risk Management on behalf of the
clients.
[snip]., Bangalore,
India
May
1999 to March 2006
Senior Consultant – Professional Services
Þ
Providing professional IT Infrastructure consulting for
corporate customers from various industries viz, Manufacturing,
Government, Media, Insurance, Banking, Real estate, and
Technology development.
Þ
Plan, Deploy and review/audit IT infrastructure from Process,
People and Technology perspectives on leading technologies and
platforms.
Þ
Information Security consulting and Risk management including
Risk assessment, Mitigation strategy development, and Mitigation
& Risk treatment. Also involved in Incident management and
setting up of CERT teams.
Þ
Compliance audit/assessment, Regulatory audit and Gap analysis
on various standards like VISA’s Cardholder Information Security
Program (CISP) and Site Data Protection (SDP) of MasterCard
International & Payment Card Industry (PCI) standard, ISO 17799,
COBIT, SOX, Basel II & SAS 70 audits.
Þ
Part
of Microsoft Center of Excellence for Infrastructure consulting.
Providing extensive Microsoft related consultancy for their
consulting customers.
Þ
Information Systems Risk-analysis, Security architecture
development using various products and technologies like, IDS,
Firewalls, and Automated audit tools, VPN, VLAN and providing
enterprise- wide Security policy.
Þ
Information Security Product evaluation, design and
implementation of the following,
·
Intrusion Detection Systems & Physical access control products
like Biometrics devices.
·
Firewalls & Vulnerability and Penetration test tools
Þ
Involved in Pre-Sales consulting and Project management.
[snip], Coimbatore,
India
October 1997 to April 1999
Project Specialist
Þ
Planning and Implementing Pre-Defined Security controls on
Windows, Novell and Network platforms.
Þ
Designing and implementation of Lotus Notes 4.x and R5
infrastructure. In-charge for Projects in southern India.
Involved in Presale technical consultation for Lotus Notes
projects.
Þ
Member of Network design, Implementation team as specialist in
Project Management, Administration and Support of Network
Customers. Provided 2nd and final level support for large
Network customers.
[snip]., Chennai,
India
December 1996 to September 1997
System integrators of [snip], Chennai, India
Network Specialist
Þ
Providing Pre-sale Technical support by way of presentation,
Onsite Study, technical solution derivation, and proposal
preparation.
Þ
Project execution by way of design and implementation of the
requirements studied in Pre-Sales.
Þ
Handled Large LANs and medium range of WANs. Which includes,
Windows NT, Cisco, Bay networks (Nortel), Novell NetWare.
Þ
Project management, Design and Implementation of Novell NetWare,
Windows NT and Layer 3 and 2 networks, including LANs and medium
range of WANs.
Involved in L2 & L3 support.
Qualifications
Academics
Þ
Master of Business Administration (MBA) from University
of Bedfordshire, Luton, United Kingdom
·
Specializing in Business Strategy management.
·
Undergoing
the program as full time student at University of Bedfordshire,
Luton, United Kingdom.
Professional
Þ
Certified Information Systems Auditor (CISA) from
Information Systems Audit and Control Association (ISACA), USA.
Þ
Certified Information Systems Security Professional (CISSP)
by International Information Systems Security Certification
Consortium (ISC2), USA.
Þ
Checkpoint Certified Security Administrator (CCSA) by
Checkpoint Software technologies Inc, USA.
Þ
Cisco Certified Network Associate (CCNA) by Cisco systems
Inc, USA.
Þ
Certified Lotus Professional (CLP) in R4.x & R5 System
Administration from Lotus Corporation, USA
Þ
Certified Lotus Specialist (CLS) in R5 System
Administration from Lotus Corporation, USA.
Þ
Certified Lotus Notes Professional training for Lotus Notes 4.6
and R5 Update from IBM ACE, Coimbatore.
Þ
Successfully completed official training on Microsoft Windows NT
4.0 Server, Workstation and Exchange Server 5.0.
Þ
MICROSOFT Certified Professional (MCP) for Windows NT
Workstation 4.0 & Server 4.0 from Microsoft, USA.
Þ
Certified Novell Engineer (CNE) for Novell NetWare 3.1x
and 4.1x from Novell INC, USA.
Þ
Certified Novell Administrator (CNA) for Novell NetWare
3.1x and 4.1x from Novell INC, USA.
Þ
Diploma in Communication and Networking Technologies
Studied at Hardcore, Coimbatore, India
Þ
Diploma in Electronics and Computer Technology
Studied at Hardcore, Coimbatore, India
Experience matrix
The
following matrix is a depiction of the professional experiences
gathered across the career, the experience and the expertise
have come from different phases of the over all professional
experience. There may be overlap between different domains; they
came because of multitasking of different domains in a same or
multiple projects.
Over all professional Experience:
Dec
1996 to Mar 2007 (10 Years and 4 Months)
|
Domain |
Experience in Months |
Level of Expertise |
|
Networks infrastructure
(Plan, Deploy & Review) |
30 |
7 |
|
Operating Systems/Compute
infrastructure
(Plan, Deploy & Review) |
36 |
8 |
|
GroupWare
(Plan, Deploy & Review) |
22 |
7 |
|
Analysis, Audit and Implementation of
Information Security Policies & Standards |
40 |
8 |
|
Analysis, Audit and Implementation of
Information Security Processes & Policies |
40 |
9 |
|
Analysis, Audit and Implementation of
Information Security Compliance,
Audit, IT
Governance & Assessments practices |
42 |
9 |
|
Security Products (Plan, Deploy, Manage & Review) |
36 |
8 |
|
Security Operations (Technology & Practice) |
20 |
7 |
|
Project management
(All domains as mentioned above) |
40 |
8 |
Experience
in different magnitude of the IT lifecycle (Plan, Deploy,
Manage/Operate and Review/Audit) on the following domains.
|
Standard/Guideline/Practice |
Technology |
|
·
COBIT Guidelines
·
ISO 27001/17799 & BS 7799
·
VISA’s Cardholder Information Security Program (CISP)
and Site Data Protection (SDP) of MasterCard
International and Payment Card Industry Standards
·
Sarbanes-Oxley
·
Microsoft Operations Framework
·
Microsoft Solutions Framework
·
COSO
·
Basel II
·
NIST
·
OCTAVE
·
Project Management standards of PMI
·
SAS 70 |
·
Microsoft Windows Servers & Clients, Active
directory
·
Microsoft Exchange, SMS, SUS, and MBSA
·
Tools on Log analysis, Content filtering, Antivirus,
Firewall and Gateway filtering
·
Novell Netware 3.x and 4.x
·
Lotus Domino 4.x and 5.x
·
Cisco network switches and routers
·
Core banking applications
·
ISS, Nessus, RAT and CRAMM |
Professional Affiliations
·
Member
of British Computer Society, United Kingdom
·
Member Information Systems Audit and Control
Association, USA
·
Member Project Management Institute, USA
·
Authorised local speaker in India for ISC2, USA
·
Member of CNE Net of Novell Inc, USA
Projects executed
The
list of projects covered here is executed between 1999 & 2007.
Information on prior projects can be provided upon request.
|
Client |
Role |
Major
Deliverables |
|
[snip],
Columbus, Ohio, USA |
Information Security Consultant & Auditor / Internal
Auditing of Offshore Development Centers in India |
Þ
Security Operations of Three Offshore Development
centers in India
Þ
Information Security Assessment, Audit & Mitigation
Þ
Provide policy level guidance on Information Security &
Compliance
Þ
Define and Oversee Information Security Processes & Be
responsible for overall Information Security Compliance
of all the centers
Þ
Conduct awareness of PCI standards to application
developers involved in Payment gateway projects |
|
[snip],
Jeddah, Saudi Arabia |
Project Leader |
Þ
Analyze and Define Risk Assessment Framework and Process
Þ
Conduct Risk Assessment for all banking applications
Þ
BS 7799 based gap analysis
Þ
Conduct Gap analysis and mitigation on PCI
Þ
Educate bank’s PoS merchants to comply with PCI standard
Þ
Active Directory Security review and recommendation.
Þ
Antivirus assessment and recommendation
Þ
Mail infrastructure review and recommendation
Þ
Role Based Access Control implementation framework
definition |
|
[snip]
Bangalore, India |
Project Leader |
Þ
Gap analysis and solution ratification on the following
domains,
o
Patch Management
o
Risk Management
o
Security hardening |
|
[snip],
Ministry of Information Technology, Government of India,
New Delhi. |
Project Leader |
Þ
Infrastructure review, recommendation and
implementation, limited to Microsoft technologies.
Þ
Security risk assessment – MS technology assets
Þ
Patch management review, recommendation and
Implementation.
Þ
Implementing Secure server roles
Þ
Defining best practices for various Microsoft technology
operations
Þ
Assess existing AD infra, recommend secure architecture
based on that, and implement the same. |
|
[snip],
Bangalore,
India. |
Project Leader – Infrastructure Review |
Þ
Conducted a gap analysis using COBIT guidelines to
arrive at an industry standard solution for better IT
governance.
Þ
Recommended an integrated application implementation and
quantified the results of the implementation by doing
Cost Benefit Analysis |
|
[snip],
Bangalore,
India. |
Project leader – BS 7799 Implementation and Pre
certification Audit |
Þ
ISO/IEC 17799 Implementation at the corporate site in
Bangalore in order to remain connected with the parent
company (ING) WAN connectivity.
Þ
Conducted a gap analysis for the ISO/IEC 17799 controls
for the existing infrastructure and implemented the
controls to comply with the standard.
Þ
Gap analysis of Life 400’s payment gateway module for
compliance to PCI standards |
|
[snip],
Chennai,
India |
Consultant – Enterprise Security |
Þ
Forensic analysis for a security incident that happened
on The Perimeter infrastructure.
Þ
Identify and mitigate the risks in the perimeter
infrastructure. |
|
[snip],
Chennai,
India |
Consultant – Enterprise Security |
Þ
Audit of existing environment and recommend Security
measures and controls on both Technology and Management
to secure the organization’s IT environment.
Þ
Enterprise Security Policy definition.
Þ
Inventory collection, Threat and Risk analysis for all
the assets.
Þ
Implement the controls recommended in the first phase. |
|
[snip],
Bangalore,
India |
Consultant - Security Implementation, Central Asia and
Middle East (CAME) and Architect for Windows network
design. |
Þ
Providing consultation for standardizing of IT
operations by way of defining policies, which includes
DRP, Security architecture, and policy definition.
Þ
Checkpoint VPN design, testing and implementation.
Migration of Checkpoint Firewall-1 4.0 to 4.1 across
Central Asia and Middle East region of Unilever.
Þ
Implementation includes Sun Solaris, Netscape proxy
servers, Checkpoint Firewall 1, Windows NT, Lotus Notes.
Þ
Designing Windows network architecture to achieve the
predefined network across CAME Unilever business groups. |
|
[snip],
Chennai,
India. |
Consultant – Enterprise Security |
Study/Review the Vulnerability test report and prepare
Security architecture, Security policy for the
enterprise. |
|
[snip],
Mumbai,
India. |
Network Consultant / In-charge – Asia pacific and India |
Þ
Consultation and assistance for achieving IT security
standards, policies, and practices.
Þ
Information security management from operations
perspective for the India business unit of JP Morgan.
The following are the technologies widely used. |
|
[snip] India,
Chennai,
India. |
Network Consultant / Regional Security administrator |
Þ
Regional Network and Security Operations
Þ
Manage and implement technology solutions and products. |
|
[snip],
Chennai,
India. |
Consultant – Lotus Notes and Network infrastructure |
Þ
Designed and implemented Lotus Notes 5 remote dialup
mail replication.
Þ
Facilitated the remote locations to dial and connect to
the Lotus notes server in Chennai over ISDN.
Þ
Implemented scheduled replication for all the locations.
Did a Procedural Audit for the mailing infrastructure
(Lotus Domino 5) of the organization.
Þ
Designed and implemented Web server over Lotus notes for
the use of mobile users. |
--------
End of Document --------
|
