SUMMARY

• Security Specialist with experience in: External and Internal Security Assessments, Penetration Testing, Vulnerability Assessment, Gap Analysis and Risk Assessment for Commercial/Banks and Government/ DoD Contractors. Verified compliance with regulatory requirements and provided guidance for correcting the noncompliance issues. Performed network security assessments of Windows, UNIX, Linux systems, web applications, databases, wireless networking and a variety of network protocols and firewall devices. The following is an overview of some of my projects;
• Microsoft System Center 2012 R2, Windows Server 2012 and 2008, Windows 8 and 7, and Apache Web Server configuration and monitoring, for Web Site operations and administration, Hyper - V and SQL databases. Experienced with Windows Azure services, including SQL Azure and Azure AppFabric, for connecting applications and services across organizational and network boundaries. Used Transparent Data Encryption (TDE) to encrypt databases, including log files and the tempdb database, in a way transparent to client applications.
• Designed and implemented OSSIM and Qradar, for multi site OSSIM and Qradar systems. Operated Blue Coat for network based Anti-Malware protection for defense-in-depth multi layered security strategy. Developed alerts for known bad events and used sophisticated correlation via search using Splunk, to find known risk patterns such as brute force attacks, SQL Injection, data leakage, and application-level fraud.
• Experienced in designing and operating secure systems with a strong knowledge of firewall systems (Cisco ASA, Check-Point 1, Impreva and Juniper Networks J and M series platforms), and network architectures (including Routers, Switches and IDS/IPS ). Designed, tested and approved firewall rules. Developed configurations and performed configuration management. Prepared Network Security Design drawings using AutoCAD and Microstation.
• Provided PCI DSS, HIPAA, SOX, GLBA and NERC CIP compliance performing Penetration Testing by using Back Track, Kali, Acunetrix, Tripwire, Lancope, Nmap, Metasploit, Wireshark, Nessus, Snort and Source Fire and correlated results from Splunk, ArcSight, Netforensics and QRadar for security information collection and event management (SIEM); Security Configuration Management, Intrusion Detection/Prevention Systems (IDS/IPS), and Content Filtering;
• Designed Cloud Computing on Amazon cloud (IAAS) for deploying SharePoint servers in Amazon cloud and on Microsoft Azure, with using Engine Yard, GIT and Heroku, to program applications including relational and non-relational databases, and using Ruby on Rails, Python and Java to automate common tasks, capacity planning and performance management.
• Monitored for new vulnerabilities detected through scanning and Penetration Testing and received alerts from industry vulnerability databases. Validated alerts generated through automatic testing, and escalated accordingly. Coordinated the vulnerability remediation process in accordance with the existing security policy.
• Strong knowledge of information security best practices and understanding of TCP/IP protocol behaviors
• Certified Information Systems Security Professional (CISSP), with twelve years of experience, MCSE, and also very familiar with Linux (BASH and LAMP),and VxWorks (for PLC Programming).
• Designed and managed physical security systems, including CCTV, for SCADA and facilities management.
• Used Oracle, MS-SQL, MySQL, MapReduce, Hadoop, Cassandra, Dynamo, Bigtable, MongoDB, and Palantir, for database design, development and administration and related storage, code, services, systems, and tools.
• Experienced with GIS products from ESRI(ArcGIS …) using Python and Mapnik map-generation toolkit, Openlayers, and MapServer, ShapeEditor database, PostGIS, and GeoDjango.

PROFESSIONAL EXPERIENCE

Confidential

Security Architect / Systems Engineer

Responsibilities:

• Performed Penetration Tests for: Alliance Healthcare Information, Inc. Reed Group of Troy, NY, Optima Fund Management of NY, EXTOL International, Inc., PCRB, Kincel Investments, Data Cap, Ithaka Investments, Farmers Mutual Credit Union, Argo Turbo, Quest, DoD Contractors, i.e. Frequency Electronics, Financial Institutions, i.e. Pennsylvania Housing Authority, C.I.A. - Culinary Institute of America and many more. Customers are confidential due to signing of a non-disclosure agreement and due to industry standard practice.
• Provided Security Assessments and Penetration Tests for Cloud and Physical networks. Evaluated compliance with the requirements applicable for the respective type of business (PCI DSS, NERC CIP, HIPAA, FedRAMP and SAS-70). Performed ISO 27001/BS 17799 Risk Assessments with Statement of Applicability, Risk Treatment Plan and Gap Analysis using vsRisk, RA2, RiskWatch and CRAMM.
• Performed risk assessment for de-identification of Health Care data sets, established the risk thresholds, and provided evidence that the re-identification risk after the data set has been de-identified is below the specified thresholds.
• Provided reviews and / or managed the implementation, as a project manager. Developed Strategy and Roadmap for implementation; Assessed the customers current SOC capabilities and maturity; Identified gaps, developed Remedial Action Plans and Delivered Assessment findings and recommendations.
• Deployed Splunk (SIEM) for monitoring of application logs, web access logs, configuration files and databases, and for alerting when a server hits a predefined load, (using a Splunk Unix app), when the web server performance slows and when shutting down unneeded EC2 instances is warranted. For several customers, I correlated information from network components and detected:
• patterns in the activity:
• where the connections are coming from
• determined if we are being specifically targeted,
• looked for slow scans,
• see what networks are particularly active in creating security events
• Developed a centralized presentation layer dashboard to determine: What Is “Normal” and What Is Threatening
• I calculated a “threat index” by comparing the total number of events and sources from the firewall, with data published by SANS. Primarily used two threat index values:
• ne for destination port numbers. Determined this index as a ratio of our value divided by the SANS value for the respective port. ne for source IP addresses. This index compares the number of distinct IP addresses hitting us to the number of sources that SANS is reporting (the “Source” column in their table)
• Integrated with Service Desk and other tool platforms, by querying events from the Service Desk - the Spice Works software and from IDS/IPS platforms
• Defined event and alerting thresholds, using Splunk dashboards
• Provided integration with other authoritative databases from USCERT, ISS, and SANS, and queried events from other IDS platforms (through searching flat files with word pattern searches)
• Performed Penetration Tests and Security Architecture reviews and analyzed existing and proposed designs. Performed firewall rule approvals and responsible for integrating security best practices into projects.
• Performed External and / or Internal Security Assessments for Banks, Government, and DoD Contractors and U.S. businesses for compliance with NIST 800-30 and ISO 27001/BS 17799. Provided guidance for correcting the noncompliance issues. Participated in the design of several SOC. Developed strategy for service output,

Tools and Software integrations

Confidential

Responsibilities:

• Programming using Python for developing debuggers and fuzzers for process and log monitoring. Also configured and deployed other Python programs like PyDdg, Immunity Debugger, Sulley, IDA Python and PyEmu.
• Coordinated IT Security Operations, Incident Response, Remediation, Mitigation, Advanced Persistent Threat (APT), Cyber Threat Intelligence. Developed fraud detection action plans and computer programming scripts to detect attacks in progress, by monitoring:
• Admin /Root logins, successful or failed
• Login attempts to disabled accounts
• Successful logins to accounts with elevated privileges
• HTTP access with weird, long URL, which can be SQL injection attempts
• FTP from servers and work stations
• Group membership changes and elevation of privileges
• Database alerts
• VPN, OWA and RDP logins
• Servers downloading .EXE files from the Internet
• Access to sensitive share drives or honeypots
• Performed Web application vulnerability scanning to prevent SQL injection, directory path traversal vulnerability, Cross-site scripting, Redirection and header injection attacks, Leakage of query string parameters in the Referrer header, Integrity of Access Controls and Session Management, Session hijacking, capture of credentials and other sensitive data, Buffer overflows, Client-side Login with focus on validation and authentication and Common configuration weaknesses, known software bugs.
• Performed log monitoring (using Splunk, Source Fire (Snort), Lancope, Nessus, Wireshark and Impreva) and configured intrusion detection and prevention systems (IDS/IPS) including operations and maintenance.
• Participated in project reviews and approved information security architectures associated with each initiative
• Experienced in working with security tools such as Armitage, Nmap, Metasploit, Nessus, Snort, Qualys and Qualys Guard, Wireshark, Back Track, Kali, SET, Tripwire and log analysis tools.
• Advised customers on how to implement Security Hardening measures for Servers, Databases, Routers and Switches, as suggested by U.S. N.S.A. to control access, help resist attacks, and help protect the integrity and confidentiality.
• Published a book on “Cloud Computing Security”
• Participated in Cloud Security Alliance (CSA) working groups to develop cloud-specific standards, to improve current standards. Contributed to the Cloud Audit specification, currently reviewed by IETF, which is an open, extensible and secure interface that allows cloud computing providers to expose Audit, Assertion, Assessment, and Assurance (A6) information for cloud infrastructure (IaaS), platform (PaaS), and application (SaaS) services to authorized clients.
• Monitored for new vulnerabilities detected through scanning and received alerts from industry vulnerability databases. Validated alerts generated through automatic testing, and escalated accordingly. Coordinated the vulnerability remediation process in accordance with the existing vulnerability management policy.
• Developed Web Applications using Ruby on Rails, with Engine Yard, GIT and Heroku, with focus on Identity Management, Security and Capacity Planning. Developed Web Sites and Web Applications using Drupal, JQuery and designed SQL database queries. Provided Professional Security Services on Computer Networks and the Physical Perimeter, Network Traffic Analysis, Optimization and Capacity Planning. Developed Web Applications using HTML, JavaScript, jQuery, CSS, XML, REST, Facebook APIs, Java, SQL, PostgresSQL and MySQL..

Confidential

Senior Security Analyst / Consultant

Responsibilities:

• Performed External and / or Internal Security Assessments and Penetration Tests for Banks, Government, DoD Contractors and U.S. businesses. Current regulatory guidelines only give general information about what is expected for compliance. I verified compliance with regulatory requirements and provided guidance for correcting the noncompliance issues. Also proved that the client is practicing in a professional manner and exercises due care and due diligence for compliance.
• Experienced with Firewall and VPN Remote Access Technologies, E-mail and InstantMessaging Security, Intrusion Detection & Prevention, Vulnerability Assessment and Management, Wireless Security, End-Point Security, DDoS Protection
• Managed Web Servers running on Linux/Apache and Microsoft platforms.
• Performed firewall rule approvals and coordinated the annual PCI DSS certification process
• Coordinated security projects and assisted with integrating security best practices into projects.
• Professional Security Services on Computer Networks and the Physical Perimeter
• Phishing and Spear Phishing Security Assessments (pTest)
• Monitored for new vulnerabilities found by scanning or industry vulnerability alerts, and validated alerts generated through automatic testing.
• Published a book on “Web Business Operations Management - Why some businesses fail to succeed?”
• Web Application Security Assessments
• Assessed the validity of identified vulnerabilities. Coordinated the vulnerability remediation process in accordance with the vulnerability management policy.
• Regulatory Compliance Consulting using vsRisk, for ISO 27001/BS17799
• Corporate Security Policy Consulting
• Performed Wireless Security Assessments and Penetration Tests.
• Mobile Devices Security Assessments and Traffic Analysis using Air Snort, Aerohive Wireless Solution and other tools for wireless networking
• Security Engineering, including implementation of information security awareness programs, Incident Response, Computer Forensics, Reverse Engineering of Malicious Software, Network Traffic Analysis and log review

Confidential

Information Systems Manager

Responsibilities:

• Hudsonvalleytraveler.com Designed, developed, updated and hosted the confidential and Confidential web sites. Deployed and operated Intelligent Transportation Systems infrastructure, consisting of 9 video cameras and 18 Variable Message Signs. Provided system analysis, development, implementation and support for Windows, Linux and Novell networks, consisting of nine web, streaming video, mail and file servers and three dozen workstations.
• Developed and implemented network security measures using CISCO PIX firewall, Internet Security and Acceleration Server and Microsoft Proxy 2.0. Developed and implemented Security Policies, access control, network and telecommunications security, business continuity and disaster recovery planning and related security management measures, for hudsonvalleytraveler.com.
• Performed Security Audits for compliance with the Security Policies and Penetration/Vulnerability Analysis to validate the network against the security policy and the known Internet attacks. Tested networks with a wide variety of hacking tools. Documented any exploits found and suggested security solutions. Monitored network traffic with Ethereal and provided Intrusion Detection with Snort 2.0.
• Designed, developed, configured and administered daily operation of the above mentioned infrastructure. Managed and supervised a staff of three.

Confidential

I.T. Manager

Responsibilities:

• Responsible for estimating, scheduling and control of design, development and construction of projects from $4,000,000 to $32,000,000 by using Primavera C.P.M. Project Management software, with revenue projection, cost and resource loading and monitoring.
• Managed contracts and changes (including change order impact analysis and tracking delays), cost control and value engineering.