Profile Summary

• Experienced security professional with strong technical and people skills and extensive experience in information and network security.
• Track record in architecting, designing, evaluating and securing complex, leading edge systems and organizations through personal leadership, innovation, effective communication, and technical ability.
• Experience and expertise are backed by a set of relevant industry-recognized certifications, such as the CISSP, CISSP-ISSAP Information Systems Security Architect Professional , CISA, PMP, and ITIL.
• Languages
• English written, comprehension, spoken
• Achievements

Confidential

Role: Advisor, Information Security

Project Description

As an Information Security Officer, ensure Information Security gaps are found and eliminated, risk is evaluated and proper information security controls are put in place for multiple key applications and projects at BMO.

ROLE DESCRIPTION

• Currently the Principal Information Security Officer for Bank of Montreal Online Banking OLB , Mobile Banking and Tablet Every-Day Banking and all related sub-applications Weblending, MoneyLogic/PFM, OSA, Remote Deposit Capture/RDC, etc.
• Review the Solutions Architecture from Information Security perspective for each new project.
• Oversee software development projects enhancing existing applications or creating new applications from beginning to end. Act as the InfoSec approver for all project deliverables throughout the SDLC. Perform dynamic vulnerability scans for web applications in my portfolio. Review OS, Database and static source code and dynamic source code vulnerability scanning reports, select which ones must be addressed and insure their elimination prior to the application going live.
• Track and manage risk across all applications in portfolio. Review technical solutions to security issues, and negotiate issue resolution plans with customers, followed by tracking and monitoring the execution of said resolution plans.

Technical Environment

Software development is conducted using various web technologies including Java, .NET, WebMethods, etc. as well as COBOL / PL-1 on mainframes. Hands-on experience with Fortify and IBM AppScan. Knowledge of Akamai products used to protect the bank's Internet facing servers from Distributed Denial Of Service DDOS attacks. Databases used are Microsoft SQL, Oracle, and DB2.

Confidential

Role: Senior FIPS Evaluator

Project Description

• As part of the CGI IT Security Evaluation Test Facility CGI ITSETF validated a number of hardware and software cryptographic modules under the FIPS 140-2 validation program. One of the first steps in evaluating such modules is assessing their Security Architecture.
• Vendors validate their modules under the FIPS 140-2 validation program in order to demonstrate the security level of their module and reassure users buyers of their cryptographic modules that they can expect the features that come with a given level of security. In addition, federal government buyers of such equipment in the USA are obligated to only buy equipment which is FIPS-validated.

ROLE DESCRIPTION

• As a Senior FIPS Evaluator, responsible for evaluating hardware and software cryptographic modules under the FIPS 140-2 validation program, as directed by the FIPS Program Manager and as per the contractual obligations of the CIG ITSETF Lab.
• Validated hardware products include the Blue Coat proxies SG 510/810, SG 600, SG 900 and SG 9000, Chunghwa Telecom's HiCOS Native Smart Card, HiCOS L2 RS4 and the HiPKI 1200 HSM, Fortinet's firewalls: FortiWiFi-60C, FortiGate 60C, FG 80C, FG 110C, FG-200B, FG 310B, FG 620B, FG 600C, FG 1000C, FG 1240B, FG 3140B FG 5001B, FG 5001A, 5001SX and the FortiGate 5140B and SafeNet's Luna PCI-E Cryptographic Module Hardware Security Module/HSM .
• Validate software cryptographic modules include several based on OpenSSL, including OpenPeak, Riverbed, and Safenet.
• Most recently took a number of FIPS validations to completion, responding to CMVP report comments and ultimately obtaining CMVP certificates for Chunghwa Telecom, Fortinet, HP, Blackberry and OpenPeak.

The work encompassed:

• Review vendors' FIPS documentation for completion and correctness. Work with vendors to have them understand the issues with and correct the documentation
• Work with vendors' firmware and software developers to validate vendor's cryptographic algorithms, and submit those for certification to the Cryptographic Algorithm Validation Program CAVP
• Perform physical and functional testing on the vendors' equipment verifying all testing requirements for a given Security Level, embodiment and module type
• Prepare FIPS reports and submit them to the Cryptographic Module Validation Program CMVP
• Review and successfully respond to CMVP reviewer comments, ultimately obtaining CMVP FIPS certificates.

Technical Environment

• Each of the above modules represent either a Firewall device, a Universal Threat Management device providing firewall, spam filtering, gateway antivirus protection, and intrusion detection or prevention, or a Hardware Security Module HSM which manages digital keys and accelerates cryptographic processes for server applications. It could also be an access device such as a Smart Card or a token, or a software system such as disk encryption software.
• A FIPS evaluator must acquire a working knowledge of each device and configure it into a system or a network before he or she can test it.

Confidential

Role: Security Solutions Architect

Project Description

As part of the overall integration of Nortel Optical into the Ciena organization, Ciena needed employees of both companies to access each other's networks, computing resources and labs, and improve the network connectivity of employees of both companies to facilitate the integration and make the employees more productive.

ROLE DESCRIPTION

• As a Senior Security Analyst, responsible for architecting, designing and implementing a set of VPN services to enable to cross-company Intranet communication, in a secure fashion.
• Kicked off a pilot VPN service to allow Ciena employees to access the former Nortel network and its applications, while simultaneously accessing the Ciena network
• Successfully piloted the service, wrote the user guide and FAQ, trained the entire global Help Desk organization, and officially introduced the service
• Introduced an equivalent service allowing former Nortel / now Ciena employees to access the Ciena network while simultaneously accessing their own former Nortel network. This enabled a very quick cross-access to over 4,000 employees and contractors in various functions Engineering, Marketing, Finance, etc. and a very effective temporary integration measure until the additional IT infrastructure could be put in place.
• Designed and installed a new Aruba-based Wireless LAN network infrastructure for the Ciena Ottawa campus: three buildings and a total of 8 stories, plus two large labs. Upgraded the Ciena Kanata building 3 stories plus a lab with a new generation Aruba hardware and software Wireless-N WLAN network, and installed the Montreal site Aruba-based WLAN network.
• Designed, implemented, and integrated the security for all these WLAN networks. All WLAN networks support two types of users: employees guests. Documented detailed technical information as well as user guides and FAQs in the IT Wiki.

Confidential

Role: Security Solutions Architect

Project Description

Ciena identified Endpoint desktop and laptop Security to be a high security risk for the company. It therefore needed a company-wide End Point Security solution which would meet the corporate security requirements.

ROLE DESCRIPTION

• Assigned as the Security Solutions Architect on the project to crystallize the Ciena Endpoint Security requirements, evaluate vendor solutions, and choose and deploy a solution to meet Ciena's requirements.
• Gathered and analysed Endpoint Security requirements, and came up with a set of required preventive measures hard disk encryption, personal firewall, Network Access Control, Port Protection, Portable Media Encryption, Program Control application whitelisting , etc.
• Analysed vendor solutions, selected the Checkpoint Endpoint Security solution as one that most closely matched the set of required preventative measures. Deployed the Checkpoint Endpoint Security with the help of the vendor, and then managed and improved the system configuration post-deployment. In the deployment process, educated end users as well as IT support staff as to the need for and the expected behaviour of the Endpoint Security applications.

Confidential

Role: Security Solutions Architect

Project Description

The multitude of password that each employee had to remember in many cases upwards of a dozen to two dozen was identified as a significant risk as employees would write down their passports on pieces of paper and attach them to their monitors. Ciena needed a solution to address this risk.

ROLE DESCRIPTION

• Tasked to architect and implement an Identity and Access Management/IAM system to address the Ciena Password Management and Single Sign-On requirement.
• Gathered and analyzed the Ciena requirements for this password sync, self-service password reset for office and remote users, single sign-on, etc. Selected a dozen vendors, then narrowed it down to three. Conducted a Proof of Concept with the systems from the three vendors to see how they meet the Ciena requirements. Based on that, selected the vendor and product to be deployed at Ciena: Hitachi ID. Identity Management was going to be considered next, but the project was postponed due to budget constraints
• Hitachi ID was first piloted to three dozen friendly users, including key IT staff which would have to support the solution. It was then deployed to the rest of the company in stages, by organizational units.

Confidential

Role: Senior Security Analyst/Security Solutions Architect

Project Description

Ciena needed an additional Senior Security Analyst, as well as one who would provide local presence to the Ciena Canada user population, which at that point represented about half of all the Ciena employees. The rest of the IT Security team was US-based. While the initial recruitment was for a Senior Security Analyst, most of the subsequent assignments were for a Security Solutions Architect role.

ROLE DESCRIPTION

• Performed Threat and Risk Assessments and Vulnerability Assessments, including several delicate / controversial ones. The latter involved unhappy customers demanding functionality which was rejected as high risk. In all cases was able to a educate the customer as to why the requested functionality is high-risk, b provide the analysis which quantified the risk in dollar amounts, and c provide mitigation steps and/or alternative solutions which meet their requirements while lowering the risk to the point where the risk was acceptable to the business
• Fully participated in the team's ongoing rotational activities: train employees in IT Security concepts IT security client applications on their laptops, participate in On-Call, Data Collector and Analyst-On-Call rotations, monitor the various security appliances firewalls, wired and wireless Intrusion Detection / Intrusion Prevention Systems, etc. . As part of On-Call, troubleshooted and resolved issues related to firewalls internal and external , remote employee, contractor and partner access via VPN gateways, site-to-site VPNs, intrusion events, anti-virus attacks, secure file transfers and
• As part of On-Call Incident Response rotations, set up site-to-site VPNs to various Ciena partners, customers, and service providers, troubleshooted and resolved issues related to firewalls internal and external, Checkpoint R73's, Juniper SRX650's , remote employee, contractor and partner access via VPN gateways, site-to-site VPNs, intrusion events, anti-virus attacks, secure file transfers, etc., etc. Various networking equipment, which is part of the Ciena's networking infrastructure such as Cisco Nexus 7Ks and Juniper switches.

Technical Environment

Checkpoint R80 firewalls, Juniper SRX-650 firewalls, Juniper SA6500/4500/2500 VPN gateways, Cisco Nexus 7000 switches, IBM Proventia, SourceFire, IronPort, ProofPoint, Splunk, Nessus, Cenzic, TrendMicro, Norton, Oracle ESSO, Quest Software SSO, Hitachi ID, Microsoft ADFS, Microsoft Windows Server 2003/2008, MS Active Directory, MS GPO, Microsoft and Entrust PKI, Windows XP and Windows 7, Red Hat Enterprise Linux, Aruba WLAN controllers and access points, etc.