CEH certified Information Security Professional with technology experience in the Financial, Government, Insurance, Manufacturing, and Resource Sectors.
Web Application and Network Security Assessments.
Development of Information Security Policies and GAP Analysis.
Compliance and Regulations Standards - PCI, SOX, ISO, OWASP.
Open source and commercial security tools.
Ability to document problems and solutions that address technical issues.
Excellent writing, presentation and communication skills at the technical, user and management levels.
Superb client relations and the ability to interact with customers at all levels.
Helping plan and implement Security Solutions meeting customer requirements.
Team oriented as well as autonomous, and the ability to accept responsibility with minimal supervision.
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to maintain confidentiality, integrity and availability of data.
Services include vulnerability and risk assessments, and development and review of corporate security policies and procedures to meet business requirements and objectives with respect to Governance, Risk Management and Compliance. GAP analysis reviews and reports.
Security testing methodology used is the OSSTMM (Open Source Security Testing Methodology Manual) and the OWASP Testing Guide (Open Web Application Security Project).
Senior Security Analyst
Contractor from April 2007 to April 2012. Full-time employee from May 2012 to June 2014.
Perform security risk/vulnerability assessments (web application and network), for Confidential ’s clients’ to meet Compliance and Regulations Standards by Auditors.
Review and develop corporate security policies and procedures to meet business requirements and objectives with respect to Governance, Risk Management and Compliance. GAP analysis reviews and reports.
Web application assessments reporting on security weaknesses, design flawsand intrusion risks. Common attacks such as SQL Injection and Cross-Site Scripting are tested for. Reports are presented to the client outlining the security flaws found, the associated risk, and the solution to fix each problem.
PCI and vulnerability assessments using Approved Scanning Vendor (ASV) tools such as Qualys.
Recommend security best practices for the business analysis and coordination of IT Security projects.
Senior Security Consultant
Performed threat risk assessments for clients informing them of attack patterns and trends on their network using ArcSight.
Performed network and application vulnerability assessments.
Log analysis, monitoring and correlation of data flow from best of breed security products.
Senior Security Consultant
Senior Security Consultant for Xstrata (formerly Falconbridge) based in downtown Toronto.
Performed vulnerability assessments of computer systems, web applications and network components including data, hardware and software.
Identify known vulnerabilities and security weaknesses in target systems using vulnerability assessment tools and methods.
Analyze and review the vulnerability assessment findings in detail.
Reviewed high-risk issues immediately with IT administrators.
Write customized reports identifying all material findings and remediation plans including detailed ‘how-to-fix’ procedures for identified vulnerabilities and weaknesses.
Educated project teams on security initiatives.
Security Analyst/Consultant for Toronto Dominion Bank Securities based in downtown Toronto.
Daily integration with TRMIS (Technology Risk Management & Information Security) to review security threats locally, nationally, and globally.
Main focus was on network and web application security testing.
Steps used to get access to publicly facing computer systems included passive information gathering, social engineering, scanning of systems and attempted exploitation of flawed systems.
Helped manage the Incident Handling team on a global scale for all incidents including virus/worm outbreaks, outside hack attempts, and the Northeastern blackout of 2003.
Perform security architecture and policy and procedure reviews.
Provided technical IT security guidance and policy interpretation and clarification to senior managers, data owners, project managers, and user departments.
Provided reports to senior management on overall security posture.
Security Consultant/System Engineer
Security Consultant and System Engineer for the Canadian and U.S. Eastern Seaboard.
Clientele included government and financial sectors.
Vulnerability assessments were performed onsite to identify and quantify vulnerabilities in the computer systems and network components including data, hardware and software. This included the following:
Cataloging assets and capabilities (resources) in a system.
Assigning quantifiable value and importance to the resources.
Identifying the vulnerabilities or potential threats to each resource.
Mitigating or eliminating the most serious vulnerabilities for the most valuable resources.
Product implementations and integration of NSM (Network Security Manager) within the enterprise. NSM is a comprehensive security management solution with benefits for both security operations and corporate risk officers. NSM combines security event management (SEM) with security information management (SIM) to increase security effectiveness with real time capabilities to stop attacks, resolve incidents and enforce policy.
Integrating NSM within the enterprise met the following objectives:
Enabled strategic business initiatives while protecting the infrastructure, applications and intellectual property of the organization.
Increased the efficiency of security operations as they manage alerts and resolve incidents.
Enforced policy by implementing best practices and the right controls to reduce risk and satisfy compliance requirements