Highly competent and result oriented consultant with experience working with Fortune 500 clients and National Institute of Standards and Technology (NIST). Experience with IT Audit walkthroughs, IT testing, application control testing, security and risk assessments and business continuity planning. I also have experience with FIPS 140-2, cryptographic module testing, security testing, validation testing, module design analysis. I posses effective communication, interpersonal skills and ability to work as individual contributor as well as in teams.
Masters in Computer Information Systems (concentration: Computer Security)
Bachelor of Engineering in Telecommunication Engineering
CCNA (Cisco Certified Network Associate)
Passed CISA (Certified Information Systems Auditor), pursuing certificate.
Operating Systems: Windows Vista/XP/2000/ME/98/95, Windows NT/2000/2003 Servers, UNIX, Linux.
Programming Languages: SQL, HTML, TCL
Network: Advance Security Appliances (ASA), Routers, Switches, Access Points, Security and Routing Protocols.
Standards: ISO 27001, FIPS 140-2 and other NIST special publications 800 series, SOX, HIPAA, SAS70, COBIT.
Security Tools: Forensic Tool Kit, Ethereal, SMAC, Nmap, Nessus, Nipper, Metasploit.
MS Office Tools: MS Word, MS Excel, MS PowerPoint, MS Visio, Microsoft Exchange.
Industry experience: Computer Security, Retail, IT Service.
Duration: March 2010 to January 2011
Position: Security Engineer
- As a experienced staff in ITRA practice Devashish has experience in Security Assessments, Business Continuity Planning, IT Audit Walkthroughs and Testing, Application Control Reviews.
- Security Assessments: Performed Security Assessments on Firewalls, Advance Security Appliances(ASA), Windows 2003 Server.
- Business Continuity Planning: Worked with a Fortune 500 retail client on a Business Continuity pilot project . Responsibilities include assisting with client walkthroughs, meeting minutes, performing site and threat assessment, gap analysis, interviewing client to identify risks, documenting and presenting findings to project committee.
- Technology: Performed the IT General Controls Design Effectiveness and Operating Effectiveness Testing and application control testing for various clients. Responsibilities include interviewing client contacts, performing change management, logical access, and IT operations testing, as well as performing security and application control testing on systems such as Oracle, Unix, Windows, AS400, Mainframe. Background in all stages of audits, including planning, study, evaluation, testing of controls, reporting and follow-up.These responsibilities helped to assist with Business Decisions and Financial Statement Audits.
Duration: Feb 2008 to Feb 2009
Position: Security Engineer
- Testing and Validation of security products against established standard such as FIPS 140-2 and NIST Special publications.
- Provided technical support to clients to resolve issues related to design, testing of commercial security products.
- Prepare detailed documentation of test plans and test results. Write and review detailed reports, security policies.
- Review design of commercial networking and security products and identify security issues (hardware and software) of security products.
- Configured wide range of networking devices such as Cisco routers/switches/ASA, Nortel VPN routers, Access Points and Windows/Linux based OS such as windows XP, Vista, CentOS.
- Performed Algorithm, Physical, Operational, failure and Regression testing on cryptographic modules.
- Hands on Networking and Security experience in multi-vendor, multi-protocol and multi-customer environment.
Position: Technical Support Engineer
Duration: June 2005 to July 2006
- Provided second level support to system engineers/clients on critical issues.
- Provided support in 24/7 environment for (LAN/WAN, Wireless Network, PBX, Ethernet, Leased Lines, Routers/Switches).
- Troubleshooting and Monitor Windows NT server and Windows 2000 server, Microsoft Exchange 2000, Oracle database, emails, printer and other system related issues.
- Monitor System and Security logs regularly to administer the client infrastructure.
- Identified and implemented new methods using existing technology to help user work more efficiently.
Position: Facility Management Engineer
Duration: Nov 2004 to May 2005
- Provided first level support to end users for problems related to LAN/WAN, Routers/Switches, Windows NT/2000 Server, Inventory, POS, WINDSS, AS400, Oracle, System Hardware, Printer.
- Created trouble tickets for user issues and updated them in timely manner.
- Played critical role during migration of Lotus Notes to Microsoft Exchange. Trained users in Microsoft Exchange.
- Migration of Lotus Notes to Microsoft Exchange.
- Implementation of Trend Micro antivirus software.
- Automation of Point-Of-Sale machines at client side.
Duration Jan 2007-Jan 2008
Project 1: Development of Websites. (Duration 2 Months)
- Redesigned website for cityofboston.gov.
- Created e-helpline website for Metropolitan College using XML, HTML, PHP and Dreamweaver.
Project 2: Database Development. (Duration 3 Months)
- Installed, upgraded and patched Oracle software. Setup brand new machines including Oracle software installation, oracle clients. SQL Server.
- Performed database tuning using Enterprise Manager
- Created Tables, Schemas, Views.
Project 3: Forensics (Duration 3 months)
- Develop and Conduct keyword searches and conditions in Forensic TookKit (FTK).
- Perform Data Recovery on different types of media such as Floppy Drives, Hard Drives, and Electronic Mails.
- Created detailed reports, evidence folders and maintained logs.