SUMMARY:

• Around 7 years of experience in the field of Information security encompassing various aspects of Network, System, and Application security, Risk Assessment, Policy Implementation, Virtualization, Team and Project Leadership, Business Continuity /Disaster Recover, System Administration, Content Development, Documentation and elearning administration.
• Expertise in application of various standards, guidelines, and methodologies based on OSSTMM, ISACA, NIST, OWASP
• Extensive experience in Risk Assessment, Access Control, Asset Management, BCP& DRP, and Physical Security
• Expertise in Vulnerability Assessment of Systems, Networks and Applications using tools like Nessus and Nexpose
• Expertise in Penetration Testing - Systems, Networks, and Applications using tools like IBM appscan, Metasploit, Kali Linux, Nessus, Wireshark, and Nmap
• Good experience in auditing and reporting - Desktops, Network devices, and Servers
• Expert in Information Security and Awareness
• Very good Work experience in writing and implementing the policies and audit plans as per the client requirements
• Expert in developing the content and courseware in the area of Information Security
• Coordinated, organized and volunteered National and State level conferences, workshops and s
• Team lead: For Project Information Security and Awareness (ISEA), an initiative of Department of Electronics and Information Technology (DeitY), Government of India
• Team lead: For Project Cyber Security Awareness, an initiative of Computer emergency response team, India (Cert-in)

TECHNICAL SKILLS:

Tools: Netcat, Angry IP, tcpdump, SuperScan, Cain and Abel, Email Tracker proMicrosoft Baseline Security Assessment tool, Ping, Burp Suite, Sql Map, Snort

Firewall: Sonicwall Firewall

Virtualization tools: Microsoft Virtual box, Oracle Virtual box, VMware Workstation

Web services: Apache, Tomcat, and IIS

Database: Mysql

OS: Windows XP, Vista, 2007, 2008, Windows server 2003, 2008, Ubuntu, BOSSKali Linux

Microsoft Office: 2000/XP/2003/2007, Office 365

Cloud: VMWare ESXi 5.0

Other: Articulate Studio, Adobe Photoshop CS2, Camtasia, Wink, Gimp, Libre office

PROFESSIONAL EXPERIENCE:

Confidential, Newyork, NY

Information Security Specialist

Responsibilities:

• Gather exiting security documentation identify the gaps and provide the client with best practices
• Assist with implementation of security risk management team
• As part of security team conducted application security assessments like Analyzed reports generated by the IBM Appscan, Used Burp Suite for manual testing of websites, Used SQLMap for targeted SQli discovery
• Reviewed firewall rules
• Conducted various risk assessments using Evantix especially dealing with PII
• Used various security softwares like wireshark, Kali Linux the enterprise information security awareness program featuring targeted formal ; monthly awareness articles based on immediate and potential security threats.

Confidential

Senior Information Security Analyst/Team lead

Responsibilities:

• As a team lead for “Cyber Security Awareness” project provided numerous ideas for multimedia developers for developing 2d/3d animation videos and cartoons on cyber security and executed the project
• Successfully met the objectives of the project and submitted the completion report of Cyber Security Awareness with project objectives, s, work carried out and future plan of the project
• As part of web application security team continued the system, server, network device audits as per the client security requirements and Documented the audit observations and generated the reports also proposed solutions based on the testing carried
• Coordinate with other departments for Security Analysis & Assessments, Patch Management, OS Hardening, Vulnerability Detection, and Security Event Monitoring
• Provided support for monitoring & network, including incident response, for all systems and desktops in the organization
• Served as point-of-contact for external and internal requests on information security audits and s
• Identified and investigated client issues and provide recommendations, workarounds, resolutions and benefits by minimizing the client’s risk and cost.
• Communicated all project related issues and project status efficiently.
• Coordinate with state cybercrime police for implementing the program to educate and spread awareness of online crimes across the state.

Confidential

Information Security Analyst/Team lead

Responsibilities:

• Involved in Web Application Security team to conduct web application testing of various websites which includes banking application, online exam application
• Performed vulnerability assessments of various OS, servers and applications based on the client requirement
• Experienced on service delivery, managing project requirements, customer relationship, allocating work and conducting status meetings.
• Worked on VMware Cloud ESXi 5.0 and Implemented the private cloud by building IaaS by using the VMware Cloud ESXi 5.0 and also delivered talks on cloud security
• Planned and designed the handbook for general user and school children on how to secure your data when you connect your computer/laptop to the internet
• Trained more than 5000 school children on a subject information and computer security, trained more than 4000 general users on a subject information and cyber security, usage of internet in a secure manner, online banking, online attacks, and etc., Trained 1500 government users on technical and non-technical issues
• Expert in implementing the information security awareness programs across the state and country(India) for the users like school children, teachers/parents, technical users, and etc.,
• As a teamlead extended support in writing the proposal and concept note for the extending the project Information Security and Awareness (ISEA)
• Participated and represented the organization in National level conferences
• Written article on Phishing, Credit card & Debit card secure usage, social engineering attacks which were published in the magazine “Hindu frontline”
• Schedule monthly and weekly meetings, attending and projecting the works carried out during that period, future plans and etc.,
• Managing the Confidential project works, providing monthly status report to the Deity, planning, coordinating the project and discussing with the team to complete the tasks as per the schedules

Confidential

Information Security Associate/ Team Lead

Responsibilities:

• Played a role of team lead for the project Information Security and Awareness(ISEA)
• As part of the information security awareness project delivered talks on various information security concepts across state and nation wide
• Implemented the s and workshops on information security concepts for various end users like school children, College students, General users, technical users etc .,
• Performed white box testing of eSecurity software and websites of in house software and reported the vulnerabilities
• Performed white box testing of virtual learning environment of the client application and reported the vulnerabilities
• Explored and compiled the standards and methodologies like OSSTMM, ISACA, NIST, OWASP
• Planned and implemented the auditing by making a checklist for performing the audit of systems, servers and network devices as per the standards
• Started testing websites for sensitive information exposure, session management,SQL injection
• Vulnerability assessment of the networks, systems and websites hosted by the organization
• Written and implemented the system, network and Internet usage policy for the organization
• Performed the audit on desktops which are in windows environment and documenting the report with respective to observations made through audit
• Proposed the penetration testing and audit plan to carry out various testing, vulnerabilities and exploits of desktops, servers and applications which can provide as one of the service in the organization
• Proposed and implemented national level painting competition on information security concepts
• Proposed and implemented the national level conference on information security concepts
• Participated and represented the organization in National level conferences

Confidential

System Administrator/eLearning Administrator

Responsibilities:

• Continued works as a system administrator
• Explored ethical hacking concepts and have hands on experience on ethical hacking tools
• Explored the concepts of information security management system (ISMS), Business continuity and Disaster recovery planning (BCP & DRP), various concepts of security standards, policies, procedures, various information security concepts, forensic methods and tools
• Explored various cyber security risks, online risks, malware, different types of attacks
• Worked on how to implement a secured infrastructure with the existing resources
• Keep abreast with the latest technologies, risks and attacks in a continuous process
• Based on the knowledge gained on ethical hacking concepts, information security concepts designed a courseware and developed the course content by dividing it into modules like understand TCP/IP, step by step process of hacking, Enterprise forensic, BCP/DRP, windows and Linux OS hardening and took the team help in completing the course
• Designed course was made into eLearning mode and uploaded into eLearning website
• Designed the labs and setup them in virtual environment for ease of use
• Played an eLearning administrator role for assigning courses to the users
• Provided technical assistance for the users
• Provided to the technical and non-technical users on operating system security, information security concepts and various cyber security risks and attacks

Confidential

System Administrator

Responsibilities:

• Installation and configuration of windows operating system both server and desktop versions like windows 2000, 2003,windows XP, Windows vista, Linux operating systems Ubuntu and BOSS
• Creation of user accounts, profiles and groups using Active Directory
• Monitoring services in both Windows and Linux Server for CPU, Memory, and disk utilization and also for various other services
• Good Knowledge in TCP/IP protocols
• Initial configuration of firewall and Worked on IDS
• Configuring and assigning the IP address to the users
• Operating System hardening
• Worked on backup services and antivirus management
• User Assistance and troubleshooting the OS level problems
• Setting up of virtual environment for various department to carry out their research on developing software’s and products