- Senior consultant with 15+ years of combined Operational, Tactical and Strategic experience in Information Security, IT Governance, Risk Management, Privacy and BPM. Former security consultant for Confidential & Young TSRS services. US Citizen and eligible for necessary security clearance process.
- Information security risk management solutions towards Intellectual Property/Data Breach, Cybercrime, Outsourcing/3rd party, Corporate Internet, Cyber Threat Intelligence, and Emerging Technologies. IT GRC strategies utilizing OCEG, CAG, CoBiT, NIST SP - 800-30, OCTAVE, ISO27002, ISO27005, RiskIT (ISACA) and Microsoft frameworks. Security incident management design using SANS/CERT prescriptive guides.
- Security & Privacy compliance frameworks including Banking & Finance (GLBA, FFIEC, BASELII, FTC Redflag), Credit Card (PCI DSS), EU Directive on Data protection, SOX, US Federal Privacy (SPAM, COPPA), US State Laws, MA 201 CMR 17, Critical Infrastructure Protection (NISPOM, NIPP), General (CoBiT, ISF, ISACA, CERT, IIA, NIST, ISO) and UCF frameworks.
- Operational IT Security Controls management including Network and Infrastructure Firewalls, Routers/Switches, VPN/Remote Access, IPS/IDS, Web Security, Servers/Desktops, endpoints, Data Encryption/Transfer, Security event/log management, Server Security (AD/Unix), DNS, Patch management.
- IT General Controls Audit of various systems using global audit methodologies. “IT Change Control Process” framework implementation utilizing VisibleOPS philosophy. Test environments include Windows AD, AS/400, SAP, Oracle, UNIX, Linux, SQL, ERP SoD for SAP, PeopleSoft and Oracle utilizing Approva/custom tools.
- Information Security Policy Development and support including Standards, Guidelines and Procedures. Develop necessary controls and administrative procedures to enforce and audit policy compliance and audit.
- Enterprise Security Architecture development using “SABSA” & Zachman frameworks. Analyze and design the Enterprise Security Architecture to meet the security, technical and business requirements and align with the Enterprise Infrastructure Architecture including Identity & Access Management (IdM), Identity Federation etc.
- Vendor IT/security solution design with IBM, HP, Cisco, Oracle, SAP, Microsoft, Qualys, Fortify, Metasploit, CheckPoint, EMC, RSA, Symantec, Strohl Systems, Confidential & Young, CERT, CMU-SEI. Special knowledge of Oracle Database Security products (Database Firewall, Database Vault, Audit Vault, Advanced Security)
- Advanced Penetration Testing Methodologies with functional coverage for Load balancers, deep packet inspection, IDS/IPS, Web applications, Application Firewalls, LAN/NAC, workstations/GPO, host based IDS/IPS, AD control, Database etc. Framework design based on SANS, EC-Council, NIST 800-53 controls, OWASP, Qualys, and white hat tools for networks and applications infrastructure.
- Secure Software Development (SDL) reviews utilizing Microsoft, CMU-SEI, SQUARE, NIST methodologies. Web Application, Database Secure Coding using IIA, CMU-SEI, OWASP, .NET/J2EE guides.
- Secure Software Program Management using BSIMM Maturity Model and software security frameworks for Governance (Strategy and Metrics, Compliance and Policy, Training), Intelligence (Attack Models, Security features and design, Standards and Requirements), SSDL Touch points (Architecture Analysis, Code Review, Security testing), Deployment (Penetration Testing, Software Environment, Configuration and VM).
- Unified Network Communications pre & post sales engineering support in complex in-house and SaaS environments including VoIP, Server and storage Virtualization, Multi-media and Wireless, Network & Perimeter Security zone Architecture & Policy Management.
- Disaster Recovery/Business Continuity Management lifecycle design including Business Impact Analysis, RPO/RTO metrics, IT Design, Qualitative/Quantitative risk analysis, tabletop exercises.
- IT-Business Strategy Consulting for small to large businesses in areas of Business innovation, IT enablers, Enterprise Risk management, Sales, Marketing, Human Capitol and Employee retention.
- People & Organizational change development focused on building and delivering capabilities in areas of change management, organization design, sponsorship/leadership development and coaching, workforce strategies, communication, training in conjunction with the HR function.
Sr. IT Security Analyst
- Liaise with Internal Audit, General Counsel, e-Discovery, Corporate Security, IT Infrastructure, HR, Records Management on IT Security/IP protection
- Developed innovative IP Security Threat & risk mitigation solutions and processes customized for Law firm threat landscape
- Manage Operational, and Tactical information security program management for the global enterprise across US, Europe and APAC regions
- Developed an auditable global IS Security Policy & Procedures framework based on threat metrics, ISO27001 and CISSP domains
- Coordinated with Records Management group, IS, Corporate Security, PMO in developing Data Classification Policy for IT Security
- Managed global Operational infrastructure & Network security solution deployments, change control, incident management
- Developed an effective network Threat & Vulnerability management framework and procedures as part of risk mitigation
- Supported IT LAN/WAN, Desktop, Messaging, Storage, Application, Database, Project teams at the tactical security layer
- Operational management of Firewalls, AV, IPS/IDS, Proxy appliances, Microsoft AD, DNS, desktop/server security, TLS/SSL encryption
- Deployed global Web security, Secure File Transfer/Encryption, Internet egress consolidation, IPS/IDS solutions
- Developed Security Requirements for various Web Application architectures including PeopleSoft/Oracle and Windows systems
- Other areas of expertise:- Mobile (MDM), Virtualization, Cloud, Storage, Exchange Messaging, Windows OS security, Full Disk Encryption security
Information Security Consultant
- Design IAM architectures and RFP deployments for various directory structures and access control methodologies
- Conduct detailed Information Security Assessments based on ISO27002 and risk domains
- Design Information Security Functional and Strategic organizational roles and responsibilities
- Conduct client EY Global Information Security survey benchmark Assessment and present findings-recommendations
- Member of the E&Y Global Information Security Architecture/service methodology team on ISO27002 and IAM services
- EY Author/presenter on “PCI v1.2 Update” for ISACA Rochester Security Summit, 2008
- Conduct Mobile & wireless Security Audit for Blackberry Enterprise Server and 802.1x environments
- BCM/DR design strategies including BIA, Technical Architecture, Replication, Client Charter design
- Program Committee/Session Chair at the CMU-SEI, CyLab “Making the business case Software Assurance workshop”, Sep.2008
- SAP, PeopleSoft Application Security/SoD rule audit assessment using Approva/EY-Analyzer tools
- Contributing member of the E&Y Global Information Security, Privacy, Forensics, Enterprise Architecture, Entrepreneur of the Year (EoY), and People & Organizational management Groups.