- 5+ years of experience in IT security, security management with technical expertise in implementation, operations & support.
- 2 years of International master's degree in the field of "Information and Communication systems Security" -from KTH, Sweden, with international exposure, and relevance field experience by considering European security standards and laws.
- Experience in manual penetration and application testing by considering black box , white box testing and out of box thinking as an ethical hacker.
- Hands on experience in Antivirus Administration, Patch Management, Network devices analysis , Vulnerability Assessment and Penetration Testing(VAPT) and log analysis.
- Comprehensive understanding of network security, IP protocols(IPv4 and IPv6), operating systems, application software and cyber security tools.
- Knowledge on web application, web server and database security assessment to assess vulnerabilities for XSS , SQL injection, CSRF, etc. Web application security using dynamic analysis tools Acunetix, CORE IMPACT, HP Web Inspect, BurpSuite and IBM Rational app scan ...etc and static analysis tools like HP Fortify.
- Understanding of information security architectures and applied cryptographic protocols , and access control systems.
- In-depth knowledge of various Security and Privacy issues, Information security policies, Governance and compliance.
- Experience in secure S-SDLC product and holistic security approach by implementing Attack surface analysis and Threat Modeling, Static and Dynamic code review.
- Knowledge on Information Security Management Systems(ISMS)-ISO\IEC 27001 Controls.
- Knowledge of Cryptography and Public Key Infrastructure(PKI).
- Experience in Information Security Risk Management (ISO\IEC 27001:2013, SSAE 16, ISO\IEC 31000, Octave-Allegro).
- Knowledge on PCI DSS, HIPPA, SOX, COBIT and NIST-CSF standards.
- International experience working with people from different countries and background.
- Programming Languages : C, Java(J2SE, J2EE),.Net(VB,C#,ASP)
- Database applications : SQL, Oracle10g
- Documentation Suites : Microsoft office ,open office, MS Visio
- Operating Systems : Windows XP,7,ubuntu, Backtrack5R2
- Software Tools : Mat lab, Net beans, Dream Viewer, Apache Tomcat 4.1/5.0,Rational Rose, Visual Studio, VMware
- Management skills : Operations management, OCATE approach to IT security risks,Agile Project Management
- Security : Cryptography, Certifications , N/w Security, Wireless&Mobile Security, Smartcard, SSL security , Security compliance, Malware Defence, AV analysis , S-SDLC, Ethical Hacking
Information Security Skills:
- Cryptography, Risk Assessment, Vulnerability Assessment, Penetration Testing, Access Control, Secure software development, Malware analysis, Two factor authentication, Legal Regulations and Compliance,
- Information Security and Risk Management :ISO 27001, OWASP, CWE, Security Management, Security policies and Standards, Security Auditing, Project management and Consulting, Social Engineering, Presentations, Training .
- Business continuity and disaster recovery, Operations Security, Security Architecture and design, Governance and Risk management.
Security Tools :
Vulnerability Assessment and Penetration Testing:
- Hands on experience using Advanced Exploits and Tools like Metasploit for penetration testing
- Good in penetration testing methodologies
- Experience in using Nessus for vulnerability analysis
- Good in working with Backtrack for penetration testing
- Good in analyzing web app security using Acunetix and Core Impact.
Cyber Forensic Investigation Skills:
- Good Knowledge and experience of Firewalls(Checkpoint Firewall), IDS/IPS.
- Good in e-mail tracking using full headers
- Good Knowledge of Data Recovery
- Log analysis(Sawmill analyzer)
- Internal Auditing
- Threat analysis of the devices from security point of view
Network Audit and Performance Analysis Assessments
- Good in Advanced Wireless Testing and vulnerability assessment
- Good in identifying and analyzing the network gaps
- Good in External and Internal Network Penetration Testing
Penetration testing Tools:
- Reconnaissance:Whois, traceroute, DNS integration, GHDB..etc
- Scanning:ICMP Scanning, PingSweep, Nmap, NetScan , Nessus, Saint, GFLANguard,LanSurveyor, Proxies ,TOR ,HTTPtunnel, SSHtunnel, Psiphon, G-Zapper.
- Enumeration:SNMP, LDAP, NTP, SMTP, EmailTracking..etc
- Web Application Security/ Hacking Tools:
- Netcraft, Acunetix, Fortify 360, NMap,Metasploit, CoreImpact, Web Scarab, Ettercap, Netcut, IPSpoofing, ARP/MAC flooding& poisoing, Keyloggers and Spyware tools, password cracking, Rootkits, Botnets, XSS, SQLmap, paros, DOS, SessionHijacking, Sniffers, privilege escalation, MITM, Bufferoverflows..etc
- Research work:
- Biometrics for Surveillance: In this research we examined, how the use of biometric techniques would enhance the existing surveillance system? In this research we did Quantitative Research Methodology by collecting views of different people on various issues.
- Biometric Passport System (E-Passport): In this research we have explained the system by considering all security features of E-passport and analyzed the existing threats. Also evaluated how to implement security mechanisms to provide trust and security between different nations.
- Mobile agent security: In this research, we have explained about mobile agent which has so many features of autonomy, social ability, intelligence, activity, goal orientation, mobility. Based on the features, we analyzed how they can provide security to the system, and also cryptographic protection of agents.
- Legal Aspects of Information Security: Interpretation and application of security laws in a corporation. By negotiating a security agreement between purchaser and seller and by considering legal system management and IT laws.
- Risk assessment as an OCTAVE consultant, by managing all security issues in the organization of IT infrastructure and other services.
Designation : IT security Consultant
- Maintaining Security compliance of the Client Network.
- Performing Security Health check , and patch management using TEM, security auditing, security compliance, malware analysis, risk assessment
Designation: IT security Analyst
- Network VAPT, Web app Security, ISO controls implementation, security assessment and risk analysis
Role: Security Analyst
Perform and create procedures for forensic investigation, system security audits, penetration-tests and vulnerability assessments. Focal for Vulnerability management and Assessment project (scheduling the scans by regions, scanning the devices, report analysis, vulnerability resolution, patch management)Confidential
Role : IT Software Developer/ Security Trainee
- Worked on software development.
- Security maintenance and monitoring.