• Security & Risk Gap Analysis
• Ethical Hacking
• Penetration Testing
• Web Application/Web Services/API Vulnerability Testing
• Mobile & Thick Client Application testing
• Sox Compliance
• HIPAA Compliance
• PCI Compliance
• Medical Devices & Hardware
• Internet of Things (IoT) vulnerability Testing
• SEC & Investment Industry Performs Long and Short term contracts to assess security posture and/or weaknesses. IT Security is no longer a small niche market and the demand by small and large businesses alike call for robust and diverse security expertise. A well-rounded background & vast experience allows for expert consulting in a multitude of environments and platforms. Some of these include: Regulatory Compliances, Establishing baseline security postures, Pre-Go-Live sanity checks, and Production Vulnerability Assessments. Modern or legacy, Intranet or Internet, if it connects to a network, it can be tested for vulnerabilities, misconfigurations, and corporate standards & policy violations. Notable contract work includes but is not limited to: Global Portfolio & Mutual Fund management software, News Aggregation API's, Medical Appliance Firmware Update platforms, International Mortgage Processing applications, Insurance Claims Processing software, and Marketing Content Repository/Licensing/Distribution platforms.
- Varying clients - IT Security Consultant at Consultant
- Senior Security Engineer at Kaplan, Inc
- Infrastructure Vulnerability Assessment Team Lead (Global Operations) at Citigroup
- Security Operations Center (SOC) Team Lead at PerimeterUSA / Guarded Networks
4 years at this Job
- Bachelor's - Industrial Design & Engineering
- Bachelor's - Industrial Design & Engineering
Weekly hours of work: 60 hours per week
• Lead in the design, implementation, and maintenance of the Projects on Security/WAN/LAN/WLAN
• Designed, implemented and maintained VPN tunnels to remote offices and power plants
• Configured and maintained Cisco PIX/ASA/WatchGuard/FortiGate/Symantec Endpoint Protection/Sophos Firewalls, Cisco routers, AP's and switches
• Project Lead for Radware, Websecure, Websense, Wireless, Whatup monitoring , Symantec Endpoint Protection , IDS/IPS, and Network General SnifferPro DSS/RMON projects.
• Designed, Configured, implemented and maintained logging systems such as the Allienvault/Tripwire/Netwrix Auditor and Carbon Black. These systems have been used to monitor the secured environment to detect any malicious activities.
• Designed, configured, maintained and used Email Security Appliance (ESA) and Web Security Appliance(WSA) to manage the secured environment email/web systems.
• Designed and implemented all security training programs for all employees, contactors and consultants
• Prevented unauthorized access by monitoring port traffic, monitored and maintained over 250 Cisco network devices, and maintain WAN OSPF& BGP network of 34 ATM, FRAME, Wireless Point to Point, and VPN LAN to LAN connections.
• Supported and administered all firewall environments in line with IT security policy requirements.
• Updated knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks and participating in professional organizations
• Does a daily log review and analysis for all systems and their activities, logs and events. This is done to determine and detect any malicious activities for an immediate action.
• Performed network maintenance and system upgrades including service packs, patches, hot fixes and security configurations such as the routing and switching equipment;
• Configures hosted IP voice services;
• Remote support of on-site engineers and end users/customers during all security installation processes
• Remote troubleshooting and fault finding if issues occur upon initial installation;
• Manages Capacity and audit of IP addressing and hosted devices within data centers; This ensures smooth operation of the network
• liaising with project management teams, third-line engineers and service desk engineers on a regular basis.
• Liaise with vendors and other IT support personnel for problem resolution. This ensures customer satisfaction Promontory Financial Group, An IBM Company Senior IT Security Consultant: February 2018-Present
• Designed and implemented network infrastructures to best fit customer security requirements, budget and timeline.
• Configured and monitored network security devices to include, SonicWALL TZ170's, 2040's, and 5060's.
• Assisted customers with troubleshooting their networks, security devices, operating systems, e-mail systems
• Developed, maintained, and troubleshot various information technologies security elements in a Linux, UNIX, and Windows environment
• Provided knowledge in architecture, development, testing, configuration, integration and implementation of multi-platform Identity Management technologies, solutions and products.
• Performed security scans and updates to support Oracle, and MS SQL Server database systems
• Performed security audits with full reporting delivered to customer based on application, system, security device, and snmp logs.
• Reviewed and modified access control lists (ACLs) on network switching and routing equipment as needed to maintain security standards.
• Performed security administration for Microsoft 2008/2012, Solaris, and Red Hat Linux servers and network
• Conducted server security administration, compliance reporting in Vulnerability
• Managed System in accordance with DISA STIGs, and IAVAs.
• Investigated cyber threats, and managed policy for Host Based Security System (HBSS) using policy Orchestrator, performing asset discovery and compliance scans using eEye Retina and Nessus
• Maintained and updated Symantec Endpoint Protection/Sophos Antivirus Servers, and clients.
• Maintained DNS resolution policy, processed PKI certificate requests, blocked malicious websites using Websense/Cisco Web Security Appliance, and maintained pattern-based SPAM filters on Symantec
• Main point of contact for primary customer during their process of replacing over five thousand certificates threatened by the Heartbleed bug and coordinated the processing of all urgent or sophisticated orders.
• Supervised and assisted with training the support team for primary customer and reviewed the team's work for the replacement certificates.
• Coordinated team members in multiple regions to process requests for international customers in different time zones and languages.
• Tracked and reported on number and value of certificates issued as well as performed internal audits to ensure all SSL On Demand customers remained in compliance with industry baseline requirements.
• Consistently exceeded performance goals and expectations, recognized for contributions to several major projects. UNIX Administration: Applications and Services Network Security Group. (NSM, NetMRI)
• Planned, implement and documented change of services including hardware replacement and enhancements.
• Conducted POC trials of Network Security technologies including wireless (Cisco, Meru), web application firewalls (Fortiweb, Radware), SIEM tools (QRadar, Tripwire, Allienvault), and firewalls (FortiGate, Juniper, ASA, WatchGuard, SEP, Sophos, and Palo Alto), then implemented the solutions.
• Expert with Juniper Netscreen and SRX Firewalls and IDP, Palo Alto and Fortinet (Fortigate, Fortianalyzer, Fortimanager).
• Lead in troubleshooting all connectivity issues. Lead contact for operations center. Lead engineers for all wireless issues in the country and outside.
• Lead in deploying new technologies to data center and branch offices including firewall, NAC, wireless and switching technologies
- Senior IT Security Consultant at Promontory Financial Group, An IBM Company
- at Penetration Testing, Intrusion Detection, Mobile and Computer Digital Forensics
- WINDOWS/LINUX ADMINISTRATION, SECURITY & EXCHANGE SERVER ADMINISTRATOR at Howard County Government
11 months at this Job
- Master of Science - Applied Information Technology
- Graduate Certificate - Information Security & Assurance
- Graduate Certificate - Database Management
Bengaluru, KA She has been working with the KPMG Risk Consulting team for more than three years. She has worked on the following areas, but not limited to; - ITGC Review, SOx Advisory and Attestation, Vendor Security Assessment, Information Risk management, HIPAA Assurance, PMO related activities. Her experience with KPMG covers but is not limited to; She was involved in providing assurance reports under international standards such as SOx Advisory for one of the leading oil and natural gas companies in the world for three consecutive years. The engagement involved providing client specific assurance reports for key clients and key applications of the outsourcing organization. The engagement required us to conduct gap analysis on the assets to identify the current risks and perform management testing for Application General Controls (AGC) and Application Security Review (ASR), identified by the client in accordance with SOx requirements and defined based on the COBIT framework, for various SAP and non-SAP applications. The Application General Control review and the security review covered the test of design and operating effectiveness, and document the same, in the following domains - Access to Programs and Data, Program Changes, Segregation of duties assessment, Program Development and Computer Operations (Backups, Batch Jobs, Problem Management).Involved in engagement planning, management, coordination with the team. Awarded the Kudos Award for her outstanding performance in this engagement. Team Member for SOx audit engagement of a leading global Insurance company in the UK. Served KPMG UK in conducting comprehensive test of controls in order to meet SOx requirements. Her responsibilities included testing of business process controls in the domains of Revenue, Taxation, Payroll, Treasury, Fixed Assets, Purchase to Pay and Other Expenses. Also involved in testing of various General IT Controls testing around the business process application as well. Was involved in a Vendor Security review for one of the largest American multinational telecommunications corporation in the world. The engagement included assessing for compliance all the aspects of security covering physical, network, information, logical, software, Connectivity, Business continuity, Overall contracts, Privacy, and Identification and authentication. Was involved in performing ITGC's testing and ITAC's testing which focuses on and comprises of segregation of duties, IT security policies, Access controls (logical and physical), User access management, Change management, Backup recovery and restoration, Incident management and likewise and Process analysis and audit for transactions with financial implications. Was involved in providing assurance reports under international standards such as HIPAA for one of the leading non profit health care provider in the world. The engagement required a detailed understanding of the processes followed by the third party vendor in storing and managing the personal health information. Was involved in project management activities and vendor Review for a Leading Healthcare Company in US for their outsourced IT Services.
- IT Security Consultant at KPMG Bangalore
3 years, 1 month at this Job
- Master of Science - Business Analytics and Information Systems
• Conducted requirements elicitation workshops with the stakeholders and capture their Physical Security needs
• Mapped the Physical Security technology needs into IT requirements - Cybersecurity, physical, network, storage, hypervisor, server, O/S, cloud, middleware, runtime, application, data
• Management of SEHS project managers and help convert the needs and mappings to project approach, plan and activities. Participates in short- and long-term planning efforts with stakeholders and IT groups. Supports the development of cost/time estimates
• Worked with third party security integrators and system manufacturers, for standards compliance oversight, deployment coordination and testing, cybersecurity validation and commissioning.
• Ownership of the IT tasks involved in the day-to-day execution of projects managed by Security Technologies group
• Coronated with business analysts to develop appropriate data flow diagrams and process flows for the end-to-end solution
• Worked with networking and firewall team members globally to design, document, communicate and implement networking aspects of the solution. Work with server, virtualization teams globally to design, document, communicate and implement server aspects of the solution
• Aligned IT Risk & Compliance and Information Security to ensure that the implementation design meets all IT and security controls
• Integrated physical security solutions with other applications and platforms based on engineering requirements
• Co-developed capacity plan, measure network utilization against the assigned capacity and recommend optimization requirements
• Provided technical direction for the planning, designing, and execution of testing efforts. Validates test results. Ensures that tests evaluate all possible impacts on the current infrastructure or application.
- IT Security Consultant (contract) at Sony Pictures
- Head of Cyber Security USA, Canada at HikVision
- CISO, VP of Development at SC Global, Lausanne SA Outrival Secure
- CTO CISO at Video Surveillance Now
4 months at this Job
- B.S. - Computer Science
• Researched and documented security recommendations for network implementations.
• Provide IT Support for Microsoft Office, software installs, internet, and hardware issues.
• Successfully managed configuration management for firewalls, hardware, and software.
• Helped create system security plan for management and end users to follow to ensure system integrity.
- IT Security Consultant at BW Tech Solutions
- Sr. Information Systems Security Officer I at Raytheon
- Information Systems Cyber Specialist II at Raytheon
- PC/Client Server Analyst I at Raytheon
4 years, 7 months at this Job
- Bachelor of Science in Management Information Systems - Management Information Systems
● Review and Advise on ACC IT and InfoSec Policies and Security Program development.
● Align IT Operations strategy with most effective security priorities.
● Work with Network and Systems Engineers to maintain and support ACC IT Operations
● Analyze Palo Alto Networks solutions and recommend improvements for effective deployment and management.
● Establish and lead Vulnerability review meetings to support the Vulnerability Management Program
- IT Security Consultant at American Campus Communities
- Manager, IT Security at ShoreTel
- Network Engineer at ShoreTel
- IT Manager at CEDRA Corporation
6 months at this Job
- BA - Biology
Provided small business consulting services to local organizations in the areas of information security, risk management and overall IT strategy.
- IT Security Consultant at Felix Mack
- Sr. Data Security Analyst at Tyco International
- Sr. Data Security Analyst at Tyco/ADT Security
- Information Security Analyst at Holy Cross Hospital
2 years, 7 months at this Job
- A.S. - Computer Engineering
• Main Focus is to design secure Network Security Solutions ◦ Designed large scale data networks needed to facilitate device communication. ◦ Implementation of Enterprise class CCTV systems, some including over 630 IP cameras / 50 NVR's (network video recorders) ◦ Implementing our design solution led to a 75% decrease in crime calls within 1 year
- IT Security Consultant at AA Lock Doc & Security
- IT Manager / Volunteer Coordinator at Creative Services Inc
- Director of Technology at Senior Financial Security Inc
- Owner / Designer / Developer at ProApp Consulting
10 years at this Job
- - MCSE, A+, Network+
Current employment and assigned to the Security Incident Response Team (SIRT). Daily duties include security incident detection, analysis, containment, eradication, and recovery. Final responsibility of post-incident activity is ensuring accurate incident documentation is being reported to Senior Leadership. Other work roles are enhancing and improving department processes; requires weekly, if not daily, discussions and negotiations with internal security teams. Also tasked to perform trend analysis of daily, weekly, and monthly reports. Additional assigned duties are Process/Procedure SME, lead trainer, and SIRT Wiki SME.
- Senior IT Security Consultant at Optum Technology/UnitedHealth Group
- Security Coordinator/Security Analyst III/Security Manager at GB Protect - Catholic Health Initiatives
- Project Manager Lead at Progressive Insurance
- Project Manager at Current, Inc
5 years, 6 months at this Job
- Master of Science - Management
- Bachelor of Science - Management Information Systems
● Developing Documentation run books for best practices.
● Lead asset in building out incidence response team.
● Leveraging Fire sights Source fire for indications of events or incidents.
● Tracking down users that have broken Security compliance rules and retraining them on proper search habits.
● Running Virus scans within Kaspersky and triaging results as needed.
● Working with various departments and vendors to Block, unblock, recategorize and troubleshoot various events.
● Working with a variety of Trojans, worms, and botnets.
● Making critical judgement calls as to whether to isolate the host from the network.
● Instrumental in the implementation and buildout on the incident response applications and foundation.
● Analyzing traffic to analyze user search habits and to rule out false positive alerts.
● Experience in administering, and configuring.
● Information security assessment of one or more centralized endpoint information security technologies (device management, malware protection, application whitelisting/blacklisting, patch management, software deployment, etc.
● Running Nmap scans to determine vulnerabilities such as ports open and to scan ip addresses.
● Working to implement policies to block adware as a security precaution.
● Escalating incidents as needed to the appropriate departments BOX
- IT Security Consultant at Maricopa Community College
- IT Security Analyst Incident investigative Response at
- Network Analyst at EZCORP
- IT Security Specialist at Entergy/HCL
7 months at this Job
- Certification - pursuit of CAPM