Summary:

With my professional reorganization Confidential and many others, technical engineering education and detail understanding, expert training, and a real-world 18 years of IT security experience providing information technology professional expert in pre-sales consulting, pre-sales product demo, implementing, project deployment, project management and security-compliant driven solution and frame work to meet our valued client business requirements while satisfying security regulatory requirement. My major expertise's are in vendors and business partners, direct or end-clients security risk assessments detail security evaluation for their IT Infrastructure, business web applications security, database, and Smartphone application interface security assessments. I utilized professional, commercial and my own proprietary security assessment tools, techniques, custom tailored audit processes to identify unknown and undetected small to major, serious red flags security threats, that may cost company big fines, brand damages due to lack of expert knowledge and risk assessment. I do 360 degree security assessments to identify all possible threats to make our client is Internet cyber crimes hack-resilient. With my expertise, I can make your company a Rock-Solid Secure, Hack Resilient and a Security Governance Compliant Company that put security and business in balance with zero regulatory fines of risks. Very strong detail technical understanding, planning, implementation, and operational support and Security Risk Assessment and Audits on Industrial Control Systems ICS , Process Control Systems PCS , Distributed Control System DCS , Supervisory Control and Data Acquisition SCADA , PLC's and RTUs for client most critical key systems. The main area of my specialization and expertise includes but not limited to Infrastructure Enterprise Security, Web Application Security Secure SDLC Development, Code Review and Pen Testing, Database Security Audits IT Infrastructure Planning and Designing, Risk Assessment and Vulnerabilities Management, Security Policy Framework Development, IT Security Technology Products Evaluation, Testing, and Integration, Risk-Based Security Audits, Risk and Threats Modeling, Risk Analysis, Business Logic Analysis, Technology or Process Gap Analysis, Internal and External Security IT Audits, Developing and Enforce Security Strategies and Controls to building my client

SECURITY PRODUCTS /SOLUTIONS:

• Regulatory Standards: SOX 404, PCI DSS, PCI- PA-DSS, PCI- PIN, HIPAA, HITECH, SAS 70, PII, NIST-800, Federal Information Processing Standards Publications FIPS-190-200 PUBS , National Institute of Standards and Technology NIST-800 Series PUBS , FISMA, DoD Directive 8570 Security Manual, FDA, ISO 27000 Information Security Management Risk and Controls/ Preparation
• Web Application Security/VM: IBM- App Scan WatchFire , Accunetix, HP Web Inspect Spy-Dynamic , Fortify , Rapid 7 Metasploit Pro and Express
• IT Infrastructure Security/ VM: QualysGuard Scanner/ GFI LanGuard Scanner, Super Scanner,Nmap Scanner, Nessus Scanner, Rapid 7, CyberCob Scanner, Internet Security Scanner, Nexpose Scanner, Retina Scanner, Tiger Tool Suite, Encase
• Threats Countermeasure Solutions: Check Point Endpoint Security, Check Point Pointsec Mobile, Symantec Endpoint Protection, Symantec Control Compliance Suite Policy Enforcement , Symantec Security Information Manager Log Management , Barracuda Web Application Firewall, Check Point Web Intelligence Web Application Firewall , Imperva SecureSphere Web Application Firewall, Imperva SecureSphere Database Firewall Database Firewall , Imperva Database Activity Monitoring, Imperva File Activity Monitoring, VMware ESX Server Virtualization, Websense Web security, and DB Protect, Protegrity Database Protection and Security, TriGeo SIEM Log Management Appliance. Cisco IDS/IPS, Palo Alto Firewalls
• Firewalls VPN: Cisco PIX / ASA, Check Point NGX, Juniper Netscreen NS-25/NS50, Firebox III, MS ISA Proxy 2004/ ISA 2006
• VMware: ESX Server, GSX Servers, P2V Migration, /V2P Migration, VirtualCenter, Vmotion Deployment

Network Load Balancing: NBL Microsoft. Barraduca Network

MS Product: MS MOM 2003, MS Exchange 2003 , ISA 2004 / ISA 2006, MS SMS 2003, MS Virtual Server 2005

Operating Systems: Windows NT4.0/ 2000/ 2003/2008 Active Directory, Novell Netware, Linux, VMware and AS/400

Network: TCP/IP, DNS, WINS, Routing, RIP, PPP, OSPF, LDAP, VLAN, Network Management Monitoring

Mail Systems: MS Mail, Microsoft Exchange Server 5.5 / 2000/ 2003, Lotus Domino, and Novell Group Wise

Security: LDAP, Kerberos, RSA Secure ID Two-Factor Authentication, and Audits Risk- Assessment Tools. Security Policy Road Map Developments Authoring, Enforcement and Remediation

Database SQL Servers: SQL 6.5 Server, SQL 7.0, SQL 2000, SQL 2005 Servers,

Database: Access 2007, Access 2000 Database, Program Designing and Application Interface

Database Oracle 9i: Oracle 10g Security Oracle Security Policies, Oracle Audit Plan, Internal Risk Assessment Control Questioners

Cognos Server: Installation, Implementation, and Cognos Report Application Configuration, End-User Training

Hardware: IBM XSeries i-Series Servers, Compaq /Dell Servers, Cisco/ Juniper Firewall Routers, and Switches

Office Applications: MS Office Suite, Project 2003/2010, Visio 2003/2010, Omni Forms, Adobe and others dozens of applications

Other: Citrix MetaFrame SAN Solutions, Windows Terminal Services and CiscoWork2000

Programming: Basic Shell Scripting, MS Access 2003, and MS Visual Basic 5.0 6.0, Power Builder 4.0 Application Custom Application Designing

Web Development: IIS Web Server, MS Front Page, Dreamweaver, Flash, Photoshop's, and NetObject Fusion

CONSULTING ENGAGEMENT PROFILE:

Network Engineer

Sr. Security Architect Consultant / Auditor

Confidential

Project Scope / Achievements Sr. Security Consultant / IT Auditor / Vendor Risk Assessor Assess and qualify IT vendors, their security and privacy practices to determine and document risks and mitigation controls as applicable to the scope of contracted services and SOW's Evaluate the design and effectiveness of policies, applied controls for processes, systems, networks, and applications in accordance with laws, regulations, and internal policies, procedures and standards such as ISO 27001, CIS, NIST etc. Support Project teams in defining and documenting Information Security system requirements during IT system design, development, and implementation. Perform and document information security related risk assessments Proficient in applying technical documentation skills to the creation of work instructions, directives, policies and procedures as needed Participate and contribute to the development and improvement of the security assessment program and related processes and procedures and large Infra and apps migration Lead assessments to determine and document compliance gaps and risks in processes, systems, procedures and practices Provide recommendations for addressing identified gaps and works closely with IT or the business on creating corrective action and risk remediation plans Conduct regular follow-up on and drive completion of security risk assessments and remediation plans Work directly with BISO, BU, Vendors, and Key Technical Stakeholders and off-shore team to provide security expertise and assistance

Project Scope / Achievements:

IT Infrastructure / Web Application Security Risk Assessment / Mitigation

Assessed and identified security threats related to mission-critical IT infrastructure online systems and web facing applications. Performed a detail analysis of current SDLC practices related to application development life cycle, identify business process gaps that includes change management, configuration management, version control, BCP/DRP, access controls, and data classifications, performed authorized and independent penetrating scanning testing to identify Infrastructure and top 10 OWSAP Web Application vulnerabilities such as SQL Injection, Cross Site Scripting, Buffer overflow and DDoS attacks etc performed analysis of application code review to validate false positive and false negative vulnerabilities within systems and web facing online application. Worked very closely with key BIOs Business Information Owners and their underling technical in-house team to put a time line to remediate and/or mitigate confirmed vulnerabilities that requires high urgency to be fixed. Developed technical matrix, diagrams, and data flow mapping to identify process and threats.

Project Scope / Achievements:

PCI-DSS Readiness and Certification / Security Risk Assessment

Developed project plans for PCI-DSS Readiness for Euronet Worldwide, one of a newly acquired subsidiary business unit names RIA Financial Services Assessed the current posture of client security and developed a cross mapping PCI requirements matrix with current technology and practices. Initiated internal quarterly security audits practices to identify and control security threats and vulnerabilities. Implemented remediation and mitigation project plan timeline. Deployed best suited security solutions included QualysGuard Scanner, GFI Languard Scanner, Accunetix Web Scanner, TriGeo SIEM, Log Management, and Barracuda Web Application Firewall. Performed annual BCP/DCP testing for mission critical online systems and online applications. Interfaced and coordinated with U.S State auditor to provide audit requested documents that includes business strategic planning, pen testing results, SDLC life cycle procedures, and BCP/DRP testing results. Developed technical documentations to comply with regulatory standards and/or external auditors. Worked in 24/7 environment to support client uptime.

Project Scope / Achievement:

• HIPAA and PCI-DSS Threats Assessment / Remediation
• Identified and developed ePHI and sensitive data flow charts and diagrams related to PCI-DSS / HIPAA
• standards. Worked closely with data and business owners to assess risks based-on current practices,
• business process to identify potential security threats along with recommended remediation
• and/or mitigation controls and solutions. Performed Configuration validation, testing, and developed
• security policies and application and data audit review program matrix- As common security threat
• evaluation tool.

Project Scope / Achievement:

• Security Firewall Testing Certification
• Performed security firewall product research, functionality and security testing that includes pen
• testing, network traffic flood load Flood testing using IXIA traffic generator for certifying AT T
• approved products Cisco ASA 5510, 55020 Firewalls, Switches 3500 Series, Juniper Firewalls .

Project Scope / Achievement:

• Web Application Testing / Reverse Proxy Firewall Implementation
• Performed ISA 2006 firewall installation, configuration, security policies re-assessment and migration
• and external pen testing to identify potential threats related to ISA 2006. Performed web application
• migration and pen testing, coordinated with key business owners to deploy remediation and mitigation
• controls fixing web application vulnerabilities where needed. Developed BC/DR practices manual.

Project Scope / Achievement:

• Oracle Database Security Policy Review / Gap Analysis
• Performed security policy review, revised based upon current practices and environment and business
• practices. Developed oracle data security control matrix check list for security team, and security
• awareness program to protect Personal Identifiable Information PII .

Project Scope / Achievement:

• Security Policy Framework Program Development
• Developed customized client based Security Policy Program Framework to address PCI-DSS, HIPAA
• and SOX security policies and controls to be implemented to address security compliance requirements.

Project Scope / Achievement:

• Security Policies / IT Technology Merging Acquired Guidant Entity
• Performed detail security policies review and cross mapping identifying policy and technology related
• security gaps, reviewed standard operational procedures SOPs and department operational procedures
• DOPs and cross mapping to identify security, process or operational gaps and potential threats for this
• acquired merging for newly acquired entity Guidant. Identify key sensitive data flow area that required
• more stringent security policies and handling procedures to protect HIPAA, PCI, and SOX related data

Project Scope / Achievement:

• HIPAA and PCI Compliance Check Up / Internal Risk Assessment
• Performed security risk assessment, address identified vulnerabilities, deployed and upgrades Check
• Point NGX Firewall, Deployed RSA two-factor VPN technology, developed security policies and
• procedures to protect HIPAA and PCI-DSS related data. Perform pen testing for IT infrastructure and
• web facing applications and work very closely with application programmers and developers integrating
• all required security controls to remediate and/or mitigation security vulnerabilities within systems and
• web applications. Developed employee security awareness program protecting HIPAA related data and
• files at Stratacare. Worked in 24/7 environment to support client uptime.

Project Scope / Achievement:

• Technology Migration Risk Assessment Acquired Bank
• Developed technology migration project plan for newly acquired bank by WAMU, performed technology
• cross-mapping, gap analysis, technology research, risk Analysis, and worked with closely with key team
• stakeholders and leaders and set migration schedule plan, follow-up meeting, minutes and coordinated
• key senior executives management personnel to update project progress. Developed data flow and
• technology integration diagrams and other material. Played a key interface role between technical team
• and senior executive management.

Project Scope / Achievement:

• SOX Readiness / Risk Assessment / New Security Technologies Integration
• Performed detail client IT Infrastructure risk and gap analysis. Deployed security solutions and
• Major technology upgrades and re-engineering LAN/WAN enterprise infrastructure that includes
• Deploying and upgrading infrastructure firewalls, systems OS upgrades, DB upgrades and application
• Upgrades and integrating new security products to protect back-end and front-end systems. Developed
• plans and documents for migration migration to Windows 2003 servers, active directory AD and OU
• planning and designing, and enterprise group policy enforcement, technical document development
• Includes security policies, framework, DR/BC procedures and testing development documents. Developed
• IT security policy manual. Performed internal quarterly and annual risk assessment security audits for
• identifying security threats and vulnerabilities and deployed all remediation and mitigation controls.
• Worked very closely with Deloitte and Touch, Moss Adam, KPM external auditors to comply with audit
• reports and implementing all security controls or practices to mitigation and controls security threats and
• potential vulnerabilities. Worked in 24/7 environment to support client uptime.

Project Scope / Achievement:

• Internet Firewall Gateway Certification / Risk Assessment
• Performed enterprise internet firewall gateway security certification, risk assessment for five VA
• hospitals to identify potential security treats and vulnerabilities within Internet Gateway Infrastructure,
• underlying public systems and Web facing online applications. Performed pen testing for firewall, web
• application,VPN gateway. Assessed and validated secure VPN communication transmission, upgraded
• Internet Gateway Firewalls and Re-Assessed Security Policies. Performed DR/BC testing to ensure
• Business continuity will be in tact to handle potential disaster or hardware failover. Developed Internet
• Firewall Gateway Certification Manual for each VA Hospital sites to be submitted to U.S Inspector
• General IG to be reviewed and approved to each DVA Hospital site as per their security standards.

Project Scope / Achievement:

Managed over 250 enterprise mission-critical enterprise systems, responsible for timely patch management,OS upgrades. Performed duties included domain account management, physical and logical access controls, dealer data backup and restoration assurance and up time monitoring. Built Compaq RAID5 and RAID2 Business Servers for Honda dealer sites as new dealer sign-up.

Project Scope / Achievement:

• Enterprise Infrastructure / Systems Operational Management
• Responsible for managing and administrating enterprise firewalls, LAN/WAN Infrastructure, building
• mission-critical business servers including MS Mail, MS Exchange, MS SQL and MS IIS web servers.
• Provided end user. Developed Security policies and best practices, develop DR plan and test procedures
• for firewalls, file Servers, database servers. Developed technical documents, that includes audit metrics,
• enterprise network and data flow diagrams. Worked in 24/7 environment to support client uptime.

Project Scope / Achievement:

Network Infrastructure Migration- Token to Ethernet Topology

• Responsible implementing and testing back-end and front-end desktop systems functionality and
• connectivity including migrating desktop MS Mail client data and configuration to 500 bank desktop
• PC users.

Project Scope / Achievement:

Network Engineer

• Performed managing, monitoring and upgrading LAN/WAN network infrastructure devices that include
• Firewalls, Routers, Switches, Remote Access Dial-Up Modem. Performed systems support for Windows
• NT4.0 business systems.

Project Scope / Achievement:

Network Analyst

• Performed managing, monitoring and upgrading LAN/WAN network infrastructure devices that include
• Firewall, Routers, Switches, Remote Access Dial-Up Modem.

Project Scope / Achievement:

Systems Analyst

• Performed a custom application manual installation and deployment roll-out on 500 desktop users,
• ensuring full functionality, connectivity and secure configuration. Performed a quick one/one user
• application use training introduction.