Sunday, June 8, 2008
Senthil on Hindu -- Personnel
http://www.hinduonnet.com/thehindu/2006/06/09/stories/2006060918320100.htm
My Resume...
Ramasubbu Senthilnathan
E-Mail: nathan_thilse@yahoo.com
Summary:
Over all 10 years of experience in Information Security with specialization in enterprise level security consulting services spanning from security framework design to IS audits.
Well experienced in Developing Corporate Information Security Policies, processes, procedures and technical controls for many enterprise clients to meet the compliance and standards requirements
Strong knowledge on translating the compliance and standards requirements to the technical controls and configurations.
Expertise in design, deployment and managing the security solutions in the areas of Managed Security Solutions, IT operations management, Information Security Management System (ISMS), Security Incident management (SIM) systems.
Specialized on ArcSight, Symantec Enterprise Security Manager (ESM), Network Intelligence and SESA.
Have experienced in integrating multiple OS, database and other applications with SIM.
Well experienced on Plan, deploy, configure and manage the SOx monitoring, privileged user monitoring and security monitoring solutions for the clients based out of USA and UK
Performed Information Security Risk Assessments and Risk management at the Enterprise level.
Excellent knowledge and experience in Information Systems Security Auditing, (ISO27001) BS7799 Implementation as well as auditing, building ISMS inline with information security standards and industry best practices.
Has worked on few SOX 404 assignments in the US (Shell – Richmond and Capitalone – Virginia)
Worked closely with internal and external audit towards regulatory requirements and compliance objectives
Strong technical aptitude with exceptional talent in training and development and an ability to effectively translate technical information and procedures to end-users.
Understanding the customer’s pain area and resolving with perfect solutions.
Drafted RFP and Formal proposals for various Information Security Solutions to solutions to the USA and UK based clients.
Validated the various security products for the different customer requirements and recommending the suitable and cost effective products for the optimal solutions.
Well experienced on planning and executing the compliance related and other security projects for the corporate clients.
A Very excellent Project Management Skill set and executed more than 75 Enterprise level Projects in the span of 8 years.
Well experienced on Vendor management, Support and service team management, Logistics management, SLA management.
Information Security Designed and Implemented for various business verticals as: Banking, Manufacturing, OIL and Gas, Government, Aviation, ISP, TELCO, BPO, Software and Services industry etc.
Skill sets:
Process
IS Audit Planning, Execution, Audit Documentation and Reporting
Review Internal Controls implemented for PSI-DSS, SOx compliance, ISO27001 standards and enterprise security
Design, Implement and manage the framework inline with ITIL for ISO 27001, PCI-DSS, Sox monitoring, Security Risk office and PUM
IT Risk Assessment and Management
Interview, evidence gathering and analysis
Business Continuity Plan development and Assessment
Information technology & Information security management system (ISMS)
Auditing (IT Security, Standards, Controls, Best Practices and Regulatory Compliance)
Exposure to ISO 27001, PCI-DSS, SOx, HIPAA, CoBiT, COSO, Basel II The World bank Technology Risk Checklist and ITIL
Compliance Audits
Manual Auditing (Process Mapping)
Application walkthroughs.
Trend analysis to capture the interesting events under regulatory compliance
Analysis and Management
Business Analysis
Project Management
Expertise solutions and products:
Security Information Management solutions: Arcsight, Network Intelligence envision, Symantec SIM, Symantec (Enterprise Security Manager) and Symantec Enterprise Security Architecture (SESA)
Secure communications: SecureID, IPSec, Encryption, SSH, SSL, Secure FTP, PKI, Digital certificates and signatures
Authentication, Authorization and Access Control: End-End Application Security, Enterprise Authentication and Authorization Web Services, Secure administration, RADIUS, SecureID, Single Sign-on (SSO)
Compliance and Auditing: PCI-DSS, Sarbanes-Oxley, Control Objectives for Information and Related Technology (COBIT), ISO27001, HIPAA, COSO, Basel II The World bank Technology Risk Checklist and industry best practices like ITIL
Information Security Policies and Procedures: Policies, Standards, Guidelines, Technical controls, workflows and procedures.
Host Assessment tools: NetIQ and Symantec Enterprise Security Manager (ESM)
Messaging Security: IronPort – Email Security product, Symantec Brightmail Antispam, Mirapoint Secure Email Server
Authentication: Cisco Secure Access Control Server (AAA Server), Certificate Authority Server – Microsoft Windows ISS Server, RSA – Secure ID and Single sign on Products
Patch management: Shavlik, Marimba and SUS
Intrusion Detection and Prevention tools: e-Trust, ISS – Proventia A, G and M Series of Products, Netscreen IDP, Entercept Host Intrusion Prevention System, Symantec HIDS, eTrust
Assessment Tools: ISS (Internet scanner, Network Scanner, Database Scanner), Nmap, Nessus, Retina, Super Scan
Other Tools: Brutus, Solar Winds, Quick Spoof, CIA, Ethereal and other packet analyzers, Ghost
End Point Security: Cisco Security Agent (CSA), NIS, Norton Personal Firewall
Ticketing system: OTRS with SQL
Firewalls and DMZ configurations: Cisco PIX, Check Point NG & AI, Netscreen, Fortigate, Checkpoint Provider1.
Virtual Private Networks and Remote Access: Cisco VPN, Nortel Contivity, SSL VPN, RAS, Netscaler, Juniper SSL VPN Appliance, Cisco VPN Concentrator Series, Cisco and Intel VPN Clients, Checkpoint Secure remote on Windows and various third party VPN products.
Resource optimizing solutions: Netscaler and Peribit
Monitoring, Filtering and Reporting: Websense, SurfControl, ISA, WebTrends
Antivirus: Symantec Norton Corporate Edition, Symantec Anti Spam, Trend Server Protect 5.5 and McAfee
Anti Spam Solutions: IronPort, BrightMail
Wireless Technologies: Cisco's LEAP, IEEE 802.11b standard, WAP protocol.
Planning, development, implementation and review of information security and documentation.
Web Servers - Apache, IIS
Networking - TCP/IP, NFS, Telnet, FTP, DNS, DHCP, NAT, ipconfig, route, netstat
Routing, Switching, Layer 2 and Layer 3 VLAN
Project management Systems: Microsoft Project 2000, Project Scheduler Ver 8.0
Operating systems integrated and managed for security Events: Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400
Data base integrated and managed for security Events: Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000, VB Scripts
Applications integrated and managed for security Events: Powerbroker, Ironport, IDP, IDS, Routers, and Switches, Firewall.
Workshops / Trainings attended
Certified Ethical Hacker - Trained at Asian School of Cyber Laws, Pune.
Trained on Arcsight and Network Intelligence
Trained on effective presentation skills at Richmond, USA
Trained on Antispam solutions by Ironport, USA.
Boot Camp on Application Architecture and Analysis of Symantec NAV and NIS, Aug-2005
Appearing for CISSP and Pursuing PMP training
Accreditations:
BS ISO/IEC 27001:2005 Lead Auditor
SANS GIAC Payment Card Industry (GPCI) – From SANS – No:403
IT Service Management Foundation – ITIL Exam from Exin
CoBiT based IT Governance Foundation Exam
156-210.4 Check Point Certified Security Administrator NG – AI (CCSA)
Cisco Secure PIX Firewall Advanced Exam (CSPFA 642-521) – Appeared and Scored 743 -
Cisco Certified Network Associate (CCNA 640- 607) – CSCO10682369
Checkpoint Firewall1 Administration Certificate from Brain Bench.
Education:
Bachelor of Engineering (Electrical and Electronics) from University of Madras, India.
Diploma in Electrical and Electronics from Directorate of Technical Education, India.
Key Projects
A Major Insurance Company, Madison, USA – (June 07 Till Date)
Role: Project Manager
Currently, I am handling multiple projects
Project –1 Audit Remediation Project – Security Access Reporting
Summary: This engagement included the audit remediation for the financial critical systems, Interim Solution plan and design, implement and train the team and Business System Owners (Includes Business vertical Directors, Application Owners Sr. Management staffs) on security access reporting. Ensure that the identified Gap on internal audit is resolved.
Environment: Security access reporting, Project management, PCI, ISO 27001, UNIX, AIX, Linux, AS400, DB2, SQL Server 2000, VB Script, VB 6.0, Team System, MS Project, Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Understood the audit gaps and requirements based on corporate policy, ISO 27001 standards and PCI standards
• Proposed a cost effective solution as the interim solution.
• Project management methodology followed as Assess Phase, Initiate Phase, Plan Phase, Execute Phase, Control Phase, Transition and Stabilize Phase, Signoff and close phase.
• Gate review with Sr. Management on every phase completion
• Project executed on 4 major modules as Data Stream, Reporting Stream, Attestation Stream and Training/Awareness Stream
• Information gathered from various verticals of business including IT
• Identified and documented the requirements from Privacy leaders and internal auditors
• Designed and Deployed programmers to develop the interim automated solution for Security Access Reporting. Process and procedure documents were prepared and trained the team
CUNA Mutual Group, Madison, USA – (June 07 Till Date)
Project –2 IAM – Identity and Access Management
Role: Business Analyst
Summary: Define processes, technologies, and policies to manage digital identities and specify how they are used to access resources across the various platform and finance significant applications (37). Implementing the state-of-art and cost-effective IAM solution for the hybrid and complex access environment.
Environment: Identity and Access management, Project management, PCI, ISO 27001, UNIX, AIX, Linux, AS400, DB2, SQL Server 2000, 37 various financial significant applications, Team System, MS Project, Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Analysis on financial significant applications and understanding the identity and access management methodology of them
• Information gathering on business, IT and operational roles, Personnel and financial data access
• IAM Product identification, bench marking, testing and selection
• Implementing the IAM Product and integrating the hybrid and complex set of financial significant applications with the IAM product.
• Process, Procedure and document the complete IAM project
CUNA Mutual Group, Madison, USA – (Nov 07 – Dec 07)
Project –3 Data Loss Prevention Project - Demo
Summary: Discover and protect data at rest, in motion, at the endpoint and exposed on centralized and decentralized file servers, SQL and Lotus Notes databases, desktops, laptops and other data repositories.
Environment: Data Loss Prevention, Vontu 6.0, PCI, ISO 27001, UNIX, AIX, Linux, AS400, DB2, SQL Server 2000, 37 various financial significant applications, Team System, MS Project, Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Design and implement the comprehensive security policies and rules
• Configuring the Vontu for the following action items:
Accurate detection of all data types and languages including Western and Asian character sets
Universal data security policy, detection, and enforcement
Automatic enforcement of data security policies: block, protect, quarantine, encrypt, and notify
Integrated reporting, remediation and workflow across data at rest, in motion, and at the endpoint
Business unit reporting on risk reduction and compliance
Project –4 Security monitoring and privileged user monitoring
CapitalOne, Richmond, USA – (Aug 06 – April 07)
Role: Project Manager/Security Consultant
Summary: This engagement included the framework development for the Security Monitoring and Privileged User Monitoring. Defining the Process, procedure and documentation. Enabling the client to meet the SOx compliance audit requirements on security and privileged user security event monitoring.
Environment: Security event and privileged user monitoring, Network Intelligence –enVision (SIM), OTRS ticketing system, PCI Standard, ITIL frame work, Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400 SOx servers, Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000, SNORT IDS, Checkpoint Firewall, Powerbroker, Ironport, IDP, IDS, Routers, and Switches, Firewall, SOx Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Framework development for security monitoring and privileged user monitoring to meet the PCI standards
• Defining the process in line with ITIL and other industry best practices
• Fine-tuning the Network Intelligence enVision SIM configurations for the client environment
• Defining the various reporting structures for client and the analyst to analyze the events, to reveal the trend of the events.
• Analyzing the various security and privileged events reported from various OS, database, perimeter security products like firewall, IDS, IDP and Ironport.
• Coordinating with the SME (Subject matter expertise) and audit team to reduce the false positives and to avoid the system noise.
• Setting up the analyst team to do the interest events analysis
• Designed and implemented the ticketing system using OTRS for to support the audit trial.
• Trained and lead the analyst team to analyze the security and privileged events and to use the ticketing system for audit trails.
• Designed and integrated the Knowledge base (KB) in to the OTRS.
• Handling the Change management, Incident management, Problem Management, Internal Audit, Quality assurance, Management reporting, Executive reporting on SOx events.
• Documented the entire processes and procedures the activities performed in the project.
• Backup plan developed and tested to provide the audit trail supporting details on failure or loss of analysis data.
Project –5 SOx Monitoring
Shell, Houston, USA – (Aug 05 – July 06)
Role: Project Manager/Security Consultant
Summary: This engagement included the design, deployment and configure the security information management system (SIM) and to integrate the SOx servers (more than 3000 servers spread over USA, UK and CBJ). Enabling the client to meet the SOx compliance audit requirements.
Environment: ArcSight Management Server 3.0 (SIM), ArcSight Smart Agents (1. AS400 JRN File Agent, 2. Syslog Smart Agent, 3. SESA Smart Agent, 4. NT-Collector Smart Agent, 5. Flex Agent), ArcSight Database Server, ArcSight Console, SESA (Symantec Enterprise Security Architecture), SHIDS (Symantec Host Intrusions Detection System), Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400 SOx servers, Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000, SNORT IDS, Checkpoint Firewall, SOx Compliance, Policies, Standards, Regulations and Guidelines)
My responsibilities are:
• Working as a Security Analyst in SOX Event Monitoring team managing 1500+ SOX servers (Win2k/Win2k3, Linux, Solaris, AIX, and AS400) for Shell GEMS. These servers are based in USA (Houston), Europe (Netherlands), and Asia Pac (CBJ).
• Handling Symantec Enterprise Security Architecture (SESA) and Arcsight Enterprise Security Manager for the locations in USA, Europe, and Asia Pacific.
• Traveled USA for Setting up the SIM system and analyzing the events, validating rules and customizing the parser files and Arcsight agents for the Shell environment.
• Arcsight SIM designed, deployed, configured and integrated with Sox servers.
• Tested Proof of Concept for SESA Integration with Arcsight Environment.
• Installation, Integration and configuration of SHIDS agent and Arcsight Smart Agent.
• Various SOx systems (More then 3000 servers) are integrated to the Arcsight to report their security events. (Eg: OS - Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400, Database - Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000)
• Mapping SOX Controls to Arcsight Rules and filters to normalize and Correlate the raw events.
• Troubleshooting and resolving Arcsight and SESA problems. Validating the setup and identifying the false positive.
• Various customized reports (Executive report, SOx compliance effectiveness report, Trend Analysis report, etc.,) are configured on Arcsight SIM.
• Monitoring and Analyzing the SOX Servers Events using Arcsight Console.
• Inducting the analyst regarding Process, ticket creation and technical knowledge.
• Coordinating the Incident and change management.
• Scheduling Reports on weekly and monthly basics. Documenting the technical and process activities.
Project –6 HIPS (Host Intrusion Prevention System) Design and Deployment
Major Retail (Albertson), USA – (July 05 – Aug 05)
Role: Project Lead/Security Consultant
Summary: This assignment-involved design, installation, integration, managing and administering the McAfee Entercept Host Intrusion Prevention System for more than 3000 servers.
Environment: McAfee® Entercept® Management System, McAfee® Entercept® agents, Windows 2000, 2003 and NT Servers Unix, Linux, Solaris servers, Oracle 9i and SQL Server 2000.
My responsibilities are:
• Generating the necessary attacks and ethical hacking methods in a controlled environment to validate and customize the HIPS signatures.
• Installed and administered the McAfee® Entercept® Management System.
• Installed the McAfee® Entercept® agents over various servers against zero-day and known attacks.
• Evaluated and implemented the behavioral rules for various agents and integrated the agents with Entercept® Management System
• Installation, Integration and configuration of Entercept® agents globally.
• Created the system and base line configuration document.
Project –7 SOx Monitoring thru SESA
Oil and Natural Gas Company (SHELL), UK – (Aug 04 – June 05)
Role: Project Lead/Associate Consultant
Summary: Customer has the mandate to comply with Sarbanes-Oxley (SOx) and hence the top priority is to achieve readiness for the compliance a short time period. Customer has existing SESA environment. Assignments involved with understanding of SOx requirement, configuring and maintain the system for SOx Compliance requirement using SESA (Symantec Enterprise Security Architecture).
Environment: Enterprise Security Manager (ESM), Symantec Enterprise Security Architecture (SESA), SHIDS - Symantec Host Intrusion Detection System, OS - AS/400,HP-UX, IBM-AIX, Linux, Sun Solaris, Unix, Windows 2000,Windows 2003 Server, Windows NT, DB2, Oracle 9i,Security Incident Management, Security Operations Management, Information Security Consulting, SOx Compliance.
My responsibilities are:
• This assignment involved architecting the solution, managing and administering the Symantec ESM (Enterprise Security Manager) and SESA (Symantec Enterprise Security Architecture).
• Conducted internal and external vulnerability assessments.
• Enterprise Security Manager system was evaluated and implemented.
• Assisted in the development of enterprise information security policies and Standards.
• Customized and configured the SESA policies and rules for the Shell environment to capture the compliance events.
• Checking multiple systems simultaneously for deviations such as missing OS patches, inappropriate user password settings, unauthorized privileges, incorrect file access, changes to security settings, and incorrect configurations.
• Installed, Integrated and configured the Symantec ESM globally.
• ESM Policies created to evaluate network vulnerabilities and security policy violations.
• Enterprise-wide intrusion detection / prevention (SHIDS) Solution is implemented.
Project –8 Security Audit
India’s Number 1 Forging Company (Bharat Forge Ltd), India – (June 04 – July 04)
Role: Specialist Security Solutions / Security Auditor
Summary: This engagement involved vulnerability assessment for the App Servers, Data Base Servers, File Servers, and Mail Server and for the Entire network. Cisco PIX Firewall policy reviewed. Log reviewing and incident analyzing. Security audit report submitted covering all the possible loopholes and workarounds. ISMS implementation roadmap prepared and submitted to the client.
Environment: Number of various application servers includes App Servers, Data Base Servers, File Servers and Mail Servers, Cisco PIX Firewall, CISCO IOS and around 800 desktops with Windows 3.1/95/98,2K, NT, -XP, IT Infrastructure Audit Management, Information Risk Management, Security Incident Management, Security Operations Management, Technical Documentation, BS 7799, OS Hardening, Regulatory Compliance, Risk Assessment, various vulnerability analysis and assessment tools.
My responsibilities are:
• The IT infrastructure of organization includes number of various application servers, firewall and around 800 desktops.
• A detailed security audit performed which includes the Vulnerability Assessment of business critical servers, which includes App Servers, Data Servers, File Servers and Mail Server.
• GAP analysis of corporate standards with Industry standard regulations such as ISO 17799
• High Level Risk Assessment for CRM Application system
• OS Vulnerability Assessment and Database Vulnerability Assessment.
• Threat analysis
• Impact analysis
• Firewall policy reviewing
• Client interaction and Stakeholder information capture and documents review
• Assessment of efficacy of existing controls
• Development of policies and procedures
• Policy Discussion with business managers
• BS 7799 based Security Assessment Audit of Infrastructure including Vulnerability Assessment
• Present audit findings to Management
• Recommendations with secure architecture design
• IT and Business Process Assessment with reference to BS 7799 Standards
• Submission of reports and imparting security awareness training to customer
• Implementation Road Map for Compliance
Project –9 BS7799 ISMS Building
A leading News paper company (Malayala Manorama), India – (April 04 – May 04)
Role: Specialist Security Solutions / Security Auditor
Summary: This engagement involved building Information Security Management system in accordance with the BS 7799:2002 – Part 2 Specifications for the client.
Environment: BS 7799:2002 – Part 2 Specifications, ISMS Framework, Security Audit, various vulnerability analyzing and accessing tools, Asset management, Risk assessment and management.
My responsibilities are:
• Build ISMS Scope
• Risk Assessment Conducted
• Review of Internal Controls
• Develop Risk Treatment Plan
• Statement of Applicability
• New Internal Controls selection
• Develop narratives for network domain for controls mapping for general controls and network security controls
• Designed narratives and controls such as Automatic and manual reconciliation for interface programs between SAP and other applications
• Reviewing and developing Information Security Policies / procedures for the organization as part of an ongoing policy and procedure review.
• Regular interaction with client enabling the refinement of policies / procedures over a period of time
• Building ISMS for BS7799
• Recommending products and tech for adopting counter measure on Gap Analysis Enabling Malayala Manorama for third party audit for BS7799
• Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. Develop Risk and control library for information security discipline
• Design Baseline Controls and Controls Assessment after Corporate Risk assessment
• Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting
• Development of risk control framework and enterprise risk assessment methodology
• Compliance assessment on content of Risk Control library for corporate.
• BS 7799 GAP analysis
• Inspecting the setup for ISMS compliance.
Project –10 Security Audit, Incident review and Firewall Policy design and deployment.
Software / Embedded designers & program developers, (Honeywell Ltd), India – (Feb 04 – March 04)
Role: Specialist Security Solutions / Security Auditor
Summary: The IT infrastructure of this enterprise includes Web servers, File Servers, Firewalls and around 1500 desktops. A detailed security audit, Incident Review and Firewall Policy design and deployment is involved in this assignment.
Environment: App Servers, Data Servers, File Servers, Mail Server and 1500 desktops spread over two remote offices and One HO. IT Infrastructure Audit, Information Risk Assessment and Management, Security Incident Management, Information Security Consulting, NMAP, Nessus, OS Hardening, Penetration Testing, Policy Definition, Security Awareness, Vulnerability Assessment, Information Security - Policy & Process, Network Audit, Security audit, Risk Assessment, Security Audit, Incident review on SQL 2000 Server.
My responsibilities are:
• Detailed security audit performed which includes the Vulnerability Assessment of business critical servers, which includes App Servers, Data Servers, File Servers and Mail Server.
• Over all Security audit and VA is done for the IT infrastructure which consisting 2 remote offices and One HO with different networks with two Firewalls.
• Assessment of efficacy of existing controls
• Design Secure Architecture
• Policy Discussion with business managers
• Design of Policy and Procedures
• OS Vulnerability Assessment
• Database Vulnerability Assessment
• Enterprise Firewall policy creation
• Deployment of NetScreen Firewall in load sharing mode and implemented Defense-in-depth.
• Training on Firewall administration to the IMG Team
• Incident of SQL Server issue was analyzed in detail. Workarounds and suitable solutions are kept in place to avoid such incidents in future.
Project –11 BS7799 ISMS Building AND Covert Channel analysis
Banking industry (Not to disclose the client name as per NDA), India (Oct 03 – Jan 04)
Role: Specialist Security Solutions / Security Auditor
Summary: BS7799 ISMS Building AND Covert Channel analysis to the incident reported by the client.
Environment: (Not to disclose the environment of the client as per NDA)
My responsibilities are:
• Performed the application level covert channel Analysis. Real time incident information and logs are captured and evidence was documented. Final report was presented to the top management and successfully stopped the illegitimate information flow and assured the data confidentiality. (NDA – Won’t be able to discuss further on this assignment).
• Build ISMS Scope
• Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting
• Development of risk control framework and enterprise risk assessment methodology
• Risk Assessment Conducted
• Review of Internal Controls
• Develop Risk Treatment Plan
• Statement of Applicability
• New Internal Controls selection
• Reviewing and developing Information Security Policies / procedures for the organization as part of an ongoing policy and procedure review.
• Building ISMS for BS7799
• Design Baseline Controls and Controls Assessment after Corporate Risk assessment
• Inspecting the setup for ISMS compliance.
Project –12 Application Resources Optimization Solution
Kirloskar Oil Engines Limited, India – (Sep 03 – Sep 03)
Role: Security Solutions Architect
Summary: This engagement involved to decrease the number of servers used for Oracle database and increase the performance.
Environment: Netscaler, Strong knowledge on TCP-IP, Windows 2000, Windows 2003 Server, Windows NT, Oracle 9i Servers, Web Server, ERP Application servers, Load balancing, Business Continuity Planning, Business Process Management,
My responsibilities are:
• Netscaler is configured for load balancing the Oracle Servers.
• Load balancing tried on multiple methods like least load, round robin, minimal number of TCP-IP connections.
• This increased the usability of the Oracle servers and the numbers of Oracle servers required earlier are reduced. The unique technology on TCP/IP handling of Netscaler plays a key role increases over all service performance.
• So the entire system performance is enhanced.
Project –13 Integrated Messaging Solution and Gateway Security Solution
Leading software development firm, (Persistent Systems Pvt Ltd), India – (June 03 – Aug 03)
Role: Security Solutions Architect
Summary: This engagement involved to setup the enterprise users 10000 mailboxes in a well-secured and cost effective environment. An Integrated messaging solution provided with Mirapoint appliance and the gateway and perimeter security solution to be designed and deployed.
Environment: Mirapoint Appliance, Firewall - NetScreen 8 Numbers, NetScreen Network Intrusion prevention system, 10000 mailboxes, 3000 desktops and 50 Servers, Information Security Consulting, Capacity Planning and sizing, Network Security, IT Consultancy.
My responsibilities are:
• The Entire Network has consisting around 3000 desktops and more that 50 Servers are secured totally by framing very tight layered security architecture.
• Framed and deployed the multi-zone and multi-layer security solution with firewalls, HIDS and NIDS.
• An integrated messaging solution designed and deployed with Mirapoint.
• A User level training is organized and documentation provided
• NetScreen firewall and IDP sizing was done Gateway security solution designed and proposed with 8 numbers of NetScreen firewall in online fallback option and one NetScreen IDP.
Project –14 Enterprise Security Solutions and Antispam Project
A Leading private cellular player in India (IDEA Cellular Ltd), India (Jan 03 – May 03)
Role: Specialist – Security solutions
Summary: Enterprise to review the security Policy in a regular interval and need the consultancy on demand to maintain the networking security of the enterprise.
Environment: NetScreen Firewalls with multi-zoning architecture, IronPort, Netscreen SSL VPN Appliance, Trend Micro, Content Management, Security Operations Management, Access Control & Single Sign On, Information Security Consulting, Policy Definition, Capacity Planning and sizing, Network Security.
My responsibilities are:
• Providing the consultancy on demand to maintain the networking security of the enterprise.
• Recommending the security policy modifications to mitigate the latest risks in the security domain.
• Security Architecture has been redesigned according to the current requirement and Firewall policies are constructed and reviewed with firewall log files for any attacks and intrusion.
• Firewall has been configured for the core security with multi-zoning architecture.
• Policies are defined and modified for the current requirement.
• VPN solution is deployed for the 4 circles (branch) from the NetScreen Firewall
• Policy revision and system security analysis done in a regular time intervals.
• Root Cause Analysis for the issues faced on day-to-day activity by the client.
• Disaster recovery and Contingency plan executed in a regular time interval for to ensure the availability of the system.
• NetScreen Firewall up gradation done.
• Ironport is successfully evaluated for the AntiSpam solution. This includes AntiSpam service for more than 150,000 mails per day of the corporate mail users.
• Netscreen SSL VPN is deployed in multi location primary-backup setup for the single sign on and remote secure assess to the business critical applications.
• Support to the TrendMicro gateway antivirus setup.
Project –15 ISP Backbone Security
A Leading ISP (HCL Infinet Ltd), India (May 01 – Dec 02)
Role: Project Leader / Tech Lead
Summary: A very big ISP setup with the combination of partially mesh network and full mesh network. The total network has to be secured from External and Internal Attacks.
Environment: Checkpoint Provider-1, Checkpoint Firewall, Symantec Norton Antivirus with Primary and Secondary Server, Fortigate Firewall, eTrust IDS, SolarWinds, Websense, ISS real secure IDS, Content Management, IP Network Planning, IT Operations Management, IT Project Management, Network Operations Management, Security Incident Management, Security Operations Management, Information Security Consulting, OS Hardening, Policy Definition, Security Awareness, Frame Relay, High Availability, Layer -2 Switch, N/W Management, TCP/IP, ATM Switching, Cisco LAN Switch, Cisco Routers, IP Routing, IPv6, ISS RealSecure IDS, Information Security - Policy & Process, Juniper Routers, Microsoft Exchange Server and other Networking Products.
My responsibilities are:
• Evaluation of Checkpoint Provider-1 for Core Security
• Evaluation three Checkpoint gateways at core layers and Internet peering points are managed with Checkpoint Provider-1.
• Ongoing management and support for Checkpoint NG.
• Content Filtering, Email Filtering, URL Filtering and other policy development according to the requirement.
• Distribution Model Setup
• Symantec Antivirus - Integration with Global Server, Primary Server and Client mode.
• Fortigate Firewall – Configured as a Gateway for Noida – HO site, with the security policy defined for Content filtering, Email filtering, URL filtering and Inbuilt IDS.
• SolarWinds Software integrated with Firewall for to collect the logs. Periodic Validation of logs is checked.
• Policies of firewall are reviews and modified as per change management to protect the entire setup from latest attacks.
• Also Logs of Content Filtering being utilized to monitor the employee’s activity and to avoid the misusage of Internet and mails.
• Firewall level authentication enabled for to access the various business critical servers.
• Incident reviewing & monitoring and validating the effectiveness and implementation of WAN Security, Application Security, Remote Access security, etc.
• Successful Evaluation on eTrust IDS for to monitor the Intrusion activities and network traffic analysis for HO
• ISS Real Secure IDS is installed and configured to monitor the network related intrusions.
• Validating the effectiveness of internal controls for the collocated client servers and routers.
• Providing recommendations on Information Security policy to the firewall administrator.
• Worked with internal audit team to meet the requirements of BS7799 standard and roadmap for ISMS implementation was projected to the manager.
Project –16 Enterprise Networking Security and VPN Solution
Leading Tyres manufactures (Apollo Tyres Pvt Ltd), India (Nov2000 – March 01)
Role: Project Lead
Summary: Information Security at HO is designed with Pix firewalls and Cisco VPN Concentrator. Considering all the business requirement and security standards and guidelines derives pix firewall policies.
Environment: Cisco PIX Firewall on HA Mode, Cisco VPN 3000 Concentrator, Cisco LAN Switch, Cisco Routers, IP Network Planning, IT Operations Management, IT Project Management, Network Operations Management, Solutions Management, Cisco PIX, Information Security Consulting, Frame Relay, High Availability, ISDN, Layer -2 Switch, TCP/IP, IP QoS, IP Routing, Network Security.
My responsibilities are:
• Cisco Pix Firewall 515-E on Hot Standby Mode for Core Security and Cisco 3745 configured as Pocket Filter Firewall.
• Prevention of well-known attacks is configured and Security Policy and logs are reviewed and correlated periodically and polices are modified accordingly.
• Corporate VPN policy for Secure Remote Access VPN is designed and deployed with Cisco 3000 Concentrator.
• More than 300 Sites over VPN connected to HO – Hub and Spoke Model
• Site-to-Site IPSec and layered Security at Head Office are deployed.
• Contingency Plan is planned and executed for the gateway security solution provided by Pix Firewall in Hot Standby Mode.
Project –17 Public Key Infrastructure (PKI)
ELGI Equipments Ltd, India (Aug2000 – Oct2000)
Role: Project Lead
Summary: Implementing Public Key Infrastructure to provide the secure data flow between the sites over shared network environment by ensuring the data authenticity, integrity and confidentiality.
Environment: Cisco PIX Firewall, IPSec, Cryptography, Information Security Consulting, Cisco LAN Switch, Cisco Routers, Win 2000 Server configured as CA Server, Windows 2000 Active Directory Server, Project management.
My responsibilities are:
• Cisco PIX Firewall 515E is deployed to provide robust user and application policy enforcement, multivector attack protection, and secure connectivity services.
• Cisco Pix Firewall 515-E is configured as per the enterprise policies.
• Site-to-Site VPN is configured between Cisco PIX Firewall to Cisco Routers at Branch offices.
• Internal Certificate Authority primary server and backup servers are configured using Win 2000 Server.
• Pix Firewall and the remote office routers are integrated with Certificate Authority server.
• Private keys are configured in the router and PIX Firewall
• Public keys are kept with the CA server.
• IPSec tunnels are configured to use the PKI for authentication between PIX Firewall at HO and routers at remote offices.
Project –18 Disaster Recovery Network Design and Implementation
Bank Of Rajasthan, India (May2000 – July2000)
Role: Project Leader
Summary: Bank required a DRN Solution to keep the business continuity at the networking level.
Environment: DRN (Disaster Recovery Network), Business Continuity Planning, Disaster Recovery Planning, ISP backbone configuration, Project management.
My responsibilities are:
• Disaster site network solution is framed between primary sites at Jaipur to DRN site Indore.
• Configuration in HCL InfiNet ISP backbone and routing is planned and configured.
• DRN network solution deployed
• Contingency and disaster plan successfully executed and tested.
Project –19 VPN Design and Deployment with IPSec
ITC, India (July 1999 – April 2000)
Role: Project Leader
Summary: VPN solution framework with IPSec Security for about 6 divisions and 250 branch offices.
Environment: Frame Relay, H.323, High Availability, ISDN, LAN Workplace, Layer -2 Switch, N/W Management, Wireless N/W, Cisco Routers and switches, ISP backbone configuration, IPSec Technology, Checkpoint firewall, Project management.
My responsibilities are:
• VPN solution framework with IPSec Security designed and implemented for about 6 divisions and 250 branch offices spread all over India.
• Partially mesh VPN topology with Point-to-Point and VPN solution framework designed and deployed for more than 250 locations and 7 Divisional HQ.
• IPSec VPN Solution deployed between branch offices to Division HQ.
• IPSec over GRE tunnels are configured between DHQ to Corporate HQ.
Few More Projects handled on Different Domains are listed below.
Solution Name: Proposals for Information Security Frameworks
Client Name: Tata Motors, India, Idea Cellular, India
Tool Used: Clear documentation and Proposal documentation on Intrusion Detection and Prevention (IDP) requirement of the customer. Netscreen IDP and ISS products are evaluated
Solution Name: Internal Benchmarking and validating the security products
Client Name: Clients for Wipro Technologies Ltd and Apara Enterprise Solutions (P) Ltd.
Tool Used: Various security devices are validated in a controlled environment and the best product for the customer environment was suggested and promoted.
Solution Name: Bandwidth Optimization Solution
Client Name: AESSEAL, Bajaj Alliance, WNS and Emphasis, India.
Tool Used: Peribit
Solution Name: Bill Of Material Validation
Client Name: Enterprise Solutions provided by HCL Infinet to their Customers.
Tool Used: Understanding the solution and validating the Bill of Material (BoM) estimated for that.
Solution Name: Corporate VPN Solution Design, Deployment and Support
Client Name: ITC, LG Electronics Ltd, Manipal Hospitals, Gabriel, Kone Elevators, Airport Authority Of India, Air Deccan Aviation, etc. India.
Tool Used: VPN Technology, Routers, Layer Three and Two Switches, HCL Infinet Backbone.
E-Mail: nathan_thilse@yahoo.com
Summary:
Over all 10 years of experience in Information Security with specialization in enterprise level security consulting services spanning from security framework design to IS audits.
Well experienced in Developing Corporate Information Security Policies, processes, procedures and technical controls for many enterprise clients to meet the compliance and standards requirements
Strong knowledge on translating the compliance and standards requirements to the technical controls and configurations.
Expertise in design, deployment and managing the security solutions in the areas of Managed Security Solutions, IT operations management, Information Security Management System (ISMS), Security Incident management (SIM) systems.
Specialized on ArcSight, Symantec Enterprise Security Manager (ESM), Network Intelligence and SESA.
Have experienced in integrating multiple OS, database and other applications with SIM.
Well experienced on Plan, deploy, configure and manage the SOx monitoring, privileged user monitoring and security monitoring solutions for the clients based out of USA and UK
Performed Information Security Risk Assessments and Risk management at the Enterprise level.
Excellent knowledge and experience in Information Systems Security Auditing, (ISO27001) BS7799 Implementation as well as auditing, building ISMS inline with information security standards and industry best practices.
Has worked on few SOX 404 assignments in the US (Shell – Richmond and Capitalone – Virginia)
Worked closely with internal and external audit towards regulatory requirements and compliance objectives
Strong technical aptitude with exceptional talent in training and development and an ability to effectively translate technical information and procedures to end-users.
Understanding the customer’s pain area and resolving with perfect solutions.
Drafted RFP and Formal proposals for various Information Security Solutions to solutions to the USA and UK based clients.
Validated the various security products for the different customer requirements and recommending the suitable and cost effective products for the optimal solutions.
Well experienced on planning and executing the compliance related and other security projects for the corporate clients.
A Very excellent Project Management Skill set and executed more than 75 Enterprise level Projects in the span of 8 years.
Well experienced on Vendor management, Support and service team management, Logistics management, SLA management.
Information Security Designed and Implemented for various business verticals as: Banking, Manufacturing, OIL and Gas, Government, Aviation, ISP, TELCO, BPO, Software and Services industry etc.
Skill sets:
Process
IS Audit Planning, Execution, Audit Documentation and Reporting
Review Internal Controls implemented for PSI-DSS, SOx compliance, ISO27001 standards and enterprise security
Design, Implement and manage the framework inline with ITIL for ISO 27001, PCI-DSS, Sox monitoring, Security Risk office and PUM
IT Risk Assessment and Management
Interview, evidence gathering and analysis
Business Continuity Plan development and Assessment
Information technology & Information security management system (ISMS)
Auditing (IT Security, Standards, Controls, Best Practices and Regulatory Compliance)
Exposure to ISO 27001, PCI-DSS, SOx, HIPAA, CoBiT, COSO, Basel II The World bank Technology Risk Checklist and ITIL
Compliance Audits
Manual Auditing (Process Mapping)
Application walkthroughs.
Trend analysis to capture the interesting events under regulatory compliance
Analysis and Management
Business Analysis
Project Management
Expertise solutions and products:
Security Information Management solutions: Arcsight, Network Intelligence envision, Symantec SIM, Symantec (Enterprise Security Manager) and Symantec Enterprise Security Architecture (SESA)
Secure communications: SecureID, IPSec, Encryption, SSH, SSL, Secure FTP, PKI, Digital certificates and signatures
Authentication, Authorization and Access Control: End-End Application Security, Enterprise Authentication and Authorization Web Services, Secure administration, RADIUS, SecureID, Single Sign-on (SSO)
Compliance and Auditing: PCI-DSS, Sarbanes-Oxley, Control Objectives for Information and Related Technology (COBIT), ISO27001, HIPAA, COSO, Basel II The World bank Technology Risk Checklist and industry best practices like ITIL
Information Security Policies and Procedures: Policies, Standards, Guidelines, Technical controls, workflows and procedures.
Host Assessment tools: NetIQ and Symantec Enterprise Security Manager (ESM)
Messaging Security: IronPort – Email Security product, Symantec Brightmail Antispam, Mirapoint Secure Email Server
Authentication: Cisco Secure Access Control Server (AAA Server), Certificate Authority Server – Microsoft Windows ISS Server, RSA – Secure ID and Single sign on Products
Patch management: Shavlik, Marimba and SUS
Intrusion Detection and Prevention tools: e-Trust, ISS – Proventia A, G and M Series of Products, Netscreen IDP, Entercept Host Intrusion Prevention System, Symantec HIDS, eTrust
Assessment Tools: ISS (Internet scanner, Network Scanner, Database Scanner), Nmap, Nessus, Retina, Super Scan
Other Tools: Brutus, Solar Winds, Quick Spoof, CIA, Ethereal and other packet analyzers, Ghost
End Point Security: Cisco Security Agent (CSA), NIS, Norton Personal Firewall
Ticketing system: OTRS with SQL
Firewalls and DMZ configurations: Cisco PIX, Check Point NG & AI, Netscreen, Fortigate, Checkpoint Provider1.
Virtual Private Networks and Remote Access: Cisco VPN, Nortel Contivity, SSL VPN, RAS, Netscaler, Juniper SSL VPN Appliance, Cisco VPN Concentrator Series, Cisco and Intel VPN Clients, Checkpoint Secure remote on Windows and various third party VPN products.
Resource optimizing solutions: Netscaler and Peribit
Monitoring, Filtering and Reporting: Websense, SurfControl, ISA, WebTrends
Antivirus: Symantec Norton Corporate Edition, Symantec Anti Spam, Trend Server Protect 5.5 and McAfee
Anti Spam Solutions: IronPort, BrightMail
Wireless Technologies: Cisco's LEAP, IEEE 802.11b standard, WAP protocol.
Planning, development, implementation and review of information security and documentation.
Web Servers - Apache, IIS
Networking - TCP/IP, NFS, Telnet, FTP, DNS, DHCP, NAT, ipconfig, route, netstat
Routing, Switching, Layer 2 and Layer 3 VLAN
Project management Systems: Microsoft Project 2000, Project Scheduler Ver 8.0
Operating systems integrated and managed for security Events: Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400
Data base integrated and managed for security Events: Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000, VB Scripts
Applications integrated and managed for security Events: Powerbroker, Ironport, IDP, IDS, Routers, and Switches, Firewall.
Workshops / Trainings attended
Certified Ethical Hacker - Trained at Asian School of Cyber Laws, Pune.
Trained on Arcsight and Network Intelligence
Trained on effective presentation skills at Richmond, USA
Trained on Antispam solutions by Ironport, USA.
Boot Camp on Application Architecture and Analysis of Symantec NAV and NIS, Aug-2005
Appearing for CISSP and Pursuing PMP training
Accreditations:
BS ISO/IEC 27001:2005 Lead Auditor
SANS GIAC Payment Card Industry (GPCI) – From SANS – No:403
IT Service Management Foundation – ITIL Exam from Exin
CoBiT based IT Governance Foundation Exam
156-210.4 Check Point Certified Security Administrator NG – AI (CCSA)
Cisco Secure PIX Firewall Advanced Exam (CSPFA 642-521) – Appeared and Scored 743 -
Cisco Certified Network Associate (CCNA 640- 607) – CSCO10682369
Checkpoint Firewall1 Administration Certificate from Brain Bench.
Education:
Bachelor of Engineering (Electrical and Electronics) from University of Madras, India.
Diploma in Electrical and Electronics from Directorate of Technical Education, India.
Key Projects
A Major Insurance Company, Madison, USA – (June 07 Till Date)
Role: Project Manager
Currently, I am handling multiple projects
Project –1 Audit Remediation Project – Security Access Reporting
Summary: This engagement included the audit remediation for the financial critical systems, Interim Solution plan and design, implement and train the team and Business System Owners (Includes Business vertical Directors, Application Owners Sr. Management staffs) on security access reporting. Ensure that the identified Gap on internal audit is resolved.
Environment: Security access reporting, Project management, PCI, ISO 27001, UNIX, AIX, Linux, AS400, DB2, SQL Server 2000, VB Script, VB 6.0, Team System, MS Project, Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Understood the audit gaps and requirements based on corporate policy, ISO 27001 standards and PCI standards
• Proposed a cost effective solution as the interim solution.
• Project management methodology followed as Assess Phase, Initiate Phase, Plan Phase, Execute Phase, Control Phase, Transition and Stabilize Phase, Signoff and close phase.
• Gate review with Sr. Management on every phase completion
• Project executed on 4 major modules as Data Stream, Reporting Stream, Attestation Stream and Training/Awareness Stream
• Information gathered from various verticals of business including IT
• Identified and documented the requirements from Privacy leaders and internal auditors
• Designed and Deployed programmers to develop the interim automated solution for Security Access Reporting. Process and procedure documents were prepared and trained the team
CUNA Mutual Group, Madison, USA – (June 07 Till Date)
Project –2 IAM – Identity and Access Management
Role: Business Analyst
Summary: Define processes, technologies, and policies to manage digital identities and specify how they are used to access resources across the various platform and finance significant applications (37). Implementing the state-of-art and cost-effective IAM solution for the hybrid and complex access environment.
Environment: Identity and Access management, Project management, PCI, ISO 27001, UNIX, AIX, Linux, AS400, DB2, SQL Server 2000, 37 various financial significant applications, Team System, MS Project, Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Analysis on financial significant applications and understanding the identity and access management methodology of them
• Information gathering on business, IT and operational roles, Personnel and financial data access
• IAM Product identification, bench marking, testing and selection
• Implementing the IAM Product and integrating the hybrid and complex set of financial significant applications with the IAM product.
• Process, Procedure and document the complete IAM project
CUNA Mutual Group, Madison, USA – (Nov 07 – Dec 07)
Project –3 Data Loss Prevention Project - Demo
Summary: Discover and protect data at rest, in motion, at the endpoint and exposed on centralized and decentralized file servers, SQL and Lotus Notes databases, desktops, laptops and other data repositories.
Environment: Data Loss Prevention, Vontu 6.0, PCI, ISO 27001, UNIX, AIX, Linux, AS400, DB2, SQL Server 2000, 37 various financial significant applications, Team System, MS Project, Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Design and implement the comprehensive security policies and rules
• Configuring the Vontu for the following action items:
Accurate detection of all data types and languages including Western and Asian character sets
Universal data security policy, detection, and enforcement
Automatic enforcement of data security policies: block, protect, quarantine, encrypt, and notify
Integrated reporting, remediation and workflow across data at rest, in motion, and at the endpoint
Business unit reporting on risk reduction and compliance
Project –4 Security monitoring and privileged user monitoring
CapitalOne, Richmond, USA – (Aug 06 – April 07)
Role: Project Manager/Security Consultant
Summary: This engagement included the framework development for the Security Monitoring and Privileged User Monitoring. Defining the Process, procedure and documentation. Enabling the client to meet the SOx compliance audit requirements on security and privileged user security event monitoring.
Environment: Security event and privileged user monitoring, Network Intelligence –enVision (SIM), OTRS ticketing system, PCI Standard, ITIL frame work, Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400 SOx servers, Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000, SNORT IDS, Checkpoint Firewall, Powerbroker, Ironport, IDP, IDS, Routers, and Switches, Firewall, SOx Compliance Gap analysis report, Policies, Standards, Regulations, Guidelines, Industry best practices.
My responsibilities are:
• Framework development for security monitoring and privileged user monitoring to meet the PCI standards
• Defining the process in line with ITIL and other industry best practices
• Fine-tuning the Network Intelligence enVision SIM configurations for the client environment
• Defining the various reporting structures for client and the analyst to analyze the events, to reveal the trend of the events.
• Analyzing the various security and privileged events reported from various OS, database, perimeter security products like firewall, IDS, IDP and Ironport.
• Coordinating with the SME (Subject matter expertise) and audit team to reduce the false positives and to avoid the system noise.
• Setting up the analyst team to do the interest events analysis
• Designed and implemented the ticketing system using OTRS for to support the audit trial.
• Trained and lead the analyst team to analyze the security and privileged events and to use the ticketing system for audit trails.
• Designed and integrated the Knowledge base (KB) in to the OTRS.
• Handling the Change management, Incident management, Problem Management, Internal Audit, Quality assurance, Management reporting, Executive reporting on SOx events.
• Documented the entire processes and procedures the activities performed in the project.
• Backup plan developed and tested to provide the audit trail supporting details on failure or loss of analysis data.
Project –5 SOx Monitoring
Shell, Houston, USA – (Aug 05 – July 06)
Role: Project Manager/Security Consultant
Summary: This engagement included the design, deployment and configure the security information management system (SIM) and to integrate the SOx servers (more than 3000 servers spread over USA, UK and CBJ). Enabling the client to meet the SOx compliance audit requirements.
Environment: ArcSight Management Server 3.0 (SIM), ArcSight Smart Agents (1. AS400 JRN File Agent, 2. Syslog Smart Agent, 3. SESA Smart Agent, 4. NT-Collector Smart Agent, 5. Flex Agent), ArcSight Database Server, ArcSight Console, SESA (Symantec Enterprise Security Architecture), SHIDS (Symantec Host Intrusions Detection System), Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400 SOx servers, Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000, SNORT IDS, Checkpoint Firewall, SOx Compliance, Policies, Standards, Regulations and Guidelines)
My responsibilities are:
• Working as a Security Analyst in SOX Event Monitoring team managing 1500+ SOX servers (Win2k/Win2k3, Linux, Solaris, AIX, and AS400) for Shell GEMS. These servers are based in USA (Houston), Europe (Netherlands), and Asia Pac (CBJ).
• Handling Symantec Enterprise Security Architecture (SESA) and Arcsight Enterprise Security Manager for the locations in USA, Europe, and Asia Pacific.
• Traveled USA for Setting up the SIM system and analyzing the events, validating rules and customizing the parser files and Arcsight agents for the Shell environment.
• Arcsight SIM designed, deployed, configured and integrated with Sox servers.
• Tested Proof of Concept for SESA Integration with Arcsight Environment.
• Installation, Integration and configuration of SHIDS agent and Arcsight Smart Agent.
• Various SOx systems (More then 3000 servers) are integrated to the Arcsight to report their security events. (Eg: OS - Windows 2000, 2003 and NT SOx Servers Unix, AIX, Linux, Solaris and AS400, Database - Oracle, Oracle 9i, DB2, MySQL, SQL Server 2000)
• Mapping SOX Controls to Arcsight Rules and filters to normalize and Correlate the raw events.
• Troubleshooting and resolving Arcsight and SESA problems. Validating the setup and identifying the false positive.
• Various customized reports (Executive report, SOx compliance effectiveness report, Trend Analysis report, etc.,) are configured on Arcsight SIM.
• Monitoring and Analyzing the SOX Servers Events using Arcsight Console.
• Inducting the analyst regarding Process, ticket creation and technical knowledge.
• Coordinating the Incident and change management.
• Scheduling Reports on weekly and monthly basics. Documenting the technical and process activities.
Project –6 HIPS (Host Intrusion Prevention System) Design and Deployment
Major Retail (Albertson), USA – (July 05 – Aug 05)
Role: Project Lead/Security Consultant
Summary: This assignment-involved design, installation, integration, managing and administering the McAfee Entercept Host Intrusion Prevention System for more than 3000 servers.
Environment: McAfee® Entercept® Management System, McAfee® Entercept® agents, Windows 2000, 2003 and NT Servers Unix, Linux, Solaris servers, Oracle 9i and SQL Server 2000.
My responsibilities are:
• Generating the necessary attacks and ethical hacking methods in a controlled environment to validate and customize the HIPS signatures.
• Installed and administered the McAfee® Entercept® Management System.
• Installed the McAfee® Entercept® agents over various servers against zero-day and known attacks.
• Evaluated and implemented the behavioral rules for various agents and integrated the agents with Entercept® Management System
• Installation, Integration and configuration of Entercept® agents globally.
• Created the system and base line configuration document.
Project –7 SOx Monitoring thru SESA
Oil and Natural Gas Company (SHELL), UK – (Aug 04 – June 05)
Role: Project Lead/Associate Consultant
Summary: Customer has the mandate to comply with Sarbanes-Oxley (SOx) and hence the top priority is to achieve readiness for the compliance a short time period. Customer has existing SESA environment. Assignments involved with understanding of SOx requirement, configuring and maintain the system for SOx Compliance requirement using SESA (Symantec Enterprise Security Architecture).
Environment: Enterprise Security Manager (ESM), Symantec Enterprise Security Architecture (SESA), SHIDS - Symantec Host Intrusion Detection System, OS - AS/400,HP-UX, IBM-AIX, Linux, Sun Solaris, Unix, Windows 2000,Windows 2003 Server, Windows NT, DB2, Oracle 9i,Security Incident Management, Security Operations Management, Information Security Consulting, SOx Compliance.
My responsibilities are:
• This assignment involved architecting the solution, managing and administering the Symantec ESM (Enterprise Security Manager) and SESA (Symantec Enterprise Security Architecture).
• Conducted internal and external vulnerability assessments.
• Enterprise Security Manager system was evaluated and implemented.
• Assisted in the development of enterprise information security policies and Standards.
• Customized and configured the SESA policies and rules for the Shell environment to capture the compliance events.
• Checking multiple systems simultaneously for deviations such as missing OS patches, inappropriate user password settings, unauthorized privileges, incorrect file access, changes to security settings, and incorrect configurations.
• Installed, Integrated and configured the Symantec ESM globally.
• ESM Policies created to evaluate network vulnerabilities and security policy violations.
• Enterprise-wide intrusion detection / prevention (SHIDS) Solution is implemented.
Project –8 Security Audit
India’s Number 1 Forging Company (Bharat Forge Ltd), India – (June 04 – July 04)
Role: Specialist Security Solutions / Security Auditor
Summary: This engagement involved vulnerability assessment for the App Servers, Data Base Servers, File Servers, and Mail Server and for the Entire network. Cisco PIX Firewall policy reviewed. Log reviewing and incident analyzing. Security audit report submitted covering all the possible loopholes and workarounds. ISMS implementation roadmap prepared and submitted to the client.
Environment: Number of various application servers includes App Servers, Data Base Servers, File Servers and Mail Servers, Cisco PIX Firewall, CISCO IOS and around 800 desktops with Windows 3.1/95/98,2K, NT, -XP, IT Infrastructure Audit Management, Information Risk Management, Security Incident Management, Security Operations Management, Technical Documentation, BS 7799, OS Hardening, Regulatory Compliance, Risk Assessment, various vulnerability analysis and assessment tools.
My responsibilities are:
• The IT infrastructure of organization includes number of various application servers, firewall and around 800 desktops.
• A detailed security audit performed which includes the Vulnerability Assessment of business critical servers, which includes App Servers, Data Servers, File Servers and Mail Server.
• GAP analysis of corporate standards with Industry standard regulations such as ISO 17799
• High Level Risk Assessment for CRM Application system
• OS Vulnerability Assessment and Database Vulnerability Assessment.
• Threat analysis
• Impact analysis
• Firewall policy reviewing
• Client interaction and Stakeholder information capture and documents review
• Assessment of efficacy of existing controls
• Development of policies and procedures
• Policy Discussion with business managers
• BS 7799 based Security Assessment Audit of Infrastructure including Vulnerability Assessment
• Present audit findings to Management
• Recommendations with secure architecture design
• IT and Business Process Assessment with reference to BS 7799 Standards
• Submission of reports and imparting security awareness training to customer
• Implementation Road Map for Compliance
Project –9 BS7799 ISMS Building
A leading News paper company (Malayala Manorama), India – (April 04 – May 04)
Role: Specialist Security Solutions / Security Auditor
Summary: This engagement involved building Information Security Management system in accordance with the BS 7799:2002 – Part 2 Specifications for the client.
Environment: BS 7799:2002 – Part 2 Specifications, ISMS Framework, Security Audit, various vulnerability analyzing and accessing tools, Asset management, Risk assessment and management.
My responsibilities are:
• Build ISMS Scope
• Risk Assessment Conducted
• Review of Internal Controls
• Develop Risk Treatment Plan
• Statement of Applicability
• New Internal Controls selection
• Develop narratives for network domain for controls mapping for general controls and network security controls
• Designed narratives and controls such as Automatic and manual reconciliation for interface programs between SAP and other applications
• Reviewing and developing Information Security Policies / procedures for the organization as part of an ongoing policy and procedure review.
• Regular interaction with client enabling the refinement of policies / procedures over a period of time
• Building ISMS for BS7799
• Recommending products and tech for adopting counter measure on Gap Analysis Enabling Malayala Manorama for third party audit for BS7799
• Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. Develop Risk and control library for information security discipline
• Design Baseline Controls and Controls Assessment after Corporate Risk assessment
• Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting
• Development of risk control framework and enterprise risk assessment methodology
• Compliance assessment on content of Risk Control library for corporate.
• BS 7799 GAP analysis
• Inspecting the setup for ISMS compliance.
Project –10 Security Audit, Incident review and Firewall Policy design and deployment.
Software / Embedded designers & program developers, (Honeywell Ltd), India – (Feb 04 – March 04)
Role: Specialist Security Solutions / Security Auditor
Summary: The IT infrastructure of this enterprise includes Web servers, File Servers, Firewalls and around 1500 desktops. A detailed security audit, Incident Review and Firewall Policy design and deployment is involved in this assignment.
Environment: App Servers, Data Servers, File Servers, Mail Server and 1500 desktops spread over two remote offices and One HO. IT Infrastructure Audit, Information Risk Assessment and Management, Security Incident Management, Information Security Consulting, NMAP, Nessus, OS Hardening, Penetration Testing, Policy Definition, Security Awareness, Vulnerability Assessment, Information Security - Policy & Process, Network Audit, Security audit, Risk Assessment, Security Audit, Incident review on SQL 2000 Server.
My responsibilities are:
• Detailed security audit performed which includes the Vulnerability Assessment of business critical servers, which includes App Servers, Data Servers, File Servers and Mail Server.
• Over all Security audit and VA is done for the IT infrastructure which consisting 2 remote offices and One HO with different networks with two Firewalls.
• Assessment of efficacy of existing controls
• Design Secure Architecture
• Policy Discussion with business managers
• Design of Policy and Procedures
• OS Vulnerability Assessment
• Database Vulnerability Assessment
• Enterprise Firewall policy creation
• Deployment of NetScreen Firewall in load sharing mode and implemented Defense-in-depth.
• Training on Firewall administration to the IMG Team
• Incident of SQL Server issue was analyzed in detail. Workarounds and suitable solutions are kept in place to avoid such incidents in future.
Project –11 BS7799 ISMS Building AND Covert Channel analysis
Banking industry (Not to disclose the client name as per NDA), India (Oct 03 – Jan 04)
Role: Specialist Security Solutions / Security Auditor
Summary: BS7799 ISMS Building AND Covert Channel analysis to the incident reported by the client.
Environment: (Not to disclose the environment of the client as per NDA)
My responsibilities are:
• Performed the application level covert channel Analysis. Real time incident information and logs are captured and evidence was documented. Final report was presented to the top management and successfully stopped the illegitimate information flow and assured the data confidentiality. (NDA – Won’t be able to discuss further on this assignment).
• Build ISMS Scope
• Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting
• Development of risk control framework and enterprise risk assessment methodology
• Risk Assessment Conducted
• Review of Internal Controls
• Develop Risk Treatment Plan
• Statement of Applicability
• New Internal Controls selection
• Reviewing and developing Information Security Policies / procedures for the organization as part of an ongoing policy and procedure review.
• Building ISMS for BS7799
• Design Baseline Controls and Controls Assessment after Corporate Risk assessment
• Inspecting the setup for ISMS compliance.
Project –12 Application Resources Optimization Solution
Kirloskar Oil Engines Limited, India – (Sep 03 – Sep 03)
Role: Security Solutions Architect
Summary: This engagement involved to decrease the number of servers used for Oracle database and increase the performance.
Environment: Netscaler, Strong knowledge on TCP-IP, Windows 2000, Windows 2003 Server, Windows NT, Oracle 9i Servers, Web Server, ERP Application servers, Load balancing, Business Continuity Planning, Business Process Management,
My responsibilities are:
• Netscaler is configured for load balancing the Oracle Servers.
• Load balancing tried on multiple methods like least load, round robin, minimal number of TCP-IP connections.
• This increased the usability of the Oracle servers and the numbers of Oracle servers required earlier are reduced. The unique technology on TCP/IP handling of Netscaler plays a key role increases over all service performance.
• So the entire system performance is enhanced.
Project –13 Integrated Messaging Solution and Gateway Security Solution
Leading software development firm, (Persistent Systems Pvt Ltd), India – (June 03 – Aug 03)
Role: Security Solutions Architect
Summary: This engagement involved to setup the enterprise users 10000 mailboxes in a well-secured and cost effective environment. An Integrated messaging solution provided with Mirapoint appliance and the gateway and perimeter security solution to be designed and deployed.
Environment: Mirapoint Appliance, Firewall - NetScreen 8 Numbers, NetScreen Network Intrusion prevention system, 10000 mailboxes, 3000 desktops and 50 Servers, Information Security Consulting, Capacity Planning and sizing, Network Security, IT Consultancy.
My responsibilities are:
• The Entire Network has consisting around 3000 desktops and more that 50 Servers are secured totally by framing very tight layered security architecture.
• Framed and deployed the multi-zone and multi-layer security solution with firewalls, HIDS and NIDS.
• An integrated messaging solution designed and deployed with Mirapoint.
• A User level training is organized and documentation provided
• NetScreen firewall and IDP sizing was done Gateway security solution designed and proposed with 8 numbers of NetScreen firewall in online fallback option and one NetScreen IDP.
Project –14 Enterprise Security Solutions and Antispam Project
A Leading private cellular player in India (IDEA Cellular Ltd), India (Jan 03 – May 03)
Role: Specialist – Security solutions
Summary: Enterprise to review the security Policy in a regular interval and need the consultancy on demand to maintain the networking security of the enterprise.
Environment: NetScreen Firewalls with multi-zoning architecture, IronPort, Netscreen SSL VPN Appliance, Trend Micro, Content Management, Security Operations Management, Access Control & Single Sign On, Information Security Consulting, Policy Definition, Capacity Planning and sizing, Network Security.
My responsibilities are:
• Providing the consultancy on demand to maintain the networking security of the enterprise.
• Recommending the security policy modifications to mitigate the latest risks in the security domain.
• Security Architecture has been redesigned according to the current requirement and Firewall policies are constructed and reviewed with firewall log files for any attacks and intrusion.
• Firewall has been configured for the core security with multi-zoning architecture.
• Policies are defined and modified for the current requirement.
• VPN solution is deployed for the 4 circles (branch) from the NetScreen Firewall
• Policy revision and system security analysis done in a regular time intervals.
• Root Cause Analysis for the issues faced on day-to-day activity by the client.
• Disaster recovery and Contingency plan executed in a regular time interval for to ensure the availability of the system.
• NetScreen Firewall up gradation done.
• Ironport is successfully evaluated for the AntiSpam solution. This includes AntiSpam service for more than 150,000 mails per day of the corporate mail users.
• Netscreen SSL VPN is deployed in multi location primary-backup setup for the single sign on and remote secure assess to the business critical applications.
• Support to the TrendMicro gateway antivirus setup.
Project –15 ISP Backbone Security
A Leading ISP (HCL Infinet Ltd), India (May 01 – Dec 02)
Role: Project Leader / Tech Lead
Summary: A very big ISP setup with the combination of partially mesh network and full mesh network. The total network has to be secured from External and Internal Attacks.
Environment: Checkpoint Provider-1, Checkpoint Firewall, Symantec Norton Antivirus with Primary and Secondary Server, Fortigate Firewall, eTrust IDS, SolarWinds, Websense, ISS real secure IDS, Content Management, IP Network Planning, IT Operations Management, IT Project Management, Network Operations Management, Security Incident Management, Security Operations Management, Information Security Consulting, OS Hardening, Policy Definition, Security Awareness, Frame Relay, High Availability, Layer -2 Switch, N/W Management, TCP/IP, ATM Switching, Cisco LAN Switch, Cisco Routers, IP Routing, IPv6, ISS RealSecure IDS, Information Security - Policy & Process, Juniper Routers, Microsoft Exchange Server and other Networking Products.
My responsibilities are:
• Evaluation of Checkpoint Provider-1 for Core Security
• Evaluation three Checkpoint gateways at core layers and Internet peering points are managed with Checkpoint Provider-1.
• Ongoing management and support for Checkpoint NG.
• Content Filtering, Email Filtering, URL Filtering and other policy development according to the requirement.
• Distribution Model Setup
• Symantec Antivirus - Integration with Global Server, Primary Server and Client mode.
• Fortigate Firewall – Configured as a Gateway for Noida – HO site, with the security policy defined for Content filtering, Email filtering, URL filtering and Inbuilt IDS.
• SolarWinds Software integrated with Firewall for to collect the logs. Periodic Validation of logs is checked.
• Policies of firewall are reviews and modified as per change management to protect the entire setup from latest attacks.
• Also Logs of Content Filtering being utilized to monitor the employee’s activity and to avoid the misusage of Internet and mails.
• Firewall level authentication enabled for to access the various business critical servers.
• Incident reviewing & monitoring and validating the effectiveness and implementation of WAN Security, Application Security, Remote Access security, etc.
• Successful Evaluation on eTrust IDS for to monitor the Intrusion activities and network traffic analysis for HO
• ISS Real Secure IDS is installed and configured to monitor the network related intrusions.
• Validating the effectiveness of internal controls for the collocated client servers and routers.
• Providing recommendations on Information Security policy to the firewall administrator.
• Worked with internal audit team to meet the requirements of BS7799 standard and roadmap for ISMS implementation was projected to the manager.
Project –16 Enterprise Networking Security and VPN Solution
Leading Tyres manufactures (Apollo Tyres Pvt Ltd), India (Nov2000 – March 01)
Role: Project Lead
Summary: Information Security at HO is designed with Pix firewalls and Cisco VPN Concentrator. Considering all the business requirement and security standards and guidelines derives pix firewall policies.
Environment: Cisco PIX Firewall on HA Mode, Cisco VPN 3000 Concentrator, Cisco LAN Switch, Cisco Routers, IP Network Planning, IT Operations Management, IT Project Management, Network Operations Management, Solutions Management, Cisco PIX, Information Security Consulting, Frame Relay, High Availability, ISDN, Layer -2 Switch, TCP/IP, IP QoS, IP Routing, Network Security.
My responsibilities are:
• Cisco Pix Firewall 515-E on Hot Standby Mode for Core Security and Cisco 3745 configured as Pocket Filter Firewall.
• Prevention of well-known attacks is configured and Security Policy and logs are reviewed and correlated periodically and polices are modified accordingly.
• Corporate VPN policy for Secure Remote Access VPN is designed and deployed with Cisco 3000 Concentrator.
• More than 300 Sites over VPN connected to HO – Hub and Spoke Model
• Site-to-Site IPSec and layered Security at Head Office are deployed.
• Contingency Plan is planned and executed for the gateway security solution provided by Pix Firewall in Hot Standby Mode.
Project –17 Public Key Infrastructure (PKI)
ELGI Equipments Ltd, India (Aug2000 – Oct2000)
Role: Project Lead
Summary: Implementing Public Key Infrastructure to provide the secure data flow between the sites over shared network environment by ensuring the data authenticity, integrity and confidentiality.
Environment: Cisco PIX Firewall, IPSec, Cryptography, Information Security Consulting, Cisco LAN Switch, Cisco Routers, Win 2000 Server configured as CA Server, Windows 2000 Active Directory Server, Project management.
My responsibilities are:
• Cisco PIX Firewall 515E is deployed to provide robust user and application policy enforcement, multivector attack protection, and secure connectivity services.
• Cisco Pix Firewall 515-E is configured as per the enterprise policies.
• Site-to-Site VPN is configured between Cisco PIX Firewall to Cisco Routers at Branch offices.
• Internal Certificate Authority primary server and backup servers are configured using Win 2000 Server.
• Pix Firewall and the remote office routers are integrated with Certificate Authority server.
• Private keys are configured in the router and PIX Firewall
• Public keys are kept with the CA server.
• IPSec tunnels are configured to use the PKI for authentication between PIX Firewall at HO and routers at remote offices.
Project –18 Disaster Recovery Network Design and Implementation
Bank Of Rajasthan, India (May2000 – July2000)
Role: Project Leader
Summary: Bank required a DRN Solution to keep the business continuity at the networking level.
Environment: DRN (Disaster Recovery Network), Business Continuity Planning, Disaster Recovery Planning, ISP backbone configuration, Project management.
My responsibilities are:
• Disaster site network solution is framed between primary sites at Jaipur to DRN site Indore.
• Configuration in HCL InfiNet ISP backbone and routing is planned and configured.
• DRN network solution deployed
• Contingency and disaster plan successfully executed and tested.
Project –19 VPN Design and Deployment with IPSec
ITC, India (July 1999 – April 2000)
Role: Project Leader
Summary: VPN solution framework with IPSec Security for about 6 divisions and 250 branch offices.
Environment: Frame Relay, H.323, High Availability, ISDN, LAN Workplace, Layer -2 Switch, N/W Management, Wireless N/W, Cisco Routers and switches, ISP backbone configuration, IPSec Technology, Checkpoint firewall, Project management.
My responsibilities are:
• VPN solution framework with IPSec Security designed and implemented for about 6 divisions and 250 branch offices spread all over India.
• Partially mesh VPN topology with Point-to-Point and VPN solution framework designed and deployed for more than 250 locations and 7 Divisional HQ.
• IPSec VPN Solution deployed between branch offices to Division HQ.
• IPSec over GRE tunnels are configured between DHQ to Corporate HQ.
Few More Projects handled on Different Domains are listed below.
Solution Name: Proposals for Information Security Frameworks
Client Name: Tata Motors, India, Idea Cellular, India
Tool Used: Clear documentation and Proposal documentation on Intrusion Detection and Prevention (IDP) requirement of the customer. Netscreen IDP and ISS products are evaluated
Solution Name: Internal Benchmarking and validating the security products
Client Name: Clients for Wipro Technologies Ltd and Apara Enterprise Solutions (P) Ltd.
Tool Used: Various security devices are validated in a controlled environment and the best product for the customer environment was suggested and promoted.
Solution Name: Bandwidth Optimization Solution
Client Name: AESSEAL, Bajaj Alliance, WNS and Emphasis, India.
Tool Used: Peribit
Solution Name: Bill Of Material Validation
Client Name: Enterprise Solutions provided by HCL Infinet to their Customers.
Tool Used: Understanding the solution and validating the Bill of Material (BoM) estimated for that.
Solution Name: Corporate VPN Solution Design, Deployment and Support
Client Name: ITC, LG Electronics Ltd, Manipal Hospitals, Gabriel, Kone Elevators, Airport Authority Of India, Air Deccan Aviation, etc. India.
Tool Used: VPN Technology, Routers, Layer Three and Two Switches, HCL Infinet Backbone.
Subscribe to:
Posts (Atom)
