Click here for a pdf version of the resume (194k)

˜

Click here for a doc version of the resume (74k)

˜

Career Objective

A security consultant position that would utilize my current skills while simultaneously giving me the opportunity to expand my skills into new facets of Information Security

•

Summary

• 6 yrs of professional experience in an information security position with specific focus on:
  • Security Management and Operations, Security Policies, Procedures, System Analysis and Auditing
  • Analyzing Penetration Testing & Vulnerability Assessment reports and creating plans to improve the security posture in the Network, Host and Applications Security Design and Implementation
  • Application Security Testing
  • Hands-on experience in using security tools, techniques and methodologies
  • Operating System, database and network device hardening
  • Linux System Administration
• Good understanding of regulatory and industry standards like SOX, ISO17799/27001/2 and PCI DSS
• Worked as primary consultant on client engagements and played an instrumental role in securing new projects for the company
• Worked with Practice Area Leaders on developing and growing the security practice area and related offerings
• Able to identify customer requirements and translate them into an appropriate technical proposal
• Assisted in proposal preparation, time & resource estimation and project implementation
• Performed technical presentations and demonstrations to corporate clients
• Mentored and trained consultants on Security Concepts like Server Hardening, Linux Server Security, Rootkits, Firewalls, Wireless Security and other Project activities.
• Was in the technical interview panel while performing recruitment activities for the E-Security dept of TechMahindra

•

Certifications

1. Prince2 Registered Practitioner - APMG
2. CISSP (Certified Information Systems Security Professional)- (ISC)2
3. CEH (Certified Ethical Hacker) - EC Council
4. BS7799 Lead Auditor - STQC
5. ISO 27001 Implementation - British Standards Institute (BSI)
6. IT Project Management - Indian Institute of Technology, Mumbai (DEP)

•

Educational Summary

Nov 1998 -- Sep 2002	BTech {Computer Engineering} College of Engineering, Chengannur Cochin University of Science and Technology Percentage: 70%
June 1997	Higher Secondary Holy Child Auxilium School, New Delhi Central Board of Secondary Education Percentage: 74%
June 1995	Matriculation Holy Child Auxilium School, New Delhi Central Board of Secondary Education Percentage: 81.25%

•

Technical Skills

Operating Systems

Linux, FreeBSD, BackTrack, Knoppix, Open BSD, Helix, Mac OS X, Windows, HP-UX

Web Servers

Apache, IIS

Vulnerability Scanners

Nessus, Wireshark, Netcat, GFI LANGuard, Retina, X-scan, Sara, Snort

Application Scanners

Spike proxy, Paros, WebScarab, Nikto, Whisker, Watchfire's AppScan

Server Audit/Security Tools

Nmap, rkhunter, chkrootkit, logwatch, PGP, portsentry, spamassassin, tripwire

Firewalls

Netfilter, Openbsd PF, iptables, ipchains

Programming/Scripting Languages

C, PHP, Perl, bash scripting, HTML, CGI

Databases Managed

MySql, PostgreSQL, SQL Server 2000/7.0, MS Access

•

Employment History

Company Name	Duration	Designation
Tech Mahindra (formerly Mahindra British Telecom)	Aug 2005 - present	Associate Security Consultant
Poornam Info Vision	Dec 2002 - Aug 2005	Senior Software Engineering, Grade II

•

Project Experiences

1. TechM Security Compliance in offshore migration of BT’s International Billing Plus platform, E-Security Dept, TechMahindra

   • Role: Security Consultant and Internal Security Auditor
   • On-the-job ACCOMPLISHMENTS:
     • Subject matter expert for internal line of business clients and external suppliers for security mitigation and maintenance of their internal control environment over data center operations, system development, change management, incident management and contingency planning
     • Developed and implemented information security vulnerability mitigation strategies
     • Conducted security workshops for senior managers in this project for the development, implementation, and auditing of security risk management, governance, and security compliance

2. Security Consultant for the Media & Broadcast wing of British Telecom, E-Security Dept, TechMahindra

   • Role: Security Consultant
   • On-the-job ACCOMPLISHMENTS:
     • BT Security Compliance Management
     • Creation of Security Policy Document
     • Guidance for implementation of the company security policy in the platform and creating the Implementation Matrix
     • Meeting compliance requirements of customer, legal and regulatory aspects in relation to information security governance and processes.
     • Security Improvement Plan for the platform
     • Trained BT’s system administrators on Server Hardening in Linux and Microsoft servers and Oracle database
     • Configuration Management of Servers and Network Elements
     • Ensuring BT Security compliant 3rd Party access to the platform

3. Security Testing and Platform Hardening in the Content Processing Capability of British Telecom, E-Security Dept, TechMahindra

   • Role: Associate Security Consultant
   • On-the-job ACCOMPLISHMENTS:
     • Performed Functional Security Testing of the Application
     • Audited servers to check for compliance to the Security Standards laid down by the client.
     • Gave presentations to the client demonstrating the defects and their associated risks.
     • Hardened the Linux and Windows 2k3 servers as per the Security Standards laid down by the client
     • Provided consultancy on how to improve security in the plaform

4. Security Requirements for NGN systems of British Telecom, E-Security Dept, TechMahindra

   • Role: Associate Security Consultant
   • On-the-job ACCOMPLISHMENTS:
     • Went onsite to understand the requirements of the Client
     • Created Security Requirements for NGN Systems based on the Clients Security Policies

5. Functional Security Testing for NGN Applications, E-Security Dept, TechMahindra

   • Role: Security Consultant
   • On-the-job ACCOMPLISHMENTS:
     • Creation of misuse cases
     • Security test execution based on the misuse cases
     • Check for privilege escalation, sql injections, cross site scripting vulnerabilities, password strengths etc
     • Creation of security defect report
     • Providing consultancy services on securing the system

6. End-to-End Security Test Designs for NGN Broadband and Transfer Engineering, E-Security Dept, TechMahindra

   • Role:Security Consultant
   • On-the-job ACCOMPLISHMENTS:Creation of End-to-End security test case design document

7. Server Security Services - Installations Department, Poornam Info Vision

   • Role: Team Lead
   • On-the-job ACCOMPLISHMENTS:
     • Server Security Audit and Vulnerability assessment and port scanning using tools like Nessus and Nmap
     • Creating Vulnerability Assessment Reports detailing all the vulnerabilities found and the best solution for risk mitigation
     • Linux Server hardening based on the Vulnerability Assessment Report. This included kernel recompilations, patching the kernel, firewall installations and fixing all server issues.
     • Identified major server issues and created scalable solutions from an operations perspective

8. Linux Server Administration for dedicated web hosting companies - Poornam Info Vision

   • Role: Team Admin
   • On-the-job ACCOMPLISHMENTS:
     • Led a 6-member team as team admin, providing quality Technical Support and Customer care for Network Operation Centers & Dedicated Web Hosting companies
     • Resolved all technical server issues with response time 1 hour and 6 hours resolution
     • Securing web servers using Iptables, rkhunter, portsentry, logwatch, nmap, tripwire, tcpdump
     • Linux Kernel Recompilations
     • Apache recompile , php recompile , Firewall installations
     • MS SQL Server Administration

•

WORKSHOPS/TRAINING PROGRAMS ATTENDED:

1. Prince2 Practitioner Workshop - Global Knowledge London; 5 days; May2008
2. ISO 27001 Implementation - British Standards Institute; 3 days; Feb 2008
3. Certified Ethical Hacking Training; EC Council; 5 days; July 2006
4. IT Project Management - IIT Bombay- 6 months
5. SecNet- The Computer and Network Security Workshop; IIT Bombay; 5 days; March 2006
6. IT Professionals' Conference 2006- IT Security Track; Microsoft; 2 days Feb 2006
7. BS7799 Lead Auditor; STQC; 5 days; Dec 2005
8. Linux From Scratch; Poornam Info Vision; 5 days; Jan 2004
9. Linux Server Security; Poornam Info Vision; 2 days; Sept 2004

•

Honors and Awards

• Vice-Chairperson of College Of Engineering, Chengannur.
• Judged 'Athena'-The Best Female Personality, in the College Arts Fest-2001.
• Stood first in technical paper presentation during the South India level technical festival SUMMIT 2002.
• School Prefect of Holy Child Auxilium, New Delhi.
• Taken part in debates, elocutions, drama, music and dance competitions both in school and in college and have won several prizes for the same.

•

References

Reference can be provided on request

Powered By

Apache Emacs CSS PHP XHTML