Information security (infosec) covers all information processes, physical and electronic, regardless of whether they involve people and technology or relationships with trading partners, customers and third parties. Information Security concerned with all aspects of information and its protection of its life cycle writhing the organization.
 

  • OBJECTIVE:
    A highly motivated, enthusiastic and performance driven Information Security Professional over ten years of Information Technology experience to which he has been exposed to a variety of diverse environments is looking for an IT Security position in a progressive organization where I can utilize my skills and knowledge and to add value by aligning technology strategy with the organization’s objectives.

    SKILLS SUMMARY

    Security Architecture and System Engineering
    * Outstanding 12 years of information technology and information security experience design, implementation and management of LANs, WANs, wireless networks, servers, firewalls, routers, switches. Strong understanding of the security mechanisms and vulnerabilities associated with Windows and UNIX operating systems, TCP/IP protocols, switched networks, applications and databases.
    * Able to effectively communicate Information Security matters to various organizational levels, including business units, technical staff and senior management. Experienced in transforming and negotiating business, privacy and legal requirements into security and technical specifications.
    * Familiar with Canadian and US legislation that affects Information Security and Privacy (FISMA, PHIPA, PIPEDA, HIPAA, Sarbanes-Oxley (SOX 404), PCI DSS).
    * Practical Knowledge of Information Systems Security and Management standards, frameworks and best practices (CobIT, ISO 17799/27002, ITIL Foundations, NIST, Common Criteria).
    * Working knowledge in Project Manager Competency Development framework including of planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives, PMBOK.
    * Experience in planning and conducting a network, application, database vulnerability assessment and controlled penetration testing.
    * Excellent understanding of security strategies, methodologies and technologies including secure global network design, remote computing, desktop and server hardening, virtualization, compliance auditing, secure system development lifecycles, software auditing and penetration testing, security monitoring and response.
    * 3 years in SQL, VBasic, VBA, HTML, C/C++, Pascal, Assembler programming.

    Information Technology Risk Management
    * 8 years in information technology Security risk assessments and gap analysis, Access Control and Identity Management, Threat Analysis, Vulnerability Assessment and penetration testing.
    * Organizational Security Development, Policies and procedures development, Infrastructure security controls, key performance monitoring and audit.
    * Ability to analyze and communicate needs and requirements for security architecture and standards to all stakeholders. Clearly express technical information and concepts to a non-technical audience and vice versa.
    * Effectively work with senior management, influence decision makers. Monitor and manage projects to ensure accurate project time. Strong understanding of security operations challenges.
    * Understand the importance of effective technical documentation in identifying and managing IT security risks.

    Personal Qualities
    * Able to lead, manage and coordinate projects and operations, work without supervision both independently and within a team, effectively manage tasks, time and resources.
    * Responsible, sociable, accurate, adaptable, self-sufficient, self-driven, detail and results oriented.
    * Learn very fast and able to understand areas, unfamiliar to me, independently.
    * Easily adaptable to new systems and tools.
    * Always opened for constructive dialogue and suggestions.

    SYSTEMS / TOOLS / TECHNOLOGIES EXPERIENCE

    * Security technologies: Defense-in-depth methodology , ACL filtering, Checkpoint, Cisco Pix and ASA, IDS/IPS systems, snifters, network performance and monitoring utilities, vulnerability scanners and penetration testing, forensic and auditing tools, malicious code containment - Antivirus, and Antispam defense.
    * Platforms: MS DOS, NT3.51/4.0/2000/2003, UNIX, Linux.
    * Network Protocols: TCP/IP, UDP, ICMP, SNMP, FTP, TFTP, HTTP, HTTPS, SSL, TELNET, SSH, LDAP IPX/SPX, NetBEUI, SMTP, POP3, IMAP, DNS, DHCP, WINS, RIP, IGRP, EIGRP, OSPF, ISIS, BGP.
    * Network technologies: Routing, Firewalling, LAN, WAN, VPN, VLAN, NAT, PAT, QoS, Wireless networks.
    * Encryption and authentication: IPSec, L2TP, PAP, CHAP, WEP, TKIP, WPA, WPA2, TKIP, RADIUS, TACACS+, PKI, RSA.
    * Databases and Servers: SQL, VMware ESX, WSUS, Websence, Smart Filter, ISA, IIS, Apache, Exchange, MDaemon, Veritas, FTP, TFTP, SSH, CA, VPN, Cisco ACS, RAS.
    * TOOLS: Nessus, MBSA, GFI LANguard Network Security Scanner\ Event Log Monitor, Nsauditor, Solarwinds tools, Checkpoint SmartDefense, Encase, Hyena, DameWare, Knoppix, Kismet, Cybercop, Metasploit, IISXploit, WebInspect, SuperScan, N-Stalker Web Application Security, L0pht, Brutus, Nmap, Netcat, Ethereal, Retina, Iris, Cain, Ciscoworks, Snort, Outpost, PGP, McAffee, Norton, Kaspersky, Acronis, Chost, Communications software, Access, Microsoft Office, Corel, Adobe, Norton, Symantec, Macromedia.

    CAREER HISTORY

    June, 2008 to present
    IT Security Analyst /Toronto Transit Commission (TTC)

    Responsible for IT Project Management addressed to corporate IT security requirements resulting from project and operations initiatives.

    * Involved in development, implementation, operations and maintenance of a    Security Program and Security Architectures.
    * Established and performed Threat Assessments and Threat Management process,
       Vulnerability Assessments and Vulnerability Management, Privacy Impact    Analysis, Penetration Tests, Security Audit.
    * Provided Technical Assistance and Security Solutions.
    * Maintained management reporting system environment.
    * Provided presentations and education to various levels of Management.

    Projects:
    * Vulnerability Threat/Risk Assessment for Next Train Arrival System (NTAS)

    February, 2004 to June 2008
    Sr. Security Analyst * Team Lead / Bendix Foreign Exchange

    Led all aspects IT Infrastructure Strategy, architecture, and operations, including networking, security, server platforms, desktops, laptops, remote access, storage, disaster recovery, business continuity.

    * Conduct security risk assessments and defined security controls to support business needs and objectives. Developed foundations of the corporate security program including information security policies, procedures, standards, and guidelines.
    * Conducted Business Impact Analysis on a regular basis, evaluated risks to operational facilities, and identified the technical requirements that meet or exceed the recovery requirements of mission critical business functions.
    * Successfully upgraded legacy systems from old terminals to centralized network environment, role based access control and perimeter protection.
    * Designed LAN and WAN infrastructure, Access Control Management, administered and supported various operating system platforms, network capacity planning and general network management.
    * Responsible for the IT budget cost effective spending. Software licensing and IT contracts control.
    * Implemented SSH, VPN solution to ensure data confidentiality and integrity. Implemented Cisco Firewall and router package filtering technology.
    * Lead and managed development process and implementation for a new custom business application based on .Net technology with MySQL DB for traders that provide them with more information, allowing make a deal more efficient, optimize the time spent with each customer. Supervised the process of software development from the security perspective.
    * Performed vulnerability assessment to ensure appropriate protection has been utilized for the systems.
    * Corporate Antivirus and antispam protection, backup control.
    * Worked with the different Business groups to ensure technical requirements are met.
    * Provided training for company Management and Users.
    * Established working relationships with vendor partners.
    * Supervising of 4 people IT team.

    Projects:
    * Provided analysis of system, subsystem and elements requirements.
    * Conducted BIA, security reviews of core systems, network and operational infrastructure and analysis of the state of information security, penetration tests and intrusion defense analysis. BCP
    * Implemented CRM (Customer Relationship Management system), new Mitel PBX telephone and reporting system.

    Environment: VMware ESX 3.1, Windows 2003, 2000, XP, SCO (UNIX), CentOS (Linux)
    * AD, File, DNS, DHCP, Print, Application, Telnet Servers, IIS, SQL, ZIM, WSUS, FTP, TFTP, SNMP, SSH.
    * CheckPoint NGX (R60), Cisco IDS 4210, Cisco routers 2600, 2811, switches 2950, Pix 506E, 515E, ASA 5505, RS232, RAS, VLAN, Remote VPN, Site-to-Site VPN, Cisco ACS (AAA), TACACS+, PAT, NAT, ACL, Websence, Cisco SDM, Dell Wireless AP. Nessus, MBSA, Nmap, Solarwinds Engineering, LANsurveyor, EnCase Forensic, L0phtcrack, Netstumbler, CyberCop. PGP, DameWare, VNC, VERITAS Backup Execute 10, UPS Manager, Citrix (Reuters), PC Quote, MS Office, Smart Draw, Visio, Kaspersky enterprise, Cash Plus Reports, Acronis, Privilege Manager, Made Easy, MS AD, Group Policy and Security Manager. MS Office, Maximizer (CRM), Cash+ Accounting, Access.

    September, 2001 to December 2003
    IT Manager / EUROVENT

    Ascertained business requirements of the entire organization and creating a strategy to implement a technology infrastructure to meet these needs. Responsibilities include the overall management of all information services, data processing, client support and security functions.

    * Provideed Technical Team Leadership to various in-house projects.
    * Worked with internal teams and external customers to design software agents for integration into the HVAC product line. (CIAT, York, Siemens)
    * Lead newly formed information security division within this business unit, assisted in development and implementation of the information security management system, with particular emphasis on developing, implementing and effectively managing the information security risk management function.
    * Delivered IT strategic plans, systems development and network infrastructure solutions.
    * Reviewed general support system and major application controls to determine gaps and identify technical, operational, and procedural refinements.
    * Consulted and implemented network and physical security changes for corporation.
    * Regular security checks, risk and vulnerability assessment.
    * Delivered Firewall and Virtual Private Network (VPN) Security. Partnered with line of business Executives to determine their needs in a process of a new software development. ERP has been implemented.
    * Direct supervision, technical coaching and monitoring of two System Administrators and Data Manager. Built and maintained professional relationships with clients and vendors.
    * Further responsibilities to assist in the planning of all training activities throughout the year by maintaining close communication with the senior management team within the company.

    Projects:
    * Defined system level architecture and detailed design for defense-in-depth solutions for corporate wide network and telecommunication systems.
    * Performed technical risk mitigation for newly designed and implemented features through research, modeling, simulation and/or prototyping.
    * Created Audit program, Business continuity plan, vulnerability assessment and penetration testing, incident response procedures and change control management guidelines.
    * Secure design and locked-down implementation for servers, desktops and laptops (Dell/Windows2K/2K3/XP)

    Environment: Windows NT, 2000, 98, FreeBSD, Red hat (MySQL), File, DNS, DHCP, Print, Application Servers, IIS, MS SQL, MS MOM, Exchange Server, Sharepoint Portal Server.
    * CheckPoint FW-1, Outpost, 2600 Routers, Remote VPN, Snort, Nessus, GFI Security Analyzer, GFI log server, Nmap, Iris Scan, Cain & Abel, Solarwinds tools, MS Visual Studio, Ethereal, RemAdmin, AutoCAD, 1C (sql), MS Office, MS Project, Visio, McAfee, Access.

    September 1999 to August, 2001
    System Engineer / North-West Timber Company

    Responsible administration and maintenance of local network infrastructure. Provided IT services for over 5000 users. Performed design, configuration, and life cycle support for critical systems. Enhanced monitoring and reporting process.

    * Administered and supported Multi-platform Operation systems.
    * Provided leadership and implementation assistance for various security-related projects.
    * Monitored, inspected and analyzed logs, audit trails, network traffic and payload.
    * Maintained various applications and offered technical support to customers.
    * Responsibilities included managing clients’ NT 4.0 and 2000 networks, troubleshooting and repairing hardware and software issues for both onsite and drop off services, and handling telephone helpdesk support.
    * Monitored system tasks and resources, optimized and tuned up system and performed backup/restoration.
    * Responsible for maintaining departmental internal web site.
    * Installed, configured and maintained SQL database, MS Exchange Server.
    * Developed system to ensure compliance with organization’s security policy.
    * Evaluated and installed computer, networking hardware and operating system software.
    * Troubleshooting of LAN and system problems, Cisco Switches and routers, T1 and frame relay, developed and documented standardized troubleshooting methodologies.
    * Implemented Secure VPN connections for remote branches across country.
    * Standardized desktop throughout the organization. Field-repair times reduced by 75%.
    * Assess and review current technology infrastructure to identify key risk areas, and ensure adequate levels of controls are in place to address those risks. Evaluated system, network and application security.
    * Provided assistance in network and system design for new opened offices.
    * Member of team worked on company security policies and procedures, awareness program design, and implementation.
    * Applied security patch management systems.
    * Created documentation and offered presentation and training to end users.

    1996 – 1999
    System Engineer / LENIMS

    Responsible for building, monitoring and management of the server infrastructure for production, development, lab and hosted application environments, including all of the following:

    * The main focus of my work was on determining the future direction of the computing environment for a group of about 150 technical users within Lenims under a $1.5 Million budget.
    * I was responsible for upgrading and converting of all of the PC’s from 386/486’s to Pentiums and from Windows 3.1 to Windows 95 (NT would not work here). Included in this was installing and supporting all of the desktop applications.
    * Building, configuring, administrating and maintaining of Windows NT 4.0 Servers.
    * Configuration and Maintenance of RBAC access control.
    * Modifying and securing of security systems (Checkpoint Firewall) based on Linux.
    * Performance tuning, building strategy, administration and maintenance of WEB (and all internet based) servers.
    * Administration and maintenance of Compaq, Hewlett Packard and Dell Desktops and Servers, as well as Toshiba Laptops.
    * Maintenance of network equipment, monitoring of network utilization and capacity planning of network resources (including WAN connectivity and management).
    * The Microsoft Proxy Server was configured to use an ADSL connection to the Internet, and the Exchange servers were configured to handle Internet based mail for all users.
    * Create and maintain disaster recovery solution and testing the disaster recovery plan.

    1985 – 1995 Served in the Air Force
    Pilot – Engineer

    EDUCATION

    * 2005 Toronto, CISCO NETWORKING ACADEMY
    * 1999-2001 Saint-Petersburg State University, B.Sc. System Engineer for the specialty “Computing Machinery and Computer-Aided System Software”
    * 1999- 2001 Saint-Petersburg State University, professional retraining program
    Diploma in “Personal computer and local network software”
    * 1984-1989 Yeisk Air Force Military Academy, B.Sc. Diploma in Electronics

    CERTIFICATIONS

    * CISSP (Certified Information Systems Security Professional)
    * CCSP (Cisco Certified Security Professional)
    * CCNP (Cisco Certified Networking Professional)
    * CCNA (Cisco Certified Network Associate)
    * CCSA (CheckPoint Security Administrator)
    * CCSE (CheckPoint Security Expert NGX)
    * MCSA:Security (Microsoft Certified System Administrator)
    * MCSE:Security (Microsoft Certified System Engineer)
    * CompTIA Security +
    * Cisco IDS (Intrusion Detection System) Specialist
    * Cisco Firewall Specialist
    * Cisco VPN (Virtual Private Networks) Specialist
    * CNSS 4011 INFOSEC (Certification by NSA (National Security Agency) / CNSS (Committee on National Security Systems)
    (CISA on December 2008)

    PROFESSIONAL MEMBERSHIP

    * IEEE - Institute of Electrical and Electronics Engineers
    * (ISC)2 - International Information Systems Security Certification Consortium
    * ISACA - Information Systems Audit and Control Association
    * BCI - The Business Continuity Institute
    * IASA - International Association of Software Architects

    COURCES AND TRAINING ATTENDANCE

    * VeriSign: “Bad Guys and what you can do to protect yourself from them”
    * CISCO: “Cisco Takes the Mobility Network to the Next Level “
    * BGP: “Data Breaches and their Impact”
    * Secure Computing: “Secure Web 2.0 Anti-Threat Initiative - S.W.A.T.”
    * CISCO: “Five Crucial Steps to Deploying a Secure Guest Network”
    * Websence: “The Webification of the Desktop”
    * (ISC)2: “Vulnerability Management / Patches”
    * Prism Microsys.: “Using Behavior-based Correlation to Detect Threats in Real Time”
    * CISCO: “Designing Wireless Net., and Mobility Services in Branch Locations”
    * ISSA:    "PCI DSS-Your Stepping Stone to a Trusted Security Model "
    * (ISC)2 : “Web Access Management”
    * CISCO:  "Network Admission Control Design."
    * University of Bern: Open Source Security Testing Methodology Manual (OSSTMM) –
    * (ISC)2: "Securing from the Start: Examining Application Security"
    * IDC: ‘How to Stay Out of the Headlines with PCI Compliance’
    * (ISC)2: “You’re E-mail Inbox Gateway to Danger?”
    * CISCO: – “Essentials of Successful VoIP Migration”.
    * (ISC)2: “on 4 Steps to Security Success”.
    * ISA: “Security Risk Management Series - Data Loss Prevention (DLP)”
    * CISCO: - “Security Threat Landscape Session with Patrick Gray”
    * ISA: "Security Risk Management: “Protection and Compliance Seminar”
    * Microsoft: Energize IT (Lunch of Forefront Security)
    * DoubleTake:"Protecting Microsoft Exchange and Centralized Backup “
    * Network General: “ Canadian User Forum” – Oct., 18 2006
    * “Live Web Application Hacking” Workshop –Sept 21 2006
    * “Active Directory Design and Implementation” – April 10, 2005
    * “Effective Patch Management”, February 17, 2004
    * “Microsoft Security Week”, December 1-5, 2003
    * “Network Analysis, Monitoring and Troubleshooting”, January 17, 2002


    I view the corporation itself as the information system. It is within this overall system that information subsystems reside, one of which of course is the computer network. This network, coupled with the myriad of information subsystems. Effective protection of this system begins at the front gate and never ends. With this concept of the information system, I am able to provide clients with a greater understanding of information security, and thus help distinguish their actual security needs from their perceived technology and security needs.

  

Download resume

.DOC  .TXT  .PDF








































     Continuing
     Professional
     Education












www.sergri.net