Information security (infosec) covers all information processes, physical and electronic, regardless of whether they involve people and technology or relationships with trading partners, customers and third parties. Information Security concerned with all aspects of information and its protection of its life cycle writhing the organization.
 

  • CAREER OBJECTIVE:
    Highly motivated and performance driven Information Security Subject Matter Expert with more than fifteen years of successful experience in Information Technology in all phases of Strategic Planning, Implementation, Operations and Management is looking for an IT Security position in a progressive organization where he can utilize his skills and knowledge in discovering the organization security needs, designing and developing, with economy and elegance, an information security architecture and systems that ensures an appropriate level of confidentiality, integrity, availability, authentication, and non-repudiation that is based upon valid risk management decisions, and ensuring the system can securely resist the forces to which it may be subjected and meet the organization's goals and objectives.

    SKILLS SUMMARY
    Security Architecture, Management and Engineering
    * Strong understanding of security mechanisms, experience in the determination of security vulnerabilities, weaknesses, threats and related risks that exists within an IT Infrastructure or business processes
    * Working knowledge and experience in Project Manager Competency Development framework including strategic planning, organizing, and managing resources to bring the successful completion of project goals and PMBOK knowledge areas to achieve an effective project management program
    * Knowledge of Enterprise architecture principles and frameworks: TOGAF -The Open Group Architecture Framework, IATF access control technologies and models to ensure information access controls are meet the organization security requirements and objectives
    * More than 15 years of experience in network design, remote computing, desktop and server hardening, virtualization, compliance auditing, penetration testing, security monitoring and response
    * 10 years of experience in planning and conducting a network, application, database vulnerability assessment and controlled penetration testing
    * Capable of effectively build strong relationships with the management of business units supported and communicate Information Security matters to various organizational levels
    * Experienced in transforming and negotiating business, privacy and legal requirements into security and technical specifications
    * Extensive experience creating innovative solutions and responding to information security incidents
    * Knowledge of leading information security vendors and products, multiple information security technologies and their strengths and shortcomings

    Information Technology Risk Management
    * Proven experience defining governance principals, policies and procedures and leading business and/or IT transformation initiatives to support business strategic direction
    * Working knowledge and experience in Risk analysis (TRA), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA) based on ISO/IES , RCMP methodologies, Information Systems Audit, Vulnerability assessment and Penetration Testing (OSSTMM 2.0)
    * Practical Knowledge of Information Security, Audit and Management standards, frameworks and best practices CobIT 4.1, ISO/IEC 17799 (27002) | 27001|13335, ITILv3, NIST, CC- Common Criteria, CBK- Common Body of Knowledge
    * 8 years experience in adhering processes needed to ensure compliance with legislation that affects Information Security and Privacy PIPEDA, PHIPA, MFIPA, Sarbanes-Oxley (SOX 404), Bill 198, PCI DSS 1.2
     * Ability to analyze and communicate needs and requirements for security architecture and standards to all stakeholders
    " Strong understanding of security operations challenges including key performance monitoring and audit
    * Understand the importance of effective technical documentation in identifying and managing IT security risks

    Personal Qualities
    * Able to lead, manage and coordinate projects and operations, work without supervision both independently and within a team, effectively manage tasks, time and resources
    * Responsible, sociable, accurate, adaptable, self-sufficient, self-directed, detail and results oriented
    * Learn very fast and able to understand areas unfamiliar to me independently
    * Easily adaptable to new systems and tools
    * Clearly express technical information and concepts to a non-technical audience and vice versa
    * Always opened for constructive dialogue and suggestions

  • TECHNOLOGIES EXPERIENCE SUMMARY
    * Security technologies: Defense-in-depth concept , Firewalling , Network Access Control (NAC) and user provisioning, System hardening, Intrusion Detection and Prevention, SEIM, Automated security management , vulnerability and penetration testing, content filtering and forensic analysis
    * Platforms: MS: DOS, NT3.51/4.0/2000/2003, XP; Unix: HP-UX 11, Solaris 8/9, SCO, BSD; Linux: RH, CentOS
    * Network Protocols: TCP/IP, UDP, ICMP, SNMP, FTP, TFTP, SFTP, FTPS, HTTP, HTTPS, SSL, TELNET, SSH, LDAP IPX/SPX, NetBEUI, SMTP, POP3, IMAP, DNS, DHCP, WINS, RIP, IGRP, EIGRP, OSPF, ISIS, BGP
    * Network technologies: Routing, Firewalling, LAN, WAN,VNS, VPN, VLAN, NAT, PAT, QoS, Wireless
    * Encryption and authentication: IPSec, L2TP, PAP, CHAP, WEP, WPA2, EAP, TKIP, DES/3DES, AES, SHA, MD-5, PKI, RSA, PGP, 802.11i, 802.1x, EAP, PEAP
    * Databases and Servers: SQL, Oracle, Cisco ACS, MS IAS, RADIUS, TACACS+ , RSA, VMware ESX, WSUS, SMS, MOM, WEB, Exchange, Veritas, Websense, Citrix, FTP, TFTP
    * TOOLS    : Nessus, Qualys, MBSA, GFI LANguard, CA SPECTRUM, NETWORK INSTRUMENTS -OBSERVER, MangeEngine, MRTG, PRTG, Nagios, Snoopy, Nsauditor, Solarwinds , Encase, Hyena, DameWare, Knoppix, Kismet, Iperf, Cybercop, Metasploit, IISXploit, WebInspect, SuperScan, N-Stalker Web Application Security, L0pht, Brutus, Nmap, Netcat, Ethereal, Retina, Iris, Cain, Ciscoworks, Snort, Triwire HIDS, McAffee, Norton, Kaspersky, Acronis, Communications software, Access, Microsoft Office
    * Appliances: CISCO: Pix 401/515/525, ASA 5505/5520/5540, IDS/IPS 42035/ Netranger, MARS V6, Routers 7200/2800/2600 Switches 6500/3400/2950, VPN 3000, Enterasys: C3/B3/N7Matrix, IDS Dragon 7 DSCC, Netsight Console, 4110 Wireless Gateways, HiPath APs, HiGuard Wireless IDS/IPS, NAC Gateways, SIEM, Iron Port, F5 BiG IP, CITRIX NetScaler, Gigastore, SUN,DELL Blades

    PROFESSIONAL MEMBERSHIP
    * (ISC)2 - International Information Systems Security Certification Consortium
    * ISACA - Information Systems Audit and Control Association
    * BCI - The Business Continuity Institute
    * Sarbanes Oxley Compliance Professionals Association
    " PCI DSS FORUM

    EDUCATION
    * 1999-2001 St. Petersburg State University, B.Sc. System Engineer for the specialty "Computing Machinery and Computer-Aided System Software Development"
    *1999- 2001 Saint-Petersburg State University
    Diploma in "Personal computer and local networks"
    * 1984-1989 Yeisk Air Force Military School
    B.Sc. Diploma in Electronics, Pilot-Engineer

    CERTIFICATIONS
    * CISM (Certified Information Security Manager)
    * CISSP (Certified Information Systems Security Professional)
    * ISSAP (Information Systems Security Architecture Professional)
    * CISA (Certified Information Systems Auditor)
    * CCSP (Cisco Certified Security Professional)
    * CCNP (Cisco Certified Networking Professional)
    * CCNA (Cisco Certified Network Associate)
    * CCSE (CheckPoint Security Expert NGX)
    * MCSE:Security (Microsoft Certified System Engineer)
    * CompTIA Security +
    * AMBCI (Associate Member of the Business Continuity Institute)
    * CNSS 4011 INFOSEC Certification by NSA (National Security Agency) / CNSS (Committee on National Security Systems)
    " CISSP-ISSAP (in process)

    CAREER HISTORY
    November 2008 - present
    Sr., IT Infrastructure Security Architect / Toronto Star & Metroland Media Group
    Lead all aspects of Security Architecture design and implementation for the computer systems, servers, networks and data as an integral part of the service delivery mandate of the IT Group. Play a key role in this mandate by developing and implementing Information Security Program framework, Threat Risk Assessments, Vulnerability scans, Penetration tests and IT audits.

    * Conducted sophisticated security reviews and TRAs of core infrastructure and analyzed current state of information security including high-level assessments and to very tightly focused examinations of specific security concerns
    * Identified and recommended improvements to enterprise security infrastructure
    * Lead network security activities related to regulatory compliance remediation (PCI-DSS, SOX, etc.)
    * Lead network security standards, policies and procedures development and review including Firewall/Router/IDS, Web Filtering, Data Loss Prevention (DLP) and Network Audit and Validation
    * Defined system level architecture and detailed design for defense-in-depth solutions for the corporate wide network and telecommunication systems
    * Provided research, evaluation, and recommendation for security solutions
    * Act as a technical and knowledge interface for information security for new project initiatives including working with project managers, peers and business unit management to ensure that information security is not compromised throughout the change management process
    * Lead Infrastructure integration activities related to security department consolidation between The Torstar, Metroland Media and more than 100 business partners and stakeholders
    * Conducted audit adherence to security processes and requirements
    * Responsible for monitoring all security systems and processes for efficiency
    * Proactively managed client expectations across all business functions
    * Monitored intrusion detection and prevention systems, scans and attacks, analysed and resolved security breaches and vulnerability issues
    * Collaborated with other IT members to identify opportunities for delivering effective business solutions
    * Proactively worked to improve methods, tools and techniques to establish best practices, process efficiencies and to surpass service level agreement measurements
    * Active member of the CERT (Computer Security Incident Response Team), assist in special investigations related to computer security incidents
    * Trained and mentored team members

    Projects:
    *     Information Security Program (architecture) development and implementation (policies, standards, procedures )
    * IT Security risk management for the Torstar IT Infrastructure (TRA, BIA, PIA, security reviews)
    * Network Edge Security design and implementation 2 datacenters (ASA firewalls)
    * Enterprise wireless networks security requirements definition, conceptual, detailed design and implementation
    * Enterprise Network Access Control, SIEM, Automated Security Management
    * PCI compliance project (gap analysis and remediation action plan)

    Environment: , Windows 2000-2003, XP HP-UX 11, Solaris, Linux RH, VPN300, VLANs, WAN, Cisco Works, Cisco ACS, RADIUS, Cisco PIX 515/ASA5520/5540, MARS, IDS4235, Enterasys C3/B3/N7/ Dragon, RSA tokens, Active Directory, Exchange 2000, Web Mail, Blackberry Server, Sun Gigastore, Arcserve, Veritas, QualysGuard , McAfee Anti Virus EPO, Citrix, Bright Mail Anti Spam, Mail Relay, IronPort, SNADS Gateway, F5 Big IP, CITRIX NetScalers

    April, 2008 - November 2008 (contract)
    IT Security Consultant /Toronto Transit Commission (TTC)
    Provided assistance to Project Management Group with security issues directly related to requirements and deliverables of TTC projects and recommend remedial actions for risk reduction to acceptable level.

    * Provided consulting on strategic and technical information technology issues
    * Involved in development, implementation, operations and maintenance of a Security Program and Security Architectures. Conducted security policy gap analysis, revised existed and created new IT security policies and standards within defined framework in accordance with ISO17799 and NIST 800 series documents.
    * Research security threat trends and present recommendations to senior management
    * Performed Threat Risk Assessments TRA (adopted RCMP and ISO/ IEC 27001), Privacy Impact Analysis, Penetration Tests and Security Audit for numbers of projects.
    * Provided Technical Assistance and Security Solutions consulting including assessment of Project Orders, RFP's, Business Case's and Service Level Agreements.
    * Maintained management reporting system environment.

    Projects:
    *     (CSDN) Customer Service Disruption Notification service: Performed security testing to ensure systems will contain necessary security controls required to protect information assets and resources from unauthorized access.
    * (NTAS) Next Train Arrival System: Involved in Threat/Risk Assessment, recommend remedial actions for risk reduction.
    * (NBAS) Next Bus Arrival System (NBAS): Performed security assessments of detailed design requirements, RFP, Implementation and Test Plans on the infrastructure and system components during pre-production and production stages.

    February, 2004 to April 2008
    IT Security Expert / Bendix Foreign Exchange
    Responsible for the corporate IT Security design and implementation, operations, including networking, security, server platforms, desktops, laptops, remote access, storage, disaster recovery, and business continuity

    * Responsible for the development and implementation of corporate wide IT Governance and implementing operational strategies, policies, standards to meet business strategic goals using ISO 17799 and CobiT frameworks
    * Defined architecture and design security controls and solutions based on defense-in-depth methodology to satisfy system requirements and support business needs and objectives (incl. technology, people, operational procedures, and data; software and hardware components)
    * Conducted threat risk assessments and defined security controls to support business needs and objectives
    * Conducted Business Impact Analysis on a regular basis, evaluated risks to operational facilities
    * Defined overall tactics and strategy for corporate information security program for short, mid, and long term
    * Implemented Role Based Access Control (RBAC) through authentication, authorization and accounting process to preserve and protect the confidentiality, integrity, and availability of information, systems, and resources.
    * Acted as a subject matter expert for solution delivery in the areas of Firewalls, IDS, VPN, and Authentication.
    * Implemented Disaster Recovery plans to protect IT Assets against future and operational interruptions.
    * Supervised the process of new application development and implementation from the security perspective.
    * Conducted regular vulnerability assessment to ensure appropriate protection has been utilized for the systems.
    * Participated in the incident response team in a hands-on, technical role.
    * Network traffic monitoring and analysis for suspicious activities.
    * Corporate Antivirus and antispam protection, backup control.
    * Provided guidance and administration for the Patch Management program.
    * Worked with the different Business groups to ensure technical requirements are met.
    * Provided training for the company's Management and Users.
    * Established working relationships with vendor partners.

    Projects:
    * Analysis of system, subsystem and elements requirements
    * Secure design and locked-down implementation for servers, desktops and laptops
    Enhanced corporate network security by performing various security audits
    * Introduced and implemented new security architecture model

    September, 2001 to December 2003
    Manager / EUROVENT
    Ascertained business requirements of the entire organization and creating a strategy to implement a technology infrastructure to meet these needs. Responsibilities include the overall management of all information services, data processing, client support and security functions.

    * Lead newly formed information security division within this business unit, assisted in development and implementation of the information security management system, with particular emphasis on developing, implementing and effectively managing the information security risk management function.
    * Performed requirements analysis and architecture design.
    * Vulnerability assessment and security evaluations within the network and server infrastructure as well as working to build up new security products and improving flaws in current systems.
    * Implemented Access Control Matrix based on principle need-to-know.
    * Delivered IT strategic plans, systems development and network infrastructure solutions.
    * Reviewed general support system and major application controls to determine gaps and identify technical, operational, and procedural refinements.
    * Regular security checks, risk and vulnerability assessment.
    * Implemented SSH, VPN solution to ensure data confidentiality and integrity. Implemented Cisco Firewall and router package filtering technology.
    * Direct supervision, technical coaching and monitoring of two System Administrators and Data Manager. Built and maintained professional relationships with clients and vendors.

    September 1999 to August, 2001
    System Engineer / North-West Timber Company
    Design implementation and maintenance of IT infrastructure (over 5000 employees)
    Provided leadership for various security-related projects and training to end users

    1996 - 1999
    System Engineer / LENIMS
    Responsible for design, implementation, and management of complex network infrastructure and servers in the production, development and hosted application environments.

    1985 - 1993 Air Force / Pilot - Engineer

    COURSES AND TRAINING ATTENDANCE
    * Skybox Security:" Protect the Critical Infrastructure using Firewall Compliance & Network Analysis" Dec 08, '2009
    * Enterasys:"Network Access Control Architecture and Design" Nov 23-25, 2009
    * (ISC)2: "Proving Ground - The Many Flavors of Authentication" Novr 19, '09
    * ISACA: "Harmonizing Security and Compliance ", June 23, '09
    * VISA:"PCI-DSS Training Seminar" June 15-17, '09
    * PGP:" Closing the BarnDoor - Keeping Your Data From Hopping Fences" 2009
    * Qualys: "Web Application Security: Intelligent Choices", May 22, '09
    * Symantec:"Working Intelligently and Protecting Your Windows Infrastructure"
    * Tripwire: "IT Audit: Challenges and Opportunities", April 28, '09
    * Symantec:"Working Intelligently and Protecting Your Windows Infrastructurel
    * Open Group:IT Risk Management, Open Group Risk Taxonomy Standard"
    * ORACLE-ISACA:Optimizing Your Enterprise Governance Risk and Compliance
    * CA- IBM-(ISC)2: "Automation and Compliance - A Partnership for Success"
    * HP-(ISC)2: " Application Security. PCI DSS requirements" - Dec 09, '08
    * IBM: "Building a successful security strategy" Sept 17, '08
    * VeriSign: Bad Guys and what you can do to protect yourself from them
    * (ISC)2: "Logging and Reporting: A Foundation for Your Security Infrastructure"
    * IDC: "Configuration and Change Management for IT Compliance"
    * Tripwire: "Practical Steps to Improving Your Compliance Process", June 03, '08
    * CISCO: "Cisco Takes the Mobility Network to the Next Level", May 28 '08
    * Websense: "Protect Against Data Loss from Web or Email", May 22 '08
    * PGP: "Data Breaches and their Impact". May 20 '08 May
    * CISCO: "Five Crucial Steps to Deploying a Secure Guest Network" May 13 '08
    * Websense: "The Webification of the Desktop" Apr 29, '08
    * (ISC)2: "Vulnerability Management / Patches" Apr 22 '08
    * McAfee: "McAfee 2008 Security Road Show" Apr 16 '08
    * Prism Microsystems: Using Behavior-based Correlation to Detect Threats
    * InfoSecurity: "IP business communications security under the microscope"
    * CISCO: - "Designing Wireless Networks and Mobility Services in Branch Locations"
    * ISSA: - "PCI DSS -Your Stepping Stone to a Trusted Security Model " Mar 28, 08
    * (ISC)2 - "Web Access Management" 18 Mar '08
    * CISCO - "Network Admission Control Design." Mar 6 '08
    * University of Bern: Open Source Security Testing Methodology Manual (OSSTMM)
    * (ISC)2: "Securing from the Start: Examining Application Security" Feb 19 '08
    * IDC: 'How to Stay Out of the Headlines with PCI Compliance' Jan 31 '08
    * (ISC)2: - "You're E-mail Inbox Gateway to Danger?" Jan 22 '08
    * CISCO: - "Essentials of Successful VoIP Migration". Dec 6 '07.
    * ISA and McAfee:"Security Risk Management Series - Data Loss Prevention (DLP)"
    * CISCO:"Security Threat Landscape Session with Patrick Gray". Oct 18 '07
    * Websense: The new standard in Internet security" - July 2 '07
    * Microsoft: Energize IT June 16 '07
    * Double-"Take: Protecting Microsoft Exchange and Centralized Backup "- 2006
    * Network General: " Canadian User Forum" - Oct 18 '06
    " "Live Web Application Hacking" Workshop -Sept 21 '06
    " "Active Directory Design and Implementation" - April 10 '05
    " "Effective Patch Management", Feb 17 '04
    " "Microsoft Security Week", December 1-5, '03
    " "Network Analysis, Monitoring and Troubleshooting", January 17 '02

    I view the corporation itself as the information system. It is within this overall system that information subsystems reside, one of which of course is the computer network. This network, coupled with the myriad of information subsystems. Effective protection of this system begins at the front gate and never ends. With this concept of the information system, I am able to provide clients with a greater understanding of information security, and thus help distinguish their actual security needs from their perceived technology and security needs.

  

Download resume

.DOC  .PDF























    

 Continuing
     Professional
     Education






















 

www.sergri.net