Summary

Client Management:

Managing IT Audit engagement with a key telecom industry client. The client is an MNC telecom operator with footprint spread across 20+ countries in Middle-east and Africa. Specific engagement activity:

·          Develop and manage annual IT Audit plan (2006, 2007) across 6 countries including Kuwait, Bahrain, Iraq, Jordan, Lebanon and Sudan.

·          Plan and deliver audit programs to review security and internal controls based on COBIT, ITIL, ISO27001 and other security and technology guidance.

·          Supervise and review other IT auditors

·          Support business auditors in specific technology controls

·          Contribute to knowledge management and audit automation efforts

·          Support the clients ISO27001 certification process by internal reviews, guidance on security policy management and security management processes

Practice management:

·          Knowledge development and management for ISO27001 and Information Security Management practice.

·          Development of in-house capabilities for ITIL service delivery and support by resource training, knowledgebase development and management.

·          Exploring synergies with and relationship development with quality vendors for ITIL practice and training.

·          Domain expertise on topics such as PCI-DSS, eTOM, telecom management networks and security.

Business development:

·          Lead generation from professional references leading to significant business in 2007.

·          Relationship management with existing and potential clients.

·          Presentations for knowledge sharing and business proposals to clients.

·          Content development for presentations to public forum on standards such as ISO 27001, BS25999 (Business Continuity Management).

Summary

Information Security services: Project management and delivery

·          Telecom Industry: Largest telecommunications operator in Saudi Arabia

·          Life Insurance: Private Life Insurance company in Mumbai, India

·          Internet : ISP Data Centre, India (Technical Risk assessment)

Client focussed project services:

·          Managing client requirements and projects

·          Management reporting and presentations

·          Design and development of Information Security policy framework

·          Review of information security policies and standards

·          Gap analysis vis-à-vis BS7799 control baseline

·          Review and enhancements to security organization components

·          Pre-acceptance reviews of technical standards for telecommunication assets

·          Design and development of standards for emerging technologies and systems such as Windows XP, Wireless networking etc.

·          Design and delivery of Information Security training

·          Technical risk assessments

·          Internal controls evaluation and reporting

Summary

Managed a team of 10 Information Security Engineers across major metros in India implementing and supporting solutions and services based on PKI [Public Key Infrastructure]. Consistently achieved target revenue recognitions and maintained high motivation levels in team. Typical clients from:

·          Government

·          Banks and NBFC

·          Telecommunications operators

·          Small businesses and enterprises

Managed a 2 member team for technical risk assessment of email system:

·          Client a leading automobile manufacturing company in India

·          Review and analysis of IT infrastructure supporting the Email system

·          Personally trained Engineers in the use of Nessus Vulnerability Assessment (VA) tool and managed the evaluation and presentation of the VA

·          Guided post implementation support to technical teams of the client

Managed development and implementation of PKI based secure bulk email solution (B2C) for a leading MNC bank in India:

·          Managed client requirements and SRS

·          Third party solution development

·          Managed implementation of the system at client data centre and integration with the business processes of the client

·          Managed enhancements and support to the client.

Summary

Entrepreneur and consultant for Information security. Developed business and delivered end-to-end services for clients.

For a software development house:

·          Reviewed the existing skill sets and requirements of the client.

·          Created a training program for the developers on PKI technologies involved and usage using MS Crypto API.

·          Consulted on product development to integrate PKI requirements into the design of the product.

·          Designed the modules required to use PKI and digital signatures

·          Provided implementation support to developers.

For an engineering company in India developed Helpdesk and Incident Management processes based on ITIL:

·          Review of existing infrastructure and processes

·          Design of incident capture and recording procedures using the ITIL Help Desk and Incident management processes as the guiding framework

·          Presentation on ITIL and Incident Management to Management team to seek buy-in.

·          Definition of the operational procedures and creation of Excel based templates to support the same.

·          Initial training and support to operational staff in using the templates.

Summary

Key projects for development of network security software including an IDS solution (Symantec NetProwler). As a software engineer and team member was responsible for:

·          Research activity to understand and create knowledge base on network security, types of intrusions, intrusion detection.

·          Internal papers and presentations on Denial of Service and Distributed Denial of Service attacks on networks.

·          Analysing the requirements for the product and providing technical solutions.

·          Design and implementations of various software modules.

·          Secure messaging channels (SSL), data and message structuring (XML), Database designs (RDBMS and ER Diagrams) and API development for various modules.

·          Using and mentoring the use of Unified processes for SDLC including documentations using UML and UML supporting tools.

Summary

Team member of Real Time Systems and Networks [now Computer Networks and Internet Engineering] Group.

Was responsible for operation, maintenance and security of the point of presence of the ERNET (Education and Research network) in India.

·          Network administration

·          Management of Email, DNS infrastructure

Development and delivery of Post Graduate course in Internet Engineering [PGDIT]

·          Development of content over five core modules

·          Training and mentoring of post graduate students

·          Course deliver, testing and evaluations.