Vasan K, CISSP, CEH, CISA, CISM

(919)-659-5251                                                                                            vasank@outlook.com

 

Results driven, dynamic, and business-savvy certified security professional with deep “hands-on” IT expertise in system design and integration, IT security architectures, risk mitigation, and system/network administration. A respected senior security engineer, and yet a humble and highly motivated team-player who’s an intelligent self-starter with the ability to produce bottom line results irrespective of impediments or challenges. Highly trustworthy, confident and gracefully poised in interactions with individuals and/or groups at any level.  A swift learner and a dedicated perfectionist. Meticulously completes projects, and is able to multi-task effectively. An invaluable asset to any company or organization, and the definition of “Excellence without excuse”.

 

ü       15 years of extensive experience in designing, engineering and managing systems, technical operations, and project management.

ü       Consistently increasing scope and responsibility in Financial Services, Government, and I/T Services/Consulting, with additional sector-specific experience in the scientific research and energy firms.

ü       Recipient of Lehman Brother's "exceed expectations" employee rating for outstanding performance.

 

KEY STRENGTHS:

 

 

CERTIFICATIONS:

 

§ Certified Information Systems Security Professional (CISSP)

§ Certified Ethical Hacker (CEH)

§ Check Point Certified Security Engineer (CCSE)

§ Check Point Certified Security Administrator (CCSA)

§ National Security Agency (NSA) certification

§ Committee on National Security Systems (CNSS) certification

§ Cisco Certified Network Associate (CCNA)

§ Certified Information Security Manager (CISM)

§ Certified Information Systems Auditor (CISA)

§ QualysGuard Certified Specialist - Vulnerability Management & Policy Compliance

§ ISO 17799 Certified Lead Auditor

§ Sun Solaris Certified System Administrator (SCSA)

§ Sun Solaris Certified Network Administrator (SCNA)

 

TECHNICAL SKILLS & STRONG KNOWLEDGE:

 

§ Operating Systems: Red Hat Linux,Solaris, Cisco IOS, Windows Vista, XP, 2000, Me, NT, 98, 95, WFW 3.11, and MS DOS,

§ Protocols/Services: TCP/IP, UDP, NetBIOS, ARP, FTP, HTTP, HTTPS, NNTP, ICMP, DHCP, Telnet, SNMP, SMTP, X.25, SNMP, RPC, NFS, IMAP, POP, CVP, UFP, IPSec, SSH, SSL, Kerberos, 802.1X, 802.11

§ Programming: UNIX Shell script, SQL

§ Software: MS-Office, Visio Professional, Microsoft Active Directory, VMware, Sharepoint              , Microsoft SQL, Oracle, Wireshark

§ Security Technologies/Tools: eTrust Access Control, Check Point FireWall & VPN, Dragon IDS, Symantec SEP, AlgoSec, Websense Web Filter, BlueCoat, Vontu DLP, Sourcefire and TippingPoint IPS, RSA SecureID, QualysGuard, GFI LANguard, SAINT, SATAN, AppScan, Nessus, SuperScan, eEye Retina, Fortify, Archer, Arcsight, Cisco PIX, Cisco ASA, Tripwire, Snort, ISS Internet Scanner, EnCase, Linux Firewalls (iptables, ipchains), Fortify, Metasploit Framework, Kismet, Tcpdump, Paros Proxy

§ Standards and Regulations: ISO 27002, Sarbanes-Oxley(SOX), PCI, FISMA, NIST 800 Series, OWASP

§ Hardware: IBM compatible PC’s and Laptops, IBM Netfinity Servers, Cisco Routers and Switches, Linksys Routers, SUN Workstations, Enterasys Dragon Sensors and Servers

 

EXPERIENCE:

 

A Prominent Fortune 50 Firm, (2/2009-Present)

Senior Security Engineer

 

Hands-on role in applying security engineering principles related to building, maintaining, and monitoring secure infrastructure using various technologies including firewalls, networking products, VPN, intrusion detection & prevention, access control products, anti-virus, and security operating system or application tools and protocols. Communicate with the Business sponsors, IT systems administrators, and application developers to identify security risks, ensure policies are consistently applied and provide general support on information security related issues.

 

§ Recommended and assisted network services team to upgrade existing CISCO ASA 5510 from version 7.2 to 8.0 to leverage its Web based SSL VPN clientless feature to provide secure access for the vendors on the isolated network, which resulted in substantial savings to the firm by avoiding a potential buy-in.

§ Identified the existence of data leakage through personal storage sites which resulted in thorough research and evaluation of content filtering solutions and recommended Websense Web filter to the senior management as a leading choice. Documented Websense network design options: Pass-by and Pass-through technologies and presented to the IT infrastructure team.

§ Prepared Security Requirements documents and participated in Security Architecture reviews. Worked with Network services and deployment team to ensure compliance with stated security requirements.

§ Documented technical security standards, guidelines, and procedures required to reinforce information security policies. Conducted necessary research to ensure these standards, guidelines and procedures adhere to current best practice guidelines and information security industry standards such as ISO17799.

§ Conducted numerous 3rd party security reviews to determine the security posture of companies that host/store on behalf of Time Warner. The following aspects are reviewed : Security Policy, Organizational Security, Asset Management, Human Resource Security, Physical and Environmental, Communications and Ops Mgmt, Access Control, Info Sys AD&M, Info Security Incident Mgmt, Business Continuity and Compliance.

§ Performed over 100 vulnerability assessments/penetration testing on the systems, networks and applications using tools such as QualysGuard, nmap, IBM AppScan, Nessus. Efforts led to the development of an infrastructure that enhanced information security posture, and advanced the division’s mission towards VISA/MasterCard PCI and SOX compliance.

§ Advised on current and emerging application security threats such as SQL injection and Cross Site Scripting (XSS) to the developers; provided recommendations to mitigate security vulnerabilities on their IT infrastructure; Efforts led to the development  of secure code review practice using Static application security testing (SAST) offerings from Fortify software.

§ Succeeded in preventing a possible infection by Conficker worm which some researchers estimate that millions of computers have been infected with, since January 2009. Accomplished this by drafting a risk mitigation plan including confirming that Symantec End Point protection 11.0 has the latest release definitions for protection and drafted a plan to scan the systems using a newly created QualysGuard scan policy for detecting the presence of worm.   

§ Presented quarterly metrics to the senior management related to Check Point firewall and Dragon IDS security threat events gathered through Symantec portal, and also provided metrics for vulnerabilities based upon severities gathered through Qualys scan results.

§ Documented incident response procedure for the operations team to support after hours and day-to-day activities. 

 

LEHMAN BROTHERS INC, (4/2004-1/2009)

AVP - Senior Security Engineer

Security Engineering, Americas

 

Serve as a subject matter and hands-on expert on information security related services across all business units within Global Investment Banking, North America and Asia. Work closely with developers, IT staff, compliance and audit in ensuring that the infrastructure: system, network and applications are secure, and meet the needs of the business, security policies, standards, and regulations. Key Achievements:

 

§ Part of security engineering team to design, implement and manage access control on 4,000+ Unix and Linux servers across Americas, Europe and Asia;

§ Established an excellent rapport with the developers and the application owners to investigate, analyze and rectify permission issues. Efforts led to the development of an infrastructure that enhanced information security posture, and advanced the division’s mission towards Sarbanes-Oxley (SOX) regulatory compliance;

§ Worked on weekends for critical security changes such as enforcing restriction on services such as SSH, FTP and RSH on the production environment and locked down login access on mission-critical and production environment such as NFS, DNS, and FTP servers based upon initial data log reviews, and analysis;

§ Provided high level of expertise for all aspects of systems security, including standards and hardening of Checkpoint firewalls and reviewed firewall port and change requests from the business owners.

§ Performed security system configuration and policy database changes, provided training to IT security operations team, know-how, and documented a technical run-book thereby eliminating the need for recruiting additional consultants which resulted in annual savings of more than $250,000 to the firm.

§ Deployed and configured Unix Sudo configuration across the global enterprise comprising of 18,000 Unix servers in 3 geographic regions, which improved system turn-around time by more than 50% for developers, database & system administrators;

§ Wrote Shell Scripts for routine works such as policy creation & updates, user account management, log analysis and technical troubleshooting; thereby accomplishing the work previously required of two full-time employees.

§ Reduced maintenance costs on security technology 50% annually by successfully limiting the scope of access control implementation to business critical servers, centralizing all applications and reducing client problems.

§ Integrated UNIX log daemon with ArcSight to monitor critical binaries and executables belonging to 100+ applications spread across 3 geographic regions, which facilitated log management.

 

COGNIZANT TECHNOLOGY SOLUTIONS (1/2003-2/2004)

Senior Security Consultant

 

Performed vulnerability and application-level security testing on applications, infrastructure which included scoping and coordinating assessments, in addition to performing both high-level assessment analyses, translating technical vulnerabilities into business risks, and low-level assessment activities such as, worked with vulnerability assessment tools and conducted ethical hacking.                                 

 

§ Conducted vulnerability testing and application security reviews with minimal impact to business operations for Union Bank of California (UBOC) as an On-site security consultant for their networks and systems using technical examination techniques, including network foot printing, OS fingerprinting, password sniffing, log review, and vulnerability scanning. Tools used include Nessus, AppScan, eEye Retina, nmap and other open source tools. Analyzed test results and provided mitigation recommendations for known security threats to enhance security posture;

§ Personally selected by the director from among 20+ strong security staff to participate in the division’s first infrastructure security assessment onsite assignment;

§ Developed and documented vulnerability testing guidance and procedures as per the ISECOM and NIST methodologies for the client engagements;

 

 

 

 

COMPUTER ASSOCIATES (TCG), (2/2002-12/2002)

Government Agency (On-site) Senior Security Consultant

 

Designed and implemented network security solutions as per the customer’s requirements and made appropriate recommendations to them as needed. Helped customers to effectively govern, manage and secure their infrastructure in the most efficient manner. Developed and delivered high quality presentations, product demonstrations, and proof of concept exercises.

 

§ Challenge: To protect Government Agencies’ IT environment including more than 300 PCs and 15 servers from potential threats originating from the public internet. Prohibiting access to inappropriate materials and preventing employees’ unintentional opening of security holes in the network, bringing viruses and malicious codes into the IT environment;

 

§ Action: Designed, installed and configured eTrust Firewall to meet the Agencies’ requirements in the shortest possible timeframe. Precisely defined which applications should be allowed to pass the firewall and established policies for traffic across the network. Implemented eTrust Intrusion Detection System(IDS) and configured the system to send an email alert to the appropriate people when someone had accessed an inappropriate website and blocked access to inappropriate sites, and monitor and record users’ attempts to access the sites;

 

§ Result: “We are very pleased with the results that CA and Vasan were able to achieve using eTrust Firewall and IDS, and we look forward to working closely with them to address our other information security challenges.” Senior Manager IT, Government Agency.

 

SIFY ASSURE, (11/2000-1/2002)

Information Assurance Engineer

 

§ Performed OS hardening, vulnerability assessment and penetration testing; analyzed the security posture of customer’s IT infrastructure and assisted in remediation of vulnerabilities found within the infrastructure to meet security compliance;

§ Research & analyzed into new information security technologies, such as vulnerability scanning and benchmark configuration tools, with a focus on the introduction of relevant technology to meet client’s requirements.

 

CMS COMPUTERS LIMITED, (5/1998-10/2000)

IGCAR Government Agency (Onsite) UNIX Support Engineer

 

HCL LIMITED, (4/1994-4/1998)

Junior Network Engineer

 

EDUCATION:

 

BIRLA INSTITUTE OF TECHNOLOGY AND SCIENCE, PILANI, INDIA

§ B.S., Information Systems

 

STATE BOARD OF TECHNICAL INSTITUTE, INDIA

§ Diploma In Electronics and Telecommunications Engineering

           (Graduated with Honors)

 

PROFESSIONAL AFFILIATIONS:

 

§ (ISACA) - Information Systems Audit And Control Association

§ (ISC) ²   - The International Information Systems Security Certification Consortium

§ Member, New Jersey Chapter of ISACA

 

TOPICS OF INTEREST:

 

Microsoft Windows, UNIX, Redhat Linux, Solaris, AIX, IIS, SQL Server, SharePoint, Exchange, Oracle, SAP, PeopleSoft, Active Directory, RACF, Mac OX, GOTS, COTS, OS400, Apache, OpenStack Compute, Storage, Swift, Cinder, Amazon AWS/EC2, Azure, REST APIs, Hypervisors, KVM, VMware, vCloud, Xen, HyperV, vSphere, CloudFoundry, Cloudify, OpenShift, Hadoop, Puppet, Chef, Salesforce, SAS,Cloud Security Alliance(CSA), NIST, HIPAA, FISMA, SAS-70, FEDRAMP, PCI-DSS, EU Data Protection Directive, Safe harbor, APEC, FFIEC, SSAE16, ISO27001, SOX, NERC CIP, SCADA, NEI 08-09, CDA, FIPS, FDA, DHS,USGCB, SABSA, Balanced Score Card, COBIT, DIACAP, HITECH, GLBA, DISA, OSTMM, ISO 31000, SAML, XACML, Kerberos, RBAC, OpenID, OAuth, ACLs, LDAP/SSO integration, identity federation, Central Authentication Service (CAS), JAAS, Java crypto API, Public/Hybrid/Private Cloud, SaaS, PaaS, IaaS, C/C++, Java, .NET, Python, Perl, Shell,HP WebInspect, Fortify , IBM AppScan, WireShark, SecurID, RSA Archer, Imperva, CA Control Minder, Nessus, Rapid7, Nexpose, Encase, EnCe, Core Impact, Metasploit, Symantec, Vontu, Websense, FireEye, Aircrack, Nikto, Qualys, BurpSuite, Checkmarx, Nmap, Paros, ZAP,ACLs, Stateful firewalls, VPNs (tunneling, IPsec, PPTP, IPv4, IPv6, Router, Switch, Blue Coat Proxy, Juniper Netscreen, CheckPoint, Algosec, Redseal, Skybox, Checkpoint NG, Cisco PIX, Cisco ASA,WAN, MAN, LAN,CISSP, CISM, CISA, SANS, Security+, CCSK, CEH, SANS, GSEC, GCIH, CCNA, CCNP, VCP, MCSE, CCIE, CIPP, ISC2, ISACA, GAIC, CRISC, CGEIT, CCSA, CCSE, GWAPT, GPEN, PMP, ITIL, CISSP-ISSAP, CISSP-ISSEP, MCSE, RHSE, CSSLP, CRISC, CBCP,FTP, SMTP, DNS, DHCP, NIS, LDAP, TCP/IP, SSL/TLS, ADFS, RADIUS, SSO, SSH,GRC, SIEM, IPS/IDS, PKI, SSL, Digital Certificates, DLP, SDLC, eGRC, CSAT, C&A, SOPs, CIRT, DDoS, WAF, VPN, IAM, DMZ,NetApp, ArcSight, Splunk, Top Secret, TS/SCI, DoD, Poly