email: mani (at) consultantgurus.com
Experienced IT Security
professional - 360° view of enterprise
operations, with experience in network, system and application security
management for high-tech startup
companies and large-scale, complex organizations , especially global financial
organizations (25,000+ employees).
Experienced project manager - For Security setup of data centers,
Internet-facing application farms, assembled cross-functional teams, and
managed project lifecycle (definition, design, engineering, development,
testing, provisioning, documentation, support).
Customer/vendor relations manager - Excellent communications,
team-building, and conflict management skills. Diplomatically resolved issues
involving vendors (international telecom leaders), internal customers, and
client companies.
Professional
Summary:
·
Security professional with experience in risk
management, regulatory compliance, and identity, authentication and
authorization management
·
Project Manager / Architect with extensive experience managing large-scale,
enterprise-wide infrastructure projects
·
Experienced Web and System Security Analyst
·
Certified Solaris Administrator - certified by Sun
Microsystems
·
Microsoft Certified Professional (Windows NT 4.0)
·
Total experience of fourteen years
encompassing:
·
Risk Management, Business Continuity, Compliance
and project architecture – Designing security structures and architectures
following standard compliance and risk management practices; adapting existing
infrastructures to new security technologies – especially with M&A activity
·
Web and E-commerce Security: Secure
Single-sign-on, Web Security (Netegrity SiteMinder, Tivoli Identity Manager and
Tivoli Access Manager, Entrust GetAccess), Entrust PKI Administration,
Certificate Management, ACE Server/Client management
·
Firewalls/Security:
Checkpoint Firewall1 (on Sun Solaris), NAI Gauntlet (on Sun Solaris), IPF, Packet filters, IDS, securing Solaris
systems, OS hardening (Solaris, Linux, Windows NT/2000/XP) Web Server Hardening
(Apache, Netscape/iPlanet, IIS), LDAP and proxy servers
·
Administration: installing, maintaining, upgrading and trouble shooting Sun Sparc
Systems - System Administration, Networks Administration, Web Administration
and Database Administration, Jumpstart Server Administration, System Engineering
·
Firewalls/Security:
Checkpoint Firewall1 (on Sun Solaris), NAI Gauntlet (on Sun Solaris), IPF, Packet filters, IDS, securing Solaris
systems, OS hardening, LDAP and proxy servers
·
Networks: LANs/WANs, Routers, Switches, VSATs, and Firewalls
·
Shell Scripts, Perl, C and Java
programming
·
Extensive experience of UNIX kernel configuration,
performance tuning, installation of software, compilers, system administration
and network administration tools, performance analysis and crash recovery of
data at OS and RDBMS level.
·
Simulating, solving and analyzing escalated
hardware problems, operating system and RDBMS related calls at the head office
for effective customer support.
Professional
Experience:
Technical
Director – Consultantgurus Inc.
·
Directing the Information Security
practice of Consultantgurus, targeting the security practices of SMBs
·
Responsible for the technology and
education selection and direction for the consulting practice.
·
Budget management to achieve the stated
goal of reducing customer costs by 15% while improving productivity by at least
20%
·
Managing the public relations aspect of
Consultantgurus as the company strikes out in new directions in the security
and compliance spaces
Web and
Perimeter Security Project Manager – Consultantgurus Inc.
v
Barclays
Capital (February 2006 – Current)
·
Risk management and compliance –
working with new division acquired through M&A – designing and integrating DMZ and security infrastructures
into current standard infrastructures
·
BCM (Business Continuity Management)
coordinator for all perimeter security infrastructures and processes for the
·
Security (Web and Perimeter Defense)
role – involves working with various Security Devices/methodologies for web and
perimeter security support. Includes:
·
Firewalls: Sunscreen, Checkpoint and
Fortigate
·
Web Servers: IIS, Apache, Netscape
·
Proxy Servers: iPlanet/SunOne
·
LDAP servers
·
Cisco VPN Server and Client (both IPSec
and SSL)
·
Cisco Router security
·
Host hardening (Solaris, Linux and
Windows)
·
Virus and blocked content screening
·
IDS (intrusion detection system)
installation and management
·
IPS (intrusion prevention system)
installation and management
System
and Security Consultant – Sunrise Systems Inc.
v
JP Morgan
Chase (July 2001 – January 2006)
·
Infrastructure Architect / Solutions
Developer role – involves working with various Application Developer Teams,
project and program managers and Risk Management to design infrastructure
solution designs for new/upgrade project requirements while ensuring Firm’s
systems and risk management guidelines are strictly adhered to.
·
Application Security Role: Entrust
GetAccess single-sign-on product maintenance and engineering for application
security
·
Web Server (iPlanet/Covalent
Apache/IIS) hardening, maintenance and security scanning
·
Content scanning (virus/bad
scripts/insecure scripts/malicious content)
·
Customizing web servers and getAccess
per client requirements
·
Installation of Entrust Digital
Certificates and Entrust PKI setup
·
ACE server/Client setup and management
Key achievements:
Ø
Responsible for large-scale merger
inter-Bank and intra-Bank infrastructures, including applications and
implemented the same for web applications, security applications, firewalls and
network equipment.
Ø
Currently architecting migration of
GetAccess infrastructure and business rules to SiteMinder infrastructure
(GetAccess 4.0 to Siteminder 5.5)
Ø
Scripted host discovery and resultant
security/functionality remediation of hosts for multiple OS’es (MS Windows/RH
Linux/Solaris)
Ø
Engineered a plugin to add two-factor
authentication using Entrust client certificates to Entrust GetAccess for
selected users automatically.
Ø
Created scripts and processes
(shell/perl/java/SQL) to parse GetAccess and PKI logs and generate security
report in MS Excel spreadsheets and graphs.
Ø
Automated import of Gauntlet and ipf
firewall rules into flat files and export to FW1 rules.
Ø
Created scripts to fully automate
GetAccess runtime migration from version 3.2 to 4.0, and Implemented upgrade
project for 400 runtimes over two consecutive weekends.
Ø
Exceeded expectation in bringing
project completion in record time and under budget to harden iPlanet
web-servers
Ø
Created continuous monitoring scheme to
monitor web-servers for vulnerabilities and report real time on a web-page.
Ø
Created and implemented training
program for Service Delivery personnel to train them on updates to GetAccess,
Entrust PKI and Solaris security
Ø
Scripted latency tests for web and
network infrastructures using Mercury LoadRunner and Radview WebLoad. Also
created application tests using SPI Dynamics WebInspect.
Ø
Scripted automated tests for security
vulnerabilities using Nessus, MBSA, HFNetChk , GFI Languard, Tripwire, AIDE and
Big Sister (for system monitoring)
Security Consultant:
·
Established internet security
guidelines and trained staff on best practices
·
Managed security compliance project,
including NAT and DMZ design and implementation
·
Checkpoint Firewall-1 installation and
rule creation
·
Solaris System installation, OS
hardening, OS and network tuning, Sendmail and DNS (Bind 8.x and Bind 9.x)
concepts, Proxy and LDAP servers
·
Content scanning (virus/malicious
content) , PKI and Digital Certificates
·
Cryptography – concepts and
applications
Security Consultant :
·
Managed integration of
Sanford-Bernstein internet and security infrastructure into Alliance Capital’s
infrastructure
·
DM Z design and implementation
·
NAT design, migration and
implementation/ Installation of Digital Certificates and PKI setup
·
Firewall-1 installation and maintenance
·
Solaris System installation, system
hardening, OS and network tuning / Sendmail and DNS (Bind 8.2.3 and Bind 9.1.0)
installation, configuration and securing
·
Firewall migration from Gauntlet on
Solaris and BSDI to Checkpoint FW1 on Solaris
·
Content scanning (virus/malicious
content)
·
Installation of CacheFlow proxy servers
Security Consultant/Project Manager:
·
Managed Solaris System installation,
system hardening, OS and network tuning, jumpstart administration / Sendmail
(8.9.x) and DNS (Bind 8.0.2) installation, configuration and securing
·
IDS implementation (Snort, Tripwire)
and OS Hardening – Windows NT, Sun Solaris
·
Proxy and LDAP servers – performance
and security improvements
·
System re-engineering and kernel
/application tuning
·
Cryptography – ssh, sftp and
Installation of Digital Certificates and PKI setup
·
Content scanning (virus/malicious
content) and Firewall-1 maintenance
Manager of Internet Infrastructure Group:
·
Managing a team of
System/Database/Network Security engineers – including annual budgeting, cost
control, regular individual and team appraisals, team-building activities,
project management, time and cost analysis for various projects, personnel
requirement definitions, time and equipment planning
·
Capacity planning and system configuration/performance
tuning for VLDB and large web server farms
·
Netscape/ Apache/ IIS Web server
installation/maintenance/performance tuning
·
Vignette Story Server (ver3.5, 4.1,4.2)
installation, maintenance, troubleshooting, tuning, upgrades
·
Raptor firewall installation,
maintenance and administration on Sun Solaris
·
Checkpoint Firewall1 installation and
testing on Sun Solaris
·
ColdFusion (ver4.0, 4.1,
4.5)/NetDynamics/AolServer installation and maintenance
Datacraft RPG (January 1995 – February 1997)
Technical Support Manager/Network Architect :
·
Designed and implemented WAN as per
customer network case study and cost analysis.
·
Setup remote offices for support of
remote clients (Calcutta/Dhaka) – involved locating office space, hiring of
staff, equipping office, creating and working with operating budgets, setup of
staff appraisal systems, setup of office and client support and sales networks
·
Installed and commissioned VSAT/X.25
networks based on Heterogeneous network operating systems and networking
protocols, System integration as per customers’ network requirement.
·
Netscape/ Apache/ IIS Web server
installation/maintenance/performance tuning
·
Performance tuning and monitoring
customer network availability.
·
Conducted corporate Training on VSAT,
WAN Protocols and Network Operating System.
·
Sun Solaris Server Administration,
Network administration, and Unix LAN/WAN Infrastructure maintenance/ Solaris
server tuning for file system performance/Solaris Kernel tuning
·
Oracle/Sybase/Unify database
administration
·
Designed and implemented WAN as per
customer network case study and cost analysis.
·
Support for remote locations, WinNT
Server / clients at remote sites and WAN links over TDM/TDMA, DAMA/PAMA VSATs,
Leased line international connectivity over frame relay protocol, Dial up
network at Non VSAT locations.
·
Installation of UNIX Operating System
and configuration.
·
Installation of Apollo NEXUS CAD
stations.
·
Network Designing
·
PC Hardware installation and
maintenance
·
Developed custom solutions combining
LAN, WAN and telephony technologies to meet customer needs in mixed legacy
equipment environments. Installation, Maintenance of LAN and WAN connectivity,
Modem connectivity for remote operation.
Education:
·
2007: MS in Information Assurance –
·
2007: CISSP from (ISC)2 – Certificate #
100038
·
1998: Oracle Certification: Advanced
Database Administration and Tuning
·
1997: Microsoft-Certification – MCSE
·
1996: Sun-Certified Solaris
Administrator
·
1990: Bachelor of Engineering – JNTU
Institute of Technology (Electrical and Electronics Engineering)