Shahriar Chowdhury
Jersey City/Secaucus Area, NJ 07094
********.*********@*****.*** 347- 321-4385
Summary
Shahriar is an experienced Security Specialist and Project Manager
certified as Information Systems Security Professional (CISSP), Information
Security Auditor, Manager (CISA, CISM) with 10 years of progressive
experience in the IT industry. He has more than 7 years of experience in
Security Architecture audits, design, and IT Risk Management in financial
industry. Shahriar has experience in improving IT risk and operations
management using industry standards (ISO 27002, NIST, ITIL Guidelines).
Shahriar performed technical audits of Fortune 500 companies, and prepared
SEC, SOX, FFIEC and SAS security audit reports for audit and compliance,
and provided guidance to multiple industries on regulations Security and
Privacy.
Certifications
Certified Information Systems Security Professional (CISSP # 79182)
Certified Information Security Auditor (CISA # 978308), Manager (CISM)
Certified in Risk and Information Systems Control (CRISC), Governance of
Enterprise IT (CGEIT)
Experience
Lead Consultant/Vice President, IT Security & Risk Management Practice
IALogix Corporation, New York, NY May
2004 - Present
Clients: Moody's Corporation, City of New York, Federal Reserve Bank of
New York
. Provide strategic guidance to CISO/CIOs of Financial Institutions and
Government agencies to achieve regulatory compliance to SEC/SOX/ NYS
privacy laws, and assess need and level of compliance PCI, HIPAA, HITECH.
Recommend solutions and best practices for Information Security
Governance and practical approaches to IT Service Management and risk
management frameworks, such as ITIL, ISO.
. Act as primary point of contact for application development projects, and
software and system change reviews on various stages of SDLC. Standardize
application and systems controls using COBIT/COSO frameworks, write
documentation and manage Risk Assessment, perform security control gap
analysis using ISO 27000 standards, and write security policies in both
technical and non-technical areas.
. Extensive application security review experience, including web
application, web 2.0/mobile and cloud. Integrated security review into
standard SDLC process, including architecture and code reviews.
. Implemented a comprehensive security incident management procedure and
managed daily operations of the IDS/SIEM, firewall, proxy teams,
including escalation management.
. Manage co-ordination of security event handling to comply with various
privacy laws and internal compliance objectives. Perform Application
Security, Systems vulnerability and penetration testing.
. Perform Infosec and Controls review for new project requests from various
teams. Manage projects and make purchasing decisions relevant to
Infosec and audit areas, including Enterprise Single-Sign-On, and Data
Loss Prevention (DLP). Tools: Oracle and Tivoli Identity/Access
Manager, Varonis Data Advantage, Quest ChangeAuditor, IBM Appscan, HP Web
Inspect/ Fortify, Websense/Mcafee/Symantec DLP(Vontu)
Client Projects for: Federal Reserve Bank of New York, City of New York
agencies. (Aug 2007-Aug 2009)
. City of New York: Performed technical audit of NYCServ, an $8B Online
Transaction Systems; Security Project lead of NYC-wide $750M Mobile
Wireless (3G) Network implementation for emergency service use.
. Federal Reserve Bank-NY: Provided comprehensive Incident Management
services to enhance intelligence sharing across districts and with other
federal agencies; performed categorization of assets based on risk
exposure, and documented vulnerability and incident management process
based on defined risk levels.
Past Client Projects for: Morgan Stanley, Citigroup, SIAC/NYSE
Morgan Stanley (January 2006 - August 2007) Role:
Security Engineer
. Managed technical escalations of Security Operations team, and maintain
managed service provider relationship, including operational, service-
level, and performance metrics to identify and mitigate any issues
affecting services or SLA. Played critical role in perimeter security
integration of Retail and Institutional environment as a result of Merger
& Acquisitions activities. As a member of Global IT Security Operations,
responsible for approving security access changes, perimeter access
control maintenance; Security events detection and Escalation; DNS and
email security.
. Standardized processes related to IDS Event Detection and escalations; co-
ordinated investigation and correlation of global security events
reported to security operation center using enterprise monitoring tools.
Provided technical support in various security products (hardware and
software) for other groups. Managed 100+ servers dedicated to network
security, monitoring, and access control.
Citigroup: Systems Security Consultant (Dec 2004- Dec 2005)
. Served as Security Expert for incident response to malicious/ phishing
websites and identity theft investigations related to online banking
portal. Implemented optimizations and improvements in Security
Investigation processes that reduced average response time by 60%.
Audited risks and security controls of financial products, and Online
Banking.
. Lead investigator for online credit card frauds and online banking
security. Investigated security events and produced reports for senior
management for corporate security. Arranged meetings, provided support
and training to software developers in IT security issues during SDLC
lifecycle. Improved existing change management processes for efficiency
and control.
SIAC/New York Stock Exchange (NYSE): Network Engineer (May 2004- Dec 2004)
. Monitored 1000+ node multi-platform network for high availability,
security and performance; provided technical support for the NYSE
network, and escalated issues to specific departments.
. Performed responsibilities as a site engineer in the NMS group to
facilitate site migration to a backup data center. Created network
diagrams, and updated procedure documentations.
Senior Customer Support Engineer, Manager
August 1999 - May 2004
Thinklink Networks, New York, NY
. Performed consulting for business web/application hosting solutions for
multiple clients, and supported network maintenance, hardware, software
installation, configuration, and troubleshooting, capacity planning,
security incident response and timely resolution of incident ticket.
Education
Pursued BS/MS in Computer Engineering at New York University-Polytechnic
Institute, Brooklyn, NY
Bachelor's Degree in Computer Science. Thomas Edison State College, NJ
Technologies
Operating Systems: Windows XP/Vista/7/ 2000/2003/2008 server family, Linux;
Solaris, HP-UX, Novell.
Software & Technologies: Firewall/Proxies, IPSec, VPN, SSH, PGP, PKI,
Encryption and Digital Signatures.
Perimeter: Cisco PIX, AAA, IDS, Radius, ACE, Juniper NetScreen, SSL VPN,
Checkpoint Firewalls, Websense.
Security Management: Oracle/Tivoli Access/Identity Manager, Varonis
DataPrivilege, Quest ChangeAuditor, Archer, Arcsight ESM, RSA envision,
SecurID, Symantec/RSA/Mcafee DLP, Qualys, Mazu, Encase, Nmap, Nessus,
Splunk, loglogic, TippingPoint IDS, Juniper IDP, OSSIM, Guardium, Imperva,
DBProtect.
Networking Technologies: TCP/IP, Ethernet, WAN Wireless, VLAN, VPN/IPSec,
Openview, Netcool.
Programming Skills: C, C++ (Intermediate); UNIX Scripting, Perl, Windows
Scripting.
Others: Microsoft Office Suite, Access, Project, Visio, HTML, SQL,
WebSphere, Remedy, PeopleSoft, .NET J2EE, XML, SAML, LDAP (Novell/ Sun).