Security Management
Resume:
Resume of SHAMIK BASU
Email: ***********@*****.***
PHONE 201-***-****
SUMMARY:
Security consultant with 11 years of experience in all aspects of the
computer networking and information security - Strong leadership,
communication, negotiation, and analytic skills - Decisive, solutions-
focused and results-oriented in securing information systems for Fortune
100 clients - Provides consulting in several areas of security including
penetration testing, vulnerability assessments, application security
controls, and identity management.
Shamik is a Certified Ethical Hacker (CEH), a Certified Information Systems
Security Professional (CISSP), Computer Hacking Forensics Investigator
(CHFI), Project Management Professional (PMP), GIAC Certified ISO-27000
Specialist, and an EC-Council Disaster Recovery Professional (EDRP).
PROJECT SUMMARY:
. Security consultancy on different platforms
. Project management and security experience at Goldman Sachs & Co,
State Farm, Pfizer Inc
. Risk Assessment, Business Continuity & Disaster recovery planning
. Auditing - PCI, SOX, HIPAA compliance
. Application security for business applications on J2EE, ZOS, Windows
. Firewalls, e-commerce, cryptography, across B2B, B2C, B2E realms
. Privacy and Data loss prevention - DLP
. Data management, classification, archiving
. Pen testing and vulnerability analysis
. Authentication, authorization and Identity management-RACF, LDAP,
Websphere EJB.
. Cloud computing, VMware, Social networking, Alternative client
TECHNICAL SKILLS:
. Expert-level penetration testing and security assessment skills
. Deep understanding of standard Internet protocols
. Deep understanding of network security principles
. Fluency in web application and network security tools
. Automated testing tools (WebInspect, AppScan)
. MITM proxies (WebScarab, Paros, BurpSuite)
. SPIKE, Metasploit Framework
. CORE Impact, Nessus, Foundscan
. Network Sniffers (wireshark, tcpdump)
. Use of tools commonly used in application analysis
. Familiarity with principles of cryptography and common algorithms
. Familiarity with web and scripting languages (ASP.NET, PHP, Python,
Java)
. Forensic analysis skills
Formal Education:
. MS in Information Security from Western Governors University, UTAH
. Bachelor of Engineering from Manipal Institute of Technology, India
Certifications:
. Certified Information Systems Security Professional -CISSP
. Certified Information Systems Auditor - CISA
. Certified Ethical Hacker - CE H
. Computer Hacking Forensics Investigator - CHFI
. Certified Wireless Security Professional - CWSP
. Project Management Professional - PMP
. GIAC Certified ISO-27000 Specialist
. IT Service Management Foundation Certificate -ITIL
. CompTIA Network +
. Cisco Certified Network Associate - CCNA
. Microsoft Certified Systems Engineer - MCSE /MCP
Functional skills :
Ability to work independently as well as with a team
Project management
Excellent analysis, problem solving and troubleshooting skills
Highly organized, structure and procedure oriented
Reliability and consistent track record of tenure with previous
organizations
Excellent written and communication skills, ability to work with all levels
up through CIO
PROFESSIONAL AFFLIATIONS:
. ISC2, ISACA, IANETSEC,OWASP, SANS
. PMI
. IT Service Management Forum
EXPERIENCE
State Farm Insurance -Application Security, Feb 2008 - till date
Perform onsite and remote security consulting including penetration
testing, application testing, web application security assessment, and
onsite internet security assessment, social engineering, wireless
assessment, and IDS/IPS hardware deployment.
Perform ethical cracks ("hacks") to assess the vulnerabilities of test,
Internet, and/or Intranet connected systems, networks,
and applications including Windows, Linux, AIX, Solaris, HP-UX
Generate and present reports on security vulnerabilities to both internal
and external customers.
Generate and present reports on security vulnerabilities to both internal
and external customers.
Design and develop end to end security solutions for business applications
using a broad understanding of information security technologies, concepts,
and risk management techniques leveraging project management methodology
and State Farm technical infrastructure.
. Use PKI infrastructure in Remote Access, VPN, IPSEC and SSL.
. J2EE, XML, Web Services, SOAP, Websphere, Object Grid, LDAP, RMI,MQ,
Message Broker, RACF, DB2
. Identify vulnerabilities in a variety of products, assessing and
demonstrating the risk both at a technical level and in the business
context and assisting in remediation plans.
. Manage assessment projects independently, in a complex technical and
organizational environment, and provide meaningful results to senior
leadership.
. Closely interacting with customers to thoroughly understand the business
requirements, perform security risk analysis, recommend and implement
changes.
. Design and develop end to end security solutions for business
applications
. Communicate vulnerability impact and risk to non-technical audiences
. Drive the assessment process from scoping through remediation
Infosys Technologies Ltd, Systems and Security Project Lead- Feb 2003- Jan
2008
Infosys Technologies Ltd. (NASDAQ: INFY) provides consulting and IT
services to clients globally - as partners to conceptualize and realize
technology driven business transformation initiatives.
Responsibilities:
. Security Consultancy
. IT Audits, Risk Management
. Project Management
. Application hardening, encryption technologies
. Identity management
Projects
Client Name: Pfizer Inc, Groton-CT, March 07 to Jan 08
Environment: J2EE, Documentum, Weblogic, Oracle, Informatica, IIS, .NET,
Tomcat
Did compliance Work for SOX & FDA audit. Server hardening, performance
management and root cause Analysis using Ishikawa diagram for application
security problems.
Defend against potential threats on host system, application or network
infrastructure in relation to authentication, role-based access control,
distributed security policy enforcement and message layer security.
. Designed security policies for transition of support to shared
services model
. Risk management for business impact analysis and recovery strategies
. Implemented ITIL concepts for service delivery and security management
Client Name: Goldman Sachs & Co, New York City, July 2003 to Feb 07
Environment: Solaris, Linux, Sybase, XML, Java, Perl
Leader of a 20 member team, closely interacting with customer to thoroughly
understand the business requirement, perform security risk analysis, ensure
system availability and performance, change management & configuration
management. Performed Information Risk Assessment for the project and
involved in introducing redundancy in Systems & Network topology for BCP &
DR compliance.
. Identify security risks and proposing risk mitigations.
. Test Plan for software modules, database failure and recovery
procedures
. Plan system upgrades, streamline daily processing activities.
. Formulate change management and release management procedures
. Implement Single Sign-on technology (SSO), separation of duties and
access control policies
. Vulnerability analysis and attack vector identification for web apps,
Sybase database on Sun Solaris
. Drive hardware and OS upgrades to ensure system stability, reduce
cost, improve performance
. Actualize fault tolerance mechanisms to take measures against Denial
of Service (DOS) attacks.
. Monitor all phases of software development lifecycle for new
functionalities introduced
HCL Info systems Ltd, Systems and Network Analyst, Oct 2000 - Jan 2003
Environment: Windows, Linux, Oracle, Cisco Routers
HCL Info systems Ltd is a leading IT services company. Provided consultancy
for various projects undertaken by the organization as well as maintain
system and network availability on a daily basis.
Projects at HCL:
. Establish SSL and http tunneling with remote clients and branch offices
. Implementation of MRTG for monitoring the bandwidth utilization on the
WAN Links
. Analyze firewall and router logs for any possible intrusion activities IS
application security
. Penetration testing of application from external networks
. Web administration on IIS via configuring Windows Load Balancing servers
. Migrating all corporate mail servers from Windows Exchange to Linux
Sendmail in a phased manner
. Integrate authentication in a hybrid environment by deploying Samba
services
Personal Interests:
. Public speaking - Won several awards in debates and public speaking on
security and other topics
. Writing - Edited College Magazine, writes security research papers
Contact this candidate