Security Management
Resume:
Alexander Gelfenshteyn, CISSP, PMP, CEH
** ********* ***** ***: 646-***-****
Livingston, NJ 07039 ********@*****.***
Highly successful, accomplished and innovate Security Officer. Proven experience in building and managing a high
performing technical team focused on supporting internal and external clients. Demonstrated success in managing
systems, network security, Internet platforms with focus on risk management, process improvement, policies &
procedures and service delivery. Credentials include a M.S. in Telecommunication Security, B.A. in Computer Science
and Economics along multiple certifications, including CISSP, PMP and CEH.
Professional Experience
Societe Generale Corporate Investment Bank Jersey City, NJ
Vice President, Network Systems Security Manager 06/10 - Current
• Serve as the security officer for IT Operations, perform internal security assessments, risk
mitigation and work with internal/external auditors.
• Lead a team of three network security engineers supporting production activities for North and
South America.
• Monitor information security trends and evolving technologies and keep senior management
informed about security issues and implications to the firm.
• Work with business units, legal/compliance and human resources to investigate security
incidents and data leakage.
• Partner with global security teams to ensure risks in planned operations are properly
considered and adhere to corporate compliance.
• Lead multiple design and evaluation efforts that are focused on enterprise network design, low
latency architecture, remote access and network security.
• Collaborate with the Change and Release Management team and the IT business lines to
coordinate all infrastructure changes.
• Oversee execution of security projects, ensure effective planning/scheduling and provide
progress reporting to senior leadership.
• Develop and implement standard operating procedures for the network security team.
• Establish and manage vendor/partner relationships, including Cisco, Juniper, Checkpoint, Blue
Coat, etc.
• Direct hands on experience with Juniper/Checkpoint firewalls, Internet proxies, malware and
remote access technologies.
Societe Generale Corporate Investment Bank New York, NY
Senior Security Analyst, Office of the CTO 01/07 – 06/10
• Developed and implemented a global Risk Management Process and Threat and
Vulnerability Management Process as part of proactive security strategy.
• Conducted infrastructure vulnerability assessments to detect weaknesses and non-
compliance to corporate security baselines.
• Identified, analyzed and prioritized risks as well as provided expert recommendations for
implementing corrective measures.
• Produced periodic Health Check Reports and metrics on compliance to security policies,
patch management, password complexity and user entitlements.
• Implemented and managed enforcement of policies, procedures and associated plans for
system security based on industry standard best practices.
• Partnered with external vendors to determine vulnerability assessment scope and monitored
penetration testing of corporate applications.
• Partnered with Internal Audit Department and Federal Regulators to review security
controls on operating systems, databases, applications, and network devices and recommend improvements to
reduce future risks.
• Conducted research on emerging products, services and standards in support of security
enhancement efforts.
Societe Generale Corporate Investment Bank New York, NY
Senior Security Auditor 02/05 – 01/07
• Performed technology audits and internal control reviews of financial applications, databases, operating and
network systems.
• Employed ethical hacking techniques to discover vulnerable points of entry onto corporate systems.
• Created and managed audit programs to check compliance to security objectives, policies and procedures of global
regions.
• Identified and documented risks and vulnerabilities that can disrupt critical business processes.
• Articulated highly technical information into real business impact and presented executive level management with
mitigation strategies for controlling vulnerabilities.
• Recommend cost-effective technical solutions to protect information systems from loss, damage or destruction.
Fidelity Investments Boston, MA
Senior Systems Engineer / Developer 05/01 - 02/05
• Developed and implemented a scalable multi-process and multi-threaded web application suite
for cyber attack mitigation.
• Performed information security risk assessments and defined strategies and for monitoring
network security breaches.
• Customized and integrated open source security applications to perform reviews and audits.
• Managed enterprise network performance and fault management systems.
• Designed and monitored large scale distributed systems for performance management.
• Created and integrated custom network tools with proprietary management software.
• Certified new and emerging products for fault and performance management capabilities.
• Conducted UNIX System Administration, involving installation and configuration of lab
servers.
• Provided direct assistance to Global Network Operations Center during critical service failure.
Education
Boston University Boston, MA
Masters of Science in Telecommunication Security December 2004
Brandeis University Waltham, MA
Bachelor of Arts in Computer Science and Economics May 2002
Certifications
Certified Information Systems Security Professional (CISSP)
Project Management Professional (PMP)
Certified Ethical Hacker (CEH)
Graduate Certificate in Information Security Technologies, Boston University
Patents
U.S Patent 7676841 - Network Intrusion Mitigation
Technical Skills
Programming Languages Perl/CGI, Java, C, Expect, Unix Shell Scripting, SQL, HTML
Systems Linux, Solaris, AIX, Knoppix, Windows, Mac OS
Software Microsoft Office, Nessus, QualysGuard, AppDetective, DBProtect, WebInspect,
Snort, FoundScan, NMap, Ethereal, Remote-Exploit Tools, Provider1, Juniper NSM
Hardware Netscreen/Juniper, Checkpoint, Bluecoat Proxy
Contact this candidate