Security Management
Resume:
RESIDENT & MAILING:
**. Tavistock Place, Cambridge CB4 3NB, UK.
**, *********** **, **********, ********,
SL.
PERSONAL DETAILS
PPNo - N2435933 / Iqama - 243-***-****
[pic]
E-Mail : **************@*******.*** /
**************@*****.***
Telephone : +947*-***-**** / +966-*****-****
EXECUTIVE SUMMARY
About Me / What is my interest in this role:
"Information Security & Digital Forensics is my profession and IT Security
Research & Development and IT Security Project Management is my passion". I
was grown up as an entrepreneur from my little age. I'm a UK Educated and
UK Experienced IT Security & Digital Forensics Consultant with Fifteen
years related the industrial experience. Also Qualified as, MSc in
Information Security and Computer Forensics (UK), MSc in Datamining and
Knowledge Management (UK) (Drop Out), Pg. Cert in Management Studies (UK),
BSc (Hons) Com Eng, MBCS, MIEEE, MPMI. And, completed trainings are CISM,
CISSP, CISA, CEH, CHIF, CGEIT, CRISC, Security+, PMP, ITIL, CCNA, Oracle
Inside-Out, Oracle Application Security, White hat and GCIH & GCFA
Trainings, Symantec Trainings (MSS, SEP, ATP & DLP).
My key strengths and why I am the right candidate:
Currently, I am working with Symantec Project for Saudi Electricity Company
as Sn. IT Security Analyst and Lead for IT and OT Security Monitoring
Operations. It accomplished with 35000 End Users and 8000 Servers &
Devices. I have started my IT career as Data Encoder in 1997. I have
started Computer learning from 1993 with dBASE, Clipper, Lotus 123 and DOS
before windows 3.1 launching. In my Experience, nearly 14 years of
Managerial and Consultant Level. In those 14 years, 5 years I spend in the
UK with Exultant UK Limited as Manager for Enterprise IT Security
Management, Worked as Consultant for SOC, Oracle Enterprise Security and
Digital Forensics Analysis in FusionSyscom Oracle Golden Partner UK and
Consultant in SLM Voice for IT, SOC, Telecom Security Systems Management &
Fraud Analysis. Rest of the Years in Sri Lanka worked as Sn. Manager / Head
of Information Security and Forensics in WinsysNetworks and Worked as
Project Manager and Security Systems Engineer in University of Moratuwa (UN
- NORAD Funded Project).
EXPERIENCE
07 /2017 - To date Senior Information Security Analyst (IT and OT
Security Operations)
Panta Consultancy UK (PVT) Symantec Project in Saudi Electricity
Ltd., Company, KSA.
Nature of Job: This is a SOC implementing Project for Saudi Electricity
company by Symantec.
Main Role:
Manage the Cyber Security Operations Center, IT & OT operations, Incident
Response and Recovery.
Managing and operating SIEM solutions which as Symantec MSS, Endpoint and
ATP.
Monitor Threat Intelligence Sources and analyse threat data, to determine
the security impact of these emerging threats and tune security devices
to pro-active block these emerging threats.
Team lead includes L1, L2 and fresh SOC members activities such as
security monitoring, analysis and incidents handling to accomplish SOC
goals and objectives. Also, Advanced Malware Analysis.
Support the maintenance and provide input to the Security Operations
Department.
Developing and implementing SOC and IT & OT Security technical processes
and procedures.
Lead the management of the emergency & critical incidents and coordinate
to drive the Incident investigation and management activities with
internal and external parties.
Handling security analysis of all security devices such as FWs, IPSs,
WAFs, Mail GWs, F5 Big IP, IDSs AV systems, and Proxy devices on their
logs and events for handling actions of implementation.
Escalating and Coordinating incident handling operations either manually
or ticketing systems.
Recommending best handling actions to close and proactively manage
threats and attacks by tuning security devices to block the attacks
IOC's, TTP's and artefacts. Also, PlayBook Implementation.
Acting as SOC manager / SDM manager. Also, Provide SME support for
incident response and recovery handling methodologies for enhancing
Information Security and Operations.
Reporting to Top Management and Prepare Presentation about Current
Security Strategies.
Preparing Proposals for IT and OT environmental IT Security Enhancements
in Standards and GRC
03 /2013 - 6/2017 (4+ Sn. Manager / Head of Information Security and
years) Forensics
WinSys Networks (PVT) Ltd., Working for Qatar Projects in Sri Lanka
and Qatar.
Nature of Job: This is a business implementing as Franchise in Sri Lanka,
Qatar with SecureI2 UK.
Main Role:
Lead for SOC Operations, IT Security Management and Digital Forensic
Projects & IT Audits.
Information Security Management System Development Lifecycle consultancy
and Governance.
Consulting for Legal Enforcement for Digital Forensics and Evidencing for
Court.
Documenting for Security issues identified during security assessments
and Risk Analysis.
Consultancy & Evidencing for IT Security and Digital Forensics with Legal
Enforcement.
Vulnerability and Risk Assessment cum Telecom and Financial Security
Systems Integration.
02 /2008 - 02/2013 (5+ Consultant for Enterprise IT Security Project &
years) Oracle Security
Fusion Syscom Ltd, (In-House) CEME Innovation Centre, Raynham, London.
Nature of Job: Company is Oracle Golden Partner for Supporting
Telecommunication, Business, Banking and Financial Hubs. My responsible
for the IT Security & Digital Forensic and Business Application Projects.
And, corporate responsible for Running Systems and Projects Consultancy.
Main Role:
The lead of the SOC, IT Security & Digital Forensic Projects and Security
for Enterprise Apps.
Data & Web Security, System auditing also Security and IT Stranded
implementations.
Oracle Identity Management and Access Control Solutions Provide for
Financial Hubs.
Digital forensics Projects, Setup and Maintain the Forensic Lab and
Incident Response.
Vulnerability Assessment and penetration testing & assessments on
Internet exposed systems.
Documenting technical issues identified during security assessments and
Risk Analysis.
7/2001 - 01/2008 (6 Project Manager & Security System Engineer
years)
The University of Moratuwa, Engineering, University of Moratuwa, Sri
Lanka.
Nature of Job: NORAD (UN) Funded Project for Interconnect all
Universities in Sri Lanka.
Main Stakeholders: The Government of Sri Lanka, United Nations (NORAD),
EuroNet (Norway), DMS, All Universities (17 Major Universities and
Colleges) & University Grant Commission.
Main Role:
SOC Project Implementation & Functional Responsible, Coordinate scope
definition, project planning & estimating during requirements & design
phase to produce accurate cost estimates.
Project Committee Member of the Department of IT in Higher Education
.
Internal Web Master for Undergraduate Division and University
Administration Systems.
Engineering Studies Coordination for the third year and Final Year
Undergraduate Student.
EDUCATION
08/2009 - MSc in Information Security and Computer Forensics
08/2011
University of East London, Docklands Campus, University Way, London
E16 2RD
IT Security Management GRC, ISMS, ISO27K, COBIT, COSO, ITIL, SOX,
Physical Security, IAM.
Computer Security Network Security, Cloud Security, Database
Security, Digital Security, SOC.
IT Low & Seizure and Examination Telecommunication Act, Police Act,
Contract Low and other IT Lows.
Digital Forensics Penetration Testing, Social Engineering, FTK,
EnCase, Helix, eDiscovery tools.
Research Topic: - "Mitigate the ID Threats Through Identity Management and
Access Control Mechanism As a Service" (Finding Solution for Big Financial
Frauds and Identity Frauds. Specially revise Banking security and Telecom
Security with Role Management & Information Wright Management. My analysis,
finding and recommendation are guided to upgrade the total security systems
what we have at the moment. Especially, its cover Standard's, Operations,
Policies, Definitions, Laws and Technologies)
02/2008 MSc in Data Mining and Knowledge Management. (Part-time Studies)
-Pending
/ Reading
University of East London, Docklands Campus, University Way, London
E16 2RD
Data Mining WEKA Tool, Machine Learning, Pattern Matching, Data
Mining Algorithms
Advanced Database Management DBMS, Data warehousing, Data canter's,
Coding Performance
Project Management PMP, Prince2 Methodologies, Primavera, Case
Studies, Risk and Procurement
Knowledge Management (Pending
01/2008 - Postgraduate Certificate in Management Studies - Merit Pass
05/2008
London College of Management and IT 71 Whitechapel High Street,
London E1 7PL.
Advanced Professional Development, Managing Change in Organisations,
Human Resources Management, Strategic Planning and Management,
Managing financial Resource, Strategic Marketing Management.
02/2000 - 07/2003 BSc (Hons) in Computer Engineering - Final Grade: A
Equal to BSc (Hons) Full Professional Member British Computer Society (MBCS)
TRAININGS
System Implement and IT Skills Development Trainings
MSS, SEP, DPL, ATP, Malware Analysis, Deep Sight Symantec
Intelligence, Log Analysis
Saudi Electricity Company IT & OT Infrastructures,
Operations Methodologies
System Administration of M-STAS Course EuroNet - Norway
Brio Intelligent (Special Reports, Database Access, View
Creation)
Sever Administration & Group Policies with Security DMS - Colombo
Setting Course
Oracle DB Programming / DBA Support Course
Oracle BIApps, Oracle Business Intelligence and Data Oracle - London /
Warehousing Reading
Oracle EPM, BPM, CRM, SCM and SOA, ADF, BEPL + Oracle
Primavera
Identity Management and Access Control + IRM + Security
Inside-Out
Management Skills Development Trainings
Positive Attitude Mr Thilakasiri -
SLIDA
[Senior Consultant]
Japanese 5 S System
Super Change Dr Kumainthamalena
Personality Development Prof. D.C.H. Senarath
Leadership & Life Skills Training Programme LAUREL - Army
Training
Personal Effectiveness University of
Moratuwa
University Administration System Development Trainings
Handling the Semester System of Conducting Academic Prof. Malik
Programs Ranashinge
Fees Module Course, Curriculum and Diploma EuroNet - Norway
Administration Course
Design of Reports and Transcripts of Grades Course
MEMBERSHIP
ID - 990268524 MBCS - Member of British Computer Society - UK
ID - 950448 MPMI - Member of Project Management Institute - USA.
ID - 80721315 MIEEE - Member of Institute of Electrical & Electronic
ID - Pending Engineers - USA.
MIIBA - Member of International Institute of Business Analysis
- Canada.
PROFESSIONAL CERTIFICATION AND TRAININGS
03/2006 Advanced Certificate in Project Management (PMI - Course Outline) -
NIBM.
10/2008 Project Management Professional - PMP (35 PDU) - Singapore
Informatics.
08/2008 Foundation Certificate in IT Service Management - ITIL V3 - University
of Moratuwa.
07/2008 Data Analysis with SPSS and Advanced SPSS Training - University of
Colombo.
08/2013 Certified Ethical Hacker Training CEH v8 Training + ComTIA Security+
Computer Hacking Forensic Investigator Training CHFI v8 Training
07/2013 Certified Information System Security Professional Training- CISSP
Training (ISC2)
12/2008 Certified Information Security Manager - CISM Training (ISACA)
Certified Information System Auditor Training - CISA Training (ISACA)
09/2008 CISCO Certify Network Associate Course Training - (CCNA) (640-802)
11/2008
06/2008
SKILLS, KNOWLEDGE AND EXPERTISE ON ADVANCED IT SECURITY MANAGEMENT
OT & IT Security Monitoring and IT Security Management Skills
IT & OT Security Monitoring Tools, Technologies, Methodologies, Standard and
Policies Implementation.
Log Analysis, Advance Malware Analysis and Advance log Analysis with data
querying and Data mining.
Incident Response, Escalation to Interest parties and follow up the case until
close. Start Investigation on infected machine and devices through system
internal tools and Forensic tools for Case & Legal Brief.
Generate Reports using reporting tools and utilities. Preparing Shift
schedules and SOC Management.
Security Management and IT Audit Skills
Stranded and Frameworks implementation for Middle East (NIA, NESA) & Western
Organisations.
Information & Business Security, Banking & Org Security, Credit card &
Identity Fraud Analysis.
Social Engineering Protection, Application Support & Security Awareness
Training and Programs.
IT Performance, Business Continuity Planning and IT Security Strategy
Management.
Security Risk Assessment, IT Security System Auditing and best IT Advisory
Management.
Governance Risk Compliance and Policies Making & Privilege Management.
Disaster Recovery, Business Continuity Planning, Asset Management and Change
Management
Computer Forensics and Fraud Prevention Skills
Establishing Digital Forensic Lab and Perform Digital Forensic Investigation,
Analysis and Data Recovery, Incident Response, Fraud Detection and Mal
Activities. Forecast Insider Attacks.
Legal Brief, Crime Investigation, Evidence Collecting. Vulnerability Analysis,
Pen Testing.
Forensic Accounting, ISO 37001 - Anti Bribery Management Systems and Business
Security
Monitoring, Tuning and Improvement the Security Systems and Profiling &
Screening.
Computer Security Incident Response, Penetration Testing and Patch Management.
Enterprise IT Security Analyst Skills
Governance Risk Compliance and Policies Making & Privilege Management. Role
Management, Digital Right Management, Encryption Management System.
Application Access Control.
Federated Identity Management & Access Control, Info. Right Management & Role
Management.
Disaster Recovery, Business Continuity Planning and Asset Management, Firewall
Administration.
Intrusion Detection / Prevention System, Security Information and Event
Management (SIEM).
Physical Security Management, Employee Performance Management, Surveillance
Systems.
Monitoring Networks for Security Breaches and Perform Network Scanning and
Vulnerability Assessments, Mitigating Threats by Analysing Data and Developing
Plans.
Security System Management, Information Security Management System (ISMS).
Data and Web Security Skills
Oracle Security inside - out, Database Security, Data Leakage & Data Loss
Prevention System.
Data Encryption, Stenographic Analysis, Audio Stenographic Analysis & Malware
Detections.
Web Application Firewall, Perimeter security, web protection, DDoS detection
and response.
Oracle Database Firewall, Data Masking, Classification System, SOA Security,
VM Security.
Security Project Management Skills
Project planning and implementation, preparing budgets, RFQ/RFT and Project
Documentation. Prince2 and PMI Project Management Methodologies. Also, Agile,
SDLC, Scrum and RUP.
Primavera v6, EPPM, BI Publisher, SharePoint 2010, MS Project, MS Visio,
Advanced MS Office.
ADVANCED IT SECURITY TECHNICAL SKILLS
IT & OT Security Management Methodologies and Technologies:
Security Stranded implementation such as ISO20000, ISO27001/2/3/4/5, ISO27014,
ISO27035, ISO22301 and Risk Management ISO 31000 QMS and audited
accreditations: ISO 9001:2008, ISO 14001:2004, OHSAS 18001 : 2008, HIPPA, NERC
CIP, NIST 800-82 and ISA/IEC 62443, CSA Frameworks, COBIT5, COSO, ITIL v4,
TOGAF v9, SABSA, IDISA, NIA, NESA, ADSIC, ISR, SANS Security Controls, CIS
Benchmark and PCI-DSS 3.1, PCI - QSA, SOX, Data Protection Act, British IT
Lows ext... & ACPO-eCrime and ISO 37001.
Security Applications for IT & OT Security Monitoring & Operation Center
Technologies:
LogRhythm, Splunk, ArcSight ESM, Symantec MSS, Imperva Securesphere, Balabit
Syslog, Nessus, Symantec NESA, ADSIC, ISRAV, Symantec SDCS, QRadar, McAfee,
Trend Micro, Secunia, Qualys, Qualys BrowserCheck, Cyberoam, Fortinet VDOM,
Big IP ASM, Blucoat Solera, Fidells Endpoint, Lancope, HPSM, FireEye, Cisco
ASA,/ PIX, Juniper SRX, Check Point, Palo Alto, SNORT, IDA Pro, Netwitness
WireShark, CaptureBAT, WS-Security performance, Whitehat Security,
Qualysguard, Retina, CoreImpact, Symantec SEE, PGP FDE, Safenet, Fortigate
DLP, Symantec SEE, PGP FDE, Safenet, Fortigate DLP.
Digital Forensic, Pen Testing & Incident Response and Advance Malware
Analysis:
Encase, FTK, Helix, WinHex, HBGary, Mandiant MIR, Paraben, SysInternals suite,
RegRipper, Volatility, HBGary Responder, Mandiant Redline, host-centric,
network-centric, SIFT, log-centric security analysis. X-Ways, F-Response,
Responder Pro, OllyDbg, Metasploit, Cuckoo, Java, Javascript, Assembly
Language, Powershell, SQL, PL SQL, Python. Cyberbit SCADAShield (ICS/SCADA),
STIX, TAXII, MAEC, CybOX, Anomali, Yara Rules.
IT Security Defence in Depth & Identity and Access Management:
Oracle Security inside - out, Federated Identity Management and Access
Control, SSO, Oracle IDM Suite, Information Right Management, DevOps, SAML,
XACML, OpenID, OAuth 2.0, OATH, OpenAuth. Integrated Automated Identity,
ForgeRock IAM, Microsoft FIM, IBM TIM, Tivoli Directory Integrator, IBM
Identity & Access Suite, CA Identity Suite and Oracle Mobile Security, Sophos
SharePoint Security.
SKILLS, KNOWLEDGE AND EXPERTISE ON BUSINESS MANAGEMENT / ADMINISTRATION
General Management Skills
Communication Skills, Excellent Presentation, Interpersonal, Negotiation,
ProActive, Leadership skills, IT Service Management and Business Service
Management, Staff Training and Development.
Service (SLA), Operational Level (OLA) and Carrying out maintaining license
information (CLA).
Managing enhancements & support of application and infrastructure while
contributing to business - IT strategy & IT budgeting of the assigned LOBs and
Change Management and CAPEX/OPEX.
Design and Develop network architecture, specific network components and
infrastructure, High-End Trouble Shooting skills, Caring End User expectation
and Take care of High Availability.
Big Data, Business Intelligence and Data Mining & Data Analysis Skills
BI Apps, Business Intelligence & Data warehousing and Data Mining & Knowledge
Management.
ETL / DAC / Analytics, Informatica PowerCenter, Hadoop, SOA, ADF, BPEL, LDAP
and WebLogic.
SPSS / SAS / Micro statics. WEKA data mining, Oracle Data Miner and Survey
Tools.
Business Application & Database Management and System Engineering
IT Architecture for Business, Application, Data & Technical (TOGAF 9.1) and
SOA, BPEL & ADF, ERP, EPM, BPM, CRM, SCM, Enterprise Data Quality, GoldenGate,
Big Data, ODI and Data Warehouse. Oracle E-Business Suite R12, Oracle Database
and MS SQL database and SQL, NoSQL & PL/SQL.
Operation System Support and Business System Support (Data Collection,
Mediation, Billing, Monitoring, Assurance, Fraud Management and Provisioning,
Number Management) and Portal.
Server Platform (SPARC, EXTRADATA) Blade servers, HP Enclosure...
Contact this candidate