Sign in

Information Security Management

Katy, Texas, United States
February 16, 2018

Contact this candidate


E-mail Tel: 615-***-****

Objective: To find an IT Security position (in a challenging environment) that enables me to utilize my years of experience to actively help organization succeed and disrupt activities that hinders maximizing owner(s) wealth, by building, managing and maintaining a highly available and a highly secure systems that aligns with business goals and objectives.

Professional Synopsis

Gori is a versatile and enthusiastic seasoned practitioner with good business acumen and over 12 years of extensive experience in planning, designing, deploying and managing enterprise information security and Internetwork. Besides my technical skills, I have a sound experience in strategic business management, IT governance, consulting, and team and project management.


MBA, Masters of Business Administration, Middle Tennessee State University,

MS, Computer Information Systems, Major in Information Security and Assurance, Middle Tennessee State University





Attack mitigation and detection techniques: Cisco IOS security (Control/Data/management plane protection) &, Routing protocol security, Cisco ACS, Access Lists, TACACS,RADIUS, Cisco ScanSafe, RFC 3330,2827,2401,CARS,,FPM, IP Source Tracker, TCPINTERCEPT,URPF,RTBH,MQC,PBR,AIP/CSC-SSM,IOS firewall (CBAC, ZBF), IOS RBAC CLI,AUTH-PROXY. IPSG,DAI,PVLAN,VACL,PACL,MACL, DOT1x, DHCP Snooping, storm control, Port security, DNSSEC, MacSec, EAP, WPA/WPA2

TOOLS: MBSA, Nessus, Cain and Abel, Metasploit, Core Impact Pro, Wireshark, Tcpdump, NMAP, Super Scan Network Scanners, ISS Vulnerability Scanners, LophtCrack, @stake’s LC5, HIPS, Endpoint Security,C++, C#


Protocols: DTLS/TLS/SSL, HTTPS, ESP,AH, cryptography/hashing, Public Key Infrastructure (PKI), Federated systems, LDAP,SSO,PGP,

Compliance and Frame Work : HIPAA, PCI, PII, GLBA, OSSTM, SDLC, FIPS-140-2, CMMI, Evaluation Criteria (Common Criteria, ITSEC), COBIT 4.0,RFC 2196, RFC 2504,GAISP, security best practices and information security ethics, NIST guidelines including Fips-199,SP 800-18,800-30,800-37,800-53,800-60, Security Architecture design., security policy, security RISK management, security audit, Security Incident & Event Management, Date Protections & Privacy (DPP),Threat & Vulnerability Management (TVM), Governance Risk & Compliance (GRC), Log management, disaster recovery and business continuity planning( DRP/BCP)


Cisco Routers (12000, 7500, 7600, 72000) ISRG1 (3800, 3600, 2800, 2600, 800), ISRG2, 3900, 2900, 2600, 800), ASR Routers, Cisco Switches (Cat6K, Cat5K, Cat4K, 3xxx), FW (PIX 5xx, ASA 55xx, FWSM). CISCO IPS 42 XX, Cisco NAC, CSM, ACE, CISCO ACS, Nokia Check Point Firewalls, Watchguard Firewalls, cisco Access-Point,/WLC, WCS, Windows 95/98/2000, XP, MS server /2000/2003/2008, Microsoft Forefront LINUX, RedHAT


Project management, planning and scheduling, project risk assessment and controls. Corporate finance, IT operations, organization behavior, leadership, service level management (SLM) and Business Process Outsourcing (BPO). Authoring purchase justification and technology migration justification. Ability to listen and communicate effectively with both technical/non-technical staffs and C-level executives, exceptional customer service and public relation


OCT 2013 – Current WEFIX LLC.

PKI Security Consultant

Design and evaluation of WEBTRUST compliant PKI infrastructure and cryptographic services. Accountable for PKI CPS/CP, PKI CSA, PKI audit, PKI health check, and responsible for PKI audit and health check remediation

Responsible for coordinating PKI audit and audit finding remediation. Leading key/Rekey ceremony, Key and Certificate life cycle management, Smart card life cycle management with Microsoft FIM-CLM/MIM, CRL management and CRL publication failures

Authoring and modification of CPS/CP, liaison and yearly training for PKI Policy Authority and PKI trusted role holder. Creation and implementation of security policy (physical and logical) to secure CA servers and PKI infrastructure

Designing, Installing, Configuring and supporting Safenet/Luna HSM, Thales Ncipher HSM (edge, connect and solo), Active Directory Certificate Service, ADCS clustering, Certificate Enrollment Web & Policy Service (CES & CEP), Network Device Enrollment Service(NDES)/ SCEP, web enrollment, Online Certificate Responder (OCSP)/ OCSP-X/SCVP, SymantecMPKI

Support for PKI applications, Blob Recovery, SSL Certificate, Group Mailbox Encryption and External Email Encryption, Kerberos auth, VPN,802.1x, MDM, digital signing Cross certification, Certificate deployment and troubleshooting for user, computer, cisco IOS, SSL application, Domain controller, VPN,802.1x, Azure RMS BYOK etc.

Design and implementation of SHA2 PKI and migration of SHA1 End Entity to SHA2 PK1 infrastructure. Responsible for key management life cycle, CA rekey, Key ceremony and CRL management’s Template creation and modification. Migration and decommissioning of PKI CA, yearly PKI BCP/DR

Knowledge of PKIX, NIST SP-800-57, RFC 5280, RFC 2459, RFC 3280, AICPA/CICA WebTrust for CA criteria, Suite-B/CNG crypto

Design and implementation of SHA2 PKI and migration of SHA1 End Entity to SHA2 PK1 infrastructure. Responsible for key management life cycle, CA rekey, Key ceremony and CRL management’s Template creation and modification. Migration and decommissioning of PKI CA, yearly PKI BCP/DR

Knowledge of PKIX, NIST SP-800-57, RFC 5280, RFC 2459, RFC 3280, AICPA/CICA WebTrust for CA criteria, Suite-B/CNG crypto

Administration and management of Microsoft SQL and Microsoft FIM/MIM-CLM


Team Lead: PKI/VPN Security technologies

Provided escalation support for large enterprise hierarchical PKI CA (Microsoft Certificate Authority (ADCS) and CISCO IOS CA : management, administration and troubleshoot of enrollment request database, trust point, manual and auto enrolment(SCEP),RA server, CDP, key rollover, generation and validation of CSR,certificate template, key recovery, key archival Back,and CA keys. Re-enrolling/issuing key for compromised systems

Act as PKI SME: Authoring PKI security policy and procedure and assist different high profile customers in designing and planning enterprise PKI infrastructure using best practices, protecting ROOT CA, Identifying continuous improvement areas. Deploying next generation PKI using suite-B cipher suite

Review PKI documentation, creation of PKI deployment and implementation guide and provided training on PKI infrastructure and standards.

Coordinate daily and operation activities among a team of 10, being representative to the rest of the department and first point of contact. Drive continuous learning, result orientation, teamwork, and promote collaboration.

Mentored junior engineers and engineers pursuing their CCIE. Interviewed potential candidates and mentored new members to quickly form them into productive support engineers.

Identified and reproduced defects in Cisco software, and communicated with developers about getting the proper fix to the customer.

Worked with product engineering to develop next generation security product. Participated in executive-engineer meetings to discuss new initiatives and make suggestions to improve seamless adoption

Responsible for technical content development and also review of technical documentations and product requirement document and delivering technical training sessions.

Shaping next-generation product features and solutions, ensuring continued product supportability, usability, and quality.

Worked as VPN security go-to Subject Matter Expect. Provided Real-time worldwide exceptional and high quality customer support for high complexity security technologies(design, Configuration and troubleshooting assistance) for technologies including; IPV4/IPV6 IKEV1/IKEV2 VPN technologies, including Remote Access VPN client (cisco VPN client,Cisco Any connect Secure Mobility, DAP),CISCO IOS PKI, CISCO FLEX VPN, IPSEC IPV6 VPN, CISCO SECURE DESKTOP(CSD), CISCO SECURITY MANAGER(CSM), Crypto modules ( ISM,VAM,AIM 6500/7200 VAM2+/VPN SPA/ SSLVPN/WEBVPN/VPNSM MODULE), High-Availability Stateful Failover for IPSec with SSO,HSRP, High Availability Using Link Resiliency (with Loopback Interface for Peering), High Availability Using HSRP and RRI, High Availability Using IPSec Backup Peers, High Availability Using GRE over IPSec (Dynamic Routing), IOS and ASA eazy VPN remote, easy VPN server with (Client, Network, Network+), CISCO EAZY VPN dual tunnel, IPSEC SVTI and DVTI, multicast over IPSEC, GRE over IPSEC, Integrating GET VPN with a DMVPN Solution, IPSec LAN-to-LAN IOS to ASA VPN using PSK/PKI, Dynamic VPN PEER, IPSEC VPN QOS, DMVPN(PHASE 1,2,3) SHSD,SHDD,SLB,DHSD,MHSD,TREE BASED with PSK/PKI, DMVPN QOS, VRF-Aware(IVRF/FVRF)VPN, ASA and IOS for WebVPN, and SSL VPN WITH LDAP/AAA AUTHENTICATION, XAuth, Split-Tunnel, RRI, NAT-T,DPD, GETVPN COOP using PSK/PKI.

AUG 2010 – MAY 2011 Charter Communication

Principal Engineer (Network Security) -Contract

Configured and supported CISCO ASA firewall for WebVPN, ACL, routing, MPF, NAT,CTP, and ASA failover(A/A,A/S)

Re-resigned, implemented and supported Certificate (PKI) based VPN technologies (IPSEC, EASYVPN, DMVPN,GET, VTI, GRE,IOS-SSL VPN, AnyConnect,SSL VPN WITH LDAP/ACS),VPN QOS and authored remote access and third party connection policy.

Lead design teams and advises team leaders on Compliance effort, Security product review,evaluation and testing

Designed, implemented, monitored, enhanced and troubleshoot systems in assigned areas. Reviewed work plans and designs and advises on improvements and acted as moderator for technical working group

Attack mitigation with ACL(RFC 3330,2827,2401),IPS appliance, IOS IPS, control plane management (CoPP),CARS,NBAR,FPM,NETFLOW, IP Source Tracker, TCP-INTERCEPT,URPF,RTBH,MQC,PBR,IOS,AIP/CSC-SSM.

Sound working knowledge of CISCO NAC,CSA,CSMARS,Anomaly Guard/Detection

Jan. 2010 – May 2010 KV Pharmaceutical

Information Security Specialist

Lead the implementation of Software Asset Management (SAM) program to help achieve compliance, build more accurate financial forecast/budgeting and reduce software expenditure.

Provided confidentiality for sensitive data and email using windows NTFS permission and PGP Universal Gateway (whole disk, email and folder encryption).

Managed Microsoft Active Directory, forefront server and PKI infrastructure with smart card deployment on windows PC, performed periodic patch management (with WSUS), periodical vulnerability scanning(Retina eEye, MBSA,Nessus) and penetration testing on critical servers, prioritize vulnerability outcome and remediate immediately. Administered Windows server 2008/2003 active directory domain and network infrastructure, Checkpoint UTM, Microsoft Exchange 2007 and IBM Proventia Network IPS.

Controlled business internet usage, Web and email Content filtering by configuring and administering Websense and Microsoft ISA server 2006, Forefront and McAfee Email Gateway (Iron Mail).

Advises the organization with current information about information security technologies and related regulatory issues and monitored the internal control systems to ensure that appropriate access levels are maintained.

Cisco CBAC, Zone based firewall(ZBF), L2 attack mitigation with IPSG,DAI,PVLAN,VACL,PACL,MACL,DHCP Snooping, Port security,Dot1x,SPANNING TREE, ACS RADIUS/TACACS,IOS RBAC CLI,AUTH-PROXY,CISCO router IOS security.

Sept. 2007 – Dec 2009 Dimension Data Holding PLC

Sr. Information Security Analyst/Consultant

Acted as a process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies, standards and industry regulations. Reviewed all system-related security plans throughout the organization's network, and acted as a liaison to Information Systems. Served as a Subject Matter Expert (SME) to the organization and worked closely with external auditors towards regulatory and compliance objectives.

Lead the Corporate Information Security department and reported activities to CISO. Formulated corporate information security roadmap that aligns with corporate goals and business objectives, obtained approval and support from management for major enterprise security projects. Managed these projects including but not limited to budget estimation, product evaluation, software procurement, resource acquisition/management, and ensured projects are completed within scope, timely and within budget. Responsible for IT security project risk management and control. Managed and monitored project resources, milestones, budget, project deliverables, and ensured projects were completed on time and within approved budget. Reported project progress to stakeholders.

Accountable for daily operations of information security. Lead a team of over ten people to identify and manage information security risks to achieve business objectives and ensured IT security strategy are business driven.

Served as company's security evangelist, initiated, developed and managed enterprise Information Security and Privacy Awareness and Training Program (SPATP). Ensured training is delivered timely to appropriate associate and measured the effectiveness and currency of information security awareness, training and education.

Authored, reviewed, and published over 30 corporate information security policies and procedures considering all security consequence, risk assessment result and compliance subject, as well as legal liabilities. Monitored policy for compliance and ensured policies are communicated to employees (temp/perm), contractors and business partners.

Developed rules of engagement (ROE) for business partners. Performed periodic audit and risk assessment on routers, switches, firewalls, third party/ business partners/vendors /branch offices/ teleworkers/remote access connections,

and mobile computers (PDAs, blackberries, smart phones etc). Identified potential threats and authored, enforced and communicated security policy to mitigate potential threats. Evaluated enterprise security products for encryption, theft prevention, secure messaging, privacy, data monitoring, intrusion detection and lead implementation efforts.

Ensured alignment between the information security program and other assurance functions (physical, HR, quality, IT). Formulated a process to incorporate information security controls into contracts (joint ventures, outsourced providers, business partners, customers, third parties). Integrated information security requirements into the organization's processes (change control, mergers and acquisitions) and life cycle activities and employment.

Researched new threats and participated actively in security communities to keep up with emerging security threats/vulnerabilities and threat of the day. Provided guidelines, mitigation techniques, and workaround for emerging threats and Zero-Day threat. Proactive Secure log management and security event management with TriGeo SIEM.

May 2007 – Sept. 2007 Cubic Transportation Systems Limited

Information Security Analyst - Contract

Co-developed enterprise security policies, standards and procedures; implemented a risk-based approach to identifying, monitoring, measuring and reporting various types of information security risks. Identified and prioritized security risks and recommended mitigating controls. Identified and managed information security risks to achieve business objectives and ensure compliance with ISO 17799 risk management framework.

Designed and implemented a security event mgmt program (SEIM) including IT/IS incidents to gather, store, correlate, analyze and respond to security data from logs and incident reports. Developed secure enterprise wireless network architecture, reviewed and identified potential threat and network vulnerability.

Deployed secure 802.11 wireless network with Cisco Aironet 1240AG using WPA2 with,EAP PEAP-MS-CHAP v2 and Microsoft Certificate Services (PKI), remote access policy, group policy, Cisco ACS(RADIUS/TACACS) administration for routers and switches, firewall and administered Windows certificate based validation services.

Secured Cisco IOS 3500 switches and 3600 routers, reviewed firewall policies/rules, mitigated threats and attacks with ACL, hardened MS Windows servers using GPO, secured Windows XP, WINCE, WIN POCKET PC client with Desktop Firewall, Antivirus, Host Intrusion Prevention systems and secure browser settings.

Managed a Windows server 2003 environment; installed, configured and administered Active Directory, OU, domains, Trees, Forest, Group Policies and Sites, site links and site replication.

Responsible for network documentation and the conduction of security awareness training for end users.

Feb. 2004 – Jan. 2007 Dimension Data Holding PLC

Information Security Team Lead

Accountable for daily operations of information security. Lead a team of over ten people to identify and manage information security risks to achieve business objectives, aligned IT security strategic plan with business objective. Responsible for resource allocation, deployment, logistics, recruiting, team building, process design, methodology, mentoring and development of IT security team.

Designed and deployed a Corporate Information Security Risk Management program. Conducted technical security risk assessments on enterprise network and provided recommendations for compliance (PCI-DSS, SOX and HIPPA). Deployed security management framework and lead SOX, GLB, COBIT, HIPAA compliance efforts.

Drafted and monitored SLA with client/supply partners. Reported violations and ensured proper service delivery using Cisco life cycle and ITIL approach. Worked with diverse customer base to define and consolidate functional needs and performed requirement analysis/systems development and functional requirements documentation. Security products recommendation/rating. Integrated and positioned multi-vendor products to produce network solution to meet clients’ requirements. Responded to bid documents, RFI, RFQ.

Designed and authored Security plan in accordance with NIST SP 800- 37, 53, 53A, 30. Authored, managed, and conducted penetration testing and evaluation procedures/plan in accordance with NIST 800-115 and OSSTM. Analyzed and identified vulnerabilities and compliance failures and provided recommended mitigation measures.

Periodically scan the network for unwanted open ports, open network shares and hosts with the latest virus pattern signatures. Conducted information security risk assessment, vulnerability testing and recommended security standards for perimeter architecture and configuration, servers and endpoints host running Windows Server 2003/2000, Windows XP/2000, UNIX and Linux OS.

performed monitoring/auditing activities (e.g. monitoring access logs and assigned privilege levels) and respond to security events as appropriate

Perform regular scans and security assessments of the infrastructure, notify/escalate with IT, and document findings in a complete comprehensive report that includes technical and non-technical findings and recommendations and Evaluating security infrastructure logs for anomalous and unknown behavior.

Planning/designing and implementing/configuring self defending network for enterprise and SMB network using Cisco PIX, Cisco ASA firewall, Cisco IDS, FWSM, IDSM-2, Cisco IOS/ACL, CBAC, Multi-tiered DMZs, IOS and OS Hardening. Management of SSL and IPSEC VPN for Remote Access and Site-to-Site, Administering Cisco ACS server.

Supporting, installing, configuring and administering VTP, VLAN, EIGRP, OSPF, CIDR, VLSM,HSRP, BGP-4, Queuing and bandwidth limiting techniques etc) and Mitigating layer 2 and layer 3 attacks. Installing, configuring and troubleshooting Cisco Routers (17xx,26xx,28xx,36xx,72xx) and switches(65xx,35xx,29xx)

Apr. 2002 – Jan. 2004 PPC Systems Integrator (Philips Projects Centre)

Security and Network Systems Architect

Enterprise strategic information security consulting, planning, implementation and support. Network vulnerability and security posture assessment. Information Risk Management and analysis. Responsible for Security Architectural Design, developing Security Policy, Standard Operation Procedures, firewall/IDS management and security architecture for data centers.

Proactively monitored server logs, intrusion detection logs and network traffic for unusual or suspicious activity. Interpreted suspicious activities and made recommendations for resolution. Performed packet capture analysis, attack signature detection and isolation network attack.

IT project risk management and control. Defined project requirement and milestones and project deliverables, and ensured projects are completed timely and within approved budget. Ensured project resource management, quality management, KPI and SLA review. Provided customer feedback reports to management.

Designed and supported wireless (802.11X) network. Designed and supported RAD Data Communication access solution such as Multi Access Platform, TDM over packet-switched network (Ethernet, IP and MPLS), IP Cellular Backhauling, Compressed Voice System (CVS), Ethernet over PDH/SDH, Last Mile Access and data network quality assurance.

Monitored network with MRTG, Cisco Works, and HP OpenView, WhatsUpGold and network monitor/SNMP applications.

Nov 2001 – Mar.2002 Falmur Communications Ltd.

Senior Network Support Engineer

Designed and supported distributed enterprise wireless network with fast secure roaming, RF planning and optimization, structured office cabling /WLAN site survey, planning and supervision.

Designed, installed, configured and troubleshot scalable/modular multi-layer switched campus network. Set up and supported over 15 cyber cafes. Implemented network redundancy and load balancing using Microsoft NLB and server load balancing (SLB).

Responsible for mounting antennas on tower (mast), antenna alignment and azimuth findings. Asset tracking, ensured effective management of IS asset throughout their life cycle in order to improve bottom line and minimize risk exposure.

Feb. 1999 – Sept. 2001 Inforex Online and Comm. Systems

Network Administrator

Expertise in supporting DELL PCs, Optiplex, Dimension, Precision, Latitude, Inspiron PowerEdge enterprise/small-mid size servers for enterprise and datacenters network. Server management, redundant disk management (hardware/software RAID), backup, recovery and restoring critical data on servers/workstations and information management and auditing. PC systems support and preventive/corrective systems maintenance (Antivirus, diagnostic tools).

Contact this candidate