“Diligence and hardworking is the key to success”
Date of Birth: November 4, 1978 Height: 5’8
Place of Birth: Manila Weight: 165 lbs.
Certified Information System Security Officer – Mile2 Cybersecurity Certification # 645900 Exam Taken: March 4, 2017
1997 – 2001 SYSTEM TECHNOLOGY INSTITUTE (STI) – COLLEGE RECTO Bachelor of Science and Computer Science
1991 – 1995 ISMAEL MATHAY HIGH SCHOOL
(Formerly GSIS VILLAGE HIGH SCHOOL)
Project 8, Quezon City
1986 – 1991 PLACIDO DEL MUNDO ELEMENTARY SCHOOL
Talipapa, Novaliches, Quezon City
July 16, 2018 – November 16, 2018 Teletech Holdings, Inc. Senior Information Security Engineer
IT Infrastructure & Engineering: (1 month)
• Conducting security risk assessment and vulnerability assessment on all IT infrastructure of TTEC.
• Review the setup and configuration of the IT infrastructures in terms of security controls and procedure.
• Communicating with the stakeholders and business owners regarding the result of the vulnerability assessment and provide the solution.
Compliance & Governance: (3 months)
• Comprehend and enforce applicable laws, regulation, and compliance relating to IT Security and Privacy, liaising closely with Legal.
• Evaluate security needs and recommend cost effective mitigating controls.
• Work directly with IT staff to implement processes and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure.
• Ensure data privacy for our clients’ customer data and our own intellectual property and other confidential data.
• Liaise with IT and compliance staff to ensure audit preparedness
• Oversee and assist in the configuration and administration functions for specific security tools.
• Assist Risk Management with fraud detection, documentation, and prevention.
• Oversee a training program for personnel with significant responsibilities to keep them current with the emerging threat landscape that is present within the corporate environment
• Develop, maintain and oversee information security policies, procedures and control techniques to address all applicable security and compliance requirements
• Collaborate with and advise a security operations program that through automated and continuous monitoring that can detect, contain, and mitigate incidents that could compromise sensitive data, or impair information systems
• Engage in the mentoring of security operations engineers and operational staff on security concepts and techniques
July 31, 2017 – July 11, 2018 AIG Shared Services Philippines, Inc. Security and Compliance Sr. Tech. Analyst
IT Security Analyst (5)
• Provide security assessments on the following; 3rd Party Vendor Security Assessment (EAS/SAQ) Software Security Assessment (SSA) Application Scanning Request (APPSCAN) Exception Request (EX-REQ) and Secure Code Reviews from the Developer.
• Perform and Review IT Security Risk assessments.
• Perform audits of IT systems and/or related operational process controls including analysis and reporting.
• Implements processes and methods for auditing and addressing non-compliance to technology and security standards.
• Assess the current operation and security controls, including policies, procedures, and organization and make recommendations for improvement.
• Manage the team and the team deliverables. Ensure to meet the business partners service level of agreement, help address the issues and escalations.
• Ensure timely generation and submission of reports (daily, weekly, monthly and quarterly)
• Generate report and communicate the findings and recommendations to stakeholders.
• Recommend security policy changes and enhancements based on lessons learned, observations and key documents obtained as part of the assessments to Senior IT Security Risk Analyst.
• Coordinate with Stakeholders and 3rd party Vendors Requirements
• Coordinate with the assessor/auditee teams for resolution per findings
• Deliver assessments with highest quality and following key risk appetites from different internal business units and across multiple geographical areas with different regulatory requirements.
• Deliver assessments on time and on budget, without compromising the quality of the assessments
• Escalation of potential project risks/challenges to Information Security Lead FINANCIAL Shearwater Health, Inc.
August 01, 2016 – August 01, 2017 Formerly HCCA Health Connection (Philippines) Information Security Engineer – II
• Detect, assess, investigate and resolve security incidents.
• Administer Security tools and technologies.
• Evaluate, recommended and deploy security tools and technologies.
• Collect and analyze system / application security logs.
• Responds to the security incident; perform forensic activities and root cause analysis.
• Ensuring implementation and compliance to the company's information security policies, associated regulations and standards.
• Work with IT Operations team to reduce risk to information asset by implementing controls e.g. encryption, network segmentation, access controls, and patch and vulnerability management.
• Proactively manage and mitigate threats to information security and vulnerabilities of information system, to prevent loss of confidentiality, integrity and availability of information asset.
• Contribute to the development and delivery of training and awareness on information security and data protection.
• Investigation and respond appropriately to the third-party vulnerability.
• Monitor industry trends and threat landscape and recommended. June 22, 2015 – April 15, 2016 Accenture, Incorporated Level -9 Team Lead (Security and Risk) – Infrastructure Security
List of the Client Projects
Security Team Lead – Compliance and Business Continuity – Client Data Protection CIO – Global Information Security
Roll-in: November 4, 2015 – April 15, 2016
• Creates and/or provides inputs to yearly assessment plan
• Monitors and ensures completion of assessments as specified in the plan
• Conducts internal assessments on information security and other related standards/frameworks
• Prepares assessment reports and reviews others’ assessment reports for completeness, accuracy and compliance of Information Systems (IS) Auditing Guidelines
• Reviews the adequacy of action plans
• Handles complex and non-standard (ad hoc) assessments and other security-related services
• Provides inputs in the resolution of assessment issues/concerns
• Leads the assessment analysis on common security gaps and root causes
• Recommends solutions in security-related issues based on the result of assessment analysis
• Provides regular updates to the Assessment Lead on status of the assessment and escalate issues for proper disposition and action
• Provides guidance to junior assessor to ensure that there is appropriate understanding of the standards and/or framework that is being followed in the delivery center
• Provides support to junior assessors on the analysis of findings/security gaps and action plans
• Provides support in building the skills of assessors
• Identifies areas for improvement on the processes and tools used by the team
• Supports the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable
NECDL – RUN – Infrastructure Services
Infrastructure Lead – Managed Security Operation
July 3, 2015 – October 30, 2015
- Managing client's Cloud infrastructure through Monitoring, Incident Management, Change Management,
- Generate reports for Weekly Security Status, Infrastructure Healtcheck
- Monitor and Investigate the Security Alerts and escalate to the 3rd Party Solution
- Patching deployment for security related issues.
- Review and generate reports for monthly vulnerability scanning by the 3rd party and plan the appropriate action regards to patching, hardening or any Security Related issue.
- Review the Adding and Deleting LDAP account integrated in the following applications: Jboss, Red HAT Servers, Open CMS, Quartz Mgr., Splunk, etc. SPECIAL SKILLS:
- Platform used RED HAT LINUX, OpenLDAP 2.3.43, JXplorer, AIDE Audit implementation
- Knowledgeable in Monitoring: Splunk
- Change Management and Patch Management
March 10, 2014 – March 31, 2015 Emerio Philippines Incorporated
(Hewlett – Packard Philippines, Inc.)
Senior Information Security Analyst
• Ensure knowledge and implementation of security policies and standards
• Ensure awareness of Security fundamentals for all employees in the Delivery Center.
• Conduct Security Risk Assessment using vulnerability assessment tools and penetration testing
• Handle policy deviations through standard risk assessment/Exception to Policy process.
• Facilitate security audits and review, track mitigation within the organization until Resolution, Analyze vulnerability scan reports
• Work delegation and managing Junior Information Security.
• Conduct coaching for Junior Information Security Other Task :
Anti-Virus Support (End Point Threat Management)
• Manage End Point Security environments and deliver services using End point Security tools (McAfee EPO, EPTM, HIPS, BIT9)
• Maintain and manage changes in running environments
• Prevent incidents or, when they occur, work on and resolve complex incidents
• Provide 2nd and/or 3rd line support, including monitoring, reporting, tool administration. This is most often done without direct interaction with the end-users.
• Maintain a clear documentation of processes and procedures. In delivery, follow the agreed processes October 29, 2012 – December 30, 2013 Primover Consultancy, Inc. Globe Telecom, Inc.
IT – Security Analyst (Security Risk Assessment)
• Acts as security consultant for project team to ensure that projects are aligned and in compliance with Companies Information Security policies, standards and procedures (such as ISO 27001, PCI-DSS, etc.).
• Provide data security design input, consulting, review and mitigations.
• Develop a basic understanding of the information to ensure that proper controls are implemented
• Assists project teams handling development or rollout of IT systems in identifying and addressing information security risks prior to implementation and reviewing project documents and Network topology and business process in conformance with secured environment.
• Ensures security requirements are properly communicated, embedded in project delivery and SDLC process and update the Team on latest security news and cybercrime law both local & abroad.
• Monitors vulnerability and software updates from vendors, industry sources and conduct vulnerability/threats research and mitigations.
• Implement the security measure such as Operating System/DB & Application Hardening Procedure (Windows 2003/2008/2012, Linux (Red Had, CentOS, Slackware, SuSe etc.) Oracle, MS SQL, MS Exchange Server 2003/2008/2012)
• Perform vulnerability Scanning using Vulnerability Scanning tool to address and mitigate the risk found. May 28, 2012 – October 25, 2012 Affiliated Computer Services, Inc. – A Xerox Company Information Security Sr. Analyst
• Identifies potential information and network security vulnerabilities.
• Develops and implements solutions to mitigate risks and enhance system security.
• Analyzes and resolves data, application, computer, and network security problems and issues.
• Administers security policies to control access to systems.
• Provide best practice support services for the systems under management responsibility.
• Ensure changes to processes are planned and implemented in a sound low risk manner, without creating end-user issues.
• Provide implementation support on approved projects involving data share structure changes.
• Follow and observed various compliance standards like SOX, HIPPA, ISO27001 are and how they are intertwined with our job function.
Jan 23, 2012 – March 27, 2012 STEFANINI PHILIPPINES, INC Windows Server Specialist
• Monitor Operations, manage incidents, and perform Level 1 Windows Server Administration tasks
• Manage the services on Active Directory top-level domain structure and perform administration on active directory lower-level domain structure
• Administer Web server
• Administer File server
• Administer Print server
• Administer Backup software
• Follow incident or request management process; perform initial classification and prioritization of tickets; then attempt to resolve or fulfill the incident or request, respectively
• Escalate tickets to appropriate resolver groups and progress to closure with users
• Inform Knowledge Analyst where Knowledge is not available for incident resolution or request fulfillment
• Record accurate details of calls (e.g., user, asset, resolution, user satisfaction information)
• Assist Global Service Desk Analysts and Incident Controllers in the management of any issues through to conclusion
• Work with Global Service Desk Incident Controllers in processing major incidents, including ticket ownership, escalation, and follow-through to conclusion
• Ensure proper escalation of all operational and technical calls within Global Service Desk and Level 2 escalation groups
• Perform other related duties as assigned or requested
• Collaborating with the IT Directors, Managers of different dealer for implementing new system integration, and upgrading patches.
August 20, 2010 – July 30, 2011 EUROWINDO LTD. Vietnam IT – Support
• Installation / troubleshoot/ maintaining /re-image PC client/Server.
• Adding user account/ resetting password using Active Directory (Windows Server 2008 R2) and creating group policies for each department/ setup email account using MS Exchange Server 2010.
• We setup VPN for the Executive position
• Supporting employees with other IT concern and educate the policies and procedure.
• Do routing procedure on Router and VLAN connection on switch.
• Regular monitoring for its Server Farm and internet connection per site.
• Weekly backup for its server role by remote/ onsite. June 16, 2008 – February 22, 2010 APAC Customer Services, Inc. (CUBAO) IT – Helpdesk Analyst
• First contact point for any IT related concerned to all APAC employees and Agents globally via phone, email or onsite.
• to meet the SLA target for its IT concerned by the Employees and clients
• Carefully observed HIPAA procedures for our HealthCare Client
• Supporting the remote connection through at-home agents and VPN connection
• Monitoring the Status and the condition of Servers/ Network Devices using ORION, NAGIOS web tools and troubleshoot the possible problems with the Help of Network / Server administrators.
• Giving permission or restrict accessing any resources on the file server (Shared folders/SAN storage).
• Configuring emails on the Exchange Servers on the PC or Blackberry phones
• Create Account, Resetting and unlocking password using Active Directory (Windows 2003/ 2008), Citrix XenApps
• Other responsibilities (onsite – job):
o Assisting Desktop Support level 2 to install application (like Citrix, CRM, PBS, and other Client Application), and PC re-imaging, deployment and patch update by remote or site. o Assisting Telecom regarding configuring extension number on the VOIP (Avaya Phones), and set-up Conferencing Bridge using Avaya Workstation/ PABX. o Assisting the Network Admin configuring network connection and routing procedure, VLAN configuration based on the requirement by the ISP and other Client. o Assisting the Systems Administration by deployment of new servers, backup & restore files using TSM application and clustering.
November 19, 2007 – January 10, 2008 MSI – ECS
Product Support Engineer
AutoCAD, Trend Micro anti – virus and Apple Mac/ Trend Micro/IBM – HP Servers
• Conduct pre-sale presentation on IT products (SMB and Enterprises Product) /Servers / and computers
• Do client calls (onsite support) for installation and configuration (updating patch on all servers)
• Answered inquiries about the client need for their setup. January 8 – October 15, 2007 ACQUIRE ASIA PACIFIC
ADSL – Technical Support
February 22, 2005 – January 8, 2007 LINK2SUPPORT, INC.
(LINKSYS – A Division of Cisco Systems, Inc.)
(Technical Support Representative)
March 2002 – Jun 2003 DBP SERVICE CORPORATION
(Deployed in PAG-IBIG FUND – CUBAO BRANCH)
MCD – SERVICING /EDP REPRESENTATIVE (DATA ANALYST – database) Sept. 29, 2010 – March 10, 2011 Microsoft Power Package training (Windows Server 2008/MS Exchange 2010/MS SQL Server 2008)
NIIT - Vietnam
Sept. 26 - December 15, 2009 CISCO Training Exploration 4 Mapua Institute of Technology - IT
July 18 – September 5, 2009 CISCO Training Exploration 3 Mapua Institute of Technology - IT
April 25 – July 25, 2009 CISCO Training Exploration 2 Mapua Institute of Technology - IT
January 8 – March 5, 2007 CISCO Training v3.1 (CISCO – 1) Mapua Institute of Technology – IT
January 2002 Web site of E-marketing Corporation
STI – College Recto
System Analysis and Design
• Knowledgeable in Implementing DNS, DHCP, Domain Controller (Active Directory), File Server,VPN (remote Connection), Back up and restoration on Windows Server 2003/2008/2012.
• Knowledgeable in MS Windows 95/98/2000, XP Professional, Windows Vista, Lotus Notes 6.0, MAC OS X tiger, Linux Platform, and SAP Application
• Knowledgeable in ISO 27001:2013 Information Security Management System, ISO 22301:2012 Business Continuity Management.
• Knowledgeable in 3rd party backup software (IBM TIVOLI)
• Knowledgeable in SPLUNK Monitoring/ SIEM.
• Proficiency in Anti-Virus/UTM/ Web Filtering/ IPS/IDS and Firewall
• With Background of ITIL V.3 Foundation
• Excellent in Customer Services and handling cross-cultural.
• Excellent communication skills in English, Vietnamese and Khmer (verbal and written)
• Honest and team player
• Knowledgeable in Vulnerability Scanning and Code Validation tool (NMAP, Qualys, IBM AppScan, Veracode and Nessus)
• Knowledgeable in Secure Coding Review with different language C++/C#, Java, HTML5/CSS.
• Knowledgeable in Web /Database Code Review (OWASP)
• Knowledgeable in Penetration Testing (Metasploit, Acunetix)
• Knowledgeable in software/hardware troubleshooting (Server /PC).
• Knowledgeable in Industries Best Practices/ Regulation (PCI – DSS v3.2, HITRUST, SSAE16 etc.).
• Playing and coaching basketball, badminton and other musical instrument like drums, and keyboard.
• Reading books, bible, newspapers, or any other articles.
• Surfing Internet, chat with other people and photography Name Position Company Contact no.
Kester Pechardo Windows Server Admin APAC Customer Services, Inc. 091******** Ferdinand Samaniego Instructor Bitshield Security Consultant, Inc 090******** Paulo Gadia Immediate Supervisor Globe Telecom, Inc. 091******** I hereby certify that the above statement is true and correct to the best of my knowledge and belief.
ALLAN B. TULOD