Cyber Security Manager
Resume:
TAHIR A. SOOMRO
PERSONAL
Father’s Name : Ubedullah Soomro
Mobile No : +923*********
E mail : ***********@*****.***
Field of Interest
Malware Analysis/ Security Architecture and Assessments
Objective
Provide focused and result oriented cyber defense programs to maintain stakeholders’ confidence in digital business.
Profile
I am an Information Technology professional with extensive 10 years+ of experience in the field of information
security, risk management and controls development for large financial and non financial institutions. I have worked
extensively on strategic projects like development of cyber defense strategy, cyber threat intelligence, SIEM, DLP,
2FA, ISO 27001 and PCI DSS. My core expertise are in the field of infrastructure security and application security,
where i have worked in the domain of control strengthening through new acquisitions as well as optimization of
existing control environment. In my career I have worked with many blue chip organizations like Sanofi, Standard
Chartered, DHL, PwC and HBL.
Specialties:
incident Response and recovery
•
application security
•
forensic/ malware investigations
•
enterprise level security project’s management
•
security consulting
•
C/C++ and python
•
teaching security practices
•
Education
Year
Qualification Institution Grade/CGPA
Executive MBA (Banking and
2014 IBA, Karachi 3.29
Financial Services)
Master of Computer Science
2005 SZABIST, Karachi 3.1
(MCS)
Bachelors of Computer Science
2003 SZABIST, Karachi 3.27
(BCS)
Certifications
Certification Year Institute Status
ISO 27001 LI 2015 PECB Certified
ITIL V3 Foundation 2010 OGC, UK Certified
ISO 27001 LA 2009 IRCA, UK Certified
Certified Information Systems
2009 (ISC)2, USA Certified
Security Professional (CISSP)
Certified Information Systems
2005 ISACA, USA Certified
Auditor (CISA)
Work Experience
Habib Bank Ltd. JAN 2011 Present
Senior Manager, Infrastructure Security
Worked as acting CISO from May 2012 to October 2012
•
Develop and coordinate broad infosec strategy to detect and contain advance threats
•
Plan, design and implement preventive strategy for internal and external threat vectors
•
Responsible for designing and recommending Application level security controls
•
Responsible for assessing and managing technological risks for 25 international sites.
•
Monitor system changes to ensure compliance with security policy and security baselines
•
Conduct vulnerability assessments at process as well as technology layer of the bank’s infrastructure
•
Baselining configurations and hardening of IT systems in light of CIS benchmarks.
•
Participating in incident and forensic analysis activities at third tier.
•
Major Projects
SIEM ( Security Information and Event Management)
Size of the deployment: 3 log collection sites with an average EPS of 14,000 . Complete
implementation of this project includes 23 Countries.
Role: Project Manager and Technical Lead
DLP (Data Loss Prevention) Solution
Project Size: End point DLP for 3000 nodes, Network DLP for 7000 users with a scope of device
control and folder encryption
Role: Project Manager and Technical Lead
DDoS and WAF (Web Application Firewall) Protection
Project Size: 15 public facing financial services and corporate websites
Role: Project Manager and Technical Lead
Upgrade of Payment Switch
Project Size: Payment switch that handles more than two million transactions everyday and serves
1500 + ATMs all across Pakistan..
Role: PCI DSS advisor and security architect
PCI DSS Compliance
Project Size: More than 300,000 cards and 1500+ ATM machines and around 25 payment processing
applications
Role: Advisor and responsible for infrastructure level controls to ensure PCI compliance
Risk Assessment of core Banking Application
Project Size: Core banking application that serves 23 countries and 1,500 branches with more than
5,000 users
Role: Project manager (Project was outsourced to Ernst and Young)
Risk Assessment of Phone Banking System
Project Size: 100 seats call center to undertake financial and non financial transactions
Role: Application Security Architect and PCI compliance manager
Risk Assessment of Branchless Banking
Project Size: HBLExpress is a complete new setup that is projected to entertain more than 30,000
agents and C2C transactions of Pakistan.
Role: Application Security Architect
Risk Assessment of Local International Sites and information assets
Project Size: Risk assessments in light of the guidelines given by monetary authorities of USA,
Singapore, Hong Kong, Bahrain and Oman
Role: Risk Assessment Lead
Central Depository Company Ltd. SEP 2005 – DEC 2010
Deputy Manager, Risk and Assurance
• Worked on IT Security strategy to align IT systems with business processes and IT strategy
• Performed regular audits of multimillion IT budgets every year
• Strengthened logging and monitoring environment through proper risk assessment and threat
profiling.
• Introduced diversification in IT strategy that gave flexible business growth.
• Conducted comprehensive risk assessment for physical and information security of the company
• Prepared gap analysis for IT governance in the light of COBIT 4.1
• Worked as SOC analyst and conducted post incident analysis
• Undertook regular vulnerability scans through Nessus
• Conducted Web Penetration tests using metasploit and other freeware tools
• Conducted application level Risk Assessments on regular basis
• Worked on various fraud and incident investigations as part of SOC analyst
• Used different data gathering analysis activities with the help of development tools and scripts
Major Projects
Asset Management Software
Project Size: In house developed application that maintains GL and back and front office functions
for customers
Role: Internal Auditor
ISO 27001 Certification
Project Size: company’s depository function was certified for ISO 2001 standard
Role: Advisor and Control Assessor
Implementation of Enterprise Architecture
Project Size: Documented TOGAF based Enterprise Architecture
Role: Associate Architect
Developed and implemented SOC (Security Operations Center)
Project Size: Developed Security operations center that reported monthly 20 25 incident on an
average.
Role: SOC analyst
PwC DEC 2004 – AUG 2005
IT Audit Assistant I
• National Foods Ltd. Pakistan – Provided overall assurance for financial
systems within the company
• DHL (Pvt) Ltd. Pakistan – Worked as part of team to review General IT
Controls.
• InterBank Ltd. – Reviewed Oracle database and Widows server 2000
Operating System.
• Sanofi Aventis Pakistan –Worked as IT Auditor for Annual Accounts
Review – 2004. Conducted General computer controls review and SAP
(ABAP module) applications review.
• United Bank Ltd. Pakistan – Worked with a team of financial auditors to
provide assurance on IT Controls
Standard Chartered Bank JUN 2003 – AUG 2003
Intern
Worked on inward and outward remittances reporting software to central bank of Pakistan
Core Competencies
Name Years of Experience Description
Information Security 4 years+ WritingRFPs, coordinating with vendors and internal teams,
conducting PoCs and handling large scale information
Architecture and Design
security deployment, integration with Active Director,
Exchange, TMG, Firewall and other infrastructure systems.
IPS/IDS.
2 years Identifying and mitigating various cyber security threats
Threat Intelligence
through proactive techniques
Forensic (malware analysis) 3 year Worked on post incident forensic investigations. Experience
withWireshark, volatility, Burp, Webscrab, Mandiant’s
Investigation
Redline, Process Explorer and Hacker. IDA Pro, Anubis,
Cuckoo’s sandboxing, SIEM monitoring and incident
handling techniques
IT Compliance and Audit 6 Year Experience in COBIT 4.0, COSO, ISO 27001, PCI DSS and
other regulatory and industry standards
4 years C/C++, VB/ VBA, Python and Perl
Languages
10 years Expertise in Enterprise wide and entity level risk assessments
Risk Assessments
Publications and Presentations
Cyber crime and their impact on Pakistan’s Financial Industry
Research Report
Contact this candidate