“Diligence and hardworking is the key to success”
MyTown Amsterdam – 359 Panay St. Brgy. Pitugo, Makati City
Mobile no. +639********* Email: firstname.lastname@example.org
Nationality: Filipino Civil Status: Single
Date of Birth: November 4, 1978 Height: 5’8
Place of Birth: Manila Weight: 165 lbs.
Certified Information System Security Officer – Mile2 Cybersecurity
Certification # 645900 Exam Taken: March 4, 2017
Information Technology Infrastructure Library 4 Foundation
Certification # GR671056344AT Exam Taken: September 06, 2019
1997 – 2001 SYSTEM TECHNOLOGY INSTITUTE (STI) – COLLEGE RECTO
Bachelor of Science and Computer Science
1991 – 1995 ISMAEL MATHAY HIGH SCHOOL
(Formerly GSIS VILLAGE HIGH SCHOOL)
Project 8, Quezon City
1986 – 1991 PLACIDO DEL MUNDO ELEMENTARY SCHOOL
Talipapa, Novaliches, Quezon City
July 15, 2019 – Present Trends and Technologies, Inc
Review asset discovered and vulnerability assessment data.
Explore ways to identify stealthy threats that may have found their way inside the network/system, without detection, using the latest threat intelligence.
Conduct penetration test on production system to validate resiliency and identify areas of weakness to fix.
Proactively collect, assess and communicate information security related intelligence to reduce the risk exposure and to prepare potential security threats.
Review the Security architecture and provide Threat Modeling for new established system from different client.
Conduct Secure coding and manual review for other clients.
July 16, 2018 – November 16, 2018 Teletech Holdings, Inc.
Senior Information Security Engineer
Comprehend and enforce applicable laws, regulation, and compliance relating to IT Security and Privacy, liaising closely with Legal.
Evaluate security needs and recommend cost effective mitigating controls.
Work directly with IT staff to implement processes and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure.
Ensure data privacy for our clients’ customer data and our own intellectual property and other confidential data.
Liaise with IT and compliance staff to ensure audit preparedness
Oversee and assist in the configuration and administration functions for specific security tools.
Assist Risk Management with fraud detection, documentation, and prevention.
Oversee a training program for personnel with significant responsibilities to keep them current with the emerging threat landscape that is present within the corporate environment
Develop, maintain and oversee information security policies, procedures and control techniques to address all applicable security and compliance requirements
Collaborate with and advise a security operations program that through automated and continuous monitoring that can detect, contain, and mitigate incidents that could compromise sensitive data, or impair information systems
Engage in the mentoring of security operations engineers and operational staff on security concepts and techniques
July 31, 2017 – July 11, 2018 AIG Shared Services Philippines, Inc.
Security and Compliance Sr. Tech. Analyst
IT Security Analyst (5)
Provide security assessments on the following: 3rd Party Vendor Security Assessment (EAS/SAQ) Software Security Assessment (SSA) Application Scanning Request (APPSCAN, Veracode, Burp Suite) Exception Request (EX-REQ).
Perform and Review IT Security Risk assessments.
Perform audits of IT systems and/or related operational process controls including analysis and reporting.
Implements processes and methods for auditing and addressing non-compliance to technology and security standards.
Assess the current operation and security controls, including policies, procedures, and organization and make recommendations for improvement.
Conduct Secure Coding and Input Validation: ASP.NET, Java, XML, HTML5/CSS, C# (Visual Studio)
Manage the team and the team deliverables. Ensure to meet the business partners service level of agreement, help address the issues and escalations.
Ensure timely generation and submission of reports (daily, weekly, monthly and quarterly)
Generate report and communicate the findings and recommendations to stakeholders.
Recommend security policy changes and enhancements based on lessons learned, observations and key documents obtained as part of the assessments to Senior IT Security Risk Analyst.
Coordinate with Stakeholders and 3rd party Vendors Requirements
Conduct DAST/SAST for Cloud and On-premises Infrastructure.
Coordinate with the assesse/auditee teams for resolution per findings
Deliver assessments with highest quality and following key risk appetites from different internal business units and across multiple geographical areas with different regulatory requirements.
Deliver assessments on time and on budget, without compromising the quality of the assessments
Escalation of potential project risks/challenges to Information Security Lead FINANCIAL
Shearwater Health, Inc.
August 01, 2016 – August 01, 2017 Formerly HCCA Health Connection (Philippines)
Information Security Engineer – II
• Detect, assess, investigate and resolve security incidents.
• Administer Security tools and technologies.
• Evaluate, recommended and deploy security tools and technologies.
• Collect and analyze system / application security logs.
• Responds to the security incident; perform forensic activities and root cause analysis.
• Ensuring implementation and compliance to the company's information security policies, associated regulations and standards.
• Work with IT Operations team to reduce risk to information asset by implementing controls e.g. encryption, network segmentation, access controls, and patch and vulnerability management.
• Proactively manage and mitigate threats to information security and vulnerabilities of information system, to prevent loss of confidentiality, integrity and availability of information asset.
• Contribute to the development and delivery of training and awareness on information security and data protection.
• Investigation and respond appropriately to the third-party vulnerability.
• Monitor industry trends and threat landscape and recommended.
June 22, 2015 – April 15, 2016 Accenture, Incorporated
Level -9 Team Lead (Security and Risk) – Infrastructure Security
List of the Client Projects
Security Team Lead – Compliance and Business Continuity – Client Data Protection
CIO – Global Information Security
Roll-in November 4, 2015 – April 15, 2016
Creates and/or provides inputs to yearly assessment plan
Monitors and ensures completion of assessments as specified in the plan
Conducts internal assessments on information security and other related standards/frameworks
Prepares assessment reports and reviews others’ assessment reports for completeness, accuracy and compliance of Information Systems (IS) Auditing Guidelines
Reviews the adequacy of action plans
Handles complex and non-standard (ad hoc) assessments and other security-related services
Provides inputs in the resolution of assessment issues/concerns
Leads the assessment analysis on common security gaps and root causes
Recommends solutions in security-related issues based on the result of assessment analysis
Provides regular updates to the Assessment Lead on status of the assessment and escalate issues for proper disposition and action
Provides guidance to junior assessor to ensure that there is appropriate understanding of the standards and/or framework that is being followed in the delivery center
Provides support to junior assessors on the analysis of findings/security gaps and action plans
Provides support in building the skills of assessors
Identifies areas for improvement on the processes and tools used by the team
Supports the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable
NECDL – RUN – Infrastructure Services
Infrastructure Lead – Managed Security Operation
July 3, 2015 – October 30, 2015
- Managing client's Cloud infrastructure through Monitoring, Incident Management, Change Management,
- Generate reports for Weekly Security Status, Infrastracture Healtcheck
- Monitor and Investigate the Security Alerts and escalate to the 3rd Party Solution
- Patching deployment for security related issues.
- Review and generate reports for monthly vulnerability scanning by the 3rd party and plan the appropriate action regards to patching, hardening or any Security Related issue.
- Review the Adding and Deleting LDAP account integrated in the following applications:
Jboss, RedHAT Servers, OpenCMS, Quartz Mgr, Splunk, etc.
-Platform used RED HAT LINUX, OpenLDAP 2.3.43, JXplorer, AIDE Audit implementation
-Knowledgeable in Monitoring: Splunk
-Change Management and Patch Management
March 10, 2014 – March 31, 2015 Emerio Philippines Incorporated
(Hewlett – Packard Philippines, Inc.)
Senior Information Security Analyst
Ensure knowledge and implementation of security policies and standards
Ensure awareness of Security fundamentals for all employees in the Delivery Center.
Conduct Security Risk Assessment using vulnerability assessment tools and penetration testing
Handle policy deviations through standard risk assessment/Exception to Policy process.
Facilitate security audits and review, track mitigation within the organization until Resolution, Analyze vulnerability scan reports
Work delegation and managing Junior Information Security.
Conduct coaching for Junior Information Security
Other Task :
Anti-Virus Support (End Point Threat Management)
Manage End Point Security environments and deliver services using End point Security tools (McAfee EPO, EPTM, HIPS, BIT9)
Maintain and manage changes in running environments
Prevent incidents or, when they occur, work on and resolve complex incidents
Provide 2nd and/or 3rd line support, including monitoring, reporting, tool administration. This is most often done without direct interaction with the end-users.
Maintain a clear documentation of processes and procedures. In delivery, follow the agreed processes
October 29, 2012 – December 30, 2013 Primover Consultancy, Inc.
Globe Telecom, Inc.
IT – Security Analyst (Security Risk Assessment)
Acts as security consultant for project team to ensure that projects are aligned and in compliance with Companies Information Security policies, standards and procedures (such as ISO 27001, PCI-DSS, etc.).
Provide data security design input, consulting, review and mitigations.
Develop a basic understanding of the information to ensure that proper controls are implemented
Assists project teams handling development or rollout of IT systems in identifying and addressing information security risks prior to implementation and reviewing project documents and Network topology and business process in conformance with secured environment.
Ensures security requirements are properly communicated, embedded in project delivery and SDLC process and update the Team on latest security news and cybercrime law both local & abroad.
Monitors vulnerability and software updates from vendors, industry sources and conduct vulnerability/threats research and mitigations.
Implement the security measure such as Operating System/DB & Application Hardening Procedure (Windows 2003/2008/2012, Linux (Red Had, CEntOS, Slackware, SuSe etc.) Oracle, MS SQL, MS Exchange Server 2003/2008/2012)
Perform vulnerability Scanning using Vulnerability Scanning tool to address and mitigate the risk found.
May 28, 2012 – October 25, 2012 Affiliated Computer Services, Inc. – A Xerox Company
Information Security Sr. Analyst
Identifies potential information and network security vulnerabilities.
Develops and implements solutions to mitigate risks and enhance system security.
Analyzes and resolves data, application, computer, and network security problems and issues.
Administers security policies to control access to systems.
Provide best practice support services for the systems under management responsibility.
Ensure changes to processes are planned and implemented in a sound low risk manner, without creating end-user issues.
Provide implementation support on approved projects involving data share structure changes.
Follow and observed various compliance standards like SOX, HIPPA, ISO27001 are and how they are intertwined with our job function.
Jan 23, 2012 – March 27, 2012 STEFANINI PHILIPPINES, INC
Windows Server Specialist
Monitor Operations, manage incidents, and perform Level 1 Windows Server Administration tasks
Manage the services on Active Directory top-level domain structure and perform administration on active directory lower-level domain structure
Administer Web server
Administer File server
Administer Print server
Administer Backup software
Follow incident or request management process; perform initial classification and prioritization of tickets; then attempt to resolve or fulfill the incident or request, respectively
Escalate tickets to appropriate resolver groups and progress to closure with users
Inform Knowledge Analyst where Knowledge is not available for incident resolution or request fulfillment
Record accurate details of calls (e.g., user, asset, resolution, user satisfaction information)
Assist Global Service Desk Analysts and Incident Controllers in the management of any issues through to conclusion
Work with Global Service Desk Incident Controllers in processing major incidents, including ticket ownership, escalation, and follow-through to conclusion
Ensure proper escalation of all operational and technical calls within Global Service Desk and Level 2 escalation groups
Perform other related duties as assigned or requested
Collaborating with the IT Directors, Managers of different dealer for implementing new system integration, and upgrading patches.
August 20, 2010 – July 30, 2011 EUROWINDO LTD. Vietnam
IT – Support
Installation / troubleshoot/ maintaining /re-image PC client/Server.
Adding user account/ resetting password using Active Directory (Windows Server 2008 R2) and creating group policies for each department/ setup email account using MS Exchange Server 2010.
We setup VPN for the Executive position
Supporting employees with other IT concern and educate the policies and procedure.
Do routing procedure on Router and VLAN connection on switch.
Regular monitoring for its Server Farm and internet connection per site.
Weekly backup for its server role by remote/ onsite.
June 16, 2008 – February 22, 2010 APAC Customer Services, Inc. (CUBAO)
IT – Helpdesk Analyst
First contact point for any IT related concerned to all APAC employees and Agents globally via phone, email or onsite.
to meet the SLA target for its IT concerned by the Employees and clients
Carefully observed HIPAA procedures for our HealthCare Client
Supporting the remote connection through at-home agents and VPN connection
Monitoring the Status and the condition of Servers/ Network Devices using ORION, NAGIOS web tools and troubleshoot the possible problems with the Help of Network / Server administrators.
Giving permission or restrict accessing any resources on the file server (Shared folders/SAN storage).
Configuring emails on the Exchange Servers on the PC or Blackberry phones
Create Account, Resetting and unlocking password using Active Directory (Windows 2003/ 2008), Citrix XenApps
Other responsibilities (onsite – job):
oAssisting Desktop Support level 2 to install application (like Citrix, CRM, PBS, and other Client Application), and PC re-imaging, deployment and patch update by remote or site.
o Assisting Telecom regarding configuring extension number on the VOIP (Avaya Phones), and set-up Conferencing Bridge using Avaya Workstation/ PABX.
oAssisting the Network Admin configuring network connection and routing procedure, VLAN configuration based on the requirement by the ISP and other Client.
oAssisting the Systems Administration by deployment of new servers, backup & restore files using TSM application and clustering.
November 19, 2007 – January 10, 2008 MSI – ECS
Product Support Engineer
AutoCAD, Trend Micro anti – virus and Apple Mac/ Trend
Micro/IBM – HP Servers
Conduct pre-sale presentation on IT products ( SMB and Enterprises Product ) /Servers / and computers
Do client calls(onsite support) for installation and configuration ( updating patch on all servers)
Answered inquiries about the client need for their setup.
January 8 – October 15, 2007 ACQUIRE ASIA PACIFIC
ADSL – Technical Support
February 22, 2005 – January 8, 2007 LINK2SUPPORT, INC.
(LINKSYS – A Division of Cisco Systems, Inc.)
(Technical Support Representative)
March 2002 – Jun 2003 DBP SERVICE CORPORATION
(Deployed in PAG-IBIG FUND – CUBAO BRANCH)
MCD – SERVICING /EDP REPRESENTATIVE (DATA ANALYST – database)
October 21 – 25, 2019 Certified Ethical Hacking v10
August 26 - 29, 2019 Information Technology Infrastructure Library 4 Foundation
February 27 – March 4, 2017 Certified Information Security System Officer – MILE2 Cybersecurity
WorldTech Information Solutions, Inc.
Sept. 29, 2010 – March 10, 2011 Microsoft Power Package training (Windows Server 2008/MS Exchange 2010/MS SQL Server 2008)
NIIT - Vietnam
Sept. 26 - December 15, 2009 CISCO Training Exploration 4
Mapua Institute of Technology - IT
July 18 – September 5, 2009 CISCO Training Exploration 3
Mapua Institute of Technology - IT
April 25 – July 25, 2009 CISCO Training Exploration 2
Mapua Institute of Technology - IT
January 8 – March 5, 2007 CISCO Training v3.1 (CISCO – 1)
Mapua Institute of Technology – IT
January 2002 Web site of E-marketing Corporation
STI – College Recto
System Analysis and Design
Knowledgeable in Implementing DNS, DHCP, Domain Controller (Active Directory), File Server,VPN (remote Connection), Back up and restoration on Windows Server 2012/2016.
Knowledgeable on EMAIL Server (Office 365)
Knowledgeable in ISO 27001:2013 Information Security Management System, ISO 22301:2012 Business Continuity Management, MITRE Framework, and Cybersecurity Killchain.
Knowledgeable VB.NET, XML, HTM5/CSS, Java
Knowledgeable in SPLUNK Monitoring/ SIEM, McAfee ESM.
Proficiency in McAfee ePO, GTI (Global Threat Intelligence), RSA Fraud and Risk Intelligence, and DarkTrace.
Knowledgeable of IT Project Management, IT infrastructure, and Risk Assessment.
Specialized in CyberKillChain, OWASP Top10, MITRE ATTACK, and BSP Circular 982.
Excellent in Customer Services and handling cross-cultural.
Knowledgeable in Security Architecture/Threat Modeling.
Excellent communication skills in English, Vietnamese and Khmer (verbal and written)
Honest and team player
Knowledgeable in Cloud Computing (AWS, and TELSTRA)
Knowledgeable in Vulnerability Scanning tool (NMAP, Qualys, Veracode, AppScan, Nessus)
Knowledgeable in Penetration Testing (Metasploit, Acunetix)
Knowledgeable in Malware Analysis and Reverse Engineering using PEStudio.
Knowledgeable in software/hardware troubleshooting (Server /PC).
Playing and coaching basketball, badminton and other musical instrument like drums, and keyboard.
Reading books, bible, newspapers, or any other articles.
Surfing Internet, chat with other people and photography
Name Position Company Contact no.
Kester Pechardo Windows Server Admin APAC Customer Services, Inc. 091********
Ferdinand Samaniego Instructor Bitshield Security Consultant, Inc 090********
Paulo Gadia Immediate Supervisor Globe Telecom, Inc. 091********
I hereby certify that the above statement is true and correct to the best of my knowledge and belief.
ALLAN B. TULOD