Data security Data loss Prevention

Farooq Ali

917-***-**** (call & txt)

**********@*****.***

Overview

Policy driven full spectrum Data Loss Prevention with a focus on compliance frameworks for industry. Large scale enterprise Data Policy, E-Discovery of value able data, classification of data and full program for remediation and securing Data at rest, in motion and in use. Proficient in DLP projects from Symantec, Websense Triton, Office 365 and GTB Tech (startup) with cloud focus.

Currently the Senior DLP professional leading large client efforts at a premiere Euro American Banking institute.

Government Security Clearance Public Trust Active. Assignments

CME Group NY April 22-present

Lead DLP Engineer

Policy and rules management for the enterprise. Working closely with business units to adjust current polices in the DLP system. Testing and validation of policy logic before and after deployment. Communication of the changes to the SOC as well as stake holders. Proposing tweaks and adjustments to policies and rules with false positives. These activities are part of the business as usual category. Ownership and identification of data clarification levels with close compliance with company policies. Additional operations

Email DLP policy and rules management. Endpoint impact analysis for EDM policies. Finger printing various documents and adjusting the percentage of scan related technical configuration. Impact analysis to improve lines of business activity, identifying bottlenecks in the internal business process for end user. Polices for Intellectual Property data scanning, classification, creating policy and rules, testing the policy logic and rules logic, deploy the change with the CM Teams, confirm and communicate. Work with departments to troubleshoot exclusions. Working for Business owners to streamline the business process for quick resolution of issues and improve scanning signatures with finger printing exact documents and relevant data. Web DLP handling on a daily basis as legacy policy adjustments need constant support for internal and external browser based applications.

Project work:

POC for upcoming and latest DLP vendor in the industry. Comparative analysis of features and product updates in the market.

Organizing demo's and advising management on functional long term decisions from a compliance perspective, which includes awareness of DLP mandates in areas other then USA. POC and base lining selected vendors for on site short term installation and confirming limited scope features. Quarantine, email follow along with deployment planning. Working with Project Management team to create and complete tasks in a proactive manner. Identifying dependencies and having a work around ready in case tasks can't be completed in the allowed time frames.

Prepare team for test use cases, each and every policy plus rule evaluated in an audit manner. Pilot work, alpha phase pilot role out, access and user experience matching. Identifying anamolies in the business process and communicating to the stake holders. Peripheral DLP, creating exclusions and reporting on allowed access... Farooq Ali

917-***-**** (call & txt)

**********@*****.***

supporting them. Comprehensive DLP program improvements. Web, Email, EDM, IDM, custom policy, attributes, alerts, incidents, escalations, signature, investigation, compliance and cloud integration. DLP, CASB, API, Cloud Azure, Cloud Exchange, GCP security awareness. Cloud integration with O365 email flow, xheader confirmation, AD group based policy for RBAC for business units.

Santander Bank USA Ap 21-Dec 22

Senior Solutions Architect/Team Lead

Internal Threat Management/Data Loss Prevention, Various projects ranging from Desktop DLP for MAC Endpoint, McAfee Endpoint. Policy creation & review. Enhance Rule set, audit priority and impact of rules. Mitigate False Positives for various departments, assist and guide security investigations and root cause analysis. Integration of User Behavior Analysis with internet, data loss and generic traffic patterns to establish profiles which help in tweaking of access and incident management objectives. Classification of documents and POC of various new vendors in this aspect. Continuous monitoring and escalation of specific systems vulnerable to end user threats. Assist departmental heads with metrics and return on security investment related non technical subjects. Trusted advisor role and team building is a priority. Enhance existing run books for incident management and role based access controls. Symantec, McAfee, GTTB, Splunk, Windows and Azure Secruity Certifieds AS 500. CGI Federal March 2020-Ap2021

Data Loss Prevention Senior Engineer

Work with 11 US Federal Agencies as a team lead for Data Loss Prevention. Plan, implement various aspects of a multi-agency data loss solution, integrating Classification Titus, Encryption Virtru, Database masking Oracle, DAR Symantec, log analysis Splunk. Create and assist in testing and scenario confirmation based on NIST and other federal objectives. Provide scenario based advice to various players in this domain. Assist in understanding how intrusive or how restrictive a policy, rule and analysis can be for escalation and triage? Support Playbook dry runs and enhance DLP culture all over the enterprise.

Farooq Ali

917-***-**** (call & txt)

******@*****.***

Integration of Titus, G Suite, Gmail, and Virtu is a huge undertaking and requires a lot of planning and testing. Assisting in areas of TAD and objectives keeping in line with mandates. NIH (National Institute of Health)/NeTe Tech Solutions May 2019 to March2020

Data Loss Prevention SME

Program assessment, Cloud DLP preparation for O365, SharePoint, One Drive, Box.com. Enhance DLP footprint by updating policy, rules and scan criteria.

Data at Rest Share Point servers and identify ownership. Create SOP for internal triaging, escalation and remediation strategies. Be a point of reference for internal escalation and interface liaison with various lines of business on technical and non-technical escalations. Security engineering, vulnerability management. Cloud security awareness and testing. Periodic testing of existing security frame work. Incident management, Incident response for DLP. Vulnerability Management and DLP collaboration

Reporting of Sensitive data hosted on corporate servers missing important patches helped prioritize and focus remediation & vulnerability targets set by corporate mandates. DLP systems generate a lot of meaningful data seldom taken in to consideration for big picture security efforts. Added Data at Rest Scans summary reports to Qualys scans run by Vulnerability teams to get rapid attention and high priority patching for systems. Cloud storage for internal users

Created policy and rules for monitoring, data uploaded to SharePoint, Box.com, One Drive.com and similar platform provide a basic layer of DLP not enough to be comprehensive enough and missing key factors like blocking of access in real time. Applied enhanced keywords, adopted false positive mitigation strategies and enhanced ownership by creating internal escalation process.

Bank of New York Mellon Inc June 15 2015 to May 2019 Vice President Cyber Security Program Management: Tech lead 2015—2016 projects:

Create DLP objectives to optimize and map corporate security requirements to fit standards created by Corporate security metrics. Gathering exiting standards and analyzing areas of improvement. Create DLP Policy and Rules Management office infrastructure, identify resources and help set strategy For DLP lifecycle. Improve existing Policy and rule base. Test DLP policy and help Lines of Business with their events and incidents. Introduce DLP Analytics program. Design, build and operationalize solution for Business to use DLP data to improve their own security.

2016—2017 Projects:

Create process and process for Blocking Email exfiltration for all regions covered by Data protection policy. Communication of standards and protocols for escalation, remediation, for EMEA and APAC regions. Streamlining procedures for incident management for corporate clients inside to the enterprise. Utilize DLP data analytics to showcase heat maps helping lines of business prioritize deployment of agents and rules to areas of traffic deemed critical from the reports. Present reports and collect feedback on existing procedures. Create full testing and deployment process for DLP incidents in collaboration with SOC and NOC. 2017—2018 projects:

Manage security breach emergency with different investigative units. Identify and approve policies and rules for DLP to enhance detection of unknown file types, GDPR Farooq Ali

917-***-**** (call & txt)

******@*****.***

initiatives. Policy review and rules sanitation. Create new playbooks for areas of escalation and remediation. Integrate blocking for out bound data traffic based on rules. Complete documentation for transfer of knowledge to Incident management teams.

Explore and evaluate, User Based Behavior Analytics with Splunk. Enhance DLP footprint by installing various modules of DLP, Web prevent, and FTP DAR scanning. Whitelisting and mitigating false positives from enhanced reports. Create Incident Triage process flows. Instruct IR teams on escalation of incidents. Assist SOC to send alerts based on lines of business identified priority for investigation. Create reports based on monthly and periodic alerts for management unit’s attention. Suggest Incident False Positive mitigation tips to Rules and Policy teams to test and properly introduce polices, avoid adding polices to the Network Monitor out of the box. Find Security officers responsible for incidents and establish communications with them to transfer ownership of data security best practices established by the enterprise. Identify Broken Business process and suggest workarounds. Symantec Inc Sept 2012 to 2015

Principal Data Loss Prevention Business Critical Engineer, Projects Include: New York Housing Authority & IMS Health-care

Customer Facing Engineering/PM for a 150K+ user environment Responsibilities include creating a practical approach to Data Loss prevention for the enterprise. Consultative meetings to gather requirements and design a deployment strategy, presentations with slide shows to upper management on the expectations of technology, provide realistic scenarios to different business units about their data loss prevention to gain support and ease any fears of technology adoption.

Configure application with translating requirements with Server Teams, Network Engineering, Firewall administrators and Desktop deployment teams. Interface and lead with achievable steps. Prepare documentation for management and administrators, including remediation, escalation, and change management for different levels of integration teams. Translate technology concepts and capabilities with proper understanding according to the level of end user experience. Employ Business process Management swim lane concepts to identify and label proper stake holders in the process of technology adoption in the enterprise. Integrate work-flow concepts with current technology for a proactive approach to quick reaction scenarios for technology which needs to deal with IDS or Zero Day Anti-virus issues. Create signatures based on cryptographic hash’s to minimize security risks based on reports from various monitoring systems, Internet Monitoring software like Websense, Bluecoat and AV systems for highest offenders and tweak policy on individual levels Recommend and guide different requests with fresh technology along with identify broken business process to have a seamless integration.

Symantec Data Loss Prevention Vontu 11.6.3, Multi-tier deployment with Oracle 11g database, Agent install with SSCM Package integrated with Altiris desktop management, WebEx based remote support and daily presentations.

Integration: DLP integration with SMTP prevent with Brightmail Gateways. DLP integration with DAR scans to retrieve info from Data Insight. DLP integration with EndPoint Agents for multiple remote sites and policy control. DLP incident reporting for business units for investigation remediation. Board of Education New York City Brooklyn NY June 2011 – Aug 2012 Sr. Security Manager (Consultant)

Qualys Vulnerability management

Managed Qualys upgrade and implementation. Created remediation and patch management architecture. Deployed rapid response to vulnerability incidents. One million plus user environment with legacy network infrastructure. Responsible for identifying and working with the patch team to make sure the city wide educational network and assets were properly managed in regards to Vuln Management.

Remediation was not limited to patch’s only, was constantly working with in close cooperation with the AV team and Web monitoring team to mitigate AV and proxy bypassing activity. Creating custom hash and virus signatures based on creative students efforts to create outbreaks on a weekly basis.

Reporting on repeat offenders and using liaison officers and administrative staff including Principals of schools to address security violations.

In this role, acted as adviser to application security and data loss prevention teams on design and traffic sanitization for review.

Helped DOE/DoITT deliver agency metrics for security management and participated in reviews for email encryption for the Inspector General’s office. Email encryption and TLS 1 configuration for different agencies. Was also involved in finding a work around for Dropbox and federated services for shared folders.

Educational Testing Services NJ Jan 2011 to June 2011 Senior Security Eng. (Consultant)

Project management

Level interfacing with internal and external entities, assessment of current and new projects. Assist in completion and evaluation of different requirements. Installed and implemented Data Loss Prevention Vontu for file share and Database scanning. Create remediation policy, install discover servers for Vontu, identify sensitive data based on market policies, create scans and work with teams to protect classified data based on internal policies. Completed and project managed Array Networks SSL VPN solution. Sixty thousand user environment. Manage SEPM cluster. 8 thousand user base, SEP 11 AV suite, application control and peripheral utility, USB etc. control via SEPM. Virus outbreak control and prevention. Upgraded from Norton AV 10 to SEP 11. SEP Cluster, load balanced servers to divide the AV clients based on geographical distribution, configure automatic signature files to be pushed out, certified updates, create policy for laptop users scan times, configure policy for partial and full time scans on user and server ends. Create exclusion lists for some servers. Create policy for data loss prevention by controlling USB ports on some departments systems. Do discovery scans on sub-nets to make sure all systems shown in the scan have clients deployed. Worked with desktop support to run Cleanup utility to purge the windows registry of all traces of existing Norton files, SEP 11 is best when installed fresh and not upgraded. Trained staff to run the Cleanup utility and complete client registrations, create silent and interactive packages for deployment, trained Altiris admins to use SEP11 packages to be deployed to systems which might be missed deployment due to being offline. Create Alerts for help desk or AV management techs daily to receive list of hyper active systems which can be cleaned by taking offline. Some virus clean up requires to be in the safe boot mode. Alerts also help in proactive analysis of the client database, create alerts to indicate if the latest signatures are being pushed out, sometimes Symantec SOC has failed to push certified signatures out and caused infections to spread. Teach local admins how to correlate logs from SEPM with internet filtering software like Websense/bluecoat to identify policy violation on the behalf of the users, re- mediate user behavior by tweaking the IPS and spy ware sensitivity. Repeat offenders to be escalated for further scanning and remediation strategy. Resolving conflicts between backup and scanning timings and adjusting windows error reporting authority to ignore false positives, Symantec services report extra information to Error database on windows systems. All ticketing via Altiris SMS, troubleshooted Altiris backup client issues with backup servers. Fix timeout and assist backup placement of servers according to the network bandwidth and resource utilization. SSL VPN configuration, included end point compliance policy, mapping user access to internal resources, radius integration, working with Cisco Pix and Cisco ASA teams to integrate user access. Requests and policy tweaks for access rules, rules aggregation and rule base simplification. Working with Juniper roll out, all new firewalls are based on the Juniper SRX platform. Recreating access domain with newer understanding of the network topology. Worked with network architects to confirm project plans and project integration metrics. Managed PGP Desktop solution for over 1500 end users. User access management and co relational investigations on Arc Sight security suite. Vontu DLP 11.0 on Oracle 11g, both on Linux Red hat v5. Wireless Network: Testing wireless networking, with z Scalar proxy for web monitoring. Found stone Vulnerability scanning and remediation of servers for different levels of priority issues. Translating scan results for focused remediation.

County of Westchester, NY Jun 2006-Jan 2011

Information Security Officer

Full spectrum Security Management

Develop and design policy for intra departmental security specific procedures. Implement self-designed policy like data loss prevention policy on the physical level by limiting access to USB drives. Configured access control servers to implement this policy. Performed a comprehensive, vendor assisted quantitative risk assessment to get a complete picture of security domain and planned short and long term objects based on this survey. Responsible for implementation of security framework with best practices from industry standards like COSO, COBIT, MoF.

Assist departments with understanding security risks and implement solutions. Identifying short term and long term goals for departments to become highly secure in their operations. Created a security command center with technical staff. Manage a small team of security engineers. Incorporated monitoring alerts from various network management systems, classification and escalation of alerts with respective teams and mitigating threats on the physical level. Assist Network Team in applying security to new sites and configure firewall (checkpoint NGX) rules for access to internal resources.

Configure rules and push policy on Checkpoint Firewall for new business requests, troubleshoot routing to and from the destination to host. Use sniffers to capture packets to identify ports missed by access requests

Incident handling and take measures to minimize risk and maximize protection. Request rapid release of AV signatures, and install them to counter virus outbreaks. Support SSL Virtual Private Network systems. Install, configure and manage client less VPN solutions. Intrusion detection and intrusion prevention systems management. Analyze alerts and block suspicious hosts and correlate with web monitoring (Websense) logs to see outbound traffic to suspicious hosts and block them on the firewall. (Symantec)

Perform vendor assisted external security sweeps to identify services and open points, identify such security issues and close them with the help of network or server team. Move internal services to DMZ or create reverse proxy access for internal resources. Guide and assist server and desktop teams to build secure builds from scratch, build secure images for enterprise wide roll outs. Publish two secure builds to the desktop teams a year after vulnerability testing with Qualys scanners with service account authorization. Web Monitoring of 5000 users, create top 10 reports for access to malicious content on the net and correlating Anti-Virus logs with user activity to create balance between the end users business needs and infection rate of the systems, create tickets for desktop with specific recommendations. Acted on various advisories from vendors and security alerts. Escalate high priority updates to software and hardware teams for implementation, assist in roll outs. Gave demonstration to management on the benefit of adopting certain technological trends, like virtualization and storage area networking.

Configuring and deploying virtual desktops (citrix zendesktop4) for a department which could not compromise their admin rights. This helped us save our sub-nets from aggressive infections. Root cause analysis. Post incidental analysis and remediation procedures. Server side scanning and desktop assisted remediation by quarantining a system for cleanup. Proactive analysis, internal audits to find security risks to the system, ensuring follow up and identifying responsibility. Performed periodic scanning of the server farm and external low level penetration testing for open services on the routers and web facing servers. Implemented application level firewall on web facing servers to protect from SQL injection and other redirection exploits. Implemented a lab for testing patch updates in virtual environment on VMware platform, worked with server team to clone physical servers and recreate them in virtual environment to apply patches and observe effects of updates mostly for database and development teams, this is a very powerful way to update infrastructure as it enables us to deal with issues on OS as well as application level. Performed 353 such updates including windows 2000 servers which are no longer supported by MS.

Installed and configured DLP system, created key word and numeric rules for early detection, co relate this with outbound email systems. Release files after confirmation. Document all work and timely closure of all trouble tickets, create Quick Reference protocols for NOC and support staff.

Citigroup, Citigroup Threat Assessment Center, NY, NY Jun 2005-Jun 2006 Senior Security Analyst-Consultant

Design and Develop Policy and Procedures for identification of vulnerabilities and probable threats to Citigroup Information Infrastructure.

Develop and create Policy based practical procedures for remediation of threats and possible/probable vulnerabilities for current and future exposure of internal resources. Developing detailed and granular service management procedures for improving department wide functionality

Critical analysis of process flow for seamless integration of troubleshooting issues. Risk management and mitigation by planning and continuity of business testing. Expert in developing Continuity of Business planning and testing including Network side circuits. Lifecycle design and implementation for connectivity and availability of network resources. NOC operations: Proactive Monitoring:

HPOPENVEIW & NETCOOL: Device monitoring, SNMP based, proactive monitoring of 600 plus firewalls, VPN devices.

Firewall Rule base testing: Responding to business units test request to identify and develop rule bases for access and after implementation of rule base through maintenance windows, helping the business unit to connect end to end. Checkpoint and CyberGuard platform. AT&T Managed Internet Services, Piscataway, NJ Mar 2004-Jun 2005 Network Engineer - Contract

Responsible for complete network Security, Firewalls, VPN concentrators, Routers and Dial up servers. Network Security including Firewall evaluation, recommendation, testing, Configuration, deployment, managing.

VPN, site-to-site VPN, mostly Cisco concentrators. Complete project cycle. IOS based firewalls, ACL’s and IDS configuration and deployment. Firewall Log database collection and preservation for analysis. Using different applications to gather and analyze Firewall logs for known patterns of malicious behavior. Using IDS signature databases to locate and identify non-professional utilization of network resources. Making sure Server team updates DAT files and run scans on their sub-nets for updates IDS and virus signatures.

Email servers and their databases scanned in real time. Reporting all and necessary incidents to Tier 3 network NOC. Adherence to procedures for Policy compliance.

Assist in procedure development and enhancement to reduce latency in incident handling. Broadcasting finds and regularly updated info regarding Virus and Worm storms. Pro-actively monitor, respond and escalate intrusion detection alerts. Implement change and change control. Maintenance windows reportage. Respond to critical security alerts raised by internal and external security infrastructure, monitoring tools, devices and products such as IDS, Firewall, and Anti-Virus management platforms. Troubleshooting Circuits. T1, DS0, T3, OC3, OC12. Cisco Access Routers, Cisco Gigabit Access Routers, Circuit Provisioning and Lifecycle completion, Trouble shooting DNS and Routing issues for corporate Clients. Troubleshooting firewall access and routing. Troubleshooting DNS resolution issues. Corporate Client Management and proactive monitoring through Open View. Internal process planning and incident handling. Technical Team lead for escalation and resolution. Reason for outage forensic evaluation of problems. Complete understanding of how the ISP works and how to get the procedure in place for maintenance. Maintenance windows completion. ATT has global clienteles and gave me a very comprehensive experience. IBM, Long Island, NY Dec 2003- Mar 2004

Implantation Engineer/Network Troubleshooting -Contract Implementation Engineer:

Complete project cycle including but not limited to: Meeting and assessing business units’ needs. Internal and External clients. Preliminary logical design drafting and physical layout. Hardware and software PO through Vendor specific protocol. Ex. Cisco equipment ordered threw Cisco VAR or Cisco website tools.

Configuration (TCP/IP, RIP, OSPF, CISCO 7500 720X, CISCO 6500/5500/4500, PIX, NETSCREEN) and preparing site and equipment for installation.

Testing and confirming all points of failure.

Troubleshoot issues based on Design and Configuration along with new requests. For Example in Firewall configurations, modify rules to add latest requests for access. Documentation of all procedures and standards.

Visio documentation and word templates for Audit and later reference. Worked with sniffer based technologies. Sniffer pro and Fluke being used to isolate and analyze traffic issues.

Worked with Fiber Optic switches used both LC and SC type connectors. Westdeutsche Landesbank, NY, NY Feb 2001-Sept 2002 Regional Security Officer NA/SA

Cisco Routers, 7500, 3600, VXRs, Catalyst Switches, 4500, 5500, 6500, EIGRP, Configure 3600 routers for new sites, connect, update and monitor. Static routes, clean IP route tables, enable monitoring using SNMP with openveiw.

MRTG some ports and interfaces for bench marking performance. Monitor performance on Route Modules on 6500 and 5500 Catalyst switches. Incorporating 6500 switches into the core backbone distribution along with its modules for NAM for bandwidth utilization. Senior Firewall Engineer

Responsible for Design, Implementation and Enforcement of security policy, region wide. Provided advice, guidance and assistance to systems users and clients as needed, design, and deploy firewalls.

Hands On configuration of Firewalls Cisco Pix 525, 510. Net Screen, Checkpoint FW1.Configure and design Site-to-Site VPN. Encryption/VPN, Network Routing (RIPv1, RIPv2, OSPF, BGP) TDWaterhouse Inc NY,NY Feb 1997-Feb 2001

DataCom Network Engineer

Education

Built the data center in Jersey City and Chicago for TDWaterhouse. Supported CIBC tech staff with merger from Waterhouse brokerage to TDWaterhouse. Installed and configured Chicago Data Center for TDWaterhouse for merger with Ameritrade. Further details can be furnished upon request.

110 credits towards a BS Information Management degree; City University New York Certification

Certified Internet Webmaster (foundations), ITIL (foundation), Certified Wireless Network Administration, Certified Ethical Hacker/Forensics certified, Microsoft Intelligent Application Gateway, Symantec End Point Protection administrator. WebSense Data Security DLP Triton, Office 365 DLP.

Contact this candidate