Security Management

Kenneth Chan, CISSP, CFHI

*** ******* **** 1-973-***-****

Berkeley Heights, NJ 07922 **********@*****.***

Summary: IT Security Architect with experience in assessing enterprise IT security risks, developing solutions to mitigate these risks and ensuring compliance. Strong analytical, problem solving and synthesis skills combined with excellent leadership, mentoring, communication and team building capabilities. Expertise with:

• Risk Assessment and Mitigation • Strategic Planning

• Regulatory Compliance • Requirements and Policies

• Defense in Depth • Team Building

• Vulnerability Management • Mentoring and Motivating

Experience:

Tiffany & Co. Dec 2008 – May 2012

Project Leader – Information Security and Compliance

Project leader of a team that was responsible for Information Security and Compliance:

• Performed IT risk assessment which focused senior management on governance. As a result, senior management started restructuring IT.

• Evaluated IT-GRC (Governance, Risk and Compliance) solutions which led to the adoption of ISO 27002 standards as a framework for IT security controls.

• Developed Corporate and IT policies, including Data Classification, Acceptable Use, Computer Security and High Privilege Account policies. Worked with Internal Audit and presented a proposal of Data Classification to senior management.

• Worked with the PCI QSA for the PCI audit – provided documentation for policies and processes and answered questions on them – ensuring smooth progress of the PCI audit. Areas audited included Vulnerability Management, Anti-Virus and Incident Response.

• Developed network and application vulnerability management (using Qualys and WhiteHat scanning) – developed processes to scan for and remediate vulnerabilities. As a result, thousands of vulnerabilities were identified and remediated, leading to 1Q2012 PCI compliance network vulnerability management.

• Led Computer Incident Response Team (CIRT) for various incidents, including a Conficker worm outbreak. Obtained additional training: “SANS 504 Hacker Techniques, Exploits and Incident Handling.” Developed a new CIRT process. Developed a process to continuously update and test the CIRT process.

• Led team that developed IT Security solutions, including QRadar SIEM, Proofpoint Email encryption, Axway Secure FTP, Websense web filter and McAfee antivirus, which were all introduced into the infrastructure. As of 1Q2012, there were no network vulnerabilities remaining and thus PCI compliant.

• Developed process for managing vulnerabilities in E-Commerce Applications that identifies and remediates vulnerabilities like the OWASP Top 10.

• Developed script, storage and process to back up log data in the QRadar SIEM, resulting in PCI compliance of keeping log data for 1 year.

• Monitored offenses reported in QRadar SIEM daily and investigated potential compromises. Made use of QRadar SIEM log data to diagnose multiple issues ranging from account lockouts to a CIRT investigation.

• Worked with Verizon Managed Security Service to tune IDSs in order to remove old signature and thus improving the performance of the IDS sensors.

• Worked with the Server Team to develop and implement a Microsoft Security Patching process, which is running successfully as of 4Q2011.

• Coordinated day to day operations of Information Security, Identity & Access Management (IAM), Security Event Management and Intrusion Detection.

• Member of the Enterprise Architecture team which met biweekly to review and approve architectures of new products.

Citigroup Jan 2005 – Oct 2008

VP Senior Engineer - Global Security Architecture and Engineering

Certified the security of Citigroup IT Infrastructure. Enforced departmental compliance to Citigroup Policies.

• Certified over 60 core infrastructure technologies, resulting in Citigroup achieving a satisfactory rating from the Office of Currency Control (OCC).

• Conducted departmental risk and compliance self assessment. Ensuring compliance. Created compensatory controls when gaps were discovered, resulting in closing gaps. Obtained fully effective and satisfactory rating each quarter.

• Participated in internal audits of Global Security Architecture and Engineering, resulting in a satisfactory rating for the Standard Build Compliance Process.

AT&T Laboratories

Principal Technical Staff Member - Network Evolution Planning Jan 1998 – Oct 2004

Architected and introduced radically different technologies into the AT&T voice network.

• Led a team of 10 engineers in introducing Nortel’s DMS-250’s OC3 SONET interface and integrated Echo Cancellers into the AT&T Network, resulting in the first implementation of OC3 into the AT&T switching network.

• Implemented Voice over IP in the AT&T Network - the first instantiation of VoIP in the AT&T circuit switching network. Products included Ayava Call Manager, Cisco Call Manager, SONUS and Nortel Succession.

• Defined the office data for the DMS-250 switch and automated its operations, resulting in the introduction of the first DMS-250 switch into the AT&T network.

Senior Technical Staff Member - Network Evolution Planning Aug 1982 – Dec 1997

Created new technologies in the AT&T network and network design tools.

• Directed a team of 50 engineers in introduced a new technology - the Segmentation Directory - into the AT&T network, resulting in off-loading feature processing from the 4ESS switch. Improved call processing capacity by over 200%.

• Re-architected the AT&T Next Network Switch during the divestiture of Lucent.

• Revolutionize the provisioning process in the AT&T network; resulted in automated trunking and routing provisioning; improved process significantly - obtained patent for “Automatic Provisioning.”

• Designed and implemented a new modeling algorithm to design the new Fully Shared AT&T Transport Network.

• Introduced data capabilities for AT&T’s PBX product line, resulting in the first PBX with data capability in the market place

• Defined the AT&T PBX Digital Communications Protocol.

Education:

PhD, Mathematics, The Johns Hopkins University

MBA, The Wharton School, University of Pennsylvania

MSc, Mathematics, Warwick University, England

BA, Mathematics, Cambridge University, England

SANS 504: Hacker Techniques, Exploits and Incident Handling

Certifications:

CISSP Certified Information Systems Security Professional, Dec 2004

CFHI Certified Forensic Hacking Investigator, Aug 2006

ISO 9000 (AT&T), 2000

Patents:

• “Automatic Provisioning of Trunking and Routing Parameters in a Telecommunications Network,” US Patent 5,559,877

• “Virtual Local Area Network,” US Patent 4,823,33

Contact this candidate