David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
CV_Anil K Dubey V1.1
1. 1
<Anil Kumar Dubey>
Anil Kumar Dubey
ISP (IIT), MS IT, ISO 27K-LA, CEH, CIISA, CIWSA,
ACSA, CCNA, MCSA
Cell : +919871008523
Role – Information Security Architect
Experience Summary
Offering over 18 Years of relevant IT & Information Security Experience in Delivering Optimal Solutions, Results and Business Value in
High-growth Environments across various business sectors & verticals. Possess a clear understanding of the industry, technology trends
with the distinction of instituting new practices to achieve business excellence at the lowest overall cost. Proven skills in managing teams
to work in sync with the corporate set parameters & motivating them for achieving business and individual goals. Capable of defining &
communicating policies, procedures & standards throughout the organization as well as determining the corporate vision for security.
A Master in IT and Double Diploma holder (Gold Medalist), Information Security Professional (IIT Kharagpur), MS IT, ISO: 27001
(ISMS-LA), CIISA, CEH, CIWSA, ACSA, CCNA, MCSA, an out of the box thinker with a unique blend of Managerial, Qualitative and
Technical capability in the areas of Risk Management, Information Security Audit & Compliance, Network Security VA/PT/Audit,
Application Security VA/PT/Audit, Software Development & Maintenance, Software Testing, Fuzzing Testing and Security Assurance.
Insightful, result driven Information Security Practitioner. Worked as Security Architect, Information Risk & Security Management
Consultant and Security Manager at TCS Riyadh for Saudi Arabia Online Payment System (SADAD OLP) at country level under the
control of Saudi Arabia Monetary Agency (SAMA).
Relevant Project Experience
Org/Role:
Security Project Manager, SAMA-SADAD Online Payment
Project, Riyadh, Saudi Arabia
(01 Nov 2013 – 25 Jan 2015)
Security Architect (Information Security)/Security
Project Manager
Brief
Description:
SAMA –SADAD Online payment project, Riyadh, Saudi Arabia based:
ISO 27001 (ISMS) Solution Design & Documentation
Network Security Architecture Design and Strategic Planning of Security Controls
Applications and Network Vulnerability Assessment & Penetration Testing
Governance, Risk, Compliance & Controls Assessment
Security Audits, Assessments, Vulnerability scanning, Penetration testing
Enterprise Vulnerability Management
Information Security Audit
Database Encryption Solution
Service/Process Orchestration
IAM (TDS, ISAM ) Architecture
Disaster Recovery Planning/ Business Continuity Management
Multiple Network & Application Security Layered Architecture
Designed robust security mechanisms for SAMA/SADAD networks to prevent, detect, mitigate and
recover from security incidents
IBM Guardium Solution Architecture
Security Information & Event Management Architecture
Secure Code development security Architecture
Secure Code Security Testing
Risk Assessments
2. 2
<Anil Kumar Dubey>
Org/Role:
Security Solution Architect LBG (Lloyds Banking Group UK
(01 Aug 2013 – 31 Oct 2013)
Security Solution Architect LBG (Lloyds Banking
Group UK
Brief
Description:
Worked with LBG Security Architecture team and provided multiple project based solutions regarding:
Online payment projects
Data power based architecture projects
Network Security Architecture Design upgradation projects
Applications and Network Vulnerability Management projects
Enterprise Vulnerability Management
Org/Role:
Security Architect, Royal Bank of Scotland (RBS), TCS Gurgaon
(01 Jan 2013 – 30 Jul 2013) Security Architect (Information Security)
Brief
Description:
RBS was working for security upgrade for IRON Mail encryption solution for entire RBS branches globally:
Provided Iron mail encryption architecture swolution
Integration with Network Security Architecture Design and Strategic Planning of Security Controls
Integration with banking Applications
Governance, Risk, Compliance & Controls Assessment
Enterprise Vulnerability Management
Reviewed Business Requirement Document and updated as per security requirement.
Org/Role:
Team Member, GCP_IRMA Practice, TCS Gurgaon
(20 Aug 2012 – 31 Dec 2012)
Consultant (Information Security)/Engagement
Manager
Brief
Description:
TCS-Global Consulting Practice- Information Risk Management Advisory is providing a full fledged Information
Security (ANS) testing environment for TCS’s global customers and providing solutions regarding:
ISO 27001 (ISMS) Solution Design & Documentation
Network Security Architecture Design and Strategic Planning of Security Controls
Applications and Network Vulnerability Assessment & Penetration Testing
Governance, Risk, Compliance & Controls Assessment
Enterprise Vulnerability Management
Information Security Audit
Telecommunication Security Assessment & Management:
Reviewed Information Security policies/procedure/process document and SOPs. Also reviewed high
level visual maps of business processes and assisted in creating data flow diagrams over the IT
infrastructure.
Telecom Network Threats, Vulnerabilities, Impact and Risk based assessment
Telecom Network Security Architecture
Cloud Security requirement creation, Conceptual/Logical/Physical Security Design, Pitching
Security components to meet cloud security requirement
Cloud based Data Security/Encryption Solution
Cloud based PIM Solution Architecture
Cloud based application/network security testing
3. 3
<Anil Kumar Dubey>
Network device Fuzzing Testing
Telco security solutions and services Architecturing
Previlege Identity Management (iRaje Identity Solution) Architecture
Disaster Recovery Planning/ Business Continuity Management
Multiple Network Security Layered Architecture
Org/Role:
Team Lead, NTDG-CoE Lab-TCS Gurgaon
(24 Aug 2011 – 19 Aug 2012)
Consultant (Information Security)/ Solution
Architect
Brief
Description:
TCS-NTDG-CoE Gurgaon Lab is providing a full fledged Information Security (ANS) testing environment for TCS’s
Internal as well as global customers and providing solutions regarding:
ISO 27001 (ISMS) Solution Design & Documentation
Network Security Architecture Design and Strategic Planning of Security Controls
Applications and Network Vulnerability Assessment & Penetration Testing
Governance, Risk, Compliance & Controls Assessment
Enterprise Vulnerability Management
Information Security Audit
Telecommunication Security Assessment & Management:
Reviewed Information Security policies/procedure/process document and SOPs. Also reviewed high
level visual maps of business processes and assisted in creating data flow diagrams over the IT
infrastructure.
Org/Role:
TVSNet Technologies Limited (Formerly Ramco Infotech Ltd)
(01 Mar 2007 - 19 Aug 2011)
Senior Consultant (Information Security)
Brief
Description:
Responsible for achieving revenue and bottom line target for the Managed Security Solutions business and
Network/Information Security business of TVSNet Technologies.
Accountable for:
IT Security Design Documentation and Implementation.
Design Network / Information Security Architecture, Documentation and Testing for perspective
clients.
Information Security Consultancy/ Managed Security Services
Risk & Compliance Management
Planning and execution of business process control reviews,
Information Security Audits and other Assurance offerings across a variety of industries.
Gain strong comprehension of client operations, processes, and business objectives and utilize that
knowledge on engagements.
Evaluate and test business processes and controls and identify areas of risks. Apply current
knowledge of IT trends and systems to identify security and risk management issues, and other
opportunities for improvement.
Strong Client management in presenting the IT Control observations. Ensuring enhanced value to
customer to continuous improvement of Project and service support.
Perform Internal Controls review particularly IT Operational Controls, testing of IT Controls as per
ISO 27001 and Sarbanes Oxley requirements
Checked adherence to ISO 27001 standard;
4. 4
<Anil Kumar Dubey>
Identified gaps in Information Security policy implementation and provided actionable
recommendations;
Evaluated utilization of security solutions (tools / devices) and implementation of its features.
Evaluated effectiveness of security solutions (tools / devices) deployed.
Effectively managed significant stakeholder resistance by reporting detailed findings and providing
personal debriefings to senior management of impacted departments.
Org/Role:
Canara HSBC Oriental Bank of Commerce
Life Insurance Company
(Oct 2008 – Oct 2010)
Information Security Manager
Brief
Description:
Accountable for:
IT Security Design Documentation and Implementation.
Design Network / Information Security Architecture, Documentation and Testing for perspective
clients.
Information Security Consultancy/ Managed Security Services
Risk & Compliance Management
Planning and execution of business process control reviews,
Information Security Audits and other Assurance offerings across a variety of industries.
Gain strong comprehension of client operations, processes, and business objectives and utilize that
knowledge on engagements.
Evaluate and test business processes and controls and identify areas of risks. Apply current
knowledge of IT trends and systems to identify security and risk management issues, and other
opportunities for improvement.
Strong Client management in presenting the IT Control observations. Ensuring enhanced value to
customer to continuous improvement of Project and service support.
Perform Internal Controls review particularly IT Operational Controls, testing of IT Controls as per
ISO 27001 and Sarbanes Oxley requirements
Checked adherence to ISO 27001 standard;
Identified gaps in Information Security policy implementation and provided actionable
recommendations;
Evaluated utilization of security solutions (tools / devices) and implementation of its features.
Evaluated effectiveness of security solutions (tools / devices) deployed.
Effectively managed significant stakeholder resistance by reporting detailed findings and providing
personal debriefings to senior management of impacted departments.
Org/Role:
Head Quarter Integrated Defence Staff (HQ IDS),
Ministry of Defence (MoD), Government of India, New Delhi
(Jan 2002 – Feb 2007)
Information Security Manager
Brief
Description:
Responsible for enabling and empowering:
Information Security (ISMS) Creation & Implementation
Application & Network Security Audits
Compliance Audits (BS 7799, ISO 27001)
Planning and execution of business process control reviews and Info Assurance.
Strategic Planning of Security Controls
Managed Security Services (MSS)
Governance, Risk & Compliance Management
Evaluate and test business processes and controls and identify areas of risks.
Apply current knowledge of IT trends and systems to identify security and risk management issues,
and other opportunities for improvement.
IT Contingency, BCP & DR Strategy
Training development/Team Management
5. 5
<Anil Kumar Dubey>
Incident/Change/Problem Management
SOC Operation & Management
Identified gaps in Information Security policy implementation;
Provided preventive and compensating controls to client to ensure appropriate level of protection
and adherence to the goals of Information Security Strategy;
Provided visibility of security maturity across UNIFY Operations for better Risk Mitigation and
Control;
Delivered UNIFY Operations Audit Report;
Provided actionable Remediation Plan based on UNIFY Operations Audit Report;
Provided a clear and convincing explanation of gaps and generated additional opportunities; and
Monitored customer satisfaction and timely delivery of services.
Org/Role:
Indian Army (Corps of Signals), Ministry of Defence,
Government of India
(Nov 1988 – Dec 2001)
Project Manager (Security Stream Lead)
Brief
Description:
During 13 years of my career I advanced through several different technical and operational roles to prepare me for my
executive responsibilities. These roles include various project assignments in Data Center Operations, Network Security
Management, Software Support, Database systems, Telecommunication Security Operation & Management, Identity &
Access Management and special assignments.
Core Consulting & Technical Skills
Core Consulting Skills
Develop and manage client relationships;
Scope client requirements, respond to RFPs and covert potential leads;
Manage end-to-end execution of engagements including resource planning, scheduling, execution and signoff; and
Develop new and customized services based on emerging industry trends.
Core Technical Skills
Security Testing based on OSSTMM methodology;
IS0 27001 / PCI Audits / Reviews / Remediation / Scans;
Information Security Plan / Road map Creation;
Information Security Governance Reviews;
Network Penetration Testing (Internal, External, Wireless);
Network Architecture Reviews;
Application Vulnerability Assessment covering OWASP Top 10, CWE/SANS Top 25, etc.;
System / Application Reviews;
Social Engineering Exercises; and
Threat Modeling for Applications.
Technology Awareness
Regulations: SOX, SAS70, HIPPA, GLBA, FISMA
Standards &
Frameworks:
PCI-DSS, COBIT, COSO, ISO/IEC 27001, BS 25999, OWASP, ITIL, ISO 9001, CC - (ISO/IEC 15408)
Application &
Network
Security:
WebInspect, CoreImpact, Accunetix, NMap, Nessus, Bugtrack, Tivoli NetView, CiscoWorks, Concord eHealth, HP
OpenView, Snort, Sniffer, Tcpdump, Wireshark, Tripwire, Smartbits, AppScan, Retina, Burp Suite, EMC Smarts,
ArcSight ESM, Tivoli Netcool, NetVCR, NetDetector, NetDetectorLive, NetTrident, NetOmni, Fuzzing tools
6. 6
<Anil Kumar Dubey>
Interfaces: 10GigE, 10/100/1000 Mbps, T1/E1, V.35, X.21, T3/E3, HSSI, OC3, OC12, OC48
Protocols: TCP/IP with BPF, TCP, IPv4, IPv6, UDP, DHCP, MPLS, Frame Relay, PPP, Bay PPP, CISCO HDLC, PoS
(OC3/OC12/OC48), ATM (OC3/OC12), MLPP, VLAN (ISL & IEEE 802.1q), IEEE 802.3 (Ethernet), IP fragments,
HTTP/HTTPS, ARP/RARP, SMTP/POP/IMAP, ICMP, Telnet, FTP/TFTP, SNMP/MIB, SCTP, SSH, PGM, IGMP,
PIM, ISO 8583, TIBCO, 29 West, FIX, HBCI, FinTS, IFX, OFX, SET, TKIP, EAP, WEP; Authentication Protocols:
TACACS+, RADIUS, LDAP & Microsoft AD; Compression Protocols: WCP, STAC; VoIP Protocols: SCCP, MGCP,
H.323, SIP, RTP/RTCP
OS: Windows (.NET/2003/7/Vista/XP/2000/98), UNIX (FreeBSD/Linux/Ubuntu/Solaris/Mac)
Web Servers: IIS, O’Reilly, IBM Websphere, BEA Weblogic, Apache, Tomcat, Jetty, MS Content Management Server, MTS, MS
SharePoint Portal Server, MS Exchange Server
Databases: MySQL, Oracle, Sybase, MS SQL, MS Access
Tools: Project.net, QC, QTP, Test Partner, Rational Functional Tester, Rational Robot, TestPartner, Visual Studio, MS
Office, Interdev, Netscape, IE, SourceSafe, Rational Rose, WinRunner, InstallShield, DemoShield, EditPlus, VNC,
CVS, Bugzilla, JIRA, Alfresco, Subversion, PuTTY, MS Project, MS Visio, VMware, Archer Suite
Awards & Recognitions
Conferred with the following awards/ medals/ commendations for excellent performance:
Gold Medal from the Director (Commandant) MCTE, MHOW (MP) as a Course Topper (For Diploma in Electronics
&Communication Engineering)
Commendation Letter from the Chief of Integrated Defence Staff in 2005 for significant contribution on Information
Security Implementations at Head Quarter Integrated Defence Staff (HQIDS), Ministry of Defence, Govt. of India.
Certificate of Merit from Technical Training Board (2STC), Panaji (Goa) as a course Topper (Diploma in Information
Technology)
Employment History
Date from to date Organization Role
24 Aug 2011 – Present Tata Consultancy Services Ltd. Associate Consultant/ Engagement Manager
01 Mar 2007 – 19 Aug 2011
TVSNet Technologies Limited (Formerly
Ramco Infotech Limited)
Senior Consultant
01 Jan 2002 – 28 Feb 2007
Head Quarter Integrated Defence Staff (HQ
IDS), Ministry of Defence (MoD),
Government of India, New Delhi
Information Security Manager
11 Nov 1988 – 31 Dec 2001
Indian Army (Corps of Signals), Ministry of
Defence, Government of India Telecomm Engineer
Education / Certification
Date from to date Degree Institute Name Major / Specialization
11 Nov 86 – 11 Nov 1988 Diploma in IT Engineering STC, Panaji (Goa) Information Technology
Jan 1993 – Jul 1995 Diploma in Communication Military College of TeleComn Electronics & Telecomn
7. 7
<Anil Kumar Dubey>
Aug 1995- Aug 1998
Engineering
Bachelor Degree
Engineering, Mhow (MP)
VKS University, Ara
Engineering
May 2010- May 2012 Master in IT Kuvempu University (Karnataka) Information Technology
01 Mar 2005-31 Mar 2005
Information Security
Professional (ISP)
Indian Institute of Technology, Kharagpur Information Systems Security
Year Professional Accreditations Organization Specialization
2005 ISO/IEC 27001:2005 (ISMS-Lead Auditor) STQC ISMS Lead Auditor
2005 CIW Security Analyst (CIWSA) Prosoft (USA) Information Systems Security
2005 Certified Internal Information System Auditor (CIISA) STQC ISMS Auditor
2005 Microsoft Certified System Administrator (MCSA) Microsoft Corporation (USA) Windows Architecture-I
2005 Cisco Certified Network Associate (CCNA) Cisco (USA) Networking
2006 Certified Ethical Hacker (CEH) EC Council (USA) Ethical Hacking
2011 Avaya Certified Solution Architect (ACSA) Avaya (USA) Secure solutioniong
Training Qualified
2005 CISSP, by SecureSynergy Pvt. Ltd, New Delhi
2005 Cyber Security Protection/Cyber Crime Detection, Deptt of Defence, USA
2005 Network Security Professional, (Shoghi Communication, New Delhi)
2005 VA & PT training from CERT India, Ministry of Communication, Govt of India
2005 Mail Forensic, CDEC
2006 CISM , by SecureSynergy Pvt. Ltd, New Delhi
2007 IT Security products (eSafe Gateway, Nokia IP130, IBM ISS, Antivirus Gateway Suite, Websense, Bluecoat, Checkpoint
Firewall/UTM etc) by OEM.
2010 Identity & Access Management by Novell India (P) Ltd.
Professional Affiliations
Member of ISACA (Information Systems Audit and Control Association)& ISACA New Delhi Chapter
Member of DSCI (Data Security Council of India) Delhi Chapter