SlideShare a Scribd company logo

CV_Anil K Dubey V1.1

Download as DOCX, PDF
A
Anil Kr. Dubey ISP ISLA CIISA ACSA CEH CIWSA CCNA MCSA
1 of 7
1 <Anil Kumar Dubey> Anil Kumar Dubey ISP (IIT), MS IT, ISO 27K-LA, CEH, CIISA, CIWSA, ACSA, CCNA, MCSA Cell : +919871008523 Role – Information Security Architect Experience Summary Offering over 18 Years of relevant IT & Information Security Experience in Delivering Optimal Solutions, Results and Business Value in High-growth Environments across various business sectors & verticals. Possess a clear understanding of the industry, technology trends with the distinction of instituting new practices to achieve business excellence at the lowest overall cost. Proven skills in managing teams to work in sync with the corporate set parameters & motivating them for achieving business and individual goals. Capable of defining & communicating policies, procedures & standards throughout the organization as well as determining the corporate vision for security. A Master in IT and Double Diploma holder (Gold Medalist), Information Security Professional (IIT Kharagpur), MS IT, ISO: 27001 (ISMS-LA), CIISA, CEH, CIWSA, ACSA, CCNA, MCSA, an out of the box thinker with a unique blend of Managerial, Qualitative and Technical capability in the areas of Risk Management, Information Security Audit & Compliance, Network Security VA/PT/Audit, Application Security VA/PT/Audit, Software Development & Maintenance, Software Testing, Fuzzing Testing and Security Assurance. Insightful, result driven Information Security Practitioner. Worked as Security Architect, Information Risk & Security Management Consultant and Security Manager at TCS Riyadh for Saudi Arabia Online Payment System (SADAD OLP) at country level under the control of Saudi Arabia Monetary Agency (SAMA). Relevant Project Experience Org/Role: Security Project Manager, SAMA-SADAD Online Payment Project, Riyadh, Saudi Arabia (01 Nov 2013 – 25 Jan 2015) Security Architect (Information Security)/Security Project Manager Brief Description: SAMA –SADAD Online payment project, Riyadh, Saudi Arabia based:  ISO 27001 (ISMS) Solution Design & Documentation  Network Security Architecture Design and Strategic Planning of Security Controls  Applications and Network Vulnerability Assessment & Penetration Testing  Governance, Risk, Compliance & Controls Assessment  Security Audits, Assessments, Vulnerability scanning, Penetration testing  Enterprise Vulnerability Management  Information Security Audit  Database Encryption Solution  Service/Process Orchestration  IAM (TDS, ISAM ) Architecture  Disaster Recovery Planning/ Business Continuity Management  Multiple Network & Application Security Layered Architecture  Designed robust security mechanisms for SAMA/SADAD networks to prevent, detect, mitigate and recover from security incidents  IBM Guardium Solution Architecture  Security Information & Event Management Architecture  Secure Code development security Architecture  Secure Code Security Testing  Risk Assessments 
2 <Anil Kumar Dubey> Org/Role: Security Solution Architect LBG (Lloyds Banking Group UK (01 Aug 2013 – 31 Oct 2013) Security Solution Architect LBG (Lloyds Banking Group UK Brief Description: Worked with LBG Security Architecture team and provided multiple project based solutions regarding:  Online payment projects  Data power based architecture projects  Network Security Architecture Design upgradation projects  Applications and Network Vulnerability Management projects  Enterprise Vulnerability Management Org/Role: Security Architect, Royal Bank of Scotland (RBS), TCS Gurgaon (01 Jan 2013 – 30 Jul 2013) Security Architect (Information Security) Brief Description: RBS was working for security upgrade for IRON Mail encryption solution for entire RBS branches globally:  Provided Iron mail encryption architecture swolution  Integration with Network Security Architecture Design and Strategic Planning of Security Controls  Integration with banking Applications  Governance, Risk, Compliance & Controls Assessment  Enterprise Vulnerability Management  Reviewed Business Requirement Document and updated as per security requirement. Org/Role: Team Member, GCP_IRMA Practice, TCS Gurgaon (20 Aug 2012 – 31 Dec 2012) Consultant (Information Security)/Engagement Manager Brief Description: TCS-Global Consulting Practice- Information Risk Management Advisory is providing a full fledged Information Security (ANS) testing environment for TCS’s global customers and providing solutions regarding:  ISO 27001 (ISMS) Solution Design & Documentation  Network Security Architecture Design and Strategic Planning of Security Controls  Applications and Network Vulnerability Assessment & Penetration Testing  Governance, Risk, Compliance & Controls Assessment  Enterprise Vulnerability Management  Information Security Audit  Telecommunication Security Assessment & Management:  Reviewed Information Security policies/procedure/process document and SOPs. Also reviewed high level visual maps of business processes and assisted in creating data flow diagrams over the IT infrastructure.  Telecom Network Threats, Vulnerabilities, Impact and Risk based assessment  Telecom Network Security Architecture  Cloud Security requirement creation, Conceptual/Logical/Physical Security Design, Pitching Security components to meet cloud security requirement  Cloud based Data Security/Encryption Solution  Cloud based PIM Solution Architecture  Cloud based application/network security testing
3 <Anil Kumar Dubey>  Network device Fuzzing Testing  Telco security solutions and services Architecturing  Previlege Identity Management (iRaje Identity Solution) Architecture  Disaster Recovery Planning/ Business Continuity Management  Multiple Network Security Layered Architecture  Org/Role: Team Lead, NTDG-CoE Lab-TCS Gurgaon (24 Aug 2011 – 19 Aug 2012) Consultant (Information Security)/ Solution Architect Brief Description: TCS-NTDG-CoE Gurgaon Lab is providing a full fledged Information Security (ANS) testing environment for TCS’s Internal as well as global customers and providing solutions regarding:  ISO 27001 (ISMS) Solution Design & Documentation  Network Security Architecture Design and Strategic Planning of Security Controls  Applications and Network Vulnerability Assessment & Penetration Testing  Governance, Risk, Compliance & Controls Assessment  Enterprise Vulnerability Management  Information Security Audit  Telecommunication Security Assessment & Management:  Reviewed Information Security policies/procedure/process document and SOPs. Also reviewed high level visual maps of business processes and assisted in creating data flow diagrams over the IT infrastructure. Org/Role: TVSNet Technologies Limited (Formerly Ramco Infotech Ltd) (01 Mar 2007 - 19 Aug 2011) Senior Consultant (Information Security) Brief Description: Responsible for achieving revenue and bottom line target for the Managed Security Solutions business and Network/Information Security business of TVSNet Technologies. Accountable for:  IT Security Design Documentation and Implementation.  Design Network / Information Security Architecture, Documentation and Testing for perspective clients.  Information Security Consultancy/ Managed Security Services  Risk & Compliance Management  Planning and execution of business process control reviews,  Information Security Audits and other Assurance offerings across a variety of industries.  Gain strong comprehension of client operations, processes, and business objectives and utilize that knowledge on engagements.  Evaluate and test business processes and controls and identify areas of risks. Apply current knowledge of IT trends and systems to identify security and risk management issues, and other opportunities for improvement.  Strong Client management in presenting the IT Control observations. Ensuring enhanced value to customer to continuous improvement of Project and service support.  Perform Internal Controls review particularly IT Operational Controls, testing of IT Controls as per ISO 27001 and Sarbanes Oxley requirements  Checked adherence to ISO 27001 standard;
4 <Anil Kumar Dubey>  Identified gaps in Information Security policy implementation and provided actionable recommendations;  Evaluated utilization of security solutions (tools / devices) and implementation of its features.  Evaluated effectiveness of security solutions (tools / devices) deployed.  Effectively managed significant stakeholder resistance by reporting detailed findings and providing personal debriefings to senior management of impacted departments. Org/Role: Canara HSBC Oriental Bank of Commerce Life Insurance Company (Oct 2008 – Oct 2010) Information Security Manager Brief Description: Accountable for:  IT Security Design Documentation and Implementation.  Design Network / Information Security Architecture, Documentation and Testing for perspective clients.  Information Security Consultancy/ Managed Security Services  Risk & Compliance Management  Planning and execution of business process control reviews,  Information Security Audits and other Assurance offerings across a variety of industries.  Gain strong comprehension of client operations, processes, and business objectives and utilize that knowledge on engagements.  Evaluate and test business processes and controls and identify areas of risks. Apply current knowledge of IT trends and systems to identify security and risk management issues, and other opportunities for improvement.  Strong Client management in presenting the IT Control observations. Ensuring enhanced value to customer to continuous improvement of Project and service support.  Perform Internal Controls review particularly IT Operational Controls, testing of IT Controls as per ISO 27001 and Sarbanes Oxley requirements  Checked adherence to ISO 27001 standard;  Identified gaps in Information Security policy implementation and provided actionable recommendations;  Evaluated utilization of security solutions (tools / devices) and implementation of its features.  Evaluated effectiveness of security solutions (tools / devices) deployed.  Effectively managed significant stakeholder resistance by reporting detailed findings and providing personal debriefings to senior management of impacted departments. Org/Role: Head Quarter Integrated Defence Staff (HQ IDS), Ministry of Defence (MoD), Government of India, New Delhi (Jan 2002 – Feb 2007) Information Security Manager Brief Description: Responsible for enabling and empowering:  Information Security (ISMS) Creation & Implementation  Application & Network Security Audits  Compliance Audits (BS 7799, ISO 27001)  Planning and execution of business process control reviews and Info Assurance.  Strategic Planning of Security Controls  Managed Security Services (MSS)  Governance, Risk & Compliance Management  Evaluate and test business processes and controls and identify areas of risks.  Apply current knowledge of IT trends and systems to identify security and risk management issues, and other opportunities for improvement.  IT Contingency, BCP & DR Strategy  Training development/Team Management
5 <Anil Kumar Dubey>  Incident/Change/Problem Management  SOC Operation & Management  Identified gaps in Information Security policy implementation;  Provided preventive and compensating controls to client to ensure appropriate level of protection and adherence to the goals of Information Security Strategy;  Provided visibility of security maturity across UNIFY Operations for better Risk Mitigation and Control;  Delivered UNIFY Operations Audit Report;  Provided actionable Remediation Plan based on UNIFY Operations Audit Report;  Provided a clear and convincing explanation of gaps and generated additional opportunities; and  Monitored customer satisfaction and timely delivery of services. Org/Role: Indian Army (Corps of Signals), Ministry of Defence, Government of India (Nov 1988 – Dec 2001) Project Manager (Security Stream Lead) Brief Description: During 13 years of my career I advanced through several different technical and operational roles to prepare me for my executive responsibilities. These roles include various project assignments in Data Center Operations, Network Security Management, Software Support, Database systems, Telecommunication Security Operation & Management, Identity & Access Management and special assignments. Core Consulting & Technical Skills Core Consulting Skills Develop and manage client relationships; Scope client requirements, respond to RFPs and covert potential leads; Manage end-to-end execution of engagements including resource planning, scheduling, execution and signoff; and Develop new and customized services based on emerging industry trends. Core Technical Skills Security Testing based on OSSTMM methodology; IS0 27001 / PCI Audits / Reviews / Remediation / Scans; Information Security Plan / Road map Creation; Information Security Governance Reviews; Network Penetration Testing (Internal, External, Wireless); Network Architecture Reviews; Application Vulnerability Assessment covering OWASP Top 10, CWE/SANS Top 25, etc.; System / Application Reviews; Social Engineering Exercises; and Threat Modeling for Applications. Technology Awareness Regulations: SOX, SAS70, HIPPA, GLBA, FISMA Standards & Frameworks: PCI-DSS, COBIT, COSO, ISO/IEC 27001, BS 25999, OWASP, ITIL, ISO 9001, CC - (ISO/IEC 15408) Application & Network Security: WebInspect, CoreImpact, Accunetix, NMap, Nessus, Bugtrack, Tivoli NetView, CiscoWorks, Concord eHealth, HP OpenView, Snort, Sniffer, Tcpdump, Wireshark, Tripwire, Smartbits, AppScan, Retina, Burp Suite, EMC Smarts, ArcSight ESM, Tivoli Netcool, NetVCR, NetDetector, NetDetectorLive, NetTrident, NetOmni, Fuzzing tools
6 <Anil Kumar Dubey> Interfaces: 10GigE, 10/100/1000 Mbps, T1/E1, V.35, X.21, T3/E3, HSSI, OC3, OC12, OC48 Protocols: TCP/IP with BPF, TCP, IPv4, IPv6, UDP, DHCP, MPLS, Frame Relay, PPP, Bay PPP, CISCO HDLC, PoS (OC3/OC12/OC48), ATM (OC3/OC12), MLPP, VLAN (ISL & IEEE 802.1q), IEEE 802.3 (Ethernet), IP fragments, HTTP/HTTPS, ARP/RARP, SMTP/POP/IMAP, ICMP, Telnet, FTP/TFTP, SNMP/MIB, SCTP, SSH, PGM, IGMP, PIM, ISO 8583, TIBCO, 29 West, FIX, HBCI, FinTS, IFX, OFX, SET, TKIP, EAP, WEP; Authentication Protocols: TACACS+, RADIUS, LDAP & Microsoft AD; Compression Protocols: WCP, STAC; VoIP Protocols: SCCP, MGCP, H.323, SIP, RTP/RTCP OS: Windows (.NET/2003/7/Vista/XP/2000/98), UNIX (FreeBSD/Linux/Ubuntu/Solaris/Mac) Web Servers: IIS, O’Reilly, IBM Websphere, BEA Weblogic, Apache, Tomcat, Jetty, MS Content Management Server, MTS, MS SharePoint Portal Server, MS Exchange Server Databases: MySQL, Oracle, Sybase, MS SQL, MS Access Tools: Project.net, QC, QTP, Test Partner, Rational Functional Tester, Rational Robot, TestPartner, Visual Studio, MS Office, Interdev, Netscape, IE, SourceSafe, Rational Rose, WinRunner, InstallShield, DemoShield, EditPlus, VNC, CVS, Bugzilla, JIRA, Alfresco, Subversion, PuTTY, MS Project, MS Visio, VMware, Archer Suite Awards & Recognitions Conferred with the following awards/ medals/ commendations for excellent performance:  Gold Medal from the Director (Commandant) MCTE, MHOW (MP) as a Course Topper (For Diploma in Electronics &Communication Engineering)  Commendation Letter from the Chief of Integrated Defence Staff in 2005 for significant contribution on Information Security Implementations at Head Quarter Integrated Defence Staff (HQIDS), Ministry of Defence, Govt. of India.  Certificate of Merit from Technical Training Board (2STC), Panaji (Goa) as a course Topper (Diploma in Information Technology) Employment History Date from to date Organization Role 24 Aug 2011 – Present Tata Consultancy Services Ltd. Associate Consultant/ Engagement Manager 01 Mar 2007 – 19 Aug 2011 TVSNet Technologies Limited (Formerly Ramco Infotech Limited) Senior Consultant 01 Jan 2002 – 28 Feb 2007 Head Quarter Integrated Defence Staff (HQ IDS), Ministry of Defence (MoD), Government of India, New Delhi Information Security Manager 11 Nov 1988 – 31 Dec 2001 Indian Army (Corps of Signals), Ministry of Defence, Government of India Telecomm Engineer Education / Certification Date from to date Degree Institute Name Major / Specialization 11 Nov 86 – 11 Nov 1988 Diploma in IT Engineering STC, Panaji (Goa) Information Technology Jan 1993 – Jul 1995 Diploma in Communication Military College of TeleComn Electronics & Telecomn
7 <Anil Kumar Dubey> Aug 1995- Aug 1998 Engineering Bachelor Degree Engineering, Mhow (MP) VKS University, Ara Engineering May 2010- May 2012 Master in IT Kuvempu University (Karnataka) Information Technology 01 Mar 2005-31 Mar 2005 Information Security Professional (ISP) Indian Institute of Technology, Kharagpur Information Systems Security Year Professional Accreditations Organization Specialization 2005 ISO/IEC 27001:2005 (ISMS-Lead Auditor) STQC ISMS Lead Auditor 2005 CIW Security Analyst (CIWSA) Prosoft (USA) Information Systems Security 2005 Certified Internal Information System Auditor (CIISA) STQC ISMS Auditor 2005 Microsoft Certified System Administrator (MCSA) Microsoft Corporation (USA) Windows Architecture-I 2005 Cisco Certified Network Associate (CCNA) Cisco (USA) Networking 2006 Certified Ethical Hacker (CEH) EC Council (USA) Ethical Hacking 2011 Avaya Certified Solution Architect (ACSA) Avaya (USA) Secure solutioniong Training Qualified 2005 CISSP, by SecureSynergy Pvt. Ltd, New Delhi 2005 Cyber Security Protection/Cyber Crime Detection, Deptt of Defence, USA 2005 Network Security Professional, (Shoghi Communication, New Delhi) 2005 VA & PT training from CERT India, Ministry of Communication, Govt of India 2005 Mail Forensic, CDEC 2006 CISM , by SecureSynergy Pvt. Ltd, New Delhi 2007 IT Security products (eSafe Gateway, Nokia IP130, IBM ISS, Antivirus Gateway Suite, Websense, Bluecoat, Checkpoint Firewall/UTM etc) by OEM. 2010 Identity & Access Management by Novell India (P) Ltd. Professional Affiliations Member of ISACA (Information Systems Audit and Control Association)& ISACA New Delhi Chapter Member of DSCI (Data Security Council of India) Delhi Chapter

Recommended

Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information SecurityJohn Macasio
 
Zachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureZachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureJoaquin Marques
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 

Recommended

Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information SecurityJohn Macasio
 
Zachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureZachman Enterprise Security Architecture
Zachman Enterprise Security ArchitectureJoaquin Marques
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Pankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj Kumar
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterEMC
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Soc
SocSoc
SocMukesh Chaudhari
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 

More Related Content

What's hot

State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Pankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj Kumar
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterEMC
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 

What's hot (20)

State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Pankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security Professional
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations Center
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
Soc
SocSoc
Soc
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 

Similar to CV_Anil K Dubey V1.1

CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin Carrow
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked inJohn Masiliunas
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architectureangelohammond
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran Krishnan
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessInfopulse
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedkonchada
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedkonchada
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams
 

Similar to CV_Anil K Dubey V1.1 (20)

CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISA
 
Balaji Jagan -Resume
Balaji Jagan -ResumeBalaji Jagan -Resume
Balaji Jagan -Resume
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked in
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architecture
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - Updated
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Resume-DPITVlinkedin
Resume-DPITVlinkedinResume-DPITVlinkedin
Resume-DPITVlinkedin
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Resume
ResumeResume
Resume
 
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
David Adams - Linkedin Information Architect Business Analyst - Web / Social ...
 

CV_Anil K Dubey V1.1

  • 1. 1 <Anil Kumar Dubey> Anil Kumar Dubey ISP (IIT), MS IT, ISO 27K-LA, CEH, CIISA, CIWSA, ACSA, CCNA, MCSA Cell : +919871008523 Role – Information Security Architect Experience Summary Offering over 18 Years of relevant IT & Information Security Experience in Delivering Optimal Solutions, Results and Business Value in High-growth Environments across various business sectors & verticals. Possess a clear understanding of the industry, technology trends with the distinction of instituting new practices to achieve business excellence at the lowest overall cost. Proven skills in managing teams to work in sync with the corporate set parameters & motivating them for achieving business and individual goals. Capable of defining & communicating policies, procedures & standards throughout the organization as well as determining the corporate vision for security. A Master in IT and Double Diploma holder (Gold Medalist), Information Security Professional (IIT Kharagpur), MS IT, ISO: 27001 (ISMS-LA), CIISA, CEH, CIWSA, ACSA, CCNA, MCSA, an out of the box thinker with a unique blend of Managerial, Qualitative and Technical capability in the areas of Risk Management, Information Security Audit & Compliance, Network Security VA/PT/Audit, Application Security VA/PT/Audit, Software Development & Maintenance, Software Testing, Fuzzing Testing and Security Assurance. Insightful, result driven Information Security Practitioner. Worked as Security Architect, Information Risk & Security Management Consultant and Security Manager at TCS Riyadh for Saudi Arabia Online Payment System (SADAD OLP) at country level under the control of Saudi Arabia Monetary Agency (SAMA). Relevant Project Experience Org/Role: Security Project Manager, SAMA-SADAD Online Payment Project, Riyadh, Saudi Arabia (01 Nov 2013 – 25 Jan 2015) Security Architect (Information Security)/Security Project Manager Brief Description: SAMA –SADAD Online payment project, Riyadh, Saudi Arabia based:  ISO 27001 (ISMS) Solution Design & Documentation  Network Security Architecture Design and Strategic Planning of Security Controls  Applications and Network Vulnerability Assessment & Penetration Testing  Governance, Risk, Compliance & Controls Assessment  Security Audits, Assessments, Vulnerability scanning, Penetration testing  Enterprise Vulnerability Management  Information Security Audit  Database Encryption Solution  Service/Process Orchestration  IAM (TDS, ISAM ) Architecture  Disaster Recovery Planning/ Business Continuity Management  Multiple Network & Application Security Layered Architecture  Designed robust security mechanisms for SAMA/SADAD networks to prevent, detect, mitigate and recover from security incidents  IBM Guardium Solution Architecture  Security Information & Event Management Architecture  Secure Code development security Architecture  Secure Code Security Testing  Risk Assessments 
  • 2. 2 <Anil Kumar Dubey> Org/Role: Security Solution Architect LBG (Lloyds Banking Group UK (01 Aug 2013 – 31 Oct 2013) Security Solution Architect LBG (Lloyds Banking Group UK Brief Description: Worked with LBG Security Architecture team and provided multiple project based solutions regarding:  Online payment projects  Data power based architecture projects  Network Security Architecture Design upgradation projects  Applications and Network Vulnerability Management projects  Enterprise Vulnerability Management Org/Role: Security Architect, Royal Bank of Scotland (RBS), TCS Gurgaon (01 Jan 2013 – 30 Jul 2013) Security Architect (Information Security) Brief Description: RBS was working for security upgrade for IRON Mail encryption solution for entire RBS branches globally:  Provided Iron mail encryption architecture swolution  Integration with Network Security Architecture Design and Strategic Planning of Security Controls  Integration with banking Applications  Governance, Risk, Compliance & Controls Assessment  Enterprise Vulnerability Management  Reviewed Business Requirement Document and updated as per security requirement. Org/Role: Team Member, GCP_IRMA Practice, TCS Gurgaon (20 Aug 2012 – 31 Dec 2012) Consultant (Information Security)/Engagement Manager Brief Description: TCS-Global Consulting Practice- Information Risk Management Advisory is providing a full fledged Information Security (ANS) testing environment for TCS’s global customers and providing solutions regarding:  ISO 27001 (ISMS) Solution Design & Documentation  Network Security Architecture Design and Strategic Planning of Security Controls  Applications and Network Vulnerability Assessment & Penetration Testing  Governance, Risk, Compliance & Controls Assessment  Enterprise Vulnerability Management  Information Security Audit  Telecommunication Security Assessment & Management:  Reviewed Information Security policies/procedure/process document and SOPs. Also reviewed high level visual maps of business processes and assisted in creating data flow diagrams over the IT infrastructure.  Telecom Network Threats, Vulnerabilities, Impact and Risk based assessment  Telecom Network Security Architecture  Cloud Security requirement creation, Conceptual/Logical/Physical Security Design, Pitching Security components to meet cloud security requirement  Cloud based Data Security/Encryption Solution  Cloud based PIM Solution Architecture  Cloud based application/network security testing
  • 3. 3 <Anil Kumar Dubey>  Network device Fuzzing Testing  Telco security solutions and services Architecturing  Previlege Identity Management (iRaje Identity Solution) Architecture  Disaster Recovery Planning/ Business Continuity Management  Multiple Network Security Layered Architecture  Org/Role: Team Lead, NTDG-CoE Lab-TCS Gurgaon (24 Aug 2011 – 19 Aug 2012) Consultant (Information Security)/ Solution Architect Brief Description: TCS-NTDG-CoE Gurgaon Lab is providing a full fledged Information Security (ANS) testing environment for TCS’s Internal as well as global customers and providing solutions regarding:  ISO 27001 (ISMS) Solution Design & Documentation  Network Security Architecture Design and Strategic Planning of Security Controls  Applications and Network Vulnerability Assessment & Penetration Testing  Governance, Risk, Compliance & Controls Assessment  Enterprise Vulnerability Management  Information Security Audit  Telecommunication Security Assessment & Management:  Reviewed Information Security policies/procedure/process document and SOPs. Also reviewed high level visual maps of business processes and assisted in creating data flow diagrams over the IT infrastructure. Org/Role: TVSNet Technologies Limited (Formerly Ramco Infotech Ltd) (01 Mar 2007 - 19 Aug 2011) Senior Consultant (Information Security) Brief Description: Responsible for achieving revenue and bottom line target for the Managed Security Solutions business and Network/Information Security business of TVSNet Technologies. Accountable for:  IT Security Design Documentation and Implementation.  Design Network / Information Security Architecture, Documentation and Testing for perspective clients.  Information Security Consultancy/ Managed Security Services  Risk & Compliance Management  Planning and execution of business process control reviews,  Information Security Audits and other Assurance offerings across a variety of industries.  Gain strong comprehension of client operations, processes, and business objectives and utilize that knowledge on engagements.  Evaluate and test business processes and controls and identify areas of risks. Apply current knowledge of IT trends and systems to identify security and risk management issues, and other opportunities for improvement.  Strong Client management in presenting the IT Control observations. Ensuring enhanced value to customer to continuous improvement of Project and service support.  Perform Internal Controls review particularly IT Operational Controls, testing of IT Controls as per ISO 27001 and Sarbanes Oxley requirements  Checked adherence to ISO 27001 standard;
  • 4. 4 <Anil Kumar Dubey>  Identified gaps in Information Security policy implementation and provided actionable recommendations;  Evaluated utilization of security solutions (tools / devices) and implementation of its features.  Evaluated effectiveness of security solutions (tools / devices) deployed.  Effectively managed significant stakeholder resistance by reporting detailed findings and providing personal debriefings to senior management of impacted departments. Org/Role: Canara HSBC Oriental Bank of Commerce Life Insurance Company (Oct 2008 – Oct 2010) Information Security Manager Brief Description: Accountable for:  IT Security Design Documentation and Implementation.  Design Network / Information Security Architecture, Documentation and Testing for perspective clients.  Information Security Consultancy/ Managed Security Services  Risk & Compliance Management  Planning and execution of business process control reviews,  Information Security Audits and other Assurance offerings across a variety of industries.  Gain strong comprehension of client operations, processes, and business objectives and utilize that knowledge on engagements.  Evaluate and test business processes and controls and identify areas of risks. Apply current knowledge of IT trends and systems to identify security and risk management issues, and other opportunities for improvement.  Strong Client management in presenting the IT Control observations. Ensuring enhanced value to customer to continuous improvement of Project and service support.  Perform Internal Controls review particularly IT Operational Controls, testing of IT Controls as per ISO 27001 and Sarbanes Oxley requirements  Checked adherence to ISO 27001 standard;  Identified gaps in Information Security policy implementation and provided actionable recommendations;  Evaluated utilization of security solutions (tools / devices) and implementation of its features.  Evaluated effectiveness of security solutions (tools / devices) deployed.  Effectively managed significant stakeholder resistance by reporting detailed findings and providing personal debriefings to senior management of impacted departments. Org/Role: Head Quarter Integrated Defence Staff (HQ IDS), Ministry of Defence (MoD), Government of India, New Delhi (Jan 2002 – Feb 2007) Information Security Manager Brief Description: Responsible for enabling and empowering:  Information Security (ISMS) Creation & Implementation  Application & Network Security Audits  Compliance Audits (BS 7799, ISO 27001)  Planning and execution of business process control reviews and Info Assurance.  Strategic Planning of Security Controls  Managed Security Services (MSS)  Governance, Risk & Compliance Management  Evaluate and test business processes and controls and identify areas of risks.  Apply current knowledge of IT trends and systems to identify security and risk management issues, and other opportunities for improvement.  IT Contingency, BCP & DR Strategy  Training development/Team Management
  • 5. 5 <Anil Kumar Dubey>  Incident/Change/Problem Management  SOC Operation & Management  Identified gaps in Information Security policy implementation;  Provided preventive and compensating controls to client to ensure appropriate level of protection and adherence to the goals of Information Security Strategy;  Provided visibility of security maturity across UNIFY Operations for better Risk Mitigation and Control;  Delivered UNIFY Operations Audit Report;  Provided actionable Remediation Plan based on UNIFY Operations Audit Report;  Provided a clear and convincing explanation of gaps and generated additional opportunities; and  Monitored customer satisfaction and timely delivery of services. Org/Role: Indian Army (Corps of Signals), Ministry of Defence, Government of India (Nov 1988 – Dec 2001) Project Manager (Security Stream Lead) Brief Description: During 13 years of my career I advanced through several different technical and operational roles to prepare me for my executive responsibilities. These roles include various project assignments in Data Center Operations, Network Security Management, Software Support, Database systems, Telecommunication Security Operation & Management, Identity & Access Management and special assignments. Core Consulting & Technical Skills Core Consulting Skills Develop and manage client relationships; Scope client requirements, respond to RFPs and covert potential leads; Manage end-to-end execution of engagements including resource planning, scheduling, execution and signoff; and Develop new and customized services based on emerging industry trends. Core Technical Skills Security Testing based on OSSTMM methodology; IS0 27001 / PCI Audits / Reviews / Remediation / Scans; Information Security Plan / Road map Creation; Information Security Governance Reviews; Network Penetration Testing (Internal, External, Wireless); Network Architecture Reviews; Application Vulnerability Assessment covering OWASP Top 10, CWE/SANS Top 25, etc.; System / Application Reviews; Social Engineering Exercises; and Threat Modeling for Applications. Technology Awareness Regulations: SOX, SAS70, HIPPA, GLBA, FISMA Standards & Frameworks: PCI-DSS, COBIT, COSO, ISO/IEC 27001, BS 25999, OWASP, ITIL, ISO 9001, CC - (ISO/IEC 15408) Application & Network Security: WebInspect, CoreImpact, Accunetix, NMap, Nessus, Bugtrack, Tivoli NetView, CiscoWorks, Concord eHealth, HP OpenView, Snort, Sniffer, Tcpdump, Wireshark, Tripwire, Smartbits, AppScan, Retina, Burp Suite, EMC Smarts, ArcSight ESM, Tivoli Netcool, NetVCR, NetDetector, NetDetectorLive, NetTrident, NetOmni, Fuzzing tools
  • 6. 6 <Anil Kumar Dubey> Interfaces: 10GigE, 10/100/1000 Mbps, T1/E1, V.35, X.21, T3/E3, HSSI, OC3, OC12, OC48 Protocols: TCP/IP with BPF, TCP, IPv4, IPv6, UDP, DHCP, MPLS, Frame Relay, PPP, Bay PPP, CISCO HDLC, PoS (OC3/OC12/OC48), ATM (OC3/OC12), MLPP, VLAN (ISL & IEEE 802.1q), IEEE 802.3 (Ethernet), IP fragments, HTTP/HTTPS, ARP/RARP, SMTP/POP/IMAP, ICMP, Telnet, FTP/TFTP, SNMP/MIB, SCTP, SSH, PGM, IGMP, PIM, ISO 8583, TIBCO, 29 West, FIX, HBCI, FinTS, IFX, OFX, SET, TKIP, EAP, WEP; Authentication Protocols: TACACS+, RADIUS, LDAP & Microsoft AD; Compression Protocols: WCP, STAC; VoIP Protocols: SCCP, MGCP, H.323, SIP, RTP/RTCP OS: Windows (.NET/2003/7/Vista/XP/2000/98), UNIX (FreeBSD/Linux/Ubuntu/Solaris/Mac) Web Servers: IIS, O’Reilly, IBM Websphere, BEA Weblogic, Apache, Tomcat, Jetty, MS Content Management Server, MTS, MS SharePoint Portal Server, MS Exchange Server Databases: MySQL, Oracle, Sybase, MS SQL, MS Access Tools: Project.net, QC, QTP, Test Partner, Rational Functional Tester, Rational Robot, TestPartner, Visual Studio, MS Office, Interdev, Netscape, IE, SourceSafe, Rational Rose, WinRunner, InstallShield, DemoShield, EditPlus, VNC, CVS, Bugzilla, JIRA, Alfresco, Subversion, PuTTY, MS Project, MS Visio, VMware, Archer Suite Awards & Recognitions Conferred with the following awards/ medals/ commendations for excellent performance:  Gold Medal from the Director (Commandant) MCTE, MHOW (MP) as a Course Topper (For Diploma in Electronics &Communication Engineering)  Commendation Letter from the Chief of Integrated Defence Staff in 2005 for significant contribution on Information Security Implementations at Head Quarter Integrated Defence Staff (HQIDS), Ministry of Defence, Govt. of India.  Certificate of Merit from Technical Training Board (2STC), Panaji (Goa) as a course Topper (Diploma in Information Technology) Employment History Date from to date Organization Role 24 Aug 2011 – Present Tata Consultancy Services Ltd. Associate Consultant/ Engagement Manager 01 Mar 2007 – 19 Aug 2011 TVSNet Technologies Limited (Formerly Ramco Infotech Limited) Senior Consultant 01 Jan 2002 – 28 Feb 2007 Head Quarter Integrated Defence Staff (HQ IDS), Ministry of Defence (MoD), Government of India, New Delhi Information Security Manager 11 Nov 1988 – 31 Dec 2001 Indian Army (Corps of Signals), Ministry of Defence, Government of India Telecomm Engineer Education / Certification Date from to date Degree Institute Name Major / Specialization 11 Nov 86 – 11 Nov 1988 Diploma in IT Engineering STC, Panaji (Goa) Information Technology Jan 1993 – Jul 1995 Diploma in Communication Military College of TeleComn Electronics & Telecomn
  • 7. 7 <Anil Kumar Dubey> Aug 1995- Aug 1998 Engineering Bachelor Degree Engineering, Mhow (MP) VKS University, Ara Engineering May 2010- May 2012 Master in IT Kuvempu University (Karnataka) Information Technology 01 Mar 2005-31 Mar 2005 Information Security Professional (ISP) Indian Institute of Technology, Kharagpur Information Systems Security Year Professional Accreditations Organization Specialization 2005 ISO/IEC 27001:2005 (ISMS-Lead Auditor) STQC ISMS Lead Auditor 2005 CIW Security Analyst (CIWSA) Prosoft (USA) Information Systems Security 2005 Certified Internal Information System Auditor (CIISA) STQC ISMS Auditor 2005 Microsoft Certified System Administrator (MCSA) Microsoft Corporation (USA) Windows Architecture-I 2005 Cisco Certified Network Associate (CCNA) Cisco (USA) Networking 2006 Certified Ethical Hacker (CEH) EC Council (USA) Ethical Hacking 2011 Avaya Certified Solution Architect (ACSA) Avaya (USA) Secure solutioniong Training Qualified 2005 CISSP, by SecureSynergy Pvt. Ltd, New Delhi 2005 Cyber Security Protection/Cyber Crime Detection, Deptt of Defence, USA 2005 Network Security Professional, (Shoghi Communication, New Delhi) 2005 VA & PT training from CERT India, Ministry of Communication, Govt of India 2005 Mail Forensic, CDEC 2006 CISM , by SecureSynergy Pvt. Ltd, New Delhi 2007 IT Security products (eSafe Gateway, Nokia IP130, IBM ISS, Antivirus Gateway Suite, Websense, Bluecoat, Checkpoint Firewall/UTM etc) by OEM. 2010 Identity & Access Management by Novell India (P) Ltd. Professional Affiliations Member of ISACA (Information Systems Audit and Control Association)& ISACA New Delhi Chapter Member of DSCI (Data Security Council of India) Delhi Chapter