SlideShare a Scribd company logo

Daddy Thwane. CV

Download as DOC, PDF
D
Daddy Jonathan Thwane
1 of 6
12a Widman Street 0824947952 Regents Park Ext13 Johannesburg South 2197 Personal Details Name: : Daddy Jonathan Thwane Gender : Male ID Number : 7207295609089 Languages : English, Afrikaans, Setswana, Zulu Drivers License : Code 08 Marital Status : Married Criminal Offences : None Nationality : South African Health : Excellent – None Smoker, none drinker Email: : daddy.thwane@gmail.com or jonathand@absa.co.za Education Institution : Vaal Reefs Technical High Matriculated in : 1993 Subjects : Setswana : English : Afrikaans : Motor Mechanics : Technical Drawing : Mathematics : Physical Science Post School Qualifications  Introduction to computers [Certificate 2000]  A+ Certification [Certificate 2003  Security + [Certificate 2008]  Using Splunk and running Splunk queries [2010]  ITIL Foundation [to write exam]  COBIT [to complete]  TOGAF 9  CCSA [Checkpoint Certified System Administrator] [Certificate 2013]  CISSP (In Progress)  CEH (Exam still outstanding) Work Experience : 1998 to Present Batch and Networks Administrator [ 1997-2008] IT Security Specialist [ 2008 to present] Position IT Security Specialist Purpose of Role IT Security Specialist role focuses on the day-to-day security events monitoring, vulnerability assessment and providing advice on remediation/patching, monitoring of virus outbreaks and initiating a CERT where necessary, incident logging and Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
management, adherence to SOX controls [this includes daily and monthly signing of attestation registers for SOX compliancy], processes and procedures creation and continuous updating for ABSA/Barclays infrastructure. Making sure that we meet the set OLAs and SLAs with different departments and vendors. Continuous security risk awareness training for employees and management where necessary. IDS/IPS INTRUSION DETECTION/PREVENTION APPLIANCES EXPERIENCE • The systems below we use for monitoring network for malicious activities or policy violations, these produce real-time events on dashboards on the management station which the specialist/analyst then act upon, a daily, weekly and monthly report electronic reports can also be created for further analysis and investigation. IDS/IPS Experience  Tipping Point [IDS/IPS]  SourceFire [IDS/IPS]  FireEye  Snort [to some extent]  Thinkst Canary [Honeypot] VIRUS &MALWARE MONITORING • Antivirus and Malware detection tools i use for real-time monitoring of both Virus and Malware infections, these would include Trojans, Logic Bombs, Conficker worms and Polymorphic viruses, machines compromised by banking Trojans info stealers such as DRIDEX and ZEUS were also a priority. In case of a full outbreak a CERT team would be initiated to deal with the issue until contained or resolved satisfactorily. Where necessary virus or malware analysis would have performed. Antivirus Applications Experience  F-Secure Client Security  Microsoft Forefront Anti-virus  Symantec Enterprise Protection Anti-Virus  Malwarebytes Anti-Malware VUNERABILTY SCANNING AND PATCHING • Weekly/Monthly VA scans on the enterprise for missing security patches, once these are picked relevant system owners/custodians would be contacted and made aware of the security risk, these would then be patched remotely by WSUS or SCCM and in case of the remote patching is unsuccessful the patching would be done manually by the vendor. Patch and Vulnerability management process would be followed until all vulnerabilities are patched. Vulnerability Assessment and Scanners Tools Experience  MBSA Microsoft Baseline Security Analyzer  Qualys Guard Vulnerability Scanner  McAfee Vulnerability Scanner.  Nessus Vulnerability scanner Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
INCIDENT LOGGING AND MANAGEMENT • Incident logging and management process is followed were there’s and incident depending on the severity, these would be logged and management and other relevant stakeholders be made aware of such, once an incident is logged it will be continuously updated until completion, ones the services are affected applications are back online the incident would be resolved accordingly, post incident review would then be done and the knowledgebase updated were necessary. • For Major incident a MIM [Major Incident Management] call would be setup were relevant stakeholders are invited to a call and the outage be discussed this will include steps to be followed in remediation. In this case the Incident Management Process is also followed. Incident Logging and Management Tools Experience  Service Desk  Service Now  Co3 or Resilience System EMAIL MONITORING AND MANAGEMENT • As part of a security team any malicious downloaded applications, Microsoft documents with malicious macros enabled, virus, Trojans, phishing emails...etc. would be picked up and actioned, in instances were a user downloaded any of these malicious files the user would be directly contacted by the security team to offer assistance in deletion on the infected file, changing of and Domain passwords were applicable. Email Monitoring and management Tools Experience  Symantec Enterprise Vault [Email Archiving]  Mail Marshal  Bright mail PROXY WEB LOGS ANALYSIS • ISA and Bluecoat logs are also analyzed by using Splunk to pick up anomalies in the proxy traffic logs, these anomalies would include users trying or accessing company restricted sites... also included in the logs is known proxy avoidance tools and related domains.... in this case were users were in breach of company AUP [Acceptable Usage Policy] an HR process would be initiated. REMOTE ACCESS MONITORING • As part of a security team i would also monitor the remote access logs for Brute Force Attacks, whereby the threshold was 10 failed logins in less than 2 minutes, if this was picked up a suspect user would be contacted and made aware of the failed logins, if a user is aware then the incident would require no further action. Remote Access Applications Experience  Nortel VPN Client [two factor authentication with token]  TeamViewer  Microsoft Remote Access Desktop ENCRYPTION AND USB ACCESS RESTRICTION • As a security measure regarding the loss of company laptops the Hard disk is encrypted using PGP, this application would protect the company sensitive info in case the user laptop is lost Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
or stolen, for USB access we used Lumension which dramatically reduced the machine infections by means of an infected USB device. Encryption Applications and USB Access tools Experience  Microsoft BitLocker  PGP Whole Disk Encryption  Lumension Endpoint Security [USB access management tool] SOX and PCI DSS Compliant • This is a mandatory requirement whereby Security team gets audited by internal and external audit, i.e. this would be audits carried out by PWC and Ernest & Young. These audit from security team would be on firewalls, VRAS, Windows and TACACS. SLA, SOP and OLA Documentation • As part of ongoing security processes and procedures these would be reviewed annually and whenever there is a change in SOP or configuration in applications, OLA and SLA would then be agreed upon by the Vendor and different teams. EXTRA SECURITY RESEARCH • Part of being in a security team is to keep checks with sites like www.virustotal.com to check for suspected sites as being malicious, this would also include uploading HASH values or IP addresses of suspected C&C servers, this would in turn scan the site online and give results if a site is safe or not. - Also periodically will use www.ssllabs.com to check for misconfigured or unsecure SSL or TLS protocols, this can done remotely then be compared against the ratings to check specific sites SSL security strength. The site come in handy in picking up POODLE and HEARTBLEED vulnerabilities. Visrtualization Tools  VMWARE Workstation  Oracle Virtual Box  Microsoft Hyper-V OTHER SIEM TOOLS Experience  Splunk  IBM Q-RADAR  CA Security Command Centre [SCC]  Checkpoint SmartView Suite Data Loss Prevention Software Symantec Vontu Events Correlation and Firewall/Network Assurance Tools Experience  Archsight  Skybox Reason for wanting to leave: I need Self-development, new challenge and growth Reference: Mrs. Anthea Kruger (Manager) Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
0845880339 or 0827097638 Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
0845880339 or 0827097638 Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com

Recommended

Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint SecurityBurak DAYIOGLU
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
IDS Research
IDS ResearchIDS Research
IDS ResearchYehan Gunaratne
 

Recommended

Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint SecurityBurak DAYIOGLU
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
IDS Research
IDS ResearchIDS Research
IDS ResearchYehan Gunaratne
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementRedZone Technologies
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Quick Heal Technologies Ltd.
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
ProjectReport_Finalversion
ProjectReport_FinalversionProjectReport_Finalversion
ProjectReport_FinalversionMamoon Ismail Khalid
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Incident response
Incident responseIncident response
Incident responseJarno Niemela
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT InfomagnumARUN REDDY M
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Database Threats - Information System Security
Database Threats - Information System SecurityDatabase Threats - Information System Security
Database Threats - Information System Securitysandra sukarieh
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlSymantec
 
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 

More Related Content

What's hot

Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementRedZone Technologies
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Database Threats - Information System Security
Database Threats - Information System SecurityDatabase Threats - Information System Security
Database Threats - Information System Securitysandra sukarieh
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlSymantec
 
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte
 

What's hot (20)

Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
 
Incident response
Incident responseIncident response
Incident response
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
ProjectReport_Finalversion
ProjectReport_FinalversionProjectReport_Finalversion
ProjectReport_Finalversion
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Incident response
Incident responseIncident response
Incident response
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT Infomagnum
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Database Threats - Information System Security
Database Threats - Information System SecurityDatabase Threats - Information System Security
Database Threats - Information System Security
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device Control
 
Infocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte Mid-market Threat and Incident Response Report Webinar
Infocyte Mid-market Threat and Incident Response Report Webinar
 

Similar to Daddy Thwane. CV

Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Noel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel Alvior
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareDavid Sweigert
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Student NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxStudent NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxdeanmtaylor1545
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General InfoAnton Lishchuk
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
What goes into managed security services
What goes into managed security servicesWhat goes into managed security services
What goes into managed security servicesPhreedom Technologies
 

Similar to Daddy Thwane. CV (20)

Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
Search Inform DLP
Search Inform DLPSearch Inform DLP
Search Inform DLP
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Noel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CV
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Student NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxStudent NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docx
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General Info
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
What goes into managed security services
What goes into managed security servicesWhat goes into managed security services
What goes into managed security services
 

Daddy Thwane. CV

  • 1. 12a Widman Street 0824947952 Regents Park Ext13 Johannesburg South 2197 Personal Details Name: : Daddy Jonathan Thwane Gender : Male ID Number : 7207295609089 Languages : English, Afrikaans, Setswana, Zulu Drivers License : Code 08 Marital Status : Married Criminal Offences : None Nationality : South African Health : Excellent – None Smoker, none drinker Email: : daddy.thwane@gmail.com or jonathand@absa.co.za Education Institution : Vaal Reefs Technical High Matriculated in : 1993 Subjects : Setswana : English : Afrikaans : Motor Mechanics : Technical Drawing : Mathematics : Physical Science Post School Qualifications  Introduction to computers [Certificate 2000]  A+ Certification [Certificate 2003  Security + [Certificate 2008]  Using Splunk and running Splunk queries [2010]  ITIL Foundation [to write exam]  COBIT [to complete]  TOGAF 9  CCSA [Checkpoint Certified System Administrator] [Certificate 2013]  CISSP (In Progress)  CEH (Exam still outstanding) Work Experience : 1998 to Present Batch and Networks Administrator [ 1997-2008] IT Security Specialist [ 2008 to present] Position IT Security Specialist Purpose of Role IT Security Specialist role focuses on the day-to-day security events monitoring, vulnerability assessment and providing advice on remediation/patching, monitoring of virus outbreaks and initiating a CERT where necessary, incident logging and Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
  • 2. management, adherence to SOX controls [this includes daily and monthly signing of attestation registers for SOX compliancy], processes and procedures creation and continuous updating for ABSA/Barclays infrastructure. Making sure that we meet the set OLAs and SLAs with different departments and vendors. Continuous security risk awareness training for employees and management where necessary. IDS/IPS INTRUSION DETECTION/PREVENTION APPLIANCES EXPERIENCE • The systems below we use for monitoring network for malicious activities or policy violations, these produce real-time events on dashboards on the management station which the specialist/analyst then act upon, a daily, weekly and monthly report electronic reports can also be created for further analysis and investigation. IDS/IPS Experience  Tipping Point [IDS/IPS]  SourceFire [IDS/IPS]  FireEye  Snort [to some extent]  Thinkst Canary [Honeypot] VIRUS &MALWARE MONITORING • Antivirus and Malware detection tools i use for real-time monitoring of both Virus and Malware infections, these would include Trojans, Logic Bombs, Conficker worms and Polymorphic viruses, machines compromised by banking Trojans info stealers such as DRIDEX and ZEUS were also a priority. In case of a full outbreak a CERT team would be initiated to deal with the issue until contained or resolved satisfactorily. Where necessary virus or malware analysis would have performed. Antivirus Applications Experience  F-Secure Client Security  Microsoft Forefront Anti-virus  Symantec Enterprise Protection Anti-Virus  Malwarebytes Anti-Malware VUNERABILTY SCANNING AND PATCHING • Weekly/Monthly VA scans on the enterprise for missing security patches, once these are picked relevant system owners/custodians would be contacted and made aware of the security risk, these would then be patched remotely by WSUS or SCCM and in case of the remote patching is unsuccessful the patching would be done manually by the vendor. Patch and Vulnerability management process would be followed until all vulnerabilities are patched. Vulnerability Assessment and Scanners Tools Experience  MBSA Microsoft Baseline Security Analyzer  Qualys Guard Vulnerability Scanner  McAfee Vulnerability Scanner.  Nessus Vulnerability scanner Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
  • 3. INCIDENT LOGGING AND MANAGEMENT • Incident logging and management process is followed were there’s and incident depending on the severity, these would be logged and management and other relevant stakeholders be made aware of such, once an incident is logged it will be continuously updated until completion, ones the services are affected applications are back online the incident would be resolved accordingly, post incident review would then be done and the knowledgebase updated were necessary. • For Major incident a MIM [Major Incident Management] call would be setup were relevant stakeholders are invited to a call and the outage be discussed this will include steps to be followed in remediation. In this case the Incident Management Process is also followed. Incident Logging and Management Tools Experience  Service Desk  Service Now  Co3 or Resilience System EMAIL MONITORING AND MANAGEMENT • As part of a security team any malicious downloaded applications, Microsoft documents with malicious macros enabled, virus, Trojans, phishing emails...etc. would be picked up and actioned, in instances were a user downloaded any of these malicious files the user would be directly contacted by the security team to offer assistance in deletion on the infected file, changing of and Domain passwords were applicable. Email Monitoring and management Tools Experience  Symantec Enterprise Vault [Email Archiving]  Mail Marshal  Bright mail PROXY WEB LOGS ANALYSIS • ISA and Bluecoat logs are also analyzed by using Splunk to pick up anomalies in the proxy traffic logs, these anomalies would include users trying or accessing company restricted sites... also included in the logs is known proxy avoidance tools and related domains.... in this case were users were in breach of company AUP [Acceptable Usage Policy] an HR process would be initiated. REMOTE ACCESS MONITORING • As part of a security team i would also monitor the remote access logs for Brute Force Attacks, whereby the threshold was 10 failed logins in less than 2 minutes, if this was picked up a suspect user would be contacted and made aware of the failed logins, if a user is aware then the incident would require no further action. Remote Access Applications Experience  Nortel VPN Client [two factor authentication with token]  TeamViewer  Microsoft Remote Access Desktop ENCRYPTION AND USB ACCESS RESTRICTION • As a security measure regarding the loss of company laptops the Hard disk is encrypted using PGP, this application would protect the company sensitive info in case the user laptop is lost Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
  • 4. or stolen, for USB access we used Lumension which dramatically reduced the machine infections by means of an infected USB device. Encryption Applications and USB Access tools Experience  Microsoft BitLocker  PGP Whole Disk Encryption  Lumension Endpoint Security [USB access management tool] SOX and PCI DSS Compliant • This is a mandatory requirement whereby Security team gets audited by internal and external audit, i.e. this would be audits carried out by PWC and Ernest & Young. These audit from security team would be on firewalls, VRAS, Windows and TACACS. SLA, SOP and OLA Documentation • As part of ongoing security processes and procedures these would be reviewed annually and whenever there is a change in SOP or configuration in applications, OLA and SLA would then be agreed upon by the Vendor and different teams. EXTRA SECURITY RESEARCH • Part of being in a security team is to keep checks with sites like www.virustotal.com to check for suspected sites as being malicious, this would also include uploading HASH values or IP addresses of suspected C&C servers, this would in turn scan the site online and give results if a site is safe or not. - Also periodically will use www.ssllabs.com to check for misconfigured or unsecure SSL or TLS protocols, this can done remotely then be compared against the ratings to check specific sites SSL security strength. The site come in handy in picking up POODLE and HEARTBLEED vulnerabilities. Visrtualization Tools  VMWARE Workstation  Oracle Virtual Box  Microsoft Hyper-V OTHER SIEM TOOLS Experience  Splunk  IBM Q-RADAR  CA Security Command Centre [SCC]  Checkpoint SmartView Suite Data Loss Prevention Software Symantec Vontu Events Correlation and Firewall/Network Assurance Tools Experience  Archsight  Skybox Reason for wanting to leave: I need Self-development, new challenge and growth Reference: Mrs. Anthea Kruger (Manager) Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
  • 5. 0845880339 or 0827097638 Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com
  • 6. 0845880339 or 0827097638 Daddy Jonathan Thwane 0824947952 daddy.thwane@gmail.com