1. 12a Widman Street 0824947952
Regents Park Ext13
Johannesburg South
2197
Personal Details
Name: : Daddy Jonathan Thwane
Gender : Male
ID Number : 7207295609089
Languages : English, Afrikaans, Setswana, Zulu
Drivers License : Code 08
Marital Status : Married
Criminal Offences : None
Nationality : South African
Health : Excellent – None Smoker, none drinker
Email: : daddy.thwane@gmail.com or jonathand@absa.co.za
Education
Institution : Vaal Reefs Technical High
Matriculated in : 1993
Subjects : Setswana
: English
: Afrikaans
: Motor Mechanics
: Technical Drawing
: Mathematics
: Physical Science
Post School Qualifications
Introduction to computers [Certificate 2000]
A+ Certification [Certificate 2003
Security + [Certificate 2008]
Using Splunk and running Splunk queries [2010]
ITIL Foundation [to write exam]
COBIT [to complete]
TOGAF 9
CCSA [Checkpoint Certified System Administrator] [Certificate 2013]
CISSP (In Progress)
CEH (Exam still outstanding)
Work Experience : 1998 to Present
Batch and Networks Administrator [ 1997-2008]
IT Security Specialist [ 2008 to present]
Position IT Security Specialist
Purpose of Role IT Security Specialist role focuses on the day-to-day security events monitoring,
vulnerability assessment and providing advice on remediation/patching, monitoring of
virus outbreaks and initiating a CERT where necessary, incident logging and
Daddy Jonathan Thwane
0824947952
daddy.thwane@gmail.com
2. management, adherence to SOX controls [this includes daily and monthly signing of
attestation registers for SOX compliancy], processes and procedures creation and
continuous updating for ABSA/Barclays infrastructure. Making sure that we meet the
set OLAs and SLAs with different departments and vendors. Continuous security risk
awareness training for employees and management where necessary.
IDS/IPS INTRUSION DETECTION/PREVENTION APPLIANCES EXPERIENCE
• The systems below we use for monitoring network for malicious activities or policy violations,
these produce real-time events on dashboards on the management station which the
specialist/analyst then act upon, a daily, weekly and monthly report electronic reports can
also be created for further analysis and investigation.
IDS/IPS Experience
Tipping Point [IDS/IPS]
SourceFire [IDS/IPS]
FireEye
Snort [to some extent]
Thinkst Canary [Honeypot]
VIRUS &MALWARE MONITORING
• Antivirus and Malware detection tools i use for real-time monitoring of both Virus and
Malware infections, these would include Trojans, Logic Bombs, Conficker worms and
Polymorphic viruses, machines compromised by banking Trojans info stealers such as DRIDEX
and ZEUS were also a priority. In case of a full outbreak a CERT team would be initiated to deal
with the issue until contained or resolved satisfactorily. Where necessary virus or malware
analysis would have performed.
Antivirus Applications Experience
F-Secure Client Security
Microsoft Forefront Anti-virus
Symantec Enterprise Protection Anti-Virus
Malwarebytes Anti-Malware
VUNERABILTY SCANNING AND PATCHING
• Weekly/Monthly VA scans on the enterprise for missing security patches, once these
are picked relevant system owners/custodians would
be contacted and made aware of the security risk, these would then be patched
remotely by WSUS or SCCM and in case of the
remote patching is unsuccessful the patching would be done manually by the vendor.
Patch and Vulnerability management process would be
followed until all vulnerabilities are patched.
Vulnerability Assessment and Scanners Tools Experience
MBSA Microsoft Baseline Security Analyzer
Qualys Guard Vulnerability Scanner
McAfee Vulnerability Scanner.
Nessus Vulnerability scanner
Daddy Jonathan Thwane
0824947952
daddy.thwane@gmail.com
3. INCIDENT LOGGING AND MANAGEMENT
• Incident logging and management process is followed were there’s and incident depending on
the severity, these would be logged and management and other relevant stakeholders be
made aware of such, once an incident is logged it will be continuously updated until
completion, ones the services are affected applications are back online the incident would be
resolved accordingly, post incident review would then be done and the knowledgebase
updated were necessary.
• For Major incident a MIM [Major Incident Management] call would be setup were relevant
stakeholders are invited to a call and the outage be discussed this will include steps to be
followed in remediation. In this case the Incident Management Process is also followed.
Incident Logging and Management Tools Experience
Service Desk
Service Now
Co3 or Resilience System
EMAIL MONITORING AND MANAGEMENT
• As part of a security team any malicious downloaded applications, Microsoft documents with
malicious macros enabled, virus, Trojans, phishing emails...etc. would be picked up and
actioned, in instances were a user downloaded any of these malicious files the user would be
directly contacted by the security team to offer assistance in deletion on the infected file,
changing of and Domain passwords were applicable.
Email Monitoring and management Tools Experience
Symantec Enterprise Vault [Email Archiving]
Mail Marshal
Bright mail
PROXY WEB LOGS ANALYSIS
• ISA and Bluecoat logs are also analyzed by using Splunk to pick up anomalies in the proxy
traffic logs, these anomalies would include users trying or accessing company restricted sites...
also included in the logs is known proxy avoidance tools and related domains.... in this case
were users were in breach of company AUP [Acceptable Usage Policy] an HR process would be
initiated.
REMOTE ACCESS MONITORING
• As part of a security team i would also monitor the remote access logs for Brute Force Attacks,
whereby the threshold was 10 failed logins in less than 2 minutes, if this was picked up a
suspect user would be contacted and made aware of the failed logins, if a user is aware then
the incident would require no further action.
Remote Access Applications Experience
Nortel VPN Client [two factor authentication with token]
TeamViewer
Microsoft Remote Access Desktop
ENCRYPTION AND USB ACCESS RESTRICTION
• As a security measure regarding the loss of company laptops the Hard disk is encrypted using
PGP, this application would protect the company sensitive info in case the user laptop is lost
Daddy Jonathan Thwane
0824947952
daddy.thwane@gmail.com
4. or stolen, for USB access we used Lumension which dramatically reduced the machine
infections by means of an infected USB device.
Encryption Applications and USB Access tools Experience
Microsoft BitLocker
PGP Whole Disk Encryption
Lumension Endpoint Security [USB access management tool]
SOX and PCI DSS Compliant
• This is a mandatory requirement whereby Security team gets audited by internal and external
audit, i.e. this would be audits carried out by PWC and Ernest & Young. These audit from
security team would be on firewalls, VRAS, Windows and TACACS.
SLA, SOP and OLA Documentation
• As part of ongoing security processes and procedures these would be reviewed annually and
whenever there is a change in SOP or configuration in applications, OLA and SLA would then
be agreed upon by the Vendor and different teams.
EXTRA SECURITY RESEARCH
• Part of being in a security team is to keep checks with sites like www.virustotal.com to check
for suspected sites as being malicious, this would also include uploading HASH values or IP
addresses of suspected C&C servers, this would in turn scan the site online and give results if
a site is safe or not. - Also periodically will use www.ssllabs.com to check for misconfigured or
unsecure SSL or TLS protocols, this can done remotely then be compared against the ratings
to check specific sites SSL security strength. The site come in handy in picking up POODLE and
HEARTBLEED vulnerabilities.
Visrtualization Tools
VMWARE Workstation
Oracle Virtual Box
Microsoft Hyper-V
OTHER SIEM TOOLS Experience
Splunk
IBM Q-RADAR
CA Security Command Centre [SCC]
Checkpoint SmartView Suite
Data Loss Prevention Software
Symantec Vontu
Events Correlation and Firewall/Network Assurance Tools Experience
Archsight
Skybox
Reason for wanting to leave: I need Self-development, new challenge and
growth
Reference: Mrs. Anthea Kruger (Manager)
Daddy Jonathan Thwane
0824947952
daddy.thwane@gmail.com