1. Silviu Trofimov (CISA, CISSP)
Farmington, CT, 06032 ph: 860 626 9865 / email:strofimov@gmail.com
Information Security Architecture, Data Protection and Network Security
Accomplished Information Systems security professional with outstanding relationship and project
management skills. Demonstrated expertise in research, development, implementation and audit of:
Identity /Privileged Access Management (IAM/PIM), Network and Application Firewalls (NG-FW),
cryptographic-based trust /assurance models (PKI/SSO), integrated application and data leakage
protection programs.
• Security Architecture Methodology • Information Security (IS) Strategy • Application / Cyber Security
• Identity and Access Management • IS Management and Operations • Next Generation Network Security
• Privilege Identity Management • Risk Remediation and Controls • Business and Security Analysis
• Role-Based Access Control • Policy and Regulatory Compliance • Project Management
• Security Architecture: designed and implemented IS solutions using Sherwood Applied BSA
(SABSA), Zachman, Capability Maturity Model (SSE-CMM), VeriSign SAR, Computer
Associates (CA) methodology (SAO/SAS); UML/BPML.
• Privileged Identity / Access Management: strategically analyzed, realigned and implemented
policies, procedures, standards, processes and workflows for on-boarding, off-boarding and
cross-boarding, access role engineering, authentication assurance modeling and implementation.
• Security / Network Operations Center: planned, designed and implemented L2/L3
converged network infrastructure, physical and logical controls, zone segmentation, n-scalable
one-arm firewalls and packet / stream inspection.
• Cryptography: researched, implemented and optimize cryptographic controls (encryption and
digital signature) for securing data at rest (storage, RDBMS, z/OS ICSF) and in transit.
• Data Protection and Application Security: implemented and operationalized geographically
distributed data protection framework: data classification / labelling enforcement, distributed
DLP (DIT and DAR), remediation and escalation process; designed and implemented integrated
application security
TECHNICAL SKILLS
• IdM: CA *Minder Suite, Centrify • Federation: PingId, CA, Opensaml • Malware: FireEye
• Dir: LDAP(S)/ AD and X.500 • NIDS: SourceFire, Juniper, PAN • NAC: ForeScout, IVE/Juniper
• PIM: Cyber-Ark, e-DMZ Security • DLP: Symantec, Varonis, Orchestria • FWMgm: SkyBox
• PKI: RSA/Keon, Entrust/PKI,
VeriSign/MPKI, MS/CA, Openssl
• NGFW: Palo Alto (PAN), Juniper
(SRX/NS), CP (FW-1), Cisco (ASA)
• RDBMS: IBM/Guardium,
AppSecInc/DBProtect
EDUCATION
GRC, UNIVERSITY OF SUSSEX, East Sussex, UK 1998
PhD
UNIVERSITY OF TRANSILVANIA, Romania 1993
MSc (Eng)
‘MIRCEA CEL BATRÂN’ NATIONAL COLLEGE, Romania 1986
Baccalaureate
Page 1 of 3
2. Silviu Trofimov (CISA, CISSP)
EXPERIENCE
ROYAL BANK OF SCOTLAND (RBS), STAMFORD, CT Oct 2012 – Dec 2016
Sr Security Analyst
Reporting to the Information Security Project and Engineering Head, the position supported the
specialized analysis, design and implementation needs of the C&IB US, UK and SG InfoSec teams.
•Access Management –lifecycle controls mitigation for user and system identities, authentication,
authorization and accounting (AAA), Privilege Identity Management (PIM) – Cyber-Ark / EPV,
PACLI, and Centrify, resulting in enhanced controls resilience and closure of material RIs.
•Network Security – addressed critical security and reporting regulatory requirements: solution
design for centralized firewall management rule-base recertification process (SkyBox); port controls
with Network Access Control (802.1x and lite - ForeScout / CounterAct); network segmentation
lockdown process (Check-Point/R77).
•Database Security – elevated critical database security posture by researching, analyzing, selecting
and validating the RDBMS VM vulnerability and compliance scanning and reporting tools: IBM /
Guardium, AppSecInc / DBProtect and Secunia / Advisory; and materially enhanced the lifecycle
management of privileged RDBMS accounts (Oracle, Sybase, MS-SQL) using Cyber-Ark PIM.
•Data / Leakage Protection – implemented geographically distributed data protection program (at
rest, and in transit), enforcement of data classification labeling / infrastructure, and remedial process
for global DLP program (Symantec Vontu, CA Orchestria, Titus and Boldon James Classifier).
INTEGRALIS, HARTFORD, CT 2010 - 2012
Security Architect
Network and Application security consulting and implementation projects within the ProServ group.
Designed and implemented next-generation and virtualized network infrastructure (L2, L3, remote
access, network segmentation, Network / Federation – SAML, IF-MAP, WS-Sec), Privileged
Identity Management with Enhanced Authentication Assurance Levels (SCM/X.509, OTP/RSA),
Identity Firewalls (Cisco ASA / Juniper SRX & NetScreen), and NAC (IVE) solutions.
GOV. OF ONTARIO / MINISTRY OF GOV. SERVICES, CANADA 2009-2010
Senior IAM Security Specialist
Implemented the IAM strategy in the Ontario Government: Centrify, Entrust, RSA, and PIM Cyber-
Ark solution validation / design.
Responsibilities: business analysis / modeling for IAM, ABCP / DR specialist for the Entrust
infrastructure DR Project, architecture blueprinting and review, consulting in PIM, PKI, RACF,
federation (SAML , WS-Security) and directory services (X.500).
SYMCOR, MISSISSAUGA, CANADA 2007-2009
Security Architect
Reporting directly to the CISO, the position provided IAM, PIM and IT security / risk management
strategic support for the largest item / statement processing organization in Canada.
Responsibilities: leadership, coordination and communication of security strategy and roadmap,
governance-based risk management methodology, capability maturity / KPI reporting for core
Enterprise functions: IAM/ PIM, SIEM and Security Architecture (SDLC gating with SPARX/EA).
Projects: IAM / PIM requirements gathering and analysis, policy recommendation (internal and
external), role-based provisioning (SDLC), IT Security Roadmap and annual Security Plans, storage
security (SunMicro KMS), C/S (PGP, Utimaco/SG), specialized audit support for PCI-DSS.
Page 2 of 3
3. Silviu Trofimov (CISA, CISSP)
COMPUTER ASSOCIATES (CA), FRAMINGHAM, MA 2006-2007
Security Architect / IAM Practice
Reporting to the VP of IAM practice / North America, the position supported client architecture
integration process for the implementation of IAM solution offered by CA (eTrust suite /*Minder).
Responsibilities: provision of rapid solution architecture (SAO/SAS), security assessments (capability
maturity modeling within Integrated IT Flows), business case, roadmap, and project planning.
Projects: AAA Framework for top-tier US wireless operator, SAP NetWeaver –SiteMinder
integration for Canadian network operator, Federation Services (SiteMinder and PingIdentity) for
mobile phone operators / service provider networks. CA Trainer for CA eTrust and SAML.
VERISIGN CANADA / SOLTRUS, TORONTO, CANADA 2001-2006
Chief Security Architect
Reporting to VP Technology and Professional Services, the position provided consulting and
architecture leadership for the VeriSign Canadian operations.
• Managed Soltrus consulting practice and security consulting framework (“Network Wellness”
program), acting as principal for requirements gathering, solution design, planning and project
execution for PKI/PMI, directories, network security and integration.
• Directed the Security Infrastructure division of Soltrus through its transition from CIBC-
VeriSign unit: data center relocation and security enhancements for the multi-tiered SOC
infrastructure; developed, implemented and tested the DR plans for VeriSign MPKI operations.
1998-2001
Senior Security Consultant, Deloitte & Touche LLP / SeB, Toronto, Canada
Global Security Analyst, Celestica, Global IT eBusiness Group, Toronto, Canada
CERTIFICATIONS
Palo Alto Networks (ACE) 2012
Juniper Networks Certified Internet Specialist / Professional (JNCIS-SEC, JNCIP-SEC) 2012
Juniper Networks Technical Master, Authorized Design Specialist, Net Advanced Infra, Net Advanced
Security, JNCIS-ER, JNCIA-ER, JNCIS-SSL, JNCIA-SSL, JNCIS-AC, JNCIA-EX 2011
IBM Tivoli ISS Tech Advisor / Pre-Sale Specialist 2010
ABCP / DRII (Disaster Recovery Institute) 2010
K-Learning PMP (Project Management Professional) Certification 2010
Inquestra Business Systems Analyst Certification 2009/2010
CA Architect Academy (Certified CA Architect) 2006 / 2007
CA SiteMinder / IdMinder /eTrust (TopGun Certification and Trainer) 2006
Sun IdM (Certified in Sun Microsystems WaveSet Lighthouse Administration / Implementation) 2004
ISC2
/CISSP (Certified Information Security Systems Professional) 2002
VCA/VCE (VeriSign Certified Administrator / Engineer, VeriSign OnSite / MPKI) 2001
ECRA / ECRE (Entrust / PKI Management, trust models and directory integration) 2001
ISACA/CISA (Membership / Certification) 2001/2005
CCSA/CCSE (CheckPoint Certified System Administrator / Engineer Certified) 1999
AWARDS AND HONORS
Top CISA exam writer, Toronto Chapter 2002
Wolfson Scholarship, UK (4 years) 1994
Page 3 of 3