SlideShare a Scribd company logo

Resume_STrofimov

Download as DOC, PDF
S
Silviu Trofimov
1 of 3
Silviu Trofimov (CISA, CISSP) Farmington, CT, 06032 ph: 860 626 9865 / email:strofimov@gmail.com Information Security Architecture, Data Protection and Network Security Accomplished Information Systems security professional with outstanding relationship and project management skills. Demonstrated expertise in research, development, implementation and audit of: Identity /Privileged Access Management (IAM/PIM), Network and Application Firewalls (NG-FW), cryptographic-based trust /assurance models (PKI/SSO), integrated application and data leakage protection programs. • Security Architecture Methodology • Information Security (IS) Strategy • Application / Cyber Security • Identity and Access Management • IS Management and Operations • Next Generation Network Security • Privilege Identity Management • Risk Remediation and Controls • Business and Security Analysis • Role-Based Access Control • Policy and Regulatory Compliance • Project Management • Security Architecture: designed and implemented IS solutions using Sherwood Applied BSA (SABSA), Zachman, Capability Maturity Model (SSE-CMM), VeriSign SAR, Computer Associates (CA) methodology (SAO/SAS); UML/BPML. • Privileged Identity / Access Management: strategically analyzed, realigned and implemented policies, procedures, standards, processes and workflows for on-boarding, off-boarding and cross-boarding, access role engineering, authentication assurance modeling and implementation. • Security / Network Operations Center: planned, designed and implemented L2/L3 converged network infrastructure, physical and logical controls, zone segmentation, n-scalable one-arm firewalls and packet / stream inspection. • Cryptography: researched, implemented and optimize cryptographic controls (encryption and digital signature) for securing data at rest (storage, RDBMS, z/OS ICSF) and in transit. • Data Protection and Application Security: implemented and operationalized geographically distributed data protection framework: data classification / labelling enforcement, distributed DLP (DIT and DAR), remediation and escalation process; designed and implemented integrated application security TECHNICAL SKILLS • IdM: CA *Minder Suite, Centrify • Federation: PingId, CA, Opensaml • Malware: FireEye • Dir: LDAP(S)/ AD and X.500 • NIDS: SourceFire, Juniper, PAN • NAC: ForeScout, IVE/Juniper • PIM: Cyber-Ark, e-DMZ Security • DLP: Symantec, Varonis, Orchestria • FWMgm: SkyBox • PKI: RSA/Keon, Entrust/PKI, VeriSign/MPKI, MS/CA, Openssl • NGFW: Palo Alto (PAN), Juniper (SRX/NS), CP (FW-1), Cisco (ASA) • RDBMS: IBM/Guardium, AppSecInc/DBProtect EDUCATION GRC, UNIVERSITY OF SUSSEX, East Sussex, UK 1998 PhD UNIVERSITY OF TRANSILVANIA, Romania 1993 MSc (Eng) ‘MIRCEA CEL BATRÂN’ NATIONAL COLLEGE, Romania 1986 Baccalaureate Page 1 of 3
Silviu Trofimov (CISA, CISSP) EXPERIENCE ROYAL BANK OF SCOTLAND (RBS), STAMFORD, CT Oct 2012 – Dec 2016 Sr Security Analyst Reporting to the Information Security Project and Engineering Head, the position supported the specialized analysis, design and implementation needs of the C&IB US, UK and SG InfoSec teams. •Access Management –lifecycle controls mitigation for user and system identities, authentication, authorization and accounting (AAA), Privilege Identity Management (PIM) – Cyber-Ark / EPV, PACLI, and Centrify, resulting in enhanced controls resilience and closure of material RIs. •Network Security – addressed critical security and reporting regulatory requirements: solution design for centralized firewall management rule-base recertification process (SkyBox); port controls with Network Access Control (802.1x and lite - ForeScout / CounterAct); network segmentation lockdown process (Check-Point/R77). •Database Security – elevated critical database security posture by researching, analyzing, selecting and validating the RDBMS VM vulnerability and compliance scanning and reporting tools: IBM / Guardium, AppSecInc / DBProtect and Secunia / Advisory; and materially enhanced the lifecycle management of privileged RDBMS accounts (Oracle, Sybase, MS-SQL) using Cyber-Ark PIM. •Data / Leakage Protection – implemented geographically distributed data protection program (at rest, and in transit), enforcement of data classification labeling / infrastructure, and remedial process for global DLP program (Symantec Vontu, CA Orchestria, Titus and Boldon James Classifier). INTEGRALIS, HARTFORD, CT 2010 - 2012 Security Architect Network and Application security consulting and implementation projects within the ProServ group. Designed and implemented next-generation and virtualized network infrastructure (L2, L3, remote access, network segmentation, Network / Federation – SAML, IF-MAP, WS-Sec), Privileged Identity Management with Enhanced Authentication Assurance Levels (SCM/X.509, OTP/RSA), Identity Firewalls (Cisco ASA / Juniper SRX & NetScreen), and NAC (IVE) solutions. GOV. OF ONTARIO / MINISTRY OF GOV. SERVICES, CANADA 2009-2010 Senior IAM Security Specialist Implemented the IAM strategy in the Ontario Government: Centrify, Entrust, RSA, and PIM Cyber- Ark solution validation / design. Responsibilities: business analysis / modeling for IAM, ABCP / DR specialist for the Entrust infrastructure DR Project, architecture blueprinting and review, consulting in PIM, PKI, RACF, federation (SAML , WS-Security) and directory services (X.500). SYMCOR, MISSISSAUGA, CANADA 2007-2009 Security Architect Reporting directly to the CISO, the position provided IAM, PIM and IT security / risk management strategic support for the largest item / statement processing organization in Canada. Responsibilities: leadership, coordination and communication of security strategy and roadmap, governance-based risk management methodology, capability maturity / KPI reporting for core Enterprise functions: IAM/ PIM, SIEM and Security Architecture (SDLC gating with SPARX/EA). Projects: IAM / PIM requirements gathering and analysis, policy recommendation (internal and external), role-based provisioning (SDLC), IT Security Roadmap and annual Security Plans, storage security (SunMicro KMS), C/S (PGP, Utimaco/SG), specialized audit support for PCI-DSS. Page 2 of 3
Silviu Trofimov (CISA, CISSP) COMPUTER ASSOCIATES (CA), FRAMINGHAM, MA 2006-2007 Security Architect / IAM Practice Reporting to the VP of IAM practice / North America, the position supported client architecture integration process for the implementation of IAM solution offered by CA (eTrust suite /*Minder). Responsibilities: provision of rapid solution architecture (SAO/SAS), security assessments (capability maturity modeling within Integrated IT Flows), business case, roadmap, and project planning. Projects: AAA Framework for top-tier US wireless operator, SAP NetWeaver –SiteMinder integration for Canadian network operator, Federation Services (SiteMinder and PingIdentity) for mobile phone operators / service provider networks. CA Trainer for CA eTrust and SAML. VERISIGN CANADA / SOLTRUS, TORONTO, CANADA 2001-2006 Chief Security Architect Reporting to VP Technology and Professional Services, the position provided consulting and architecture leadership for the VeriSign Canadian operations. • Managed Soltrus consulting practice and security consulting framework (“Network Wellness” program), acting as principal for requirements gathering, solution design, planning and project execution for PKI/PMI, directories, network security and integration. • Directed the Security Infrastructure division of Soltrus through its transition from CIBC- VeriSign unit: data center relocation and security enhancements for the multi-tiered SOC infrastructure; developed, implemented and tested the DR plans for VeriSign MPKI operations. 1998-2001 Senior Security Consultant, Deloitte & Touche LLP / SeB, Toronto, Canada Global Security Analyst, Celestica, Global IT eBusiness Group, Toronto, Canada CERTIFICATIONS Palo Alto Networks (ACE) 2012 Juniper Networks Certified Internet Specialist / Professional (JNCIS-SEC, JNCIP-SEC) 2012 Juniper Networks Technical Master, Authorized Design Specialist, Net Advanced Infra, Net Advanced Security, JNCIS-ER, JNCIA-ER, JNCIS-SSL, JNCIA-SSL, JNCIS-AC, JNCIA-EX 2011 IBM Tivoli ISS Tech Advisor / Pre-Sale Specialist 2010 ABCP / DRII (Disaster Recovery Institute) 2010 K-Learning PMP (Project Management Professional) Certification 2010 Inquestra Business Systems Analyst Certification 2009/2010 CA Architect Academy (Certified CA Architect) 2006 / 2007 CA SiteMinder / IdMinder /eTrust (TopGun Certification and Trainer) 2006 Sun IdM (Certified in Sun Microsystems WaveSet Lighthouse Administration / Implementation) 2004 ISC2 /CISSP (Certified Information Security Systems Professional) 2002 VCA/VCE (VeriSign Certified Administrator / Engineer, VeriSign OnSite / MPKI) 2001 ECRA / ECRE (Entrust / PKI Management, trust models and directory integration) 2001 ISACA/CISA (Membership / Certification) 2001/2005 CCSA/CCSE (CheckPoint Certified System Administrator / Engineer Certified) 1999 AWARDS AND HONORS Top CISA exam writer, Toronto Chapter 2002 Wolfson Scholarship, UK (4 years) 1994 Page 3 of 3

Recommended

Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek Mezack
 
Prakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Ahmed
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsAxway
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 

Recommended

Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek Mezack
 
Prakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Ahmed
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsAxway
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 
Resume
ResumeResume
Resumemanean.kvs manean.kvs
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
Pramod Yadav_Security Operations Center Manager
Pramod Yadav_Security Operations Center ManagerPramod Yadav_Security Operations Center Manager
Pramod Yadav_Security Operations Center ManagerPramod Yadav
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...CA Technologies
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
how to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionhow to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionSantosh Satam
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Amy Nicewick, CISSP, CCSP, CEH
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyOlivier Busolini
 

More Related Content

What's hot

Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
Pramod Yadav_Security Operations Center Manager
Pramod Yadav_Security Operations Center ManagerPramod Yadav_Security Operations Center Manager
Pramod Yadav_Security Operations Center ManagerPramod Yadav
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...CA Technologies
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
how to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionhow to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionSantosh Satam
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 

What's hot (20)

Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
 
Resume
ResumeResume
Resume
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Pramod Yadav_Security Operations Center Manager
Pramod Yadav_Security Operations Center ManagerPramod Yadav_Security Operations Center Manager
Pramod Yadav_Security Operations Center Manager
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security Architecture
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
how to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionhow to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distribution
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_ds
 

Similar to Resume_STrofimov

Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyOlivier Busolini
 
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...InfosecTrain Education
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Steve Markey
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016Adel Zayed
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015mmarange
 
Abhishek-New (1)
Abhishek-New (1)Abhishek-New (1)
Abhishek-New (1)Abhishek Sa
 
TIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_SecurityTIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_Securitycarl yu
 
Jain_Navya_resume
Jain_Navya_resumeJain_Navya_resume
Jain_Navya_resumeNavya Jain
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 

Similar to Resume_STrofimov (20)

Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journey
 
Scott A Boggs
Scott A BoggsScott A Boggs
Scott A Boggs
 
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
 
Dr. Charles Pak
Dr. Charles PakDr. Charles Pak
Dr. Charles Pak
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
 
Muhammad.AlSalman2016v1
Muhammad.AlSalman2016v1Muhammad.AlSalman2016v1
Muhammad.AlSalman2016v1
 
Xaas infotech (2)
Xaas infotech (2)Xaas infotech (2)
Xaas infotech (2)
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016
 
resume IT security
resume IT securityresume IT security
resume IT security
 
Latest_Resume
Latest_ResumeLatest_Resume
Latest_Resume
 
Manoj Kumar_CA
Manoj Kumar_CAManoj Kumar_CA
Manoj Kumar_CA
 
Terrance A. 10.20.15
Terrance A. 10.20.15Terrance A. 10.20.15
Terrance A. 10.20.15
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
Abhishek-New (1)
Abhishek-New (1)Abhishek-New (1)
Abhishek-New (1)
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
 
TIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_SecurityTIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_Security
 
Jain_Navya_resume
Jain_Navya_resumeJain_Navya_resume
Jain_Navya_resume
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 

Resume_STrofimov

  • 1. Silviu Trofimov (CISA, CISSP) Farmington, CT, 06032 ph: 860 626 9865 / email:strofimov@gmail.com Information Security Architecture, Data Protection and Network Security Accomplished Information Systems security professional with outstanding relationship and project management skills. Demonstrated expertise in research, development, implementation and audit of: Identity /Privileged Access Management (IAM/PIM), Network and Application Firewalls (NG-FW), cryptographic-based trust /assurance models (PKI/SSO), integrated application and data leakage protection programs. • Security Architecture Methodology • Information Security (IS) Strategy • Application / Cyber Security • Identity and Access Management • IS Management and Operations • Next Generation Network Security • Privilege Identity Management • Risk Remediation and Controls • Business and Security Analysis • Role-Based Access Control • Policy and Regulatory Compliance • Project Management • Security Architecture: designed and implemented IS solutions using Sherwood Applied BSA (SABSA), Zachman, Capability Maturity Model (SSE-CMM), VeriSign SAR, Computer Associates (CA) methodology (SAO/SAS); UML/BPML. • Privileged Identity / Access Management: strategically analyzed, realigned and implemented policies, procedures, standards, processes and workflows for on-boarding, off-boarding and cross-boarding, access role engineering, authentication assurance modeling and implementation. • Security / Network Operations Center: planned, designed and implemented L2/L3 converged network infrastructure, physical and logical controls, zone segmentation, n-scalable one-arm firewalls and packet / stream inspection. • Cryptography: researched, implemented and optimize cryptographic controls (encryption and digital signature) for securing data at rest (storage, RDBMS, z/OS ICSF) and in transit. • Data Protection and Application Security: implemented and operationalized geographically distributed data protection framework: data classification / labelling enforcement, distributed DLP (DIT and DAR), remediation and escalation process; designed and implemented integrated application security TECHNICAL SKILLS • IdM: CA *Minder Suite, Centrify • Federation: PingId, CA, Opensaml • Malware: FireEye • Dir: LDAP(S)/ AD and X.500 • NIDS: SourceFire, Juniper, PAN • NAC: ForeScout, IVE/Juniper • PIM: Cyber-Ark, e-DMZ Security • DLP: Symantec, Varonis, Orchestria • FWMgm: SkyBox • PKI: RSA/Keon, Entrust/PKI, VeriSign/MPKI, MS/CA, Openssl • NGFW: Palo Alto (PAN), Juniper (SRX/NS), CP (FW-1), Cisco (ASA) • RDBMS: IBM/Guardium, AppSecInc/DBProtect EDUCATION GRC, UNIVERSITY OF SUSSEX, East Sussex, UK 1998 PhD UNIVERSITY OF TRANSILVANIA, Romania 1993 MSc (Eng) ‘MIRCEA CEL BATRÂN’ NATIONAL COLLEGE, Romania 1986 Baccalaureate Page 1 of 3
  • 2. Silviu Trofimov (CISA, CISSP) EXPERIENCE ROYAL BANK OF SCOTLAND (RBS), STAMFORD, CT Oct 2012 – Dec 2016 Sr Security Analyst Reporting to the Information Security Project and Engineering Head, the position supported the specialized analysis, design and implementation needs of the C&IB US, UK and SG InfoSec teams. •Access Management –lifecycle controls mitigation for user and system identities, authentication, authorization and accounting (AAA), Privilege Identity Management (PIM) – Cyber-Ark / EPV, PACLI, and Centrify, resulting in enhanced controls resilience and closure of material RIs. •Network Security – addressed critical security and reporting regulatory requirements: solution design for centralized firewall management rule-base recertification process (SkyBox); port controls with Network Access Control (802.1x and lite - ForeScout / CounterAct); network segmentation lockdown process (Check-Point/R77). •Database Security – elevated critical database security posture by researching, analyzing, selecting and validating the RDBMS VM vulnerability and compliance scanning and reporting tools: IBM / Guardium, AppSecInc / DBProtect and Secunia / Advisory; and materially enhanced the lifecycle management of privileged RDBMS accounts (Oracle, Sybase, MS-SQL) using Cyber-Ark PIM. •Data / Leakage Protection – implemented geographically distributed data protection program (at rest, and in transit), enforcement of data classification labeling / infrastructure, and remedial process for global DLP program (Symantec Vontu, CA Orchestria, Titus and Boldon James Classifier). INTEGRALIS, HARTFORD, CT 2010 - 2012 Security Architect Network and Application security consulting and implementation projects within the ProServ group. Designed and implemented next-generation and virtualized network infrastructure (L2, L3, remote access, network segmentation, Network / Federation – SAML, IF-MAP, WS-Sec), Privileged Identity Management with Enhanced Authentication Assurance Levels (SCM/X.509, OTP/RSA), Identity Firewalls (Cisco ASA / Juniper SRX & NetScreen), and NAC (IVE) solutions. GOV. OF ONTARIO / MINISTRY OF GOV. SERVICES, CANADA 2009-2010 Senior IAM Security Specialist Implemented the IAM strategy in the Ontario Government: Centrify, Entrust, RSA, and PIM Cyber- Ark solution validation / design. Responsibilities: business analysis / modeling for IAM, ABCP / DR specialist for the Entrust infrastructure DR Project, architecture blueprinting and review, consulting in PIM, PKI, RACF, federation (SAML , WS-Security) and directory services (X.500). SYMCOR, MISSISSAUGA, CANADA 2007-2009 Security Architect Reporting directly to the CISO, the position provided IAM, PIM and IT security / risk management strategic support for the largest item / statement processing organization in Canada. Responsibilities: leadership, coordination and communication of security strategy and roadmap, governance-based risk management methodology, capability maturity / KPI reporting for core Enterprise functions: IAM/ PIM, SIEM and Security Architecture (SDLC gating with SPARX/EA). Projects: IAM / PIM requirements gathering and analysis, policy recommendation (internal and external), role-based provisioning (SDLC), IT Security Roadmap and annual Security Plans, storage security (SunMicro KMS), C/S (PGP, Utimaco/SG), specialized audit support for PCI-DSS. Page 2 of 3
  • 3. Silviu Trofimov (CISA, CISSP) COMPUTER ASSOCIATES (CA), FRAMINGHAM, MA 2006-2007 Security Architect / IAM Practice Reporting to the VP of IAM practice / North America, the position supported client architecture integration process for the implementation of IAM solution offered by CA (eTrust suite /*Minder). Responsibilities: provision of rapid solution architecture (SAO/SAS), security assessments (capability maturity modeling within Integrated IT Flows), business case, roadmap, and project planning. Projects: AAA Framework for top-tier US wireless operator, SAP NetWeaver –SiteMinder integration for Canadian network operator, Federation Services (SiteMinder and PingIdentity) for mobile phone operators / service provider networks. CA Trainer for CA eTrust and SAML. VERISIGN CANADA / SOLTRUS, TORONTO, CANADA 2001-2006 Chief Security Architect Reporting to VP Technology and Professional Services, the position provided consulting and architecture leadership for the VeriSign Canadian operations. • Managed Soltrus consulting practice and security consulting framework (“Network Wellness” program), acting as principal for requirements gathering, solution design, planning and project execution for PKI/PMI, directories, network security and integration. • Directed the Security Infrastructure division of Soltrus through its transition from CIBC- VeriSign unit: data center relocation and security enhancements for the multi-tiered SOC infrastructure; developed, implemented and tested the DR plans for VeriSign MPKI operations. 1998-2001 Senior Security Consultant, Deloitte & Touche LLP / SeB, Toronto, Canada Global Security Analyst, Celestica, Global IT eBusiness Group, Toronto, Canada CERTIFICATIONS Palo Alto Networks (ACE) 2012 Juniper Networks Certified Internet Specialist / Professional (JNCIS-SEC, JNCIP-SEC) 2012 Juniper Networks Technical Master, Authorized Design Specialist, Net Advanced Infra, Net Advanced Security, JNCIS-ER, JNCIA-ER, JNCIS-SSL, JNCIA-SSL, JNCIS-AC, JNCIA-EX 2011 IBM Tivoli ISS Tech Advisor / Pre-Sale Specialist 2010 ABCP / DRII (Disaster Recovery Institute) 2010 K-Learning PMP (Project Management Professional) Certification 2010 Inquestra Business Systems Analyst Certification 2009/2010 CA Architect Academy (Certified CA Architect) 2006 / 2007 CA SiteMinder / IdMinder /eTrust (TopGun Certification and Trainer) 2006 Sun IdM (Certified in Sun Microsystems WaveSet Lighthouse Administration / Implementation) 2004 ISC2 /CISSP (Certified Information Security Systems Professional) 2002 VCA/VCE (VeriSign Certified Administrator / Engineer, VeriSign OnSite / MPKI) 2001 ECRA / ECRE (Entrust / PKI Management, trust models and directory integration) 2001 ISACA/CISA (Membership / Certification) 2001/2005 CCSA/CCSE (CheckPoint Certified System Administrator / Engineer Certified) 1999 AWARDS AND HONORS Top CISA exam writer, Toronto Chapter 2002 Wolfson Scholarship, UK (4 years) 1994 Page 3 of 3