Abhilash Nair

Scope of Work:
---------------------
Playing an imperative role in developing, establishing & implementing information security controls through business aligned strategies to achieve and improve Information Security Posture of the Organization. Ensuring the Information and Information Processing Facilities are protected and secured within its internal network and also when accessed over the external network. Day to day job duties includes exhaustive monitoring of I T Resources, Compliance to legal and regulation requirements, IT Assessments, exception handling, Security Assurance, Security Incident and Vulnerability Management.

Roles & Achievements:
---------------------------------
* Presently working as Information Security Consultant at Emirates Global Aluminium (EGA), Abu Dhabi, U.A.E.
* Industrial Control Process Security specialization, with in-depth knowledge and expertise in redefining the security controls in compliance to ISA99, NIST 800:82, ISO 27001:2013, ADSIC, ISR & NESA standards.
* Certified Lead Auditor by RABQSA (USA) (ISO/IEC 27001:2013, ISO/IEC 20000-1:2005, ISO 9001:2008, BS 25999-2:2007, ISO 19011:2002, ISO 22301:2012)
* Certified as Certified Information Systems Auditor (ISACA) and PCI DSS Ver. 3.0 Certified Implementer.
* Core Member in setting up Data Centers, Information Security Department, and Security Operations Centres & recently setting up Information Assurance Center.
* RSA's Archer Certification: Adaptive Authentication (AA), IT Security Risk Management (SRM), Business Continuity Management (BCM) & Regulatory Compliance Management (RCM)
* Special Project Such as setting up Intelligence Security Operation Center (ISOC), Advanced Threat Protection, Information flow analysis, Forensic tools, End-point protection, Host Based & Network Based Intrusion Protection, Application whitelisting, Mobile Device Security tools, Microsoft Bit-Locker, Network Admission Controls.
* Auditing: Security Audit, Vulnerability Assessment and Penetration Testing.
* Risk Assessment: Governance Risk and Compliance (GRC) with Metricstream GRC tool.
* Standards: PCI DSS, NIST 800:82, ISA 99, ISO 9001, ISO 19011, SB 1386.
* Expert in implementing UAE Information Compliance Standards (NESA, ADSIC & ISR)
* Coordination for Information Assurance activities such as Cyber Security, Forensic, Assessment (Vulnerabilities & Penetrating Tests) End Point Protection, DLP’s and Advanced Treat Protection
* Develop Information Security Reports on basis of Forensic Audits and Coordinate with Management for appropriate Corrective & Preventive Actions.
* Analyse the report provided by Information Assurance team for event data from security devices which is gathered in Tenable Security Centre by the Log Correlation Engine and identify the potential risk.
* Prepare Security Incident Report for Fidelis XPS detected events by Information Assurance Team and verify that critical alerts are not false positives and conduct further analysis if needed.
* Check which projects are in course of action (are active) and perform required duties needed for projects fulfilling such as SCADA Audit, SAP ISO Certification, Mediated Access Gateway implementation etc.
* Specify application security requirements; perform continuous reviews of policies and procedures for applicability.
* Implement security monitoring technologies to automate event and incident monitoring and alerting in line with the Information Security Policies and Procedures.
* Perform risk analysis for vulnerabilities, incidents and change requests and provisioning of new service/systems.
* Perform continuous research and development of organization Cyber Security Capability to implement and improve controls that match security requirement and Cyber security threat levels.
* Build relationship between risk register, business impact analysis sheet and information security awareness.

Scope of Work:
---------------------
Prepare the Client with the Industry Best Practices of Information Security. Ensure their readiness for ISO 27001:2005 audit certifications.

Roles & Achievements:
--------------------------------
* Evaluating, developing and implementing ISO security standards, procedures, and guidelines for multiple platforms and diverse systems environments.
* Interacting with business functions and internal support functions for Information Security related initiatives.
* Maintaining an awareness campaign for Information Security policies across the organization.
* Regular monitoring and reporting of Information Security controls implemented and also its periodic Internal Auditing.
* Rolling out company Information Security policies & procedure based on a practical approach.
* Monitoring compliance of Company information security policies and procedures against applicable local and international laws and regulations.
* Developing various processes or monitoring security controls to ensure appropriate access protocols are observed.
* Foster the maturity of processes for identifying, analyzing, and actively managing the information risk portfolio.
* Provide expertise and knowledge of current industry trends in information risk and security standards to improve controls across Company

Reporting and documentation :
o to prepare weekly reports on results of the monitoring
o to meet with other departments and follow up implementation
of corrective action requirements
o to identify and document corrective actions
o to prepare and imparting training documents
o Communication skills (written, verbal)
o Understanding of security tools and processes
o Auditing
o Subject matter expert in Security standards, policies and compliance.

Scope of Work:
Ensuring the Information Technology Systems in the company is at par with the industry standards and achieves ROI within the span of 3 years. Day to day job duties includes exhaustive monitoring of I T Resources, Compliance Auditing, preventive maintenance of I T Systems in the company and end user satisfaction.
Achievements:
 Prepared a roadmap to convert a 34 year company and its subsidiaries to its current position.
 Finding appropriate vendor in the global market for IT as per the requirement and engaging them to ensure that the results are achieved in record timeframe.
 Reducing project cost using the optimum time and maximum quality.
 Ensuring each system is fully documented and each system is working as expected.
 Managing a team of 5 members whose main concentration was end user satisfaction.
 Reducing the operational costs by using Periodic Preventive Maintenance strategy.
 We strongly believed doing each steps rightly at the first time.
 We had ensured that the systems kept an agreed level of standards looking at the usage requirements of the staff.
 We also defined policies and procedures for the usage and administration of Information Technology Systems and Services.
 We implemented a Daily, Weekly and Monthly back up using Acronis Advanced Server for Windows Agents for remote sites and Head Office Data Centre using Double-Take Availability.

Podcasts Attended:
Cisco:
a) How to make magic with VoIP: Weighing the Options.
b) Borderless Networks: Security and Video Managed.
c) Collaboration: Using Cisco Virtualization Client.
d) Cisco Data Centre Business Advantage Framework.
Microsoft: Member of Microsoft Virtual Academy \[MVA\]
a) Cloud Services for PC: Virtual Round Table.
b) Microsoft Desktop Optimisation Pack (MDOP)
c) Private Cloud Instructions by Job Role
d) Microsoft Operations Framework 4.0
Professional Skills:
 Excellent knowledge and expertise of IBM Products (System x (xSeries), BladeCentre HS23 Express, Storage DCS3700, EXP3524, Tape Drives TS2250 Express.
 Excellent knowledge and expertise of HP Products ( Server ProLiant BL400c Server Blades, Network ProCurve 5412zl-92G-PoE, Storage D2700)
 Excellent knowledge in Network Security with Cisco ASA 5500, 3800 Integrated Series Routers, Dynamic Multipoint VPN (DMVPN), Juniper SSG Series Secure Gateway, Fortigate Products (Fortigate 200B -POE / 100D / 80C / 40C / 20C)
 Excellent working knowledge and expertise of Microsoft Products ( Windows Server 2012 DataCentre Edition, Windows Server 2008 Enterprise Edition, Exchange Server 2003 / 2008, Windows Server HPC Server OS 2008R2, Lync Server Enterprise2010, SQL Server Standard 2008, System Centre Management Suite Enterprise (SCCM )).
 Excellent working knowledge and expertise of Telephony & Unified Communication products (Cisco SPA8800 IP Telephony Gateway, Cisco Unified IP Phones, Avaya G450 Media Gateway with S8800 Server, IP Office 500 V2, Avaya 9640 IP Phones, Cisco Webex, Polycom Video Conferencing System)
 Excellent working knowledge and expertise in implementation and maintenance of ERP products like (Oracle, SAP, Hisys, Orion and Canias.) and ECM products like (Saperion, IBM Filenet and Vicidocs)
 Excellent working knowledge and implementation of new technologies in IT such as (Cloud Computing, BYOD, Desktop & Server Virtualisation and Data Centre Optimisation)
 Excellent working knowledge and expertise of Backup Products like (ARCServe, Acronis, BackupExec, HP Data Protector, NetBackup, SCDPM, EMC Recoverpoint, Ventis BackupSuite 2008)

 Exceptional Track Record in Designing, Planning & Maintenance of I T Systems & Infrastructure.
 Proven track record to lead and shape the Infrastructure and Support department, both strategically and operationally.
 Over all control of the total project valuing AED 20, 000, 000 including Capacity Planning, Designing Infrastructure Systems, Security Systems, Operational Maintenance, and Sales Support.
 Directly reporting to the Division Manager of Commercial Services, Ali & Sons Co LLC.
 Demonstrable 'Track record of achievement' for Line Management 8-10 people.

Technically hands on able to act as technical resource as and when required, running projects, change control, Security Systems Documentation, Help Desk performance and resolution. - Within Support Services sector with:-
 Server Side Components:
 MS Windows Server 2000 / 2003 / 2008
 MS Exchange Server 2003 / 2007
 Red hat Linux Enterprise Server v5.0
 SCO Open Server 5.0.7 v
 VMware Server 2
 Network Side Components:
 Routers (Cisco)
 Switches (Cisco, Dlink, NetGear, Linksys)
 Firewall (Cisco, Drayteck)
 Voice Over IP:
 Cisco I P Telephony
 Avaya G450 Media Gateway
 Avaya IP Office 500 V2
 Panasonic TES 824
 Virtual Private Network:
 Open VPN
 SSL & PPTP VPN Architecture
 Management Process:
 TOGAF
 ITIL
Strong management experience of technical teams with particular emphasis on:
 Co-ordination of resources for project work and incident resolution
 Leading contact for customer offering advice on latest technologies
 Attendance at team leader and management meetings internally
 Manage the scheduling and workloads of staff ensuring calls are resolved within SLA's
 Manage annual appraisals, target setting and recruitment process
 Establish requirements, identify solutions and deliver technical answers

 Install, configure and maintain all technology hardware, software and data/voice communications equipment.
 Administer all network (LAN/WAN) infrastructure across 4 remote sites.
 Administer all business applications and servers including POS relational database, web server, security cameras, and Microsoft Exchange Server 2007 server.
 Install and configure desktop applications and office productivity suites, McAfee antivirus software, email clients and terminal services clients.
 Import/export from POS database, customize and run monthly reports.
 Manage, evaluate and procure technology resources.
 Research, develop and implement new technology initiatives.
 Assist in developing and documenting IT policies, procedures, and budget.
 Maintain data backups on servers, multi-site security camera system, and multiple wireless hot-spots.
 Design, develop and maintain employee Intranet.
 Provide remote tech support including technical training for users.

 Providing data and voice network support for a variety of companies like southern Water in UK, Capital One in US, TUI in Germany, and Nestle in APAC region.
 Responsible for Network monitoring using HP Open View.
 Prioritisation of the site networks and their ticket resolution.
 Responsible for providing network availability reporting to Senior IT Manager.
 Received appreciations from senior managers for establishing effective interactions with the associated ISP / Network vendor for the project.
 Played major role in bringing up effective process documentation for the account.
 One among the team for MPLS migration of 39 sites for a key account.
 Member of Change Approval Board who asses the risk and approves the change based on Risk Assessment.
 Analyse the issues and recommend problem ticket creation for recurring issues in the account.
 Mentoring the team in case of queries relating to process and ticket specific issues.
 Member of Service Delivery Team for ensuring the smooth operation of the account.
 Lead the first Disaster Recovery Drill for the first TOS deal of Wipro Technologies Ltd and obtained the best performance award of the year.

 Member of Windows Xp Escalation Team
 Member of WAR group for Microsoft Xp Support.
 Received expertise training in Crash Dump analysis from engineers of Microsoft.
 Technical skills in operating system architecture, diagnosing problem issues, Patch Management and Registry Fixes, Remote Assistance and Remote access.  

 Member of L2 support team for providing Voice Support to IP Phones provided by a multi national Telecommunication company “Vonage”.
 Responsible for troubleshooting and fixing “One Way Audio” issues.
 Responsible for troubleshooting and fixing “Call Connection” issues.
 Responsible for identifying and providing solution for “Choppy Audio, Voice Lag & Multiparty Conferencing issues”.
 Responsible for monitoring TFTP connections and Voice Gateway logs for advanced troubleshooting support.
 Received Hands-On training from the L3 Voice Gateway engineers from Vonage US on VoIP devices of Cisco, Linksys, Motorola and Soft phones.
 Obtained DROP award for outstanding performance in the entire project.

 Responsible for Daily Routine: Network Installation, Fault Identification & Preventive Maintenance.
 Wired and Wireless Network Designing and implementation for the client.