Head - Cyber Security Defense
Digital Communication / Banking / Print Media
Total years of experience :23 years, 2 Months
Cyber Threat Intelligence
• Continuously monitor external threats/events related to malware, vulnerabilities, attacks, breaches and hacking activism (hacktivism) using open and closed intelligence sources to provide proactive and reactive protection.
• Collecting, assessing, and cataloguing threat indicators and responsible for adding context to threat indicators to convey urgency, severity, and credibility.
• Performing and conducting cyber threat analyses / assessment and publish reports on various threats by doing due diligence.
• Responsible for conducting in-depth research, documentation, and intelligence analysis of key cyber threats to develop a comprehensive picture of the cyber threat landscape
• Work with team on real-time monitoring and analysis of security events across the organization ranging from malware infections, phishing campaigns.
• Authoring Cyber Threat Reports based on intelligence feeds and deriving actionable intelligence for analysis and reporting.
Security Operations Center
• Implemented SOC operations of Williams Lea Tag with Splunk as SIEM solution for Non - PCI environment in coordination with MSSP (Accenture).
• Managing PCI SOC with Arcsight as SIEM solution and developed standard operating procedures to guide daily activities of the operations center.
• Conducted table-top exercises across the region on quarterly basis, to assess SOC’s ability to identify, contain, eradicate and recover from a security incident.
• Responsible for addressing P1 & P2 incidents and liaison with CISO for making critical decisions in the event of major incident.
Vulnerability Management
• Notify the Asset Owners on vulnerabilities criticality impacts and collaborate with various business / technical teams to ensure security patches are applied on all the infrastructure devices, applications.
• Provide technical guidance to application teams and/or service operations teams on best approach for meeting and maintaining compliance standards
• Manage vulnerability remediation efforts from identification through implementation working with partner teams to understand and address problems with a focus on issue resolution, escalating as necessary to meet timelines.
• Work with the business, development, testing, and information security teams to schedule, manage, and resolve all vulnerabilities and risk identified during security evaluations.
• Managing vulnerabilities and risk from the identification stage through remediation stage.
Cloud Security
• Work with business leaders, technology architects and vendors to design cloud security solutions that meet the business needs of the enterprise.
• Evaluating Cloud security for Williams Lea Tag periodically and provide KPI’s metrics to the management.
• Drive Cloud flare implementation for all the top domains critical for Williams Lea Tag business.
• Continuously assess current IT environments and make recommendations to increase security.
Threat Management And Reporting
• Develop Security Advisory for CISO & RISO’s on potential threats / vulnerability relevant for Williams Lea Tag business across different region.
• Driving Cyber Security initiatives on behalf of CISO for improving the cyber security posture of Williams Lea Tag by coordinating with various teams.
• Developed and implemented a strategic enterprise Threat Management program to ensure that the confidentiality, integrity and availability of information within Williams Lea Tag.
Others
• Participate in the forum responsible for creation of IT security policies, procedures, guidelines, baselines, and standards.
• Responsible for performance evaluation for team members on bi-annual cycle. With monthly feedback and coaching conversations with team members.
• Direct reporting to the Senior Vice President and leading four teams from the Cyber Threat Management which includes Cyber Threat Intelligence, Penetration testing, Vulnerability Assessment and Malware Analysis team.
• Engineering, implementing and monitoring security measures for the protection of computer systems, networks and information
• Managing team of Architects who designs, implements, maintains and operates information system security controls and countermeasures.
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Develop intelligence to gather feeds available to be consumed from existing deployments.
• Maintain up-to-date awareness of computer network exploitation and attack tools and tradecraft, threats and vulnerabilities, and respective countermeasures
• Collaborate with application development team to develop sustainable product.
• Collaborate with Threat exchange community including Open source communities.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Ensure that the company knows as much as possible, as quickly as possible about security incidents
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Peer review computer security architecture and cyber security designs developed by the principal architects in cyber security domain.
• Review and document standard operating procedures and protocols
Leading the Cyber Threat Intelligence, Penetration testing, and Vulnerability Assessment
teams while collaborating with SOC team in Wells Fargo.
Leading the Network Security Infrastructure Engineering and Service Management teams
responsible for Cyber Threat Intelligence/Visibility/Mitigation, Firewall, and Network
Intrusion Detection.
Continuously monitor external threats/events related to malware, vulnerabilities, attacks,
breaches and hacking activism (hacktivism) using open and closed intelligence sources to
provide proactive and reactive protection.
Actively providing Cyber risk and threat identification, by proactively and continuously
monitoring the internal and external landscape for events, risks, threats, malicious code,
vulnerabilities, and attacks related to the Financial Services industry or Wells Fargo
Specifically.
Interpret and analyze the intelligence data and evaluate it for accuracy, by cross correlating
the data from different sources and build actionable intelligence - Indicator of
compromises(IOCs) and conduct impact assessment.
Providing actionable intelligence by enriching Cyber Threat Intelligence from our partners,
vendors, and open sources to protect external facing and internal based computing assets,
data, customers and brand reputation (OSINT, FS-ISAC, FireEye, Flashpoint, etc).
Providing enterprise threat analysis (assessment) by reviewing Wells Fargo potential and
current threats based upon a defined and repeatable threat and vulnerability analysis
methodology
Knowledge of adversarial activities in cyberspace with an understanding of intrusion set
tactics, techniques, and procedures (TTP) with the ability to emulate these TTP to assess
vulnerability and risk
Mining Threat Intelligence from the Dark Web and prepare detail report on different Threat
Actors dealing with various Financial products
Partnering across multiple functional areas to achieve enterprise level organizational goals,
deliver on complex security solutions, significantly reduce organizational, reputational, and
financial risks through technology management
Perform vulnerability testing, risk analysis and security assessments by coordinating with
Vulnerability Assessment Team, Penetration Testing Team and Cyber Threat Fusion
Center (SOC) team in Wells Fargo.
Experience in various security tools like RSA Archer, Splunk, Arcsight, Threat
Connect, Qualys, LogLogic.
Proactively Identify technologies based vulnerabilities and provide remediation solution for
mitigation of vulnerabilities to the management.
Experience in assessing potential items or opportunities of risks and vulnerabilities in network
defense on a daily basis.
Interact frequently with leader from different Lines of Business, other technical support
teams, engineering and product management to escalate and resolve critical customer
issues.
Have a good understanding of information security and a working knowledge of typical
information security controls utilized within the Financial Services industry and specific to
Wells Fargo.
Technical design documentation of new connectivity requirements.
Responsible for designing, implementing and testing secure access for inside / outside
business partners into the Wells Fargo network for secured data transport.
Responsible for secured delivery of information system connectivity from Wells Fargo
network to external companies and venues.
Design and implement encrypted firewall connectivity where appropriate by using IPSEC or
other methods of encryption as approved by Wells Fargo corporate security.
Responsible for providing hardware specifications for new firewall builds and deployments.
Assist other security engineers in design or implementation work as needed.
Handled project related to migration of FWSM to Cisco ASA firewall covering more than 120
Cisco ASA devices.
Establish and troubleshoot VPN connection (Site-to-Site & Remote Access) as business
requirements.
Configuring and Troubleshooting Cisco Pix 6.0 series & Cisco ASA 7.0 series for natting & VPN
issues.
* Configuring and Troubleshooting VPN connections on all the Cisco VPN Devices which includes
Cisco Pix 6.0, Cisco ASA 5000 series, Cisco Routers, Concentrator and other VPN compatible
device of the vendors.
* Planning, configuring, establishing and maintaining VPN tunnels which includes Remote Access
VPN, EasyVPN, Site-to-Site VPN and Web VPN.
* Configuring and Troubleshooting VPN connections on all the Cisco VPN compatible devices
* Responsible for all severity level calls P1/P2 and P3 of customers for network security related
issues.
* Recreate the problems in the lab if required and provide the solution to customers
Implementation of Routing Protocols like RIP, EIGRP, OSPF in the customer’s network devices.
* Configure STP, RSTP, VTP and HSRP on Cisco Switches.
* Configuring VLANs as per the requirement of the business Units.
* Establishing and troubleshooting site-to-site VPNs between the corporate location and remote
sites
* Configure Linux server and Linux operating system for remote connectivity
Implementation of Routing Protocols like RIP, IGRP in the network devices and checking the
routes.
* Creating different VLANS in the Cisco Switches as per the business requirement
* Configuration of switching technologies like STP, VTP, VLAN Trunking.
* IP Access list configuration in WAN Router to restrict unauthorized access
Troubleshooting local connectivity problem in the pc
* Formatting, Loading Operating System and Software Installations.
Responsible for migrating the entire sites from OLD, NEW NHS Technology to Network 3
Technology for the entire UK Region on behalf of GE Healthcare
* Liasing with the site IT managers and Customers of GE Healthcare in various locations across UK
for migration
* Liasing with the Project Leader, Connectivity Leader in UK with regard to the Project Planning,
Project Execution, Daily targets, SLAs etc
* Proposing and installing new devices for the smooth functioning of remote connection
