Sourced, deployed, implemented, integrated, operationalized and currently maintain solutions for the following areas:- Cybersecurity awareness and learning management- Next generation email security and anti-phishing/anti-spam- Vulnerability management and threat assessment- Data loss prevention / Data leak prevention (DLP) system- Financial sector threat intelligence feedLead and manage the company's cybersecurity programStrengthen the company's cybersecurity culture and awarenessIdentify gaps in and help mature the organization's cybersecurity program by building and implementing relevant and appropriate solutionsCoach and train colleagues and junior staff on cybersecurityRegularly update and maintain the company's information security policy and acceptable use policySeek out and identify operational efficiencies in cybersecurity program and IT infrastructureAdminister, launch and report on simulated phishing tests and security education and awarenessDocument, update and maintain cybersecurity procedures in central knowledge repositoryApply best practices and principles from cybersecurity frameworks such as NIST and CIS controlsCoordinate and manage the vulnerability assessment and remediation programManage the 3rd party brand protection and social media monitoring platformManage the 3rd party managed security services provider (MSSP)Respond to and manage cybersecurity incidents and alertsStay updated on new and emerging cybersecurity trends through regular security education and industry conferencesProvide management level reporting to identify trends, progress and direction of cybersecurity program and suggest recommendationsManage, administer and maintain vendor due diligenceParticipate in and help to improve the regular disaster recovery (DR) exercisesManage and administer company's cloud storage providerRegularly contribute to internal script library (mainly PowerShell)Maintain general cyber-hygiene of organization

Security Awareness:- Develop, maintain and launch simulated phishing attacks against the organization- Measure and report on success rate, target vulnerable users with additional training- Educate users on attack methods and common mistakesVulnerability Assessment:- Assess vulnerability of assets using vulnerability assessment tools via scheduled and on-demand authenticated scans, report on vulnerabilities, spot trends, provide guidance on patching and remediation- Scan web assets for "OWASP Top 10" vulnerabilities, generate reports, assist with remediationSIEM:- Tune and maintain the SIEM, build and continually adjust alerting- Ingest intelligence feeds in STIX/TAXII format and add IOCs into SIEM and IPS/IDSFirewall:- Maintain firewalls, implement firewall rule changes as needed, tune signaturesEmail Protection:- Administer email filtering system, adjust whitelists/blacklists to allow/block email addresses- Spot and identify mass mailing campaigns, proactively take defensive measuresSandboxing / Malware analysis:- Analyze malware using sandbox technologies, derive IOCs to inoculate assets within the organizationIncident Response:- Respond to cyber incidents, assess, contain, investigate and remediate threatsThreat Intelligence:- Consume various threat intelligence feeds, determine exposure and assess risk, take defensive action accordinglyReporting:- Provide management with regularly periodic statistics of attacks, threats and incidents

• Respond to cyber incidents within the organisation (26,000+ employees) to remediate any damage and protect company data and assets in the earliest stages of the Lockheed Martin Cyber Kill Chain.• Triage/assess, contain, investigate and remediate cyber security threats.• Investigate alerts generated by the SIEM; create and continually tune standard response templates and threat alarms.• Provide management with insight into team’s progress by generating and presenting weekly report of attacks, threats, remedial action, success rate and other incident statistics.• Protect end-users from phishing attacks by blocking public phishing sites on the corporate network and share the intelligence with targeted institutions.SIEM: QRadar (IBM)• Generate and develop new alarms that trigger upon suspicious activity.• Analyze events and respond to alerts generated by QRadar.Network security, IDS/IPS: FortiNet suite of UTM products• Analyze IDS/IPS alerts generated by perimeter FortiGate firewalls and responded accordingly to contain threats.EDR and Digital Forensics: EnCase (Guidance Software)• Remotely acquire snapshots for forensic analysis and determination of root cause of malware infections.Digital Forensics: Office 365 Compliance Centre (Microsoft)• Remotely acquire corporate mailboxes in .PST format to support forensic investigations.• Trace emails to determine root-cause of infections and origins of phishing campaigns.• Block and eradicate mass malware emails and phishing attempts.Data Loss Prevention: ForcePoint Triton (Raytheon)• Investigate alarms triggered by DLP endpoint to determine if company policy was breached.Sandboxing / Malware analysis• Use tools to analyze malware and derive IOCs for countermeasures.• Investigate malicious websites and execute malware using sandbox environments for threat and risk assessment.

Network security - management of internal network of “FortiNet” devices throughout entire organization at multiple sites across the country• IDS/IPS Firewalls:- Maintained 100% uptime of over 75 FortiGate devices.- Continuously tuned policies on a daily basis to ensure proper websites are accessible to employees.- Played a vital role in a one-month-long project to upgrade and test the firmware of 14 FortiGates to provide better functionality and stability. Project completed flawlessly and resulted in the successful, nightly firmware upgrades of all firewalls without any noticeable impact to end-users.SIEM – management of “RSA enVision” including patching and 100% uptime- Created custom queries to generate meaningful and relevant reports for ongoing forensic investigations.DLP (data loss/leak prevention) – management, installation and maintenance of “Digital Guardian” endpoint DLP solution- Led the initiative to support the major upgrade of the endpoint DLP client across the entire organization; developed troubleshooting procedures and response plans for problematic upgrades.- Earned a nomination by manager for a “Customer First” award for excellence in DLP upgrade project.E-mail and Anti-spam – management of Microsoft Office 365 and Cisco IronPort e-mail anti-spam solutions• Managed filtering rules within Office 365 and IronPort to block and filter incoming spam e-mails and senders.

Administration and support of virtual machines (VMware) for domestic and international employees connecting through Quest Provision connection broker (from Canada, U.S. and India)• Providing 3rd and 4th level support for desktop PC software/hardware in Windows XP environment and following up with clients to ensure proper resolution of issues• Administration of corporate Group Policies and user accounts within Active Directory through Microsoft Administration Tools and NetIQ Administration Suite (“DRA”)• Developing basic software in C# using Visual Studio to assist with internal support processes• Packaging and customization of software applications using InstallShield AdminStudio and Wise Package Studio (.MSI installation files) for employees to install over internal network• Developing and maintenance of start-up scripts and login scripts in KixStart 2010 for maintenance, deployment and updating of software on existing desktop/laptop systems• Testing software packages created by co-workers extensively for quality assurance (QA)Providing remote-assistance using Windows Remote Assistance to diagnose and resolve problems on corporate employee machines (desktop sharing)• Logging all issues as “trouble tickets” for tracking purposes using HP OpenView Service Desk (“OVSD”)• Generating inventory reports and tracking use of company assets using central database on Microsoft SQL Server platform

Administration and support of virtual machines (VMware) for domestic and international employees connecting through Quest Provision connection broker (from Canada, U.S. and India)• Providing 3rd and 4th level support for desktop PC software/hardware in Windows XP environment and following up with clients to ensure proper resolution of issues• Administration of corporate Group Policies and user accounts within Active Directory through Microsoft Administration Tools and NetIQ Administration Suite (“DRA”)• Developing basic software in C# using Visual Studio to assist with internal support processes• Packaging and customization of software applications using InstallShield AdminStudio and Wise Package Studio (.MSI installation files) for employees to install over internal network• Developing and maintenance of start-up scripts and login scripts in KixStart 2010 for maintenance, deployment and updating of software on existing desktop/laptop systems• Testing software packages created by co-workers extensively for quality assurance (QA)• Providing remote-assistance using Windows Remote Assistance to diagnose and resolve problems on corporate employee machines (desktop sharing)• Logging all issues as “trouble tickets” for tracking purposes using HP OpenView Service Desk (“OVSD”)• Generating inventory reports and tracking use of company assets using central database on Microsoft SQL Server platform

• Provided first level software and hardware support over the phone and through email to a wide variety of end-users ranging from beginner to advanced on multiple Canadian and U.S. accounts• Resolved problems on various IBM desktop PCs, Toshiba Tecra and IBM ThinkPad laptops and also assorted Hewlett Packard and Lexmark printers• Logged all calls using incident management software tools: Tivoli Service Desk and McAfee Help Desk• Applications used: Microsoft Office (Word Excel, Outlook, PowerPoint), Lotus Notes v4, 5 and 6, Citrix MetaFrame, Tivoli Service Desk and Management Framework, CICS 3270 mainframe system, AT&T NetClient• Software support:• Windows XP, 2000, NT: advanced trouble-shooting and how-to questions• Account administration: NT Active Directory and Novell Console One• Microsoft Office (Word, Excel, Outlook, PowerPoint), Internet Explorer 5.5, Netscape Navigator and Communicator, Lotus Notes R4 and R5, PCOMM 3270 mainframe session manager• CICS mainframe application: Resetting mainframe connections for terminal workstations and mainframe printers, password resets, terminating ghost logon sessions• Remotely took over client’s workstations using Tivoli Remote Management to resolve issues at client site• Used AT&T NetClient to tunnel into company’s VPN to access intranet resources and work remotely from home• Used Citrix Metaframe to tunnel into various client company’s systems to access their tools and applications remotely• Referred problems to second level on-site support for issues that could not be resolved over the phone (e.g., broken hardware, issues that required restricted access or local admin logon)