| Contact Information | |
| Name: | Dimitri Yates |
| Email: | yatehdima (at) hotmail (dot) co [email concealed] |
| Location: | London, , United Kingdom |
| Resume | |
| Position/Title: | Manager, Information Security |
| Resume: |
DIMITRI YATES Email: yatehdima (at) yahoo (dot) com [email concealed] Mob: 07964532460 British Citizen Summary Profile: Over nine year’s hands on, multiple industry experience in major global and ‘big four' consulting and auditing experience. Calm under pressure, excellent communication skills & ability to work to tight deadlines. Technical and other Skills Summary: Implementation and maintenance of policies, standards and guidelines related to effective management and governance of IT and information security. Information security & risk management, IT security governance, process and operations, managing/consulting on key information security infrastructure, extensive experience in designing and reviewing technical architecture from a security perspective. Malicious code management and control, incident management/forensic investigation capability, project management experience, experience of managing/ consulting on key security activities (e.g. identity management, data integrity, user administration/external connectivity), business process review and re-engineering. Exceptional ability to see the ‘bigger picture’ from a high-level management perspective. Experienced in information security and IT audits, audit readiness reviews, SOX (Sarbanes Oxley) and section 404 related controls and compliance. Expert in using CAATS and other automated audit techniques, written numerous scripts for auditing *nix platforms. Strong knowledge of BS7799/ISO17799/ COBIT/ ITIL compliance/certification methodology, gap/risk analysis, familiar with wide variety of tools including CRAMM, COBRA BS7799 Consultant etc. Worked on large security projects for major financial and banking clients of PWC. Worked for major banks – which involved a full review of the ‘chip and pin’ and e- banking infrastructure across the full scope from technical infrastructure and security requirements, backend databases, communication and network links and encryption requirements to the design and documentation of processes, procedures and policies to support operations in London and the South – east. Knowledge of legal and regulatory requirements for the Banking industry in the UK, as well as payment card standards and requirements and compliance. Implemented compliance with payment card security standards for various clients. Excellent forensic analysis and incident response skills, knowledge and use of forensic software packages. Aware of legal requirements for and technically competent to perform forensic analysis, evidence collection/gathering and the legal requirements for the documentation and presentation of evidence. Expert in manually analysing files, file systems and operating system files to detect unauthorised activity & compromise on both Windows and Unix platforms. Great technical knowledge of techniques used by hackers to ‘hide’ files and cover tracks of activity, steganography etc. Excellent knowledge of Checkpoint firewalls, and Nokia platforms i.e. Checkpoint firewall software running on Nokia (IPSO) platforms. RSA secure ID. Firewall and server platform ‘hardening’. Penetration testing, network security, system security and intrusion prevention/detection. Vulnerability assessments, risk analysis, cryptography, encryption and encryption tools, PKI infrastructure. Excellent knowledge of IPSec management and configuration, wireless networks, wireless security design, configuration and implementation. In depth knowledge of authentication and authorization mechanisms, Smart cards, smart card design and specifications. Software/Application experience: Kerberos, ISS, Snort, (and other open source security applications), PGP, HP Open view, Cisco works, Remedy, Ghost, Hummingbird, Heavy ‘hands on’ experience installing and working with Cisco networking equipment. Design, implementation and troubleshooting of Wan/Man/Lan networks. Email and web application security. Operating systems – Administration of *nix, Solaris, Linux (Red Hat), DOS, Microsoft windows platforms. Programming languages and experience: Perl, C, Visual Basic and some assembly (Intel) Education: MSc. Information Security (with Distinction) Royal Holloway, University of London. BSc. Electronics and Information Systems with Telecommunications University of Nizhniy Novgorod Russian Federation. Professional Qualifications: CISSP, CISA, MCSE, CCNP, CCSA (Checkpoint). Achievements: (Most recent) Managed several large scale multi-million due diligence engagements for IPO (initial public offering) projects for major Russian clients that were successfully listed on the LSE. This involved reviewing and completely understanding in detail the clients business and related automated business processes, and how the IT function supported the business. Managed the project team that analysed current IT functions in multiple locations for a business with 15 billion dollars turnover annually. Produced ‘long form’ reports detailing what the future IT strategy must be, results of the audit reviews, as well as projections on IT functions and governance for the next five years. Developed a complete methodology to evaluate and assess the IT function for Russian companies going public via IPO’s in the UK. Received commendations for extremely successful project work, implemented and completed beyond expectations and to very tight deadlines. Consistently scored highest review scores in all previous roles. Work Experience: Nov 2007 - Current - Contractor ABN AMRO Information Security Risk Analyst (6 month contract in Amstelveen Netherlands) April 2007 - November 2007, Deloitte and Touche CIS – Manager, Enterprise Risk Services (ERS) Project leadership and management (managing as many as 12 projects simultaneously), service portfolio development, (developing new services and go to market products) and client liaison. Leading projects related to IT governance, consulting on IT security and compliance. Risk analysis & Policy development and reviews, IT audits and audit support. Leading teams of consultants on projects and clients requiring IT strategy, ITIL/COBIT/ISO process/governance standards. IT governance framework development and implementation. Reviewing and endorsing reports/deliverables, proposals and work papers to ensure that all deliverables/documentation and presentations are produced to meet the exceptional standards and level of detail and accuracy expected from a global big four consultancy and by Deloitte & Touche. Responsible for meetings with client executive board members, representing the firm in client ‘kick off meetings’, consulting clients, presenting the firm with a clear understanding of the clients expectations and requirements, managing service delivery and client expectations to the standards expected in the big Four. March 2006 to April 2007 Pricewaterhouse Coopers CIS – Assistant Manager, Governance, Risk and Compliance. Provided audit support and assurance services as well as governance, risk and compliance services (GRC). Conducted numerous audits on SOX and IFRS compliance (information systems), and provision of consulting services to major clients on processes, controls and procedures on the path to SOX compliance. Assessed client’s governance, risk management, internal control and compliance processes. Identified and developed ways to improve IT related processes and integrate them through the client’s people, processes and technologies; assisted clients in the daily execution of their daily governance, risk management and compliance management activities; developed monitoring and verification schemes to benchmark and measure their performance. August 2005 to March 2006 PricewaterhouseCoopers LLP London – Risk Analysis/Audit Executive – IT Security and Risk analysis work on clients worldwide. Information technology general controls audits, provision of information security consulting and advisory services. Information Security Risk management consulting, Sarbanes Oxley compliance, BS7799/ISO17799/COBIT advice and implementation. Provision of specialist knowledge and expertise on IT governance & Information security related projects. Developing security policies, checklists and detailed procedures for security compliance management based on standards such as ISO 17799/27001 & COBIT. Provide input and information to the development of a large global knowledge-base to include regulations, best practices, work papers and policies in a structured manner. Tasks included staying current with compliance requirements and industry best practices, as well as providing specialist advice and knowledge to the product management. Clients included Shell, AstraZeneca, Vodafone, and BT and a major high street bank. Involved in a major security project for a high street bank , the primary objective being to assess the current security infrastructure and processes supporting the e-banking applications and interfaces, and provide suitable and viable recommendations for improvement. August 2004 to August 2005 Medical Defence Union – Senior Information Security Officer – Managing company firewall and VPN’s. Manually reviewed (and detected and found) unauthorised activities on critical company servers not picked up by the IDS. Performed forensic analysis of remote workers laptops/desktops to detect evidence of non compliance to the company IT policy. Managing and configuring IDS systems, performing forensic analysis and investigations on company servers and networks. Gathered evidence and forensically analysed server clusters following a compromise carried out internally. Wrote own forensic software and integrated with available tools (written in Perl) to gather information. Managing security patch roll outs on windows 2000 etc Managing remote home worker security and ensuring antivirus software is fully up to date and functional. Managing the DMZ and DMZ security, maintaining web and mail server security, updating the security policy and actively auditing to ensure compliance with the security policy. Liaising with Development staff on security matters e.g. web applications. Providing advice and guidance to IT managers and team on security matters and deputise in the Network Managers absence. Network project planning and management, regular reporting on IT security compliance. (August 2002 – Aug 2004) – Contractor, security consulting and project work - including a major security project (installation and configuration of firewall clusters and network/ network security infrastructure) for a government client. Other projects included a major European bank – redesigning and upgrading of existing network (from flat layer two to layer 3 and associated complexities and problems arising from that scenario within a global network) and security/risk analysis of existing systems and network infrastructure. Worked briefly at Be-trusted (Price Water House Coopers) PKI certification authority and risk management/analysis team. Nokia USA: (Sept 2001 - June2002) – Security specialist. Worked in the third tier (level 3) support Supported Nokia’s IPSO platform and firewall technologies, and implemented and installed firewall solutions on client sites. GSM and wireless authentication protocol analysis, GSM cryptanalysis. Between June 2001 and Aug 2001: Vacationing/travel – Embarked on a three-month worldwide tour. IT-NET UK: (March 2001 – May 2001) Senior Security Analyst - My responsibility was to administer, redesign, and configure the network from purely a security point of view. Was in charge of the administration of the firewalls (Raptor, Cisco Pix, and Checkpoint) and other security related hardware/software. Redesigned the network from a security standpoint, whilst allowing for redundancy and maximum efficiency. Spearheaded and led a gap analysis team that subsequently did all the work for full BS7799 compliance and eventual drive towards full certification. Cap Gemini Ernst & Young London UK: (Aug 1999- March 2001) Firewall/Network Engineer (MIS team) – my main responsibilities included the administration, configuration, documentation, upgrading and troubleshooting of Ernst & Young’s vast network (LAN and Wan Links) spanning all over the UK. Our team was responsible for network security, intrusion detection and administration of all the firewalls installed with Stone beat (for redundancy) and Checkpoint FW-1 running on Solaris. This software was later migrated to Nokia platforms. Ensured policies and standards for technical infrastructure were applied and kept up to date. Systems Administrator: (June 1993 – May 1998) Russian Bank – Part time Windows 9.x and Windows NT administrator whilst doing my degree at University. Responsible for security hardening of work stations, servers and network infrastructure. Designed, built and configured an intranet connecting five major sites. Secured and designed the security infrastructure for the networks. Got heavily involved in security research during this time at university. Monitored internal and external security threats and made regular reports to management. References: All references available on request. Hobbies: Chess, traveling and football. |
