| Contact Information | |
| Name: | Wasim Khan |
| Email: | wasim07864 (at) yahoo.co (dot) uk [email concealed] |
| Location: | london, , United Kingdom |
| Resume | |
| Position/Title: | Compliance Officer |
| Resume: |
WASIM KHAN Mobile:07866 518905 Email:wasim07864 (at) yahoo.co (dot) uk [email concealed] INFORMATION SECURITY SPECIALIST Insightful, results driven IT Security Professional involved in a broad range of corporate IT security initiatives while participating in planning, analysis, and implementation of security solutions in support of business objectives. Excel at providing comprehensive security audit/assessment secure network design, systems analysis. Hands on experience in stages of system development efforts, including requirements definition, design architecture testing, and support. Able to co-ordinate and direct all phases of project-based efforts while managing, motivating, and guiding teams. AREAS OF EXPERTISE • Network and Systems Security • Research and Development • Regulatory Adherence • Cost Benefits Analysis • Policy planning /Implementation • Data Integrity / Disaster Recovery • Risk Assessment / Impact Analysis • Contingency planning • Tech Specifications Development • ISO27001 compliance TECHNICAL PROFICIENCIES ---------------------------------------------------- Platforms: • Unix (Solaris, HP-UX), • Windows 9x/NT/2000/XP, Linux openBSD) • Sun SPARC. Networking: • WAN Networks (Leased Line/ISDN/Frame Relay/ATM) • Switched networks (10-100TX/100FX/1000FX) • Internet/Intranet: Microsoft ISA 2004: • Cisco Content Switching • Firewalls , Provider 1, Nokia/Solaris Platforms, Checkpoint FW1:4.1 NG,NGX: Cisco PIX/ASA, Net screen Languages: • UNIX Administration, HTML, JavaScript, PHP Certifications • CCSP, CISSP PROFESSIONAL EXPERIENCE --------------------------------------------------- Balfour Beatty-UK-London-March 2008 to May 2008(2 month assignment) ISO27001 Compliance Assigned to assess current security policies against IS027001 compliance with a view to achieving IS027001 certification • Reviewed current policies for individual Balfour Beatty companies as part of a program to produce a gap analysis management report highlighting areas for assessment against IS027001 framework • Produced draft enterprise security documents (policies, standards, baselines, guidelines and procedures) HSBC, Sheffield UK, Canary Wharf London Dec-2005 to March-2008 Information Security Consultant This was an extremely flexible yet challenging multi-facet role that involved securing the banks information assets and involvement/consultancy in risk assignments across major production/DMZ/Management/Development platforms. Daily remit included the identification, management and escalation of key IT security risks, incidents, audit identification/events across the HSBC group and platforms. Delivery of assignments involving use of standard security risk tools. Using standards and guidelines to ISO27001. Secondary Tasks included the involvement in the implementation of new security solutions, participation in the creation and maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. Required to be fully aware of HSBC’s security goals as established by stated policies, procedures and guidelines to actively work towards reaching and upholding these goals. Responsibilities Strategy and Planning • Participation in the planning and deployment of client and organisational/enterprise security architecture. • Participation in the creation of client and organisational enterprise security documents (policies, standards, baselines, guidelines and procedures) Architecture Deployment • Planning, designing and implementing network security solutions including network/application firewalls, content filtering devices, IDS, VPNs and vulnerability assessments. • Optimizing and troubleshooting the network for security, speed and availability. • Building and expanding monitoring capabilities at the network, OS and application layer by customising SIM tools. • Drafting support documentation and conducting periodic security requirements analysis, security audits/reviews as needed. • Testing of new and existing implementations for vulnerabilities. Skills utilised TCP/IP networking. Static/dynamic routing, switching, sniffers, subnetting Firewall administration, configuration and deployment (Checkpoint, Juniper, Linux Hands on expertise of IDS/prevention tools (SNORT, ISS, Symantec, NetIQ) Configuring vulnerability assessment tools and result interpretation /(Qualys, eEye,Nessus,AppScan,Webinspect) Windows Server /Unix/Linux operating system hardening and configuration. BT Provisioning Team Oct 2005 to Dec 2005 Contract: Network Implementation • Part of an implementation team rolling a MPLS based solution to re-route data from existing WAN infrastructure to BT IP Clear MPLS infrastructure. Solution rolled out for a blue chip retailer with 500 sites across the UK. BT Network Services/national/Home Based Apr 2004 to Aug 2005 Information Security Consultant Responsible for performing BT core security services including risk assessments, security audits, network vulnerability assessments, identity management, security remediation and patch management initiatives. In addition to participating in pre-sales activities. Involvement in • Information technology strategy planning, • Information security program and administration, • Security architecture design and technology assessment. • Security management and operations • Delivery of assignments to PCI, ISO27001, SOX and CESG frameworks. Additional tasks included  Consultancy, Design, Management and Implementation of network solutions consisting of CISCO, Checkpoint, Nokia hardware (LAN/WAN, switching, routing, bridging, Frame Relay, ATM, MPLS, Firewall policy design and implementation. • Designs produced to cover complete deployment solutions. Including WAN/LAN, firewalls, VPN’s, Unix, Windows, Linux servers, global and local load balancing, backup and storage, metaframe, management aspects, customer connectivity to manage content etc. • Provided customers with consultancy and guidance on design, policy and implementation to ensure that the customer has a solution that meets current and future needs, then producing end-to-end detailed design for implementation meeting BT’s operational environment meeting all security requirements. Clients include high street chains, financial and government institutions, telecoms, and other BT business units, i.e. BT Retail, BT Wholesale, BT Global Services, and BT Group. • Liaison with end customers to ensure high levels of customer satisfaction are achieved, by taking end-to-end ownership of resolving technical issues to ensure that designs produced provide a solution that meets BT Standards to ensure security, availability and support. • Produced detailed designs for data centre hosting solutions and data centre infrastructure, designs also produced to a low-level of details for implementation and support purposes. Design produced detailing network, server, firewall and storage elements of the complete solution. • Detailed network designs including IP addressing, routing, LAN configurations, load balancing, ACL’s. Research Machines, Oxford Aug 2003-Apr 2004 Contract Network Analyst Support/Network Implementation of desktop/network solutions consisting of CISCO hardware (LAN/WAN, switching, routing, FDDI) and Network Management software (HP Openview, Cisco Works2000), and including cabling infrastructure, cabinets, UPS, etc…  Remote and local support of LAN/WAN communication hardware providing Facilities Managed services for schools and colleges throughout the UK.  Maintenance of supporting documentation.  Application of the OSI seven layer model via Sniffer Pro LAN analyser software.  Installation, configuration and maintenance of  Checkpoint Firewall-1  HP Openview and Cisco Works 2000  SMTP and X400 mail exchanges on UNIX and NT.  OSI and TCP/IP protocol stacks  DNS and Proxy Server on UNIX and VMS.  And also Windows 3.n, Windows 95/98, WinNT, Microsoft Office, Lotus Notes 4.3, Borland Office, DECnet/OSI, Dialup Networking, Web Browsers, Terminal Emulators.  Hardware and software installation/configuration and technical support of PC’s (Win3/Win95/98) and NT workstations/servers (NT4 SP4) on a multiprotocol LAN/WAN. King Faisal Health Care Mar 03– April 04 Information Security/Implementation Analyst Varied role involving security assessment activities and involved in the design and implementation of a new network for a re-vamped health care centre in Riyadh, Saudi Arabia. Management of multiple global projects including firewall IDS sensor deployments and advising clients on sound security guidance on practices and designs. • Provide third line technical support for firewall and intrusion detection system escalations, including but not limited to security event escalations (firewall/NIDS/HIDS), VPN configuration, application troubleshooting. • Remote configuration and maintenance of firewalls and IDS appliances in accordance with customers corporate standards • Maintain current IDS signatures across customer base including the testing and implementation of new signatures. • Review and analyse daily reporting of potential security issues to include trend analysis/detection of anomalous traffic patterns.  Understand customer problems and use-cases and implement solutions \ to address them  Create and maintain a knowledge base of customer use-cases and \ solution content  Research, analyze and understand novel log sources, such as \ information leak prevention systems, or identity management solutions  Research and develop content for Solution Packages, including \ correlation rules, dashboards, reports, visualizations, etc.  Deliver world-class solution packages to customers Required Experience:  Expertise with regulatory compliance, including designing, \ reporting and testing  Prior experience in business consulting and security solution \ implementation  4+ years of hands-on experience in network security and risk management  Experience in creating new IDS signatures to detect specific attacks  Experience in deploying and managing intrusion detection/prevention \ systems, such as Snort, RealSecure, Tripwire, etc  Experience with one or more of the following Security Information \ Management products: ArcSight, HP OpenView, Tivoli, CA, BMC, etc.  Good knowledge of analyzing low level logs to detect suspicious \ activities  Must possess excellent interpersonal, communication and writing skills  Must possess ability and desire to learn new technologies fast and \ be detailed oriented Desired Experience:  Working knowledge of incident response management  Expertise with regulatory compliance, including designing, \ reporting and testing  Expertise with IT frameworks, such as ITIL, Cobit, COSO, ISO17799  Experience in technical marketing, such as, authoring white papers  Experience with HoneyNets a plus  Designed and implemented a complex solution consisting of five major security zones(Internet, DMZ, Proxy layer, security and internal networks. protected by two firewalls.  Implemented two Cisco 3660 routers running HSRP providing redundant proof access to the internet.  Implemented two Cisco VPN 3000 concentrators to allow secure, redundant VPN connections to the network in failover mode. Equipped with hardware accelerator cards to provide high performance and to support RSA SecurID system.  Implemented two Nokia IP650 firewalls running Checkpoint Firewall 1 in failover mode.  Implemented Cacheflow reverse proxy to accelerate SSL connections and further protect the DMZ containing public webservers, DNS servers, external mail server.  Implemented an additional Cacheflow server to proxy web requests for the internal and security network zones.  Implemented a RedHat Linux server running Snort IDS sensor to alert on suspicious activity. Jan 02 – Mar 03 Schlumberger: Canary Wharf, London Contract Network/Security Design Engineer Contracted to audit, design, implement and support a new extranet firewall design to migrate existing Spanish SEMA sites to Schlumberger corporate network. • Assigned to Spanish SEMA sites to network audit 3 branches, Madrid, Barcelona, Bilboa, • Produced high level and low level network designs and schematics • Designed extranet firewall solution to migrate existing SEMA data centres to be managed remotely via Schlumberger HQ in Houston • Installed and configured new Cisco 7206 VXR routers in all 3 sites • Installed and configured new SUN Netra firewalls running Solaris 8 securing the OS for firewall purposes • Configured Checkpoint NG FP3 • Installed and configured Cisco 2621 routers for Network Address Translation • Installed and configured GRE Tunneling on Cisco 3640 for management purposes • Reconfigured DNS to reflect changes to web and mail servers. • Updated network designs and schematics, and handed over to support. |