Home

Resume

Reviews

Fundraiser

Events

Speeches

Publications

Media

Videos

Contacts

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

About Kieran Upadrasta

 

Education & Experience

 

Honours & Awards

 

Memberships & Associations

 

Inspirations

 

 

 

 

 

 

Curriculum Vitae

 

 

Objective

 

To support excellence in the field of information security by combining broad technical ability and continuous research

with initiative, creativity, strong verbal/written communication skills and business proficiency.

 

Summary

InfoSec Researcher. Cyber Security, Governance, Risk & Compliance Consultant. CISSP, CISM, CRISC qualified. Cyber-Defence taskforce member.

University Gold Medallist. Policy Advisor. Expert Witness.

 

Over Nineteen years' experience of business analysis, consulting, security architecture, assessments, threat analysis and risk management

Expert in Incident response, Crises management, Critical and Major Incident Management (MiM), Stakeholder engagement, mapping requirements and management

 

Areas of expertise

 

 

 

• Information Security governance - COBIT
• Risk management - SARA, SPRINT
• Threat management - Arbor SP Peakflow, TMS, 'DDOS mitigation', Akamai Kona Site defender, Siteshield
• Vulnerabilities management -Qualys, ISS, Nessus, Foundstone
• Security architecture - HLD & LLD creation, Enterprise architecture - TOGAF
• Firewalls, IDS, IPS - Checkpoint, McAfee, Cisco, Juniper, ISS, Snort, Sourcefire, Web Application Firewall (WAF)
• Vpns, IPsec Site to site, Client to Site, PKI, Endpoints - Safe boot, Pointsec
• Cryptology, Digital watermarking, Crypto analysis, Steganography, Encryption
• Proxies, Content filtering - Bluecoat, ISA server, Finjan, Cisco Ironport, Websense
• Payment card industry data security standard (PCIDSS)
• IT Audit, Arcsight insight, Skybox security (SOX)
• SIEM : Arcsight ESM,IBM Qradar, Splunk, LogRhythm, RSA Security Analytics, Archer eGRC, Envision
• Information security management systems ISO27001
• Policy standards & framework
• Identity and access management (IAM)
• Advanced Persistent Threat (APT) & User behavior analytics (UBA)
• Law, Regulatory, Investigations, Compliance - HMG Law, Safeharbor, Computer Misuse, Data protection act, International Privacy Legislation

• Past work experience with Financial Conduct Authority (FCA) & the Prudential Regulation Authority (PRA)
• Past work experience with quite few security agencies

 

 

 

 

Qualifications

CISSP, CISM, CRISC, CCSP, CCSE, JNCIS-FWV, TOGAF,MBA-IT, BEng

Skills

·          Information Security

 

 

Firewalls, VPNS

Checkpoint provider-1 , firewall-1/ NGX/ NG AI/NGX R70/R71,Cisco  PIX, Cisco ASA, Juniper Netscreen, SRX, SSG, ISG series, Bluecoat proxies, Microsoft ISA/ TMG/ UAG Appliances, Cisco VPN concentrator, Cisco wireless

 

Secure Client

IKE – FWZ – UDP encapsulation – IKE over TCP – single / multiple entry points

 

NAT

Internal-to-Internal (dual hide NAT) – Multi-Interface – IP pooling

NAT of Inbound vpns – NAT of Inbound secure client users

 

IDS, IPS, Anti-DDOS   

ISS Real secure, Snort, Sourcefire, ISS site protector, Idefense, ISS Real secure,                   

Proventia IPS, Qualysguard, Cisco IDS, McAfee Foundstone IDS. Arbor Networks

Peakflow, Mu dynamics, Toplayer, Archer threat management, Arcsight, SIEM, Skybox policy compliance, hardening systems, Microsoft WSUS

 

Data Communication Encryption

ISAKMP (IKE)  – IPSEC – FWZ -SSH – PKI (PGP) – S/MIME – RSA – DES -AES – PPTP Tunneling w/NAT

 

Data Storage Encryption

PGP, McAfee Safeboot, Pointsec

 

Device control              

Reflex Disknet Pro , Smart line devicelock

Authentication

User – Client – Session – RADIUS – LDAP – S/Key – IKE

 

Resources/Proxies

Kernel URL logging – HTTP, SMTP, FTP security servers – Connect control

 

Auditing

Rule base security audits – Log audits – Integration – Performance tuning

 

Reverse Engineering

Objects File – Rulebases

 

Vulnerability Scanners

 

Network /Applications: -

ISS Internet Scanner 6-7.x – NAI cybercop Scanner – Nmap – Nessus, ISS site protector- ISS enterprise scanner - Sara - Nmap

Web Application: -

Whisker, Watchfire, Cenzic, SPI Dynamics including input validation, SQL injection, cross-site scripting, buffer overflow, etc.

Database: -

Dbprotect, Appdetect, NGSS

Source Code:-

Fortify, Ounce, Coverity, Klocwork, prefix/prefast, Findbugs, Fxcop

Framework

ITIL, OWASP

Security Tools

Wrappers – Ethereal – Tripwire – McAfee EPO – WSUS-RSA envision

 

·      Networking

Protocols  

TCP/IP, UDP,ICMP, IGMP and routing protocols (RIP, IGRP,OSPF,EIGRP, BGP)

 

Tools & Technologies            

IP addressing, IP sub-netting, VLSM, Layer 2, 3, 4 switching &routing, VLAN’S, VTP, STP, ISL, VRRP, HSRP SNMP,SMTP, RAS, RADIUS, TACACS, 2 factor authentication, wireless, SSL VPN, single sign on,  remote access servers, terminal servers, Ipass, Citrix, PC anywhere, SSH, VNC, remote control programs and remote admin tools

 

Work Experience

 

July 2016 – Present                  Cyber Security Architect                                                                        Cyber Security Consulting Group

                                                                                                                                  cybersecuritycg.co.uk  

Cyber Security Consulting Group is a managed services provider, consulting firm and I am currently working at a financial services client place

·         Providing consultancy security expertise on business projects including Information security governance, security awareness, compliance,  policy standards & framework, mobile security architecture - HLD and LLD creation, technical domains including information protection, Identity and access management (IAM), working with cloud providers (saas, paas, iaas), consumerization, collaboration, endpoint control, mobile computing, virtualization, network, process automation systems, application security, business continuity & disaster recovery planning (BCP & DRP), Incident management and response

 

·         Architectural Concepts & Design including Cloud Data Security, Cloud Platform & Infrastructure Security, Cloud Application Security, Operations, Legal & Compliance. Using Cloud technologies in a variety of different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community). Ensuring the delivery of cloud security and automation activities through the concepts of Infrastructure as Code (IAC), Security as a Service as well as integration into existing monitoring and service management tooling. monitoring and performance tuning of deployed applications on AWS

 

·         Delivering the architecture strategies, patterns and roadmaps and that map to the IT Vision, Strategy and Transformation Roadmaps for Infrastructure Security Technologies.   Defining the activities, investments and decisions required to deliver against the target

 

·         Managing small to enterprise IT Cyber Security, mobile security architecture, framework and standards, such as TOGAF, ISO27001, ITIL, HMG, OWASP, Payment Card Industry Data Security Standard (PCIDSS) standards implementation and auditing, risk identification, risk assessment, risk evaluation, risk mitigation, risk response, risk monitoring in 'e business' environment.

 

·         Design, implement, administer, monitor and troubleshoot of IT infrastructure, Crossbeam X series, Nokia IP130, IP260, IP330, IP350, IP440, IP530, Splat, Checkpoint FW1, NG AI NGX / R60 / R70/R71, VSX on UNIX, Provider-1, Cisco Pix, Juniper NetScreen firewalls, NSM, Security Threat Response Manager (STRM), RSA Envision, RSA Security Analytics Cisco ASA, Cisco ACS, Cisco Security Manager (CSM), Firewall services Module (FWSM), Microsoft ISA 2006, Cisco Secure client, Checkpoint Secure client, VPN (IPSEC, SSL based, site to site and client to site), Cisco VPN Concentrator, CS-MARS, VRRP, QOS, Bluecoat proxy, Websense, Finjan, Mail sweeper, Ironport, Clearswift, Content Filtering , SIEM, Anti-DDOS , Cisco VPN Concentrators, Cisco wireless, Intrusion detection/prevention systems (ISS real secure IDS/IPS, CISCO IDS, Snort, Sourcefire), Arbor Peakflow, MU dynamics, top layer, Cisco Guard anti DDOS, ePolicy Orchestrator 5.1

 

 

 

July 2006 – June 2016                                         Cyber Security Architect                                                    http://www.novaitconsulting.com

 

·         'Nova IT Consulting' is a consulting, IT services and technology company and I have worked onsite at clients places Co-Operative bank, RBS, Santander. Responsible for leading investment bank IT infrastructure in terms of seven million pounds budget size of complex technical projects management, consulting, design, Implementation, troubleshooting, support, and hands on delivery.

 

·         Providing consultancy security expertise on business projects including Information security governance, security awareness, compliance,  policy standards & framework, mobile security architecture - HLD and LLD creation, technical domains including information protection, Identity and access management (IAM), working with cloud providers (saas, paas, iaas), consumerization, collaboration, endpoint control, mobile computing, virtualization, network, process automation systems, application security, business continuity & disaster recovery planning (BCP & DRP), Incident management and response

 

·         Architectural Concepts & Design including Cloud Data Security, Cloud Platform & Infrastructure Security, Cloud Application Security, Operations, Legal & Compliance. Using Cloud technologies in a variety of different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community). Ensuring the delivery of cloud security and automation activities through the concepts of Infrastructure as Code (IAC), Security as a Service as well as integration into existing monitoring and service management tooling. monitoring and performance tuning of deployed applications on AWS

 

·         10+ years’ experience on following cloud security areas

ü  Cloud Security Basics and Common Cloud Security Mechanisms

ü  Cloud Security Threats and Threat Categorization Methodology

ü  Identification and Treatment of Common Threats

ü  Securing Network Connections and Cloud Authentication Gateways

ü  Collaborative Monitoring and Logging, Independent Cloud Auditing

ü  Cloud Identity and Access Management Patterns and Supporting Mechanisms

ü  Federating and Enabling Secure Interoperability among Cloud Consumers

ü  Trust Assurance Patterns and Supporting Mechanisms

ü  Trust Attestation and Establishing Trustworthiness

ü  Cloud Service Security Patterns and Supporting Mechanisms

ü  Virtual Machine Platform Protection Patterns

ü  Considerations for Setting Up Secure Ephemeral Perimeters

ü  Trusted Cloud Resource Pools and Cloud Resource Access Control

ü  Permanent Data Access Loss Protection and Cloud Data Breach Protection

ü  Isolated Trust Boundaries

ü  The Attack Lifecycle and the Security Lifecycle

ü  Proactive Mitigation vs. Incidence Response

ü  Threats, Vulnerabilities, Impacts from Exploitation

ü  Threat Modeling, Threats and Mitigations

 

 

·         Involved working on large transformation projects and Strong understanding of system development methodologies (classic waterfall and agile methodologies) and how security can be engineered within them.

 

·         Five years’ experience on AWS designs. Designing and deploying dynamically scalable, highly available, fault tolerant, and reliable applications on AWS.  AWS services to design and deploy an application based on given requirements, Migrating complex, multi-tier applications on AWS, Designing and deploying enterprise-wide scalable operations on AWS, Implementing cost control strategies

 

·         Delivering the architecture strategies, patterns and roadmaps and that map to the IT Vision, Strategy and Transformation Roadmaps for Infrastructure Security Technologies.   Defining the activities, investments and decisions required to deliver against the target

 

·         Managing small to enterprise IT Cyber Security, mobile security architecture, framework and standards, such as TOGAF, ISO27001, ITIL, HMG, OWASP, Payment Card Industry Data Security Standard (PCIDSS) standards implementation and auditing, risk identification, risk assessment, risk evaluation, risk mitigation, risk response, risk monitoring in 'e business' environment.

 

·           Conduct formal risk reviews and assessments of high security risk applications using the Bank’s IT Risk Assessment Methodology.  Agree risks with internal clients and document these risk assessments.

 

·           Develop risk methodology to address identified risks, placing highest priority on the areas of greatest vulnerability. Vulnerability management - Qualys, ISS, Nessus, Foundstone tools. Conducted SOX, SAS70, ISO27001, TOGAF and HIPPA compliance assessments.

 

·         Seven years of PCIDSS implementation, auditing experience at level – 1 merchant with over 6,000,000 Visa transactions per year with the core principles as follows :

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management program

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy

 

·           Five years’ experience of LogRhythm SIEM design, implementation at financial clients in the city. Looking after

Data Security Analytics, Log Management and Log Analysis, Compliance Automation & assurance with architecturingTurnkey appliances, High availability solutions, Managing WebRhythm remote access.

 

·         Design, implement, administer, monitor and troubleshoot of IT infrastructure, Crossbeam X series, Nokia IP130, IP260, IP330, IP350, IP440, IP530, Splat, Checkpoint FW1, NG AI NGX / R60 / R70/R71, VSX on UNIX, Provider-1, Cisco Pix, Juniper NetScreen firewalls, NSM, Security Threat Response Manager (STRM), RSA Envision, RSA Security Analytics Cisco ASA, Cisco ACS, Cisco Security Manager (CSM), Firewall services Module (FWSM), Microsoft ISA 2006, Cisco Secure client, Checkpoint Secure client, VPN (IPSEC, SSL based, site to site and client to site), Cisco VPN Concentrator, CS-MARS, VRRP, QOS, Bluecoat proxy, Websense, Finjan, Mail sweeper, Ironport, Clearswift, Content Filtering , SIEM, Anti-DDOS , Cisco VPN Concentrators, Cisco wireless, Intrusion detection/prevention systems (ISS real secure IDS/IPS, CISCO IDS, Snort, Sourcefire), Arbor Peakflow, MU dynamics, top layer, Cisco Guard anti DDOS, ePolicy Orchestrator 5.1

 

·         Providing day to day design, support includes firewall rules base change management, VPN, NAT, Anti Spoofing, Troubleshooting, Backups, Checkpoint to Juniper migration, Cisco ASA to Checkpoint migration, Upgrades, Patching, systems hardening, PKI, encryption, cryptology, authentication & authorization systems, DHCP, 3DNS, WINS, SMTP gateways, TACACS, RAS/RADIUS support, RSA Secure ID and RSA Security Analytics support, AAA, traffic analysis, Surf control, security audits, vulnerabilities assessment, ISS Real Secure Site/Desktop Protector, Alteon Switch, F5 BigIP Load Balancers, Anti-virus updates, Bloomberg & Reuters, remote infrastructure support and network monitoring.

 

·         Ten years’ experience of McAfee ePolicy Orchestrator, McAfee Solid Core, McAfee Change Control, McAfee Application Control , configuring Endpoint encryptions, Anti-Malware products such as McAfee Virus-Scan and Sophos Endpoint, Safeboot, Foundstone

 

 

 

Jan’00 – June’2006                           Information Security Analyst                       BAA

Range of Activities: Monitoring

 

·         Assist with the daily monitoring of Information Security to ensure that existing systems and technology comply with the Information Security Policy.  (NT, Windows 2000/2003/XP, AIX, Solaris & OS400)

·         Security policy review, AlgoSec firewall rule compliance, skybox policy compliance, firewall rules base authorizations, monitors the firewalls, host and network-based intrusion detection systems and takes appropriate follow up action (ISS Real Secure, fast Analysis).

·         Carry out periodic review of all current user access with business managers

·         Monitors exceptional/emergency use of supervisor or highly privileged accounts and data management tools.

·         Identifies security violations and escalates them to the information security manager.

·         Assists with monitoring for use of unlicensed software

·         Assists with bi-annual threat and vulnerability assessment and ‘attack and penetration testing’.

·         Assists with periodic physical security checks to monitor compliance with policy.

 

Range of Activities: Projects & Operational work

 

Information Security project work includes:

·         Design, implement, Administer, Monitor and troubleshoot of IT infrastructure, Nokia IP130, IP260, IP330, IP350, IP440, IP530 Checkpoint FW, NG AI on UNIX, Provider-1, Cisco Pix, ASA firewalls, Microsoft ISA 2004, ISA 2006, Cisco Secure client, Checkpoint Secure client, VPN (IPSEC, SSL based, site to site and client to site), Cisco VPN Concentrator, VRRP, Bluecoat proxy, Web sense, Mail sweeper, Ironport, Clearswift, Content Filtering, SIEM, Cisco Guard Anti-DDOS , F5 Big IP load balancers, 3DNS, Cisco wireless, SSL VPN, Public Key Infrastructure, Microsoft Security Update Service (SUS),Intrusion detection/prevention systems (ISS real secure IDS/IPS, CISCO IDS, Snort, Sourcefire), Arbor Peakflow, MU dynamics, toplayer anti DDOS, ePolicy Orchestrator 4.5

 

·         Providing day to day support includes firewall rules base change management, VPN, NAT, Anti Spoofing, Troubleshooting, Backups, Upgrades, OS Patching, Operating System hardening, PKI, encryption, cryptology, authentication& authorization systems, DHCP, DNS, WINS, SMTP gateways, RAS/RADIUS support, RSA Secure ID support, AAA, security audits, vulnerabilities assessment, manual & automated black, ISS Real Secure Site/Desktop Protector, TippingPoint IPS, Alteon Switch Load Balancing, Anti-virus updates, remote infrastructure support and network monitoring.

 

·         Installation, configuration, and administration of operating systems Windows Servers, SCO Unix, and back office products such as MS Exchange Servers, Internet proxies and IIS in both test and production environments.

 

·         Plan, design and implement IP addressing and sub-netting, VLSM, VOIP, Multicasting, catalyst switches, switching using Ethernet, token ring, dialup, ISDN, ADSL, Frame Relay, Point-to-Point, leased circuits, IPLC, X.25 and the following protocols: TCP/IP, IPX/SPX, NETBEUI; routing protocols IP, IGRP, OSPF, EIGRP, BGP

 

·         Install and configure CICSO routers and switches. Implement VLAN’s between multiple switches and figure STP, VTP. Administer routing tables/protocols and access control lists. Configure and administer Voice over IP. Enable Access Control Lists and Network Address Translation

 

Professional Certifications / Trainings

2013

·         Passed TOGAF 9 certification for people program at the TOGAF 9 certified level.

·         Trained on PCIDSS risk acceptance approach, monitoring methodology by controls

 

 

2012

 

·         Trained on following Arcsight ESM Modules

ü     ArcSight ESM Security Analyst (AESA)

ü     ArcSight ESM Use Case Foundations

ü     Building ArcSight ESM Advanced Content for Use Cases

ü     ArcSight ESM Administrator 6 CORR Engine (AEIA) 

ü     ArcSight ESM Advanced Administration

ü     ArcSight Connector Appliance Administration

ü     ArcSight Flex Connector Configuration

ü     ArcSight Enterprise Security Solutions Architecture

ü     ArcSight Logger Administration and Operations

ü     ArcSight Express 3.0 with CORR Engine Administration and Operations

 

 

2011

·         Passed Certified Information Security Manager (CISM)

·         Trained on  following CyberArk products

ü     Privileged Identity Management Suite

ü     Privileged Session Management Suite

ü     Sensitive Information Management Suite

 

 

2010

  • Passed Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Member of Information Systems Audit and Control Association  (ISACA) – London Chapter

 

 

2009

  • Trained on ISS Site protector, ISS real Secure, Sourcefire IDS, McAfee Foundstone IDS
  • Passed Check Point Certified Managed Security Expert vVSX  (CCSE, CCMSE)
  • Trained on Skybox compliance
  • Passed Juniper Networks Certified Internet Specialist (JNCIS-FWV)

 

 

 

 

2008

  • Trained on Sidewinder Firewall/VPN, Microsoft ISA/ TMG/ UAG Appliances firewall
  • Cisco Certified Security Professional (CCSP, CCNA Security)
  • Trained on ISS Proventia IPS

 

 

 

 

2007

 

 

  •  

 

2006

  • Attended Fortigate (Fortinet) security Administrator training In France
  • Cisco Certified Security Professional (CCSP)

 

 

 

 

2005

  • Cisco Certified Network Professional (CCNP ID)
  • Passed Checkpoint Certified Security Expert and Admin vNG AI (CCSA, CCSE)

 

2004

  • Trained Symantec “Intrusion Detection in the Enterprise” course
  • Trained Symantec "Vulnerability Management in the Enterprise" course

 

 

 

 

2003

  • ISS Certified for Internet Scanner and Safe Suite Products

·         Nokia IP Security and High-Availability Training

·         Checkpoint CP2000 Trained

  • Axent Net Prowler IDS Trained

·         Attended  ITIL Foundation level course

 

 

 

 

2001

  • Certified MCSE on Windows 2000 (MCSE)
  • Cisco Certified Network Associate(CCNA)

 

 

 

 

1999         

  • Certified MCSE on Windows NT (MCSE)

 

 

Additional Information

Availability

Flexible

 

MOD Vetting 

Basic clearance, CRB enhanced checks and Security Clearance (SC is expired)                                     

 

Languages

Only English

 

References

Available on request

 

 

 

Copyright 2016 Kieran Upadrasta CISSP, CISM, CRISC. All rights reserved.