Tuesday, September 2, 2014
A seasoned Information Security professional, I have been in the security industry since 2001 and have 5 years of prior web and client/server application development experience.
Currently, I work for a major bank as an Information Security Manager, performing risk assessments on global banking applications and also manage a team of security engineers spread across multiple countries.
I started and managed the application security/PCI compliance practices at three organizations previously and was a co-founder of a security services company, based in California. I have worked with a wide variety of industry verticals including financial services, manufacturing, e-commerce, healthcare, energy/utilities, education and others.
My experience includes developing security policies, procedures and processes, performing penetration tests and vulnerability assessments, developing secure coding guidelines and delivering security training in addition to performing PCI-DSS and PA-DSS assessments. I have developed and delivered training courses on finding web application vulnerabilities and building secure web applications. These courses are also delivered online, using software that I designed and built.
I am a Certified Information Systems Auditor (CISA), ex-PCI Qualified Security Assessor (PCI-QSA), ex-Payment Application QSA (PA-QSA) and an IBM Certified Specialist (IBM Rational AppScan).