-
Resume of Siva Ram (CISA, PCI QSA, PA QSA)
Information Security Professional
A seasoned Information Security professional, I have been in the security industry since 2001 and have 5 years of prior web and client/server application development experience. I have worked with a wide variety of industries including financial services, manufacturing, e-commerce, healthcare, energy/utilities, education and others.
I started and managed the application security/PCI compliance practices at two organizations previously and have extensively interacted with clients (management and technical) and managed vendor and client relationships.
My experience includes performing penetration tests and vulnerability assessments, developing secure coding guidelines and delivering security training in addition to performing PCI-DSS and PA-DSS assessments.
Certifications
Certified Information Systems Auditor (CISA)
PCI Qualified Security Assessor
(PCI-QSA)PA Qualified Security Assessor
(PA-QSA)IBM Certified Specialist (IBM Rational AppScan)
Skills
Policies, procedures and processes
Managing services, consultants and client relationships
PCI DSS and PA DSS assessments
Vulnerability assessments and penetration testing
Verbal and written communication
Professional Experience
Manager – Security Services and Compliance, SPIguard Security Solutions, Inc.
December 2009 – Present
I manage Security services and the PCI DSS/PA DSS compliance practices at SPIguard, which includes managing the consulting team, services and delivery for clients. My role requires close interaction with both technical and management client personnel through all stages of the engagement.
In addition to performing PCI assessments and PA DSS validations, I am also managing the development of several online products.
Achievements
- Added new security services to the company’s portfolio.
- Doubled revenues by streamlining processes, increasing client satisfaction and response times.
- Created and refined processes for performing PCI and PA DSS compliance verification efficiently.
- Created and delivered PCI DSS and PA DSS awareness courses.
- Designed online tools for managing ongoing PCI compliance management.
- Delivered presentations on security topics at industry events.
- Redesigned the company website and made it easier to use, apart from other internal improvements.
Co-Founder/VP Services, AppSec Consulting, Inc.
May 2005 — December 2009
My primary responsibility was managing engagements and ensuring on-time/on-budget service delivery. I was also responsible for identifying what services to deliver and create processes and procedures for successful delivery of those services. Another significant responsibility was managing the training practice; developing and delivering security courses for web application developers and QA engineers. I designed and developed an online platform to deliver training that is still in use.
I also performed penetration tests, vulnerability assessments and security certifications in addition to PCI DSS assessments.
Achievements
- Set up the application security practice (primary business).
- Set up and managed the company’s infrastructure for the first 4 years of the company’s existence.
- Identified and implemented cost saving measures which were very important to a self-funded start up company.
- Set up and managed training services. Developed and delivered training courses for clients. Managed the conversion of all courses to online format for scalability.
- Designed and developed a Learning Management System (LMS) to host online training courses. Features included user tracking and reporting, bookmarking, auto-resume and automated registrations.
- Designed and managed development of an online application that enabled clients to verify skills of contractors and employees. Features included randomized questions and customizable tests.
- Refined methodologies for performing security testing engagements.
Sr. Security Consultant, Port2Web/SiegeWorks
December 2001 — April 2005 (3 years 5 months)
I contributed significantly to starting and building the application security practice at SiegeWorks. My responsibilities included performing penetration tests and vulnerability assessments for various Fortune500 clients. Since the application security practice was new at SiegeWorks, I also created all related procedures and checklists. Many of my engagements involved creating platform specific secure coding guidelines and standards. I also developed and delivered courses on secure web application development for developers. Part of my responsibilities involved identifying security tools and evaluating them.
Achievements
- Created procedures and processes associated with performing penetration testing and vulnerability assessments.
- Created checklists for providing security certifications to clients’ software.
- Standardized threat modeling and vulnerability rating methods to promote consistency.
- Designed an online asset management system and oversaw development.
- Spoke on web application security at various industry events.
Sr. Software Engineer, ITC, IT Solutions
July 1996 — December 2001 (5 years 6 months)
I developed client-server and web applications on various platforms. Clients included Honeywell, Ingersoll, and Providian. The applications included online credit card approval and credit card monitoring systems, order entry and asset management systems. I performed code-reviews to identify performance bottlenecks and security issues. I also helped develop a hotel management system that was sold as a product.
Education
I have a Bachelor’s degree in Computer Science and a Master’s degree in Computer Applications
Interests
My interests include security, technology, electronics, computers and software. I am also interested in martial arts and am training in Aikido, a Japanese martial art.