Anshuman Sharma

Anshuman Sharma

Summary

Professional with 8+ years of experience into Information Security disciplines, ISO 27001 Implementation and Readiness Assessment, PCI DSS Assessments (Gap Assessment, Initial Report on Compliance, Final Report on Compliance and Attestation of Compliance) , Third Party vendor Risk Assessment, Business Continuity Management, Vulnerability Assessment and Penetration Testing, Applications Security Assessments, Databases Audits, Firewall and Network device Audits, Secure Network Architecture Assessment, SoX and SAS 70 Audits, Risk Consulting, Privacy and Control Assurance.

Objective

A responsible and challenging position in an organization that would utilize my experience, nurture my ambitions and give vent to my inquisitiveness to learn and acquire newer skills. Get opportunities for growth based on achievements and to gain comprehensive understanding of the working of the Organization and to contribute to its overall growth.

Work History

Work History
Mar 2011 - Present

Senior Consultant

Verizon

Working as a ‘Professional Services Consultant III (Senior Consultant)' with Verizon Business, since March 2011.

Practice Development & Project Management

  • Working on proposals and doing the effort estimation (costing sheet) for various projects such as PCI DSS assessment & certification, ISO 27001 readiness assessment & implementation , ISO 22301 readiness assessment & implementation, Vulnerability assessment and penetration testing, Application security testing.
  • Aligning appropriate resource based on project requirement
  • Meeting client for new oppurtunities for practice development
  • Managing and mentoring resources for project delivery
  • Participation in project kick-off and closure meetings
  • Managing client escalations and delivery

PCI DSS

Carried out PCI DSS Gap Assessment and issued Initial Report on Compliance, Final Report on Compliance and Attestation of compliance to:

PCI DSS Gap Assessment for:

  • 8 Service Providers in India
  • 2 Merchant in India (Global Merchant)
  • 1 Payment Processor in India
  • 3 Banks (1 in India and 2 in Thailand)

Initial Report on Compliance for:

  • 8 Service Providers in India
  • 1 Merchant in India (Global Merchant)
  • 1 Payment Processor in India
  • 1 Bank (in Thailand)

Final Report in Compliance and Attestation of Compliance

  • 5 Service Providers in India
  • 1 Merchant in India (Global Merchant)

ISO 27001 Implmentation & Readiness Assessment

Implemented ISO 27001 for 2 Banking Clients, 2 IT Clients and 1 B.P.Os which included:

  • Development of Asset Register Development
  • Statement of Applicability
  • Risk Assessment, Risk Management and Risk Mitigation procedure Development
  • Policies, Procedures and Standard Development
  • Baseline documents Development for Server, Databases, Firewalls, Network Devices, Web Servers, etc.
  • Change Management
  • Information Security Manual and Policies Development
  • Disaster Recovery and Business Continuity Implementation
  • Recovery Procedure and Strategies Development
  • Documentation of Corrective and Preventive Action Plan
  • Information Security Awareness and Training

Vulnerability Assessment & Penetration Testing

  • Cert-IN Empanelment for Verizon Business -Consultant and Penetration Tester for empanelment of Verizon Business with Cert India. It involves performing Penetration Testing on Web Applications and reporting more than 90% of vulnerabilities within application along with Proof-of-Concept for exploited vulnerabilities.
  • Application Security Assessment for Leading IT Service Organization - Lead Consultant and Security Assessor for one of the major IT service organization for their in-house application project .
  • Network Assessment for BPO Organization in Financial Sector - Lead Consultant for Network Audit and Penetration testing for an IT/ITES client.
  • Network Assessment for Leading Financial Organization - Conducted internal and external network assessment for leading financial organization.

Manual Configuration Review

 Performed manual configuration review of the following:

  • Network Devices (Firewall, Routers, Switches, IDS, IPS, etc)
  • Web Servers (IIS and Apache)
  • Domain Controller/Active Directory
  • Database Audits (Oracle, SQL 2000, 2005)
  • Operating Systems (Windows, Linux, Unix, AIX)
  • Antivirus (Symantec, McAfee)

 Risk Assessment

Carried multiple risk assessments which includes formulation of Asset Register, Asset Classification, threat and vulnerability identification, likehood of impact and probability of  occurance, based on Industry best practices such as:

  • NIST 800-30
  • OCTAVE
  • ISO 27005

Incident Management Matrix Formulation

Formulated a Incident Managemnt Matrix based on Verizon's VERIS Framework

Nov 2010 - Feb 2011

Senior Consultant

Wipro InfoTech (Wipro Consulting Services)

Key Consulting work executed as follows:

  • Performed multiple Third Party vendor Risk Assessment reviews for Telecom clients based on ISO 27001 and TRAI guidelines.
  • Played key role in developing framework, methodology and templates for Vulnerability Management Lifecycle (VML) service offering.
  • Performed security configuration review and identified gaps against security baselines set by Clients' and leading industry practices; provided technical recommendations to mitigate the risk arising because of the gaps.
  • Developed the Third Party Vendor Risk Management Framework which includes the Pre-Association Checklist, Post Association Checklist, Self-Assessment and Vendor Evaluation Criteria.
  • Documented the ISMS Manual for the client which includes :
    • Establish and Manage ISMS
    • Management Support & Responsibilities
    • Information Security Organization
    • External/ Third Parties
    • Asset Management
    • Human Resource Security
    • Physical and Environmental Security
    • Operations Management
    • Access Control
    • Email Security
    • Network Security
    • Internet Security
    • Malicious Mode Management
    • Information System Acquisition, Development & Maintenance
    • Auditing and Logging
    • Cryptography
    • Data Backup
    • Information Security Incident Management
    • Information Security Compliance Management
    • Privacy & Data Protection
    • Business Continuity Management
May 2008 - Oct 2010

Deputy Manager

Deloitte

Perfomed the following Consulting Projects:

  • ISO 27001 Readiness Assessments and Implementation for IT/ITES and Payment Processor in India
  • Carried out Business Impact Assessments for IT/ITES companies in India.
  • Performed multiple Third Party vendor Risk Assessment reviews for Financial and Banking clients.
  • Played key role in developing framework, methodology and templates for Vulnerability Management Lifecycle (VML) service offering.
  • Executed a number of External and Internal Vulnerability Assessment (Firewalls, Network Devices, Applications, Servers, Databases, etc), Penetration Testing engagements on networks (wired and wireless) and Application Security.
  • Assisted IT/ITES clients in developing Privacy and Data Protection solutions.
  • Performed security configuration review and identified gaps against security baselines set by Clients' and leading industry practices; provided technical recommendations to mitigate the risk arising because of the gaps.
  • Exposure in Cross border data transfer, EU Directives, Safe Harbor, International Privacy Laws and Regulations, IT Act 2008 and associated complexities.
  • Performed SAS 70 Type II audits which include the following domains: Information Security, Problem & Incident Management, Manage Data, Manage Projects, Manage Operations, Manage Facilities, Manage Third Party Services, and Manage Human Resources.
  • Worked on SOX- IT engagements for manufacturing industries. The scope of work includes testing and review of different controls for operation, security and change management domains.
  • Created Hardening of Servers and devices - Windows: Windows 2000 and 2003, UNIX: Solaris, AIX, Linux, Databases: Oracle, MSSQL 2000 and 2005, MYSQL, DB2, Routers and Switches: Cisco, Firewalls: Netscreen, Check Point and Pix, Web Servers: IIS and Apache, Proxies: Squid, IWSS, Exchange Servers: Microsoft Exchange, Hardening of Citrix Servers and Blackberry Servers.
  • Team Management, timely project delivery, working on proposals and new oppurtunities
Jul 2007 - Apr 2008

Security Consultant

Paladion

Performed the following work related tasks

  • Project Management for Staff Augmentation and CISO services
  • Project Management for Security Operations Center (SOC) operations
  • Implementation and Sustenance for ISO/IEC 27001:2005 and BS 25999
  • Gap Assessment and Compliance Audit for ISO/IEC 27001:2005 and BS 25999
  • Network and Application Infrastructure Vulnerability Assessment, Penetration Testing and Information Security Reviews
  • Conducting Risk Assessment and driving closures of identified risks
  • Implementing and operating Business Continuity framework
  • Prepaing dashboards for Senior Management
Oct 2005 - Jul 2007

Network Engineer

HCL Comnet

Performed the following work related tasks

  • Worked extensively on CISCO devices, like routers, switches, firewalls, etc.
  • Created Hardening of Servers and devices - Windows: Windows 2000 and 2003, UNIX: Solaris, AIX, Linux, Databases: Oracle, MSSQL 2000 and 2005, MYSQL, DB2, Routers and Switches: Cisco, Firewalls: Netscreen, Check Point and Pix.
  • Internal Technical Audit as per client requirements
  • Delivered knowledge sharing presentations on ISO 27001, Vulnerability Assessment and Penetration Testing, PCI DSS, COBiT, Privacy, etc.

Education

Education

PGDIT

Symbiosis

Persuing Post Graduate Diploma in Information Technology (only 2 papers and final project is left)

Sep 2010 - Dec 2012

M.S in Cyber Law & Security

National Law University & IMT
Aug 2001 - Aug 2005

B.Tech

Haryana Engineering College

Skills

Skills

Manual Configuration Review

Governance, Risk & Compliance

Privacy & Data Protection

Risk Assessment

Application Security Testing

Vulnerability Assessment & Penetration Testing

ISO 27001

PCI QSA

Certifications

Certifications
Jun 2009 - Present

CISA

ISACA
May 2010 - Present

ISO 27001

SAI Global
Feb 2012 - Present

eCPPT

eLearnSecurity
May 2007 - Present

CEH

EC Council
Jun 2012 - Present

CHFI

EC Council
Feb 2012 - Present

ISO 31000

BSI
Oct 2012 - Oct 2014

PCIP

PCI SSC
Mar 2013 - Mar 2014

PCI QSA

PCI SSC