Joined Prudential to project manage and implement improved security solutions as part of a large-scale security programme. Initially this covers secure system baselines, vulnerability scanning/management and operational security process definitions. The project was completed successfully and deadlines were all met.
Security review of systems and producing secure configuration documents and automatic scanning of compliancy
- Security review of systems ranging from Network routers, switches, Operating Systems including Mainframes, Databases Virtual technologies (Citrix Xen and VMWare VSphere), Middleware (IBM WebSphere, Oracle Weblogic)and Web servers (Apache Tomcat, Apache HTTPD).
- Write secure configuration baselines based on best practices (CIS, NIST, DISA, ISO 27001).
- Setup of automatic compliance checking using Tenable Security Center.
Security Process Definitions
- Review of existing operational security processes and identify any gaps from ISO 27001
- Document processes and present to operational teams and business units.