- Attached to the Application Security Delivery Domain.
- Primary focus is to implement new strategies and projects for the department.
- Function includes , implementation of Resource Provisioning whereby the workflow design is around the access of users based on the information from the Human Resource Database. Provisioning rules will be set based on the access roles and departments users belongs to.
- End results, will reduce the need for manual access provisioning to be granted to users and eliminate granting of excessive rights.
- The overall workflow design and process flow will need to be identified and configured before the implementation of access provisioning. Involves identifying the risks and implementing mitigation plans to ensure that these risks are adequately controlled.
2008-2014 : SENIOR SECURITY ANALYST
Penetration Testing (Infrastructure Vulnerability and Application Vulnerability)
- Managed the Infrastructure Testing, carried out for all the perimeter network in the Bank (DMZ). This is done by assessing the network components and configurations to ensure that the Banks Network Boundry is operated securely. This will include the compliance to standards already set, benchmarking against industry Standards. The risk will be tracked with the various teams in the bank to ensure the risks are mitigated.
- This project is implemented to ensure cost savings to the bank without compromising security functions.
- Instrumental to ensure the process and procedure is clearly defined and there are no operational issues. Over 500 devices are tested to identify security weakness that may compromise the infrastructure and the application hosted. Security risk assessment is performed to identify the potential risks and present this to the business.
- Responsible for monthly dashboard reports to be presented to higher management on the status of the Infrastructure and Applications.
- Key Risk Indicators are highlighted for actions to be implemented to mitigate these risks.
Experienced in Risk and Compliance to identify and evaluation of signification exposures on environment, process and projects for stakeholders. Working on Audit Remediation program to ensure critical systems risks are mitigated to reduce exposure to external exploits.
2007-2008 : VULNERABILITY MANAGEMENT
Part of the Vulnerability Management team in Group Information Security. The vulnerability assessment is identified and tracked for various operating systems. Compliance issues are addressed to ensure the integrity of the policies and standards. I am response to conduct the Security Acceptance Test for new AS/400 servers added to the Banks Application System. In addition to that I am also responsible to conduct the periodic Security Verification Test for all AS/400 servers to ensure that the servers are compliant to the Banks Standards.
2005 - 2007 : SECURITY ANALYST
Supporting AS400 Platform.
Role involves providing support for the user administration of the AS400 server, conducted security verification tests to ensure that server is compliant to standards. Work with first level support group to manage any customer problems and requests.
Manage the administration functions of the AS400
To ensure that only authorized persons are allowed access to the system. Streamline the security systems and process to gain efficiency and comply with standards.
Provide reporting to management on state of security compliance of operating system. Provide on call support to resolve problem reported during office and non office hours.
2003 - 2005 : MANAGER, IT SECURITY SUPPORT
- Manage a team of 18 staff on User Administration of the IT Security Department. This includes the team that manages the Access Request for the various applications used within the Bank.
- Responsible to manage the Problem Management team who will manage the status of account, resetting of passwords.
2001 - 2003 : USER ADMINISTRATOR, IT SECURITY SUPPORT
- I was in the team which manages the User Administration of various applications used in SCB Malaysia. This includes managing the Access Request and also Password reset request.
September 2013 - Application Vulnerability Test
- Managed the Application Vulnerability Test for all Internet Facing Applications that was rolled out in the Bank. This was initially contracted with vendor and the project was undertaken to implement the Application testing with internal resources on a monthly schedule.
- Worked with various domain stakeholders from Business and IT to understand the process flow of applications and project development process. Various software's was sourced out and Proof Of Concept was done. The AVT was finally an on-going process done internally and implementation was done in September 2013
June 2013 – Infrastructure Vulnerability Test
- Implemented the Infrastructure Vulnerability Testing for all the network perimeter devices within the Bank. As these tests were carried out on-site with vendors, a project as initiated to design the workflow to carry out these tests from a single remote site. These involved understanding the network design and working with respective stakeholders to analyse and design a process flow that can complete the required test without any impact to the infrastructure.
- Over 60 Infrastructure Gateways and 500 devices were to be tested for vulnerabilities and report to management was submitted to indicate the status of the Infrastructure. This included reviewing the Sans Top 25 vulnerabilities and the OWASP Top 10 vulnerabilities.
2003 - Resource Provisioning Tool
- To ensure that access is accounted for all systems and services in the Bank. This involves collection of data andbuilding a database that will hold the various applications used in the Bank and the list of authorised users.
2002 – Transition Project
- Transition Projects for Singapore, Thailand and Indonesia. I was responsible to understand the workflow and process of administration for these countries and migrate the job functions to the service centre in Malaysia.