SKILLS MATRIX AT THE BOTTOM OF THE CV

Anish Bhagoria
#H. No. 21-22 Email: anish.bhagoria@gmail.com
U-6, DLF Ph-3, Gurgaon, Haryana : +91 9971004068

Objective

Seeking higher level assignment in Information Security domain in a heterogeneous environment and provide
positive contribution and value addition to organization.

Summary

IT Professional with 10 years of experience in Information Security Domain.

I have been a part of several Information Security projects, performed assessment and evaluation of
information security policies against ISO 27001:2013, ITGC control testing, Vendor Risk Management,
Cloud Security Audits, Vulnerability Assessment/Penetration Testing, SSAE 16 audits to assess the
design and operational effectiveness of controls for various clients and Cyber Security Assessment.

Education
Technical
CEHv7 Certified in Ethical Hacking
CHFI Computer Hacking Forensic Investigator
CCSA Check Point Certified Security Administrator
MCPS Certified in McAfee ePO 4.0

Academic
B. Tech (Electronics & Communication) Punjab Technical University

Technical Skills

SOX testing and SSAE 16 Review

Cyber Security Assessment
Vendor Risk Management
Cloud Security Audit
Firewall and VPN Audit
Network and Architecture Review
Application Security Risk Assessment
Firewall Configuration Review
IT General Controls Testing & Application Control Testing
APT(Application Penetration Testing) in accordance with the OWASP guidelines
ISO audits in accordance with 27001:2013 compliance
FIREWALLS: Cisco PIX, ASA, FWSM, Checkpoint
VA/PT: Vulnerability assessment and Penetration Testing with Nessus, Openvas, IBM Appscan and
Acunetix, Burpsuite, Fiddler, Backtrack, Wireshark, NMAP etc
MAIL GATEWAY: Trend micro IMSS, IWSS, SMEX and TMCM
IDS/IPS: Management of CISCO IDM and IPS and SNORT
PROXY: Bluecoat proxy
ANTIVIRUS: McAfee ePO as well as Virus Scan Enterprise
SIEM(Security Information and Event Management): Alienvault OSSIM (Open Source Security
Information Management) Device
OS: Windows and Linux (Debian and Ubuntu)
AD Management (Microsoft)
 Others: Worked on VMWares, VMBox, VPN (IPSEC, PPTP, L2TP over IPSEC), PKI, Certificate Management

Organizational Contour
April 2016 - Current

Position : Manager Information Security

Project : Publicis Groupe
Description Managing Vulnerability Management & Cyber Security Incident Team
Highlights

Performed Vulnerability Assessment and Penetration testing for various clients. Conduct pre-Go live
security assessment of the portal to provide comfort to the management on the robustness of the
security and application controls
Identify threats and responsible for their remediation as well. Drafted remediation plans, and prepared
report highlighting the severity rating of the vulnerabilities
Performing Automated & Manual Black Box Security Testing which includes Penetration Testing (PT) and
Vulnerability Assessment (VA) as per the OWASP and OSSTMM standards and also by following the
industry best practices
Interaction and coordination with customers to explain and mitigate security assessment findings.
Vulnerability Assessment and Penetration Testing using Nexpose and Metasploit professional
Handling cyber incident and cyber forensic investigation

Preceding Assignments
July 2014 - March 2016 with Ernst & Young

Position : Senior Security Consultant

Project : Global Customers
Description Currently deputed as Senior Consultant.
Highlights

Have onsite experience of Kuwait, Saudi Arabia and Ireland for Security Architecture Review and Cyber
Security Assessments.
Handled IT Internal Audit, Process risks, Process compliance and reviews, SOC Reporting SSAE 16
specifically SOC2 testing, control mapping, Standard Operating Procedures manuals
Conduct a gap analysis by comparing companys policies against leading industry frameworks such as
NIST CSF, ISO / IEC 27001-2013, Federal Financial Institutions Examination Council (FFIEC), AICPA
Trust Services Principles and Criteria for Security, Reg SCI, Archer GRC technical controls standards
(ATS), EU Annex 11, GAMPv5, FDA General Principles for Software Validation, FDA 21 CFR Part 11,
MHRA Data Integrity Guidance, NIST 800-53, OCEG Redbook, ITILv3 - Information Technology
Infrastructure Library
Reviewed / re-performed Internal Audits testing of controls and performed Independent testing of
controls as part of evaluation of operating effectiveness of controls for SOX compliance for IT,
Healthcare, Entertainment sectors
Vendor Risk Management questionnaire preparation and assessment
Design and Assessment IT Security Architecture for Enterprise Networks
Application Control and Security Review
Conducting an in-depth review of the IT security posture of the clients Infrastructure
Technical Security Review and Risk Assessment for IT Infrastructure
External Attack and Penetration Tests and Internal Vulnerability Assessment for IT Infrastructure
Technologies
Extensive experience in various aspects of IT Governance, Risk, Compliance and Security including IT
Project Risk Management, Information Risk Management, Information Security Management System,
Business Continuity Planning and Disaster Recovery, Attack and penetration testing, Operating System
 and Database Security, Network Security, Security Configurations review and Vulnerability Assessment
and System Administration
Information Security Management Systems based on ISO 27001 Design and Implementation
Firewall and VPN Audits

Nov 2010-July 2014 Sapient

Position : Senior Associate Infrastructure

Project : Citigroup and Global Security Office
Description Currently deputed as VA/PT Tester
Highlights

Performed Vulnerability Assessment and Penetration testing for various clients. Conduct pre-Go live
security assessment of the portal to provide comfort to the management on the robustness of the
security and application controls
Identify threats and responsible for their remediation as well. Drafted remediation plans, and prepared
report highlighting the severity rating of the vulnerabilities
Responsible for creating procedures to provide pro-active monitoring of the network security
infrastructure of the customers
Reporting & Analysis of the real time as well archived data for the customers based on the respective
SLA's
Performing Automated & Manual Black Box Security Testing which includes Penetration Testing (PT) and
Vulnerability Assessment (VA) as per the OWASP and OSSTMM standards and also by following the
industry best practices
Managing and Monitoring OSSIM SIEM
Interaction and coordination with customers to explain and mitigate security assessment findings.
Exposure in implementing and managing SIEM solutions, Incident Monitoring and Reporting Procedures,
testing and fine tuning of correlation rules, preparing daily, weekly and monthly reports etc.
Vulnerability Assessment and Penetration Testing using Metasploit
Managing customer's entire network security infrastructure remotely
Responsible for creating procedures to provide pro-active monitoring of the network security
infrastructure of the customers
Handling cyber incident and cyber forensic investigation

June 2008-Nov 2010 HCL COMNET

Position : Specialist Network Security

Project : Exide Technologies
Description Deputed as Security Specialist. Managing and providing input on Security
Implementations.
Highlights

Managing customer's entire network security infrastructure remotely

Responsible for creating procedures to provide pro-active monitoring of the network security
infrastructure of the customers
Provide suggestions for enhancement of Client's existing network as per best Practice recommendations
Managing and monitoring customer's entire network security infrastructure remotely which includes
Reporting & Analysis of the real time as well archived data for the customers based on the respective
SLA's

July 2007-June 2008 IDS InfoTech Limited

Position : Technical Support Engineer

Project : SECURE COMPUTING-MINNESOTA, USA
Description Secure Computing provides Internet security appliances and software solutions that
proactively protect enterprises, large and small, against all manner of email and Web
threats: viruses, spam, malware, identity theft, network intrusion, regulations and
compliance risks
Highlights

Handling all the end users of the company based in US, UK and AUSTRALIA mostly via phone and email
Support included all the critical issues of Virtual Private Network, Firewall related issues and Network
Connections of all types
Taking care of the open source Linux operating system (platform) on which the firewall was based.
Handled issues over the VOIP phones-their Quality over Service property, Wireless-Access Point,
Network Address Translation and PPTP-IPSec-L2TP VPN cases

Sep06-Jul07 TULIP IT SERVICES LIMITED

Position : Network support engineer
Highlights

Ensuring the smooth functioning of the network

Site Survey of New Site
Troubleshooting and configuration of Cisco and Huawei routers
New link installation of RF devices like Radwin, Maksat, SPR, BSR, Infinet, Firepro etc.
Overseeing Tulip Wireless Network

Personal Details

Date of Birth 15th Mar 1984

Marital Status Single
Languages Known English, Hindi, and Punjabi
Passport Available

Place: Gurgaon (Anish Bhagoria)

Date:

Skill Matrix for Infrastrucutre Security

Total Years of Security experience 10

Years of experience in Vulnerability Management 8
Years of experience in Data Loss Prevention 3
technologies
Years of experience in Anti-Malware, Malware Analysis
and Anti-Virus 4
Years of experience in EndPoint Security 6
Years of experience in Cyber Incident Response 6
Years of experience in E-mail Protection, Server
Protection, Network Protection 8
Years of experience in Server Protection, Network
Protection 6
Years of Team Management experience 6

Desired Candidate
Skill/Experience Scale Score
Technical Skill
Infrastructure architecture Assessment 7 7
Vulnerability Management and Assessment 7 9
Compliance Reporting and Assessment 7 7
Peneration Testing 5 9
Spam Management 7 9
Web filtering Administration 5 5
Rogue Software Management 5 7
Security Consultancy to Projects 5 9
Cyber Incident Response 7 9
Vendor Engagement and new product POC 7 5
Vendor Risk assessment 7 8
Non Standard Software Management 7 7
Security assessment of RFI/RFP vendor response 7 7
Developing Security Startegy 7 7
Soft Skill
Excellent Communication Skill 8 9