User:Sukhamoy Jana

SUKHAMOY JANA House No-19, B.S.I.D.C, Boring Road,Patna-800013 Mob: +91-9771468339 Email:[email protected]

Certifications

1. ISO 27001:2005 LA 2. ISO 27001:2005- implementation 3. RHCE 4. CCNA 5. MCSE

Key Skills

System architecture and security

Risk Management

Vulnerability Assessments

Security Audit

Network & System Security

Authentication & Access Control

System Monitoring

Regulatory Compliance

System Integration Planning

Multi-tier Network Architectures

Education

Govt. College of Engineering & L.T.; Kolkata B.Tech in Computer Science & Engineering, 2006

INFORMATION SECURITY CONSULTANT Multi-certified Expert in Enterprise Security Strategies, project implementation and governance planning. Best in CISSP domains.

Information Security consultant whose qualifications includes a bachelor degree in computer engineering; detailed knowledge of access management, information security risk management, IT governance, network security, cryptography, environmental security, data center design, security tools, technologies and best practices. More than five years of experience in the creation and deployment of solutions protecting CIA of Information, networks, systems and information assets of diverse companies and government organizations.

CORE COMPETENCIES

• Information Security Audit
• Data / Business / Systems Analysis
• Information security incident analysis
• Major Security Software / Systems Implementations
• Network and Systems Administration
• Policy framing, procedure documentation
• Operational and Procedure Analysis
• Organizational and Strategic Planning
• Process Development and Implementation
• Strategic Technology Planning
• Systems Security/Disaster Recovery/Business Continuity Planning
• Testing / Debugging / Documentation
• Best Security Practices (ISO 27001; COBIT5 etc.)

TECHNOLOGY SUMMARY

Security Technologies: SIEM tools like HP-Arcsight, RSA Envision,CA EMS;System Security;Email Security;FIREWALL; DLP solutions; EMS; Content Filtering; Nessus; BackTrack; RADIUS/TACACS+; Network Security Scanner; SSH; SSL; Socket; Digital Certificates; Anti-Virus solutions ( Symantec, Norton, Trend Micro etc.); Content Filtering; Web Application Security; Backup solutions(Arcsight, Tivoli)

Systems: Unix-Based Systems (Linux, BSD); Windows (all)

Networking: LANs, WANs, VPNs, Routers, Firewalls, ASA, ACEs, Load Balancers, IPS/IDS, TCP/IP(v4 & 6);

Programming:

C, Python, Shell Scripting

EXPERIENCE SUMMARY

National Institute for Smart Government(NISG) Data & Cyber Security Consultant, Dec’ 2013-Present IAP Company Limited for C-DoT, Delhi Information Security auditor, July’2013-Oct’2013 DIT&C, Govt. of Nagaland Network & Security Specialist, May’2012-July’2013 Prithvi Information Solutions Limited

Prayag Infotech H-Rise Limited Network Security Lead, June’2011-April’2012

IT Executive, Oct’2007-Oct’2010

I am an expert in information systems security for multiple clients and employers. Recent Project Highlights:  Infrastructure: Led comprehensive security infrastructure implementation and upgrades (e.g., firewall/VPN upgrades, intrusion prevention, token-based authentication, EMS and remote management etc.) for various small size, medium size and large size organizations.  Information Security Event and Incident Management: I have worked in a lead role for Information security event management and incident handling for several projects include state data center, different applications and database systems. My expertise in SIEM tools like RSA Envision, HP ArcSight and CA solutions.  Risk Management: Protected vulnerable networks following detailed risk assessments. Guided cross-functional teams in the design, validation, acceptance testing and implementation of secure, networked communications across remote sites for several key clients.  Security Audit: Conducted Security Audit for several projects (e.g. CMS, NSDC) to assess status of ISMS readiness and prepared NC lists with recommendation to align with best practices.  Economic Recovery: Currently directing the information security portion of major system implementations linking CSCs, G2C services, G2B services, statewide into shared networks. Devised enterprise security strategies safeguarding information assets and ensuring compliance with regulatory mandates.  Government Sector: Assisted in the development and launch of secure, recoverable and fault-tolerant systems for data access and identity management for several State and Central government bodies.

PROJECT DETAILS Project Name Client Duration Roles & Responsibilities BIHAR STATE DATA CENTER DIT&C, Govt. Of Bihar Dec,2013- Present I have been assigned as Information Security consultant of the core technical group (Composite Team) for managing and maintaining services of state wide MMP projects under national NeGP plan. Consulting information security procedures to align BSDC with ISO 27001:2005. Consultation of different security solutions like EMS(HP ArcSight),DLP, Firewall, IPs/IDS, Load Balancers, Application load balancers. Review of Security policies for BSDC. Validation of ISMS implementation for BSDC. I have conducted Internal security audit for BRAINDC(State Owned Data Center).The task is to find out the gap in implemented security solutions and operations strategy compared to best practices.

I have completed Vulnerability Assessment for a major state application. 

Working on information security strategy implementation plan for state data center. CENTRAL MONITORING SYSTEM C-DOT, DELHI JULY,2013-OCT,2013 Validate security infrastructure, including Firewall, IPS, IDS, ACE, Log management solutions, Enterprise Monitoring System (RSA Envision)and security assessment systems as per standard practices. Internal audit to assess threats, risks, and vulnerabilities from emerging security issues. New Policy framing and review of existing organization’s policies to align with ISO 27001:2005 GAP analysis and Risk assessment for CMS project and making strategic plan for solution architecture I conducted security audit for almost 30 POPs all over the India and the report was submitted to the top C-DoT management with recommendations. NAGALAND STATE DATA CENTER DIT&C, Govt. Of Nagaland JUNE,2011-JULY,2013 Network designing for the Nagaland State Data Centre Network. Advanced security configuration for different security devices like Cisco ACS,ASA,IPS/IDS and HP NSA, Firewall, End point Security solution with Symantec, TrendMicro. Designed and implemented network infrastructure for Corporate and branch offices. VPN configuration for different sites. SIEM product configuration and management for CA EMS. Security audit for SDC. New Policy framing and review of existing organization’s policies to align with ISO 27001:2005 I was a part of the implementation team and played a major role to successfully implement the IT security (network design,configuration of ASA,IPS,ACE.Firewall,VPNs,Antivirus, EMS etc.) infrastructure and made the DC live and the SDC was successfully inaugurated by Hon. IT minister Mr. Sachin Pilot. Last of all I was a major player to successfully Complete FAT for SDC Now SDC is live and running several Departmental Applications like CCTNS,SP SSDG, FTS etc. NAGALAND STATE WIDE AREA NETWORK DIT&C, Govt. Of Nagaland JUNE,2011-JULY,2013 Advanced security configuration for different security devices like Cisco ACS,ASA,IPS/IDS and HP NSA, Firewall, End point Security solution with Symantec, TrendMicro. Worked on HP ArcSight incident handling tool.

I worked on to design the mail security solution for the State Govt. owned Email Server.

I analyzed the SWAN network design and consulted to make the connectivity between all the Horizental and Vertical POPs. I worked on to the connectivity between SDC and SWAN. SWAN is successfully running more than 40 POPs. State Portal & State Service Delivery Gateway DIT&C, Govt. Of Nagaland JUNE,2011-JULY,2013 Periodic review of access management logs. Conduct periodic Security Audit for State Portal . Application monitoring and database transactions log analysis on HP ArcSight. Monitored and maintained physical and logical security access from and to different systems both Windows and Unix. I conducted VA for State Portal(www.nagaland.gov.in)

EDUCATIONAL DETAILS

Exam Passed Subject University/ Institute Year of Passing CGPA/ % of marks Remarks B.Tech Computer Science & Engineering Govt. College of Engineering & Leather Technology 2006 7.94 1st Class Higher Secondary Science W.B.C.H.S.E 2001 84.2% 1st Class Madhyamik General W.B.B.S.E 1998 89.5% 1st Class

ACHIEVEMENTS & ADDITIONAL INFORMATION

• I was awarded with several scholarships for outstanding result in 10th Std. I stood first among boys in Diamond-Harbour subdivision (Dist-South 24 Parganas, West Bengal). • I am holding dual diploma in Tabla. • I love to studyexplore new security technologies and to implement in my projects. • I always look for skill developments. • I love to watch old bengali movies. • I love to listen to musics and like to watch Crime & Thriller movies. Agatha Christie is one of my favourite writer & director. • I love sports and yoga. • I love to carry out responsibilities. • I am proud to be an Indian. My date of birth is 28-11-1981, and I am married.