| Contact Information | |
| Name: | Satish Kini |
| Email: | msatishkini (at) gmail (dot) com [email concealed] |
| Location: | Dallas, Texas, United States |
| Resume | |
| Position/Title: | Application Security Engineer |
| Resume: |
SATISH KINI, CISSP, ITIL(f), CEH 800 W Renner Road, Apt # 2728, Richardson, TX 75080 Cell: 214-708-4252, Home: 972-664-0130 Email: msatishkini (at) gmail (dot) com [email concealed] SUMMARY More than 13 years experience in design and deployment of security solutions, penetration testing and vulnerability assessment, and policy compliance. Diverse in various industry verticals: banking, manufacturing, software, government, ISPs, networking services, etc. Sound knowledge and experience in firewalls, VPN’s, antivirus, anti-spam, host and network-based intrusion detection, security event correlation, network and web application penetration testing, and vulnerability management and auditing with BS 7799 / ISO 27001 Standards Sound Knowledge of Implementing a Cisco router, using SDM for Cisco Router. Expertise in the area of network and web application penetration testing and vulnerability assessments. Avid researcher of application security attacks, vulnerabilities, and best practices. PROFESSIONAL DEVELOPMENT AND CERTIFICATIONS • ITIL Foundation Certificate Exin Certified. Version 2.0, 2007 • SANS Stay Sharp – Mastering Packet Analysis (SSP-MPA) Certificate SANS Institute, 2006 • Certified Ethical Hacker V3 (CEH), June 2005 • Cisco Certified Network Assoicate (CCNA), 2004 • NetContinuum Certified Professional (NCP) Netcontinuum Web Application Firewall, Version 4.1, 2004 • BS 7799-1 Lead Auditor Certification BSI India Limited, 2002 • Certified Information Systems Security Professional (CISSP) Certified since Nov 2001, Cert No. 26423 TECHNICAL TRAINING • Project Management Training Training delved into various aspects of project management, and PMBOK of Project Management Institute. The course satisfies the mandatory 35 hour’s education mandated by PMI for PMP Certification • Watchfire AppScan Product Training Training on capabilities of Watchfire AppScan 6.0 with intension to use the solution in application vulnerability projects. Training included installing AppScan, running scans against hosts, and creating customized reports. EDUCATION Master of Business Administration (MBA) Concentration in Marketing 1998 Newport University, Newport Beach, California, USA Bachelor of Arts (BA) Electives are Economics, Commerce and Marketing 1995 Bangalore University, Bangalore, India PROFESSIONAL AFFILIATIONS • Information Systems Audit and Control Association (ISACA) – North Texas Chapter • Project Management Institute (PMI) – North Dallas Chapter • Information Systems Security Association International (ISSA) – North Dallas Chapter • IT Compliance Institute (ITCi) • Open Web Application Security Project (OWASP) CORE COMPETENCIES Security Products/Applications: Firewalls: WatchGuard, FortiGate, NetContinuum Web Application Firewall, and Symantec Enterprise Firewall, and NAI Gauntlet VPN: WatchGuard, FortiGate and Symantec Enterprise Firewall IDS: Symantec Manhunt, and McAfee HIPS Vulnerability Assessment: ISS (Internet Scanner, System Scanner), Symantec Enterprise Security Manager, NAI CyberCop, Nmap, Retina, NetIQ Vulnerability Manager, Metasploit Framework, Core Impact and Nessus. URL & Application Filtering: Websense SIM Tools: NetIQ Security Manager and ArcSight SIM Web Application Testing: IBM Rational (Watchfire) AppScan, HP (SPI Dynamics) WebInspect, Paros Proxy, Acunetix Web Application Scanner, Tamper IE Tool, Wikto, Nikto, WebScarab, NStalker, Knoppix STD. SECURITY EXPERIENCE • System security auditing & assessment (vulnerability assessment) • Network penetration testing • Web application penetration testing • Anti-spam management • Firewall implementation • Security information management tools for compliance • Virus and intrusion management • Planning, development, implementation and review of information security documentation BUSINESS EXPERIENCE • Planning for information security services and product offerings • Pre-sales support • People management skills • Management of customer and partner accounts • Strong communication, presentation and documentation skills • Good Analytical, problem solving and leadership skills • Organizer and participant in training and awareness events EXPERIENCE February 2008 – Present InfoVision Consultants Inc, Dallas, TX USA Senior Security Consultant InfoVision is a focussed Technology company involved in Application Security, they are affiliated with OWASP, Fortify and Ounce Labs. They focus primarily on Code Analysis and Application Penetration Testing. My role is to do Application Penetration Testing for their Customers or any third-party contractors. Projects: Application Security Testing for a Unix Authentication System Sempra Energy, Inc, San Diego, CA Conducted Application Security testing for a AIX Based Authentication system to identify vulnerabilities. The following tools were used – Core Impact, Nessus, Languard NSS and McAfee Foundstone Superscan. May 2007 – February 2008 Independent Security Consultant, Bangalore, India Security Consultant As an Independent Security professional, i do professional assignments for companies that look for a lower Total cost of Ownership, and good value for their investment. I do assignments in the area of Security Auditing, Penetration Testing, and ISO 27001 Auditing etc. July 2006 – April 2007 EMC Data Storage Systems Senior Security Analyst Responsible for providing security testing for EMC’s Applications. The scope of testing involved application security testing using various frameworks like Metasploit. Testing includes EMC’s Software Products and EMCs Internal Applications. Responsibilities included: • Conducting vulnerability assessments • Performing penetration testing using various freeware and commercial security tools • Conducting tests like SQL Injection and XSS Attacks on EMC’s applications • Responsible for project leadership of all security testing done in India and the Middle East • Developed Penetration Testing Methodology for testing EMC’s applications September 2004 – June 2006 Wipro Technologies Security Consultant Responsible for providing security solutions in the areas of network & internet security solutions, which include SIM-based, perimeter security, intrusion prevention/protection and policy compliance solutions. Responsibilities included the following: • Monitoring Sarbanes-Oxley (SOX) Compliance using SIM Tools • SOX compliance testing using freeware security tools • Conducted vulnerability assessments • Penetration testing using security tools Projects: Security Testing for a Banking Application Washington Mutual, USA Conducted security testing for a banking application. The project involved gathering findings through security analysis and assist the certification team in creating a Certification Final Report (CFR). The following security tools were used: Metasploit Framework 2.5, Core Impact and Nmap. Black Box Application Penetration Testing Bankers Automated Clearing Services (BACS), London, United Kingdom Performed black box application penetration testing for a web-based automated payment system. Role was to use security tools to test the web application and record the findings, so that it could be used in creating a final certification report. The following tools were used Nmap, WebInspect, Wikto and Nikto. Host Intrusion Prevention (HIPS) Implementation Albertsons, Boise, Idaho, USA Facilitated the onsite implementation of McAfee Entercept Host Intrusion Prevention System (HIPS) with upwards of 5000 sensors. Role was to push McAfee agents through management consoles and prepare rollout plans. Sarbanes-Oxley Compliance Testing and Documentation Carrier Corporation, New York, USA Assisted the client’s certification department in testing for SOX compliance. Used the following security testing tools: NetIQ Vulnerability Manager and Security Manager and various open source tools. Also assisted in the creation of a report for the tests conducted. September 2002 – September 2004 Teczacta Consultants Senior Security Consultant • Supervised the security team • Implemented perimeter security solutions (firewalls, VPN gateways) • Conducted security audits • Performed sniffer network analysis • Implemented host and network-based IDS systems • Oversaw the entire technical operations in Bangalore Projects: Security Monitoring Envision Financials, India Client is one of the leading off-shore developers for mutual fund software for US Markets. Designed and implemented a security solution and manage their network 6 days a week (12/6 support). Perimeter Security Implementation and Monitoring Leading Infrastructure Company, Bangalore India Client is one of India’s largest infrastructure companies. Implemented perimeter security, VPN, and anti-spam solutions for their various clients in cities across India. The role included implementation, monitoring and troubleshooting. August 2001–September 2002 Teczacta Consultants Consultant – Enterprise Security Role as a Consultant – Enterprise Security involving the following responsibilities: • Implemented firewalls – Gauntlet NT/ Unix, Raptor NT, WatchGuard • Implemented intrusion detection systems (host and network-based) • Implemented VPN – WatchGuard, Symantec Enterprise VPN and PGP • Conducted sniffer LAN and WAN analysis • Audited firewalls – Symantec, WatchGuard, Check Point, etc. Projects: Network Vulnerability Assessment Leading Swedish Telecommunications Company in Bangalore, India Conducted network vulnerability assessment to identify vulnerabilities on the network. Role also included tune-up of the anti-spam program and ongoing management on a daily basis. Perimeter Security and Host IDS Implementation and Monitoring Leading BPO in Bangalore, India Implemented a host-based IDS Solution (monitoring of host-based attacks),firewall and gateway antivirus solution. Role involved implementation and troubleshooting on a daily basis. 1995 – July 2001 Kinfotech Pvt Ltd Specialist – Enterprise Security Worked as Specialist at Kinfotech involving the following responsibilities: • Implemented Gauntlet Firewall on NT and WatchGuard Firebox • Implemented Cybercop IDS at various sites • Conducted network analysis using sniffer at corporate sites • Audited network using Cybercop Scanner for vulnerabilities • Implemented and Designed a network for security • PerformedY2K and security audits of networks • Implemented a gateway layer antivirus solution • Supported Microsoft and antivirus products |