My Project - Consulting - 2008 - 2011

PCI Consulting for International banks - Acquirer, Issuer, gateways, investment houses, mobile services providers, e-commerce companies. Provide input and suggestions to mitigate risk, gaps, encryption, security and defense in-depth.
Projects and tasks such as Gap analysis, data flow mapping, PCI scope review, business process review, IT/IS policy and process review, Network Security and Architecture reviews, Vulnerability and application assessments, consulting services and writing reports (Gap analysis, infra audits, audit input on ROC report, various assessment reports). Explaining the impact of risk or threats in a practical manner to stake holders and directors was vital for them to make strategic decisions on action plans and initializing projects. Our deliverables were mostly PCI and best practice compliance related with risk-based approach, to point out quick wins and strategic longer-term projects. Most of the time we also had to give guidance to clients related to security threats, risk, policies implementation and security best practices.
Penetration testing – Infrastructure and web application portals (in-depth technical review of applications and report writing) preparations, defining scope, limitations, methodology, coordination and communication. (OWASP)
Qualitative Vulnerability and risk assessments: workstations, servers, infrastructure, protocols, networks and physical environments.