
Application Security Architect at Morgan Stanley
London, United Kingdom

Application Security Architect at Morgan Stanley
London, United Kingdom
I am an experienced information security professional who loves the field of information security for its opportunities and challenges. My expertise lies in the domains of security architecture, risk analysis and management, secure software development, application security, network security, penetration testing, compliance and project management.
In my professional career of more than 5 years I have worked for 2 well-known consulting companies, TCS (Tata Consultancy Services) Ltd. and IBM Global Services, and have led teams of various sizes in both these companies. I have consulted for conglomerates, banks, insurance companies, defence organizations, government agencies and other private firms.
I currently hold the CISSP, CSSLP and CEH certifications. I have also passed the CISM exam and am currently awaiting my endorsement process to be complete before I get certified.
1. Security architecture
2. Risk analysis and management
3. Application security / Secure software development
4. Network security
5. Vulnerability assessments / Penetration testing
6. Compliance
7. Project management
(Public Company; ms; Financial Services industry)
April 2010 — Present (4 months)
(Public Company; IBM; Information Technology and Services industry)
August 2009 — January 2010 (6 months)
Portfolio manager for the threat mitigation portfolio of the Security & Privacy team. Primary duties involved client interaction, project management, requirements gathering, security architecture, application and infrastructure security, risk analysis and management, vulnerability assessments (and penetration tests) and selection and training of new recruits in the team.
(Public Company; Information Technology and Services industry)
August 2004 — August 2009 (5 years 1 month)
a. Security Architect / Secure SDLC Expert (Jan 2009 – Aug 2009)
b. Security Architect / Project Leader (Apr 2008 – Dec 2008)
c. Project Leader - Application Security Program (Apr 2007 – Mar 2008)
d. Project Leader - Application Security Center of Excellence (Oct 2006 – Mar 2007)
e. Security Analyst (Feb 2006 – Sep 2006)
f. Developer / Researcher (Aug 2004 – Jan 2006)
I have shouldered a number of responsibilities in my 5 years with TCS. These cover the entire gamut from penetration tests to compliance projects. I have led a number of teams of various sizes during this period.
A brief summary:
1. Security architecture - Evaluations and design of application and infrastructure security controls.
2. Risk analysis and management - Risk analysis, security policies and standards, security awareness and training programs.
3. Application security - Vulnerability assessments (and penetration tests), threat modeling, database security, secure software development, secure change management, source code reviews etc.
4. Infrastructure security - Vulnerability assessments (and penetration tests)
5. Third-party security - Third-party security policies, third-party security audits
6. Regulatory compliance - PCI standards, ISO27001, SOx compliance.
MS (IT) , 2002 — 2004
B.C.A (Bachelors of Computer Applications) , 1999 — 2002
Information security, web technologies, web design, usability, economics, politics, sociology, and new media
ISC2, ISACA, EC-Council