7/31/2019 Adnan Abbas Information Security Professional

1/3

1

Adnan Abbas

Information Security Professional, [CISM Qualified, ITIL v3F, CobiT 4.1, C|EH, ISO 27001 LA Qualified]

(+92-333-9224853),adabbas.is@gmail.com,http://pk.linkedin.com/in/adnanabbas

Personal Profile Solution oriented information security Professional and strong believer in continuous improvement with 6years of professional experience in operational and strategic IT and Security Management, leadership and

change management in diverse organizations. Have worked in Government Sector and cross-cultural

teams providing guidance and support to Executive management teams and operational management

teams on all IT activities, including design, change and implementation, employee training & awareness

and communications. Also been involved in in-house information security trainings and consulting servicesfor number of projectsand have solid background of delivering services up to the required standard.

Objective Seeking challenging career in Information Security with a progressive organization. Passionate about the

role that the Information Security can play in these times to drive and engage the talent in an organization.

Professional Skills& Competencies

Information Security

Risk Assessment Compliance & Monitoring Policy Design & Review Vulnerability Management Business Process Analysis Security Awareness & Training Conducting Internal Audit and Assessment ITIL/IT Service Management Threat Modeling Application Security Testing

Career Achievements

Establishment, Design & Compliance of Information Security Policies Conducted Risk Assessment based on ISO 27001:2005, ISO 27005 & NIST Conducted Information Security Management Review Meetings of the organization and suggested for

improvement of organizational systems, policies and operating mechanism.

Developed & Conducted Internal ISMS Audits Experience in Information Security management with expertise in:

Governance Technical implementation Technical evaluation & assessment Compliance Management

mailto:adabbas.is@gmail.commailto:adabbas.is@gmail.commailto:adabbas.is@gmail.comhttp://pk.linkedin.com/in/adnanabbashttp://pk.linkedin.com/in/adnanabbashttp://pk.linkedin.com/in/adnanabbashttp://pk.linkedin.com/in/adnanabbasmailto:adabbas.is@gmail.com

7/31/2019 Adnan Abbas Information Security Professional

2/3

2

Professional Experience

Fatima Group of Companies, Lahore as IT Security Officer

Dec 11 to till date

Responsible for GRC (Governance, Risk & Compliance). Analyzing Information Security policies & procedures with a view to improve the overall workflow of the information

systems procedures and processes, particularly focusing on business use.

Conducting Security Awareness Training Programs. Working on implementations of best practices throughout the organization and developing strategies for continual

improvement.

Vulnerability Management using Automated Tool (McAfee Vulnerability Manager) Configured Network Monitoring & Management (Solarwinds NPM and NTA) Secure Web Gateway (PoC of McAfee Web & Email Gateway and WebSense TRITON) Preparing Fatima Group for ISMS Certification Working on Database Security Solution (IBM Guardium) Manage I.T security across the board including physical and logistical security and access control; Monitor and evaluate

VOIP infrastructure, databases, anti-virus controls, password controls, fiber connectivity & WAN, voice traffic security etc.;

Protect corporate IT infrastructure and information from internal & external threats; Verification of authorizations. Responsible for incident management framework, working on Incident management plan and policy. Conduct the internal IT Audit and ensure the compliance.

NADRA, Govt. of Pakistan, Islamabad as Network Engineer Information Security

April 09 to Jan 2012

Responsible for management of Information Security Governance acting as Team Lead. Policies Review: Analyzing Information Security policies & procedures with a view to improve the overall workflow of the

information systems procedures and processes, particularly focusing on business use. Working with technical team, as a

domain expert, for designing and reorganizing the different sections of the information system.

Provide support & deliver metrics to Senior Management and Executives with analysis. Working closely with Higher Management for all initiatives, process and plan enterprise wide Initiated and implemented Information Security Policies and Risk Management Completion of successful audit of NADRA Networks Directorate for ISMS Certification Ensuring systems are operated, maintained, and disposed of in accordance with internal security policies and practices

outlined in the security plan.

Applying security risk assessment methodology to system development to work on threat model development,vulnerability assessments, web application security testing and resulting security risk analysis.

Provide Security Risk Assessment & Compliance Services, IT strategic planning, IT risk management, business processanalysis, information and network security, information systems audits, business continuity management, information life

cycle management and information technology service management.

Conducting Security Awareness Training Programs Responsible for Team development, Motivation and Retention Take part in strategic level Information Security related decisions and work as change agent for Organizational

Development

Working on implementations of best practices throughout the organization and developing strategies for continualimprovement

Punjab Information Technology Department, Lahore as System/Network Admin

Mar 08 to Feb 09

Maintenance and Configuration of LAN/WAN. Conducted Workshops/Trainings/Labs and Intermediate Short Course for Government Employees, E-Government Project. Implementation of various Provincial Projects, monitoring the status and daily reporting.

7/31/2019 Adnan Abbas Information Security Professional

3/3

3

Designing and implementing security tests in accordance with Government stated criteria. System Administration included Antivirus Update, Security Patches, and other security relevant issues.

Emerging Systems, Islamabad as System/Network Support

5th Aug 05 to 31stJuly07

Advising and providing support to staff & management on the operational issues of Linux platform. Coordinate with customers and handle all issues Responsible for Installation/Configuration & Monitoring of Systems/Servers

Al Khair Medical Center as Asst. Prog. & Network Support

1stAug 04 to 1stAug 05

Responsible for Web portal maintenance and updating Worked on Sql Server 2000 and Windows Server 2000

MCS, NUST as Guest Speaker

May 10

Guest Speaker on ITILv3 Foundation Course at MCS,NUSTQualification

MS Information Security 2005-07

National University of Sciences & Technology (NUST), Islamabad

Research Paper: Wireless Networks New Access Control Security Policies in Integration with Bell-La

Padula Model (BLP) which has been accepted for publication in WORLDCOMP12 Conference Las Vegas,

Nevada USA (July 16-19, 2012).

Bachelor of Computer Science(BCS Hons) 2001-05

NWFP AGRICULTURAL University, Peshawar

Trainings/Workshops Attended

ISO 27001:2005 Lead Auditor training course from SGS Pakistan APTC Certified Ethical Hacker Training from Trillium Info Sec Systems Attended a workshop on National Conference on Information Assurance NCIA 2010 NUST Linux Fedora 8 Intermediate from Emerging Systems Islamabad Sun Solaris 10 Intermediate System Admin Training from SEECS NUST Islamabad