Gihan de Silva
Education:
Bachelor of Science
Communication & Information Technology
Edith Cowan University, Perth. Western Australia.
2001 : 2004
Experience:
2013 : Present
AT&T
Principal - Chief Security Office at AT&T (Cybersecurity, Governance, Risk & Compliance)
Conducted PCI assessments for global companies and guided clients through remediation of identified control gaps.
Performed network and web application vulnerability assessments and penetration tests. Has gained access to business critical data and systems by exploiting various security vulnerabilities.
Managed and performed IT audits of key applications, identifying risks and controls within application security, change control process, database security, interface controls, and exception reporting.
Has led multiple Sarbanes-Oxley 404 and J-SOX compliance engagements at various Fortune 500 companies (that included multiple team members). Have identified, documented and tested key IT controls and provided recommendations for improvement.
Assessed security and operational design of numerous enterprise network operating systems including Unix, AS/400, Active Directory and an Identity Management (IdM) System.
Conducted GLBA and HIPAA readiness assessments and gap analysis reviews. Has worked with management to develop integration plans as well as other recommendations based on the published requirements. Interviewed members of senior management in an effort to inventory non-public personal information (NPI) and identify risks and controls surrounding the collection, handling, transmission, and destruction of such data.
Used data leakage prevention tools (e.g. Vericept) to monitor client internet traffic for improperly protected customer data. Identified Trojan-Horse programs, network mis-configurations and numerous business processes that failed to consider the risks associated with insecure data exchange.
Performed multiple network security compliance reviews (for PIN and Symmetric Key Management related to ATMs) for financial institutions.
Performed multiple reviews related to the financial services industry including internet banking, wire transfer and ACH reviews.
2012 : 2013
Protiviti
Manager - Information Security & Privacy
2008 : 2011
Protiviti
Senior Consultant - Information Security & Privacy
2006 : 2008
Protiviti
Consultant - Information Security & Privacy
Performed IT audits, including IT general controls reviews and application control reviews.
Performed application security reviews, infrastructure integrity (AS/400) reviews and network vulnerability assessments.
Involved in documenting user requirements for the development and procurement of software solutions, preparation of RFPs, vendor evaluation / selection and the project management of a proof of concept (POC) development.
2005 : 2006
Ernst & Young
Consultant
Company: AT&T
Years of Experience: 19
Regulatory Compliance (PCI DSS 3.2/PCI PIN Security, ISO 27001, CobiT, SOX, GLBA, & HIPAA)
3rd Party/Supplier Risk Assurance and Security Assessments
IT audit (general controls) and application security reviews
Risk assessment tools and methods
IT security framework design for deficiency remediation
Security metrics and measurement
Policies and procedure development
Certifications:
Certified Information Systems Auditor (CISA),
GIAC Security Essentials Certification (GSEC),
PCI Qualified Security Assessor (PCI QSA),
PCI Internal Security Assessor (PCI ISA),
Microsoft Certified Professional (MCP),
Certified TG3 Auditor (CTGA)