Gihan de Silva

Education: Bachelor of Science

Communication & Information Technology

Edith Cowan University, Perth. Western Australia.

2001 : 2004

Experience: 2013 : Present

AT&T

Principal - Chief Security Office at AT&T (Cybersecurity, Governance, Risk & Compliance)

Conducted PCI assessments for global companies and guided clients through remediation of identified control gaps.

Performed network and web application vulnerability assessments and penetration tests. Has gained access to business critical data and systems by exploiting various security vulnerabilities.

Managed and performed IT audits of key applications, identifying risks and controls within application security, change control process, database security, interface controls, and exception reporting.

Has led multiple Sarbanes-Oxley 404 and J-SOX compliance engagements at various Fortune 500 companies (that included multiple team members). Have identified, documented and tested key IT controls and provided recommendations for improvement.



Assessed security and operational design of numerous enterprise network operating systems including Unix, AS/400, Active Directory and an Identity Management (IdM) System.

Conducted GLBA and HIPAA readiness assessments and gap analysis reviews. Has worked with management to develop integration plans as well as other recommendations based on the published requirements. Interviewed members of senior management in an effort to inventory non-public personal information (NPI) and identify risks and controls surrounding the collection, handling, transmission, and destruction of such data.

Used data leakage prevention tools (e.g. Vericept) to monitor client internet traffic for improperly protected customer data. Identified Trojan-Horse programs, network mis-configurations and numerous business processes that failed to consider the risks associated with insecure data exchange.

Performed multiple network security compliance reviews (for PIN and Symmetric Key Management related to ATMs) for financial institutions.

Performed multiple reviews related to the financial services industry including internet banking, wire transfer and ACH reviews.

2012 : 2013

Protiviti

Manager - Information Security & Privacy

2008 : 2011

Protiviti

Senior Consultant - Information Security & Privacy

2006 : 2008

Protiviti

Consultant - Information Security & Privacy

Performed IT audits, including IT general controls reviews and application control reviews.

Performed application security reviews, infrastructure integrity (AS/400) reviews and network vulnerability assessments.

Involved in documenting user requirements for the development and procurement of software solutions, preparation of RFPs, vendor evaluation / selection and the project management of a proof of concept (POC) development.

2005 : 2006

Ernst & Young

Consultant

Company: AT&T

Years of Experience: 19