|
Kanwal K
Mookhey, Principal Consultant
|
|
Summary
|
Kanwal K.
Mookhey is the Principal Consultant and Founder at NII Consulting. He is an
internationally well-regarded expert in the field of IT governance,
information risk management, forensic investigations, and business
continuity. He has more than 8 years of experience in this field, having
worked with prestigious clients such as the the Indian Navy, United
Nations, Abu Dhabi & Dubai Stock Exchanges, State Bank of India, Atos
Origin, Saudi Telecom, World Customs Organization, Capgemini, Royal &
Sun Alliance, and many others.
His
skills and know-how encompass risk management, compliance, business
continuity, application security, computer forensics, and penetration
testing. He is well-versed with international standards such as CObIT, ISO
27001, PCI DSS, BS 25999, and ITIL / ISO 20000.
 He is
the author of two books (Linux Security And Controls by ISACA, and
Metasploit Framework, by Syngress Publishing), and of numerous articles on
information security. He has also presented at conferences such as OWASP, Blackhat,
Interop, IT Underground and others.
  
|
|
Certifications
|
Ø Certified Information
Systems Security Professional (CISSP)
Ø Certified Information
Systems Auditor (CISA)
Ø Certified Information
Security Manager (CISM)
Ø BS 7799 Lead Implementor
from BSI
|
|
Areas
of Expertise
|
Ø Information Risk
Management
Ø
Compliance – ISO 27001, PCI, ISO 20000
Ø
Forensics Investigations
Ø
Business Continuity
Ø
Security Audits & Assessments
Ø Penetration Testing
|
|
Technical Skills
|
Ø Network Security
o
In-depth knowledge of TCP/IP fundamentals
o
Intrusion detection, analysis, signature writing, and computer
forensics
Ø Worked on security for a
wide range of operating systems, databases, web servers, mail servers,
directory services and applications
Ø Experience with an
extensive range of security systems and solutions across Network and
Application Firewalls, UTMs, Data Leakage Prevention Solutions, Log
Analysis and Monitoring Solutions, Intrusion Detection and Prevention
Systems, Anti-Virus, Anti-Spam and other Malware Protection Mechanisms.
Ø Comfortable with dozens of open-source, freeware and commercial
security testing tools
Ø Forensics Tools: Encase, Sleuth kit, Autopsy, FTK
Ø Cryptography – Encryption and decryption protocols, algorithms, tools
and techniques
Ø
Programming Languages: C, C++, Shell
Scripting, Perl
|
|
Business Skills
|
Ø Communication and Interpersonal
o
Have good communication skills by virtue of being a public speaker
and trainer
o
Experience in contract negotiations, project management, and client
interactions
o
Experience in dealing with senior and middle management, system
administrators, auditors, business partners, clients, customers, employees,
etc.
Ø Project Management
o
Have led many of the projects executed by the company
o Very strong commitment
to quality of deliverables, and disciplined execution
o
Ability to meet and consistently exceed client expectations
|
|
Training
|
Have conducted numerous trainings on Certified Professional Hacker (CPH),
preparing for the CISA and CISSP, courses on Certified Information Security
Consultant (CISC), Operating Systems Security, Database Security, Network
Security, ISO 27001, Business Continuity Planning. Some significant clients
include:
Ø The Indian Navy
Ø Reserve Bank of India, State Bank of India
Ø In collaboration with The Institute of Chartered
Accountants and ISACA Mumbai
Ø Hundreds of others from national and
international organizations
|
|
Security
Articles & Research
|
Ø Articles and Publications
o
Auditing IT Project Management
http://www.theiia.org/itaudit/features/in-depth-features-5-1-08/auditing-it-project-management/
IT Audit, by the Institute of
Internal Auditors, May 2008
o
Key Strategies for Implementing ISO 27001
http://www.theiia.org/ITAuditArchive/?aid=2047&iid=440
IT Audit, by the Institute of
Internal Auditors, February 2006
o
Evaluating Application Security Controls
http://www.theiia.org/ITAuditArchive/?aid=2682&iid=541
IT Audit, by the Institute of
Internal Auditors, June 2007
o
Penetration Testing of IPSec VPNs
http://www.securityfocus.com/1821
o
Common Criteria – an overview
Information
Systems Control Journal by ISACA, Volume 1, 2005
o
The Metasploit Framework (3-part article)
http://www.securityfocus.com/1789
o
Common Security Vulnerabilities in e-commerce systems
http://www.securityfocus.com/infocus/1775
o
Detection of SQL Injection and Cross-site Scripting Attacks
http://www.securityfocus.com/infocus/1768
o
Auditing Oracle Security
http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5509
o
Open Source Tools for Security and Control Assessment
Information
Systems Control Journal by ISACA, Volume 1, 2004
o
Apache Security Controls and Auditing
Information
Systems Control Journal by ISACA, Volume 5, 2003
|
|
Books
|
o
Linux Security, Audit and Control Features, published by ISACA
http://www.isaca.org/Template.cfm?Section=Browse_By_Category&Template=/Ecommerce/ProductDisplay.cfm&Productid=646
o
Metasploit Framework – Syngress Publishing
http://www.syngress.com/catalog/catalog.cfm?pid=3780
o
The Ultimate Startup Guide
http://everydayentrepreneus.blogspot.com
|
|
Presentations
|
Ø “Business Web Application Testing”, OWASP Asia
2008, Taiwan
Ø “Web Application Security”, Networld+Interop, Las Vegas 2005
Ø “Evasion and Detection of Web Application
Attacks”, BlackHat USA, 2004
Ø  “VPN Security Assessment”, IT Underground 2005, Prague,
Czech Republic
Ø “Computer Forensics”, Seminar on “Fraud Management”, by Marcus Evans 2004, 2008, 2009
Ø “Wireless LAN (in)security”, IETE Mumbai, 2003
|
|
Press
and Interviews
|
Ø Linux
Security, Audit and Control Guidance Featured In New Book from Information
Systems Audit and Control Association
Ø “Neo has a new business
model”, Economic Times, Front Page, 11th September 2004
a http://economictimes.indiatimes.com/articleshow/847169.cms
Ø “Tips for ferreting out
vulnerable code”, Loop, August 2004
a http://loop.interop.com/comments.php?id=217_0_1_0_C
Ø “Security Assessment
Methodology – Cover Story”, Network Magazine, December 2001
a http://www.networkmagazineindia.com/200112/cover2.htm
Ø “Linux Based Firewall
Case Study”, March 2004
a http://www.cxotoday.com/cxo/jsp/printstory.jsp?storyid=709
|
|
Testimonials
|
“KK and his team did a brilliant job in guiding us
towards the 27001 certification. Their approach was very methodical and systematic
right from the stage of gathering requirements in the initial stages to the
documentation work and then trainings and audit readiness stages. In fact
what I liked the most about KK's approach was that he focused on
transferring his knowledge to us which has enabled us to sustain the
improvements even without his involvement. They never restricted themselves
to the scope of the contract. They were willing to that extra mile to make
sure that it added business value to us.”
Prabhanjan
Pandurang, Director Quality and Continuous Improvement, Integreon
“KK is a smart security professional and a great
presenter as well.”
Anton
Chuvakin, Director of PCI Compliance Solutions, Qualys
“Working with KK is a real pleasure. He has excellent
management and analytical skills. He knows his job very well and is really
good at managing customer expectations in a complex project environment.”
Hasan
Qutbi, Partner, Solution Intelligence FZ LLC
“Kanwal is one of the most dynamic, innovative and
hardworking individuals I have met in the Information Security space. His
past work and achievements speak for himself.”
Kartik
Shinde, Manager, KPMG
|
|
