Kashif Sohail

Diverse & Dynamic Information Security Risk, Compliance and Penetration testing Expert having vast experience domestic (Australian) & International IS audit and IT Security  Excellent understanding and hands-on auditing and implementation experience of Payment Card Industry Data Security Standard PCI DSS version (3.0)  Internal controls recommendation and audit using ISO 27001, COBIT, ISM (being Certified IRAP assessor).  Risk driven IT Audits including IT General controls, Logical Access controls and Network and Infrastructure controls  Designing & reviewing IS Security Products and Policies. Hand-on technologies e.g. SIEM, FIM, Anti-Virus, Firewall, Router etc. Penetration Testing  Hands-on experience of conducting Penetration Testing and Vulnerability Assessments using automated and manual testing  expert knowledge of various testing methodologies like OWAP and OSSTMM  Excel in Web, Infrastructure and Mobile devices PT (iOS & Android)  Expert user of Commercial tools like: Acunetix, Appscan, Nexpose, ISS Proventia, GFI Languard, MacAfee Foundstone, Burp Suite (Pro) etc.  Expert user of OpenSource or free tools like WebSecurify, W3AF, Metasploit, Zed Attack proxy, Nessus, Open VAS, Nmap, Dirbuster, Nikto, Wikto, SET, Metasploit and various fuzzers etc.  Distributions like Kali, BackTrack and SamuriWeb etc Risk Management  In-depth knowledge and experience of Industry standards like ISO 31000, ISO 31010 , ISO 27005 Payment Applications  Excellent knowledge of payment application full life-cycle  Hands on experience of auditing, Risk Assessment and recommending security controls on  ATMs,  PoS , and  Payment Switches and ATM Controllers  Financial Application e.g. Online Banking Project Management  PMI certified project manager with proven understating of complete project life-cycle  Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams.