Task: documentation and maintenance of the information system for the Central Bank of the Russian Federation (interbank lending).

CheckPoint, FreeBSD, Linux, Cisco, MySQL, PostgreSQL, ViPNet

Tasks: - implementation of an event collection and correlation system (MaxPatrol SIEM); - formalization of the vulnerability management process; - participation as an information security expert in internal projects (certification for compliance with PCI DSS requirements, implementation of a departmental telephone system, migration of firewalls (change of equipment manufacturer), finalization of personal accounts of individuals / individual entrepreneurs / legal entities); - development of instructions for information security engineers on duty; - updating the role model of providing access to information resources to employees of tax authorities, subordinate institutions and external performers.

Tasks: - development of information security requirements within the framework of the migration project (MS - Windows, active network equipment); - passing certification exams (MaxPatrol, Fortinet); - maintenance of customer systems (CheckPoint); - presale activities in the direction of information security.

Tasks: providing technical support to customers on information security issues; administration of the Company's own information security systems; analysis and correction of existing and developed documents on information security.

Tasks: - implementation of information security standards (X5 Retail Group); - technical support for key customers - X5 Retail Group, VTB 24, and a number of others; - participation in the development of a methodology for the transfer of technological sites for a larges state. customer (AIX, Oracle); - maintenance of customer equipment monitoring systems.

System administration (FreeBSD, Linux, Cisco, MySQL, PostgreSQL).

Tasks: - audit planning; - participation in audits as an audit supervisor and technical specialist; - tracking changes in legislation, monitoring business processes in the designated areas of expertise.

Tasks: - implementation of projects (large state customers, fuel and energy complex) - development of a threat - model, information security regulations; - preparation of the customer for certification according to the requirements of PCI DSS (payment card security standard); - preparation of technical and commercial proposals in the areas of "ensuring information security in payment systems", "protection of personal data", "penetration testing", "audit of information systems"; development of the direction of consulting.

Tasks: - implementation of a project for a large customer (energy) - development of a threat model, information security regulations; - implementation of personal data protection projects; - preparation of technical and commercial proposals in the areas of "protection of personal data", "penetration testing", "audit of information systems".

Carrying out work to bring Finance and Credit Bank (Kyiv, Ukraine) in line with the requirements of PCI DSS (Payment Card Security Standard). Formation of requirements for finalizing the Compliance Manager software (developed by FortConsult) to comply with the requirements of the Federal Law “On Personal Data” and the Standard of the Bank of Russia. Tasks: - examination and description of the customer's business processes within which card data is processed; - preparation of draft internal regulatory documents of the customer: policies, procedures, regulations for handling vulnerabilities, recommendations for updating documents on risk treatment; - formation of a list of requirements of Federal Law-152 "On Personal Data"; - preparation of technical and commercial proposals in the areas of "bringing into compliance with PCI DSS requirements", "penetration testing".

Tasks: - planning the development of the company in the direction of "information security"; - planning and control of the activities of the employees of the unit; - development of proposals in the areas of "protection of personal data", "ensuring business continuity (ISO 25999)", "Implementation of the standard of the Bank of Russia (STO BR IBBS)"; - presale activities in the indicated areas; - management of information security projects by the contractor; - direct participation in particularly responsible information security projects; - Conducting internal training for sales managers.

Tasks: - conducting internal audits of information security processes, issuing recommendations based on the results of audits; - implementation and administration of the NetForensics SIM One information security event monitoring and correlation system. Administration of the hardware and software complex of the intrusion detection system (Windows/Solaris/Linux servers, Cisco IPS, Cisco switches and routers); - conducting technical checks for compliance of current configurations with the requirements of information security standards (Solaris, SAP, CheckPoint, Cisco) - control of protective measures in information systems; - analysis of the security of information assets of the company and customers; - handling information security incidents. Work was carried out on the creation of tools for automated testing of Cisco active network configurations, servers running SUN Solaris and Microsoft Windows for compliance with internal information security standards.

Tasks: - department management - planning, setting tasks, monitoring execution; - direct participation in especially responsible work; - conducting internal audits to comply with information security requirements; - preparing the company for ISO 27001:2005 (Information Security Management Systems) certification. While working - the concept of information security of the company was created; - developed and implemented a package of documents on trade secrets; - the company was surveyed for compliance with ISO 27001 requirements, inconsistencies with the formal requirements of ISO 27001 were identified and recorded, and a plan for eliminating inconsistencies was proposed; - the system of automatic updating of software on workstations is prepared for deployment; a scheme of interaction between automation and security departments was developed when introducing new systems or upgrading existing ones.

Tasks: - management of internal IT projects; - development of documents regulating the work of the IT service - regulations for processing user requests, the procedure for making changes to the system, instructions for users; - formation of high-level requirements for IT infrastructure elements (backup system, monitoring system, VPN access, active network equipment); - direct implementation of the project of providing secure remote access to the company's network.

Tasks: - management of the technical support department (technical and organizational issues); - management of the system administration group; - interaction with customers on organizational and technical issues; - creation/updating of normative documents on information security; - development of technology for interaction with manufacturers and service centers; - direct participation in especially responsible work; - creating and monitoring the implementation of training and testing plans for employees; - management of existing information security systems.

Tasks: - maintenance of software and hardware systems of customers (including in 7x24 mode); - maintenance of the company's own information systems. While working: - a backup system was put into commercial operation; - disaster recovery plans have been developed for all critical systems; - the transition from using static IP addresses to using DHCP was made, which reduced the cost of system administration; - complexes with load balancing for proxy-servers and mail servers of the company were developed; - a certificate server and a public key infrastructure have been put into commercial operation.

Supervised by 2 people. Main tasks: ensuring the functioning of the bank's LAN hardware and software complex (20 servers, 700 jobs, 50 printers), ensuring the functioning of the "Operation Day" software and hardware complex. Responsibilities: - maintenance of the local network; - support for operating systems Novell Netware 4.x, Sun Solaris 2.x; - maintenance of backup systems; - firewall administration (CheckPoint FireWall-1); - administration of active network equipment of Cisco Systems; - consultations of personnel at remote sites (RCC and commercial banks); - system support of the operation of the complex "Operating Day of the Bank" including the system of electronic payments; - support for internal Web servers (programming, not design); - user support (case management, consolidated economic management - more than 100 people in total).