Document Sample
Objective Powered By Docstoc
					                                          Nagaraj S. Kedda
                                      179 Thompson Drive  Hockessin, DE 19707 USA
                           Home: 302.235.0533  Mobile: 302.893.4404 
       Results-oriented professional with Enterprise Security, Operations, Network Engineering, Application
        Development, Infrastructure & Architecture Implementation Solutions, Project Management
       Effectively working with all levels of an organization and its peers/customers to conceive, create and
        deliver risk management solutions that are innovative, and cost effective.
       Successfully Directed Multiple Projects Risk Management reviews simultaneously on Cross
        Departmental Platforms with utmost responsibility for risk mitigation and creating a balance between
        customer needs and compliance with standards/policies.
       Have overseen 400+ projects to achieve best security practices possible.
       Strong Industry knowledge and experience in technology and management.
       Strong Leadership skills with the ability to set up and motivate productive teams.
       Built Information Risk Management program from ground up in the current role.
       Many presentations to senior management on benefits of certain technology risk solutions.
       Extensive background in Technology:
            o Operations / Security / Architecture / Engineering
            o Business Continuity Planning and Disaster Recovery (Technology and Business Resiliency).
            o Application Development: C++, VB, ASP.NET, Oracle, Fortran 77, SQL.
            o Voice: Lucent, Avaya - PBX/Voicemail.
            o Networks: Cisco Routers/Switches, LAN, WAN, ATM, Ethernet, Fast Ethernet, VPN, Optical,
                 Twisted Pair and Coaxial. Wireless LAN 802.11x. Knowledge of Load balancers with local and
                 Geo balanceing approach.
       Extensive experience in SDLC Management: Concept, Analysis & Design, Development, Capacity
        Planning, Quality Assessment/UAT, Implementation - Deployment and Change Management and Post
        Implementation – Monitoring.
       Strong Interpersonal Skills and able to interface well with diverse groups or individuals with diplomacy
        and patience.
       Goal-oriented leader with high degree of business acumen and the ability to manage multiple functions
       Creative problem solver combining expertise in market research, broad based technical knowledge, and
        excellent team-building skills to optimize results
       Strong analytical skills with the ability to anticipate and overcome obstacles

    At present, working on a project, Risk Management Dashboard portal, for providing a comprehensive view of
    risk posture from technology perspective. Idea conception and vision for the solution was the result of many
    projects learning’s and expertise in the risk management arena.

Education / Professional Training
Widener University – Chester, PA                             InfoSec Institute
Master of Business Administration (MBA) - 2005               Certified Ethical Hacker (CEH) recognized by EC-
GPA: 4.0                                                     Council, January 2005.
Bank One Corporation (JPMorganChase & Co.)                   Silicon Graphics Inc
Certificate of Management, 2002 - 2003.                      UNIX Systems Administration – Basic & Advanced
                                                             Network Administration
City College of New York/CUNY – New York, NY                 Oracle Corporation
Master of Engineering (M.E.) – Mechanical, 1999.             Introduction to PL/SQL
                                                             Oracle Database Administration
Bangalore University – Bangalore, India                      Templeton Institute
Bachelor of Engineering (B.E.) – Mechanical, 1989.           Public Speaking
Honors: Received Tuition Scholarship for all four years

                                                                                            Nagaraj S. Kedda
The International Information Systems Security          OnBoard Corporation
Certification Consortium, Inc (ISC)2 – CISSP,           Project, Planning & Implementation (In-house training
2002(attended the training)                             on DuPont methodology)

      Tuition Scholarship for Bachelors of Engineering – All Four years
      Received recognition for a successful research and completion of design & build of an Industrial Robot
       by a prestigious institution in India - Visweswaraiah Industrial and Science Technology Museum. It is on
       display at this museum.
      Member of Beta Sigma Gamma Honor Society
      Received Exceeds performance ranking in my 2004 employment performance and for mid-year 2005.

Communication Skills/Community Activities
      Fluent in English, Hindi, Telugu, Tamil, Kannada, Urdu.
      Mentored for two students in Big Brother Big Sister program
      Member, Board of Trustees at local Hindu Temple (Non-profit Organization) in Hockessin, DE

Confidential                                                                       Page 2 of 7
                                                                                             Nagaraj S. Kedda
        Employment History

Nov’01 – Present                        JPMorganChase & Co.                   Wilmington, DE
Senior Director of IT Risk Management for Corporate Internet Group (CIG)
         Policy & Governance
                o Contribute and provide input on information technology control policies for JPMorgan Chase
                     that address information security, change management and other technology-related control
                o Benchmark the IT Control Policies against those of peer firms and the IT industry.
                o Create policy awareness training processes and deliver the training via formal and informal
                o Provide guidance on enhancing the standards/policies based on the risk of the application.
         Regulatory/Fraud Oversight
                o Provide guidance on regulatory compliance and ensure proper controls are in place for
                     GLBA, Patriot Act, SOX, HIPAA etc,
                o Help reduce the online fraudulent transactions or ID theft by providing appropriate controls.
                o Provided analysis, solution on how a phishing attack is performed, and procedures to address
                     the phishing.
         Vulnerability Management
                o Responsible for the proactive identification and remediation of infrastructure vulnerabilities
                o Oversight of the CIG Incident Response (CSIRTCERT) to deal with day-to-day
                     vulnerabilities and patch management.
                o Coordinate vulnerability assessment and management process to ensure minimum impacts to
                     production and availability.
                o Coordinate and leverage firm wide intrusion detection and monitoring program for network
                     and host based.
                o Oversight of the CIG Incident Response and Readiness programs
                o Oversight of Security Architecture Working Group (SAWG)
         Identity & Access Management
                o Ensure the applications are compliant with policies and data access levels are set
                o User Provisioning for enablement and disablement in a timely manner.
                o Provide guidance on proper processes is in place for user access certification.
                o Ensure the application and functional access are stored in a secure manner.
         Resiliency Risk Management (Business Continuity Planning and Disaster Recovery)
                o Ensure all applications meet the recoverability objectives with proper risk management
                o Ensure all business resiliency plans are in place and meet the technology resiliency plans.
         Application Security
                o Conduct application secure architecture and design reviews as part of application self
                     assessment plan.
                o Incorporate the engineered security solutions for applications based on the risk levels and
                     confidentiality requirements:
                           Domain Management – Review and approve the purchase of new domains.
                           SSL certificates – Ensure appropriate type of SSL solution is implemented.
                           Encryption Libraries – Provide guidance on choosing the right encryption
                           Fine Grain Authorization – Entitlements, tiered authority
                           Participate and develop application architecture security blueprints
                           Ensure reviews are embedded in Security Development Life Cycle (SDLC)
                           Participate in development of strategic PKI infrastructure
         Platform & Network Security

Confidential                                                                        Page 3 of 7
                                                                                              Nagaraj S. Kedda
                o   Review Network architecture, and ensure it is in alignment with secure practices and provide
                    guidance on architecting a secure solution.
               o Ensure proper management is in place for vulnerability scanning and periodic reviews plus
                    monitored for performance and availability
               o Perform permit to operate reviews of all pre-production systems in the SDLC and validate the
                    vulnerabilities are addressed properly
           Outside Service Provider Risk
               o Review of External vendors and ensure they are compliant with the bank’s policy –
                    technology and non-technology aspects to meet/exceed regulatory requirements.
           Penetration Testing Program (Ethical Hacking)
               o Manage a current team of ethical hackers/penetration testers who ensure our systems are
                    secure and safe for the customers and the bank is protected from any known as well as
                    emerging vulnerabilities.
               o Principal lead for change in approach that provided a significant saves in terms of time and
                    money to the bank.
               o Built a project risk management plan that encompasses all the necessary checkpoints in a
                    project software development life cycle.

Industry Associations
         JPMC Information Risk Management Board Voting Member
         Member JPMC CIG Executive Leadership Team
         Member JPMC Consumer Risk Committee
         Member, BITS Security and Risk Assessment Committee

Aug’95 – October 2001                 On-Board Corporation                    Newark, DE
IT Manager, May’00 – October 2001 (Providing service to a Fortune 100 company)
    Plan, organize, analyze risk, facilitate and track production efforts. Server as client/team point of contact
       for all team communication. Oversee costs, issues, resources, scope, quality control and vendor/supplier
    Form teams, analyze the scope of projects, schedule meetings, define project milestones, assign tasks and
       monitor and control work procedures. Integrate company staff from pertinent internal departments into
       project teams.
    Negotiate and monitor an outsourcing contract for computer services.
    Business planning and projections based on company goals
    Represent company in high-level meetings with various clients like CSC, DuPont, Air Products, AT&T,
       Roche, Bank of New York, Rodel and others for Strategic Planning and present solutions to both Onboard
       and Clients
    Capacity Evaluation and Planning, Scope and Install Resilient Networks, Enhance Infrastructure by
       System and Network Load Balancing
    Obtain and Evaluate cutting-edge products, obtain Operational characteristics of information technology
       equipment, peripherals, and various platforms, integrate financial aspects with performance before
       recommending/purchasing new products to enhance current architecture
    Currently reviewing ATM technology, Fiber Optics and IP Telephony to better the Company's network
    Lead, control, and plan complex and confidential projects using Skills and Strengths listed. Mentor and
       educate team on best practices, including documentation
    Evaluated and Implemented 3DES security level VPN with client (duPont) for all email transactions
       between the two companies using Cisco

Confidential                                                                         Page 4 of 7
                                                                                                Nagaraj S. Kedda
Technical Lead / Manager, Jun 1998 – May 2000
    Projected, planned and defined all financial, equipment, manpower and labor requirements for the project.
       Managed all resources, controlled costs, staffed the project, acquired equipment assets, defined project
       milestones, and determined the project scope and workflow processes.
    Managed and forecasted annual project budget/costs, assigned roles, mentored team members, and
       positioned human assets to best facilitate project infrastructure. Integrated all project activities with on-
       going business operations and organizational processes/channels. Identified and documented
    Supervised the operations of all divisions (PC User Support Operations, Programming, Analysis,
       Organization and Methods, User Support (Technical Software and Database Administration)
    Implemented UNIX Operating system with SGI servers and workstations
    Implemented an Oracle relational database for client DuPont’s major Engineering project
    Provided Assistance in implementing a Lucent Definity G3 Prologix PBX and Intuity Audix system
    Coordinated the installation of T1 loops for PBX, dedicated Point-to-Point Links to – duPont, ISP, other
       branch offices

Senior Network / Systems Engineer / Technical Lead, Jan 1997 – May 1998
     Transformed an isolated computer support team of 3 individuals into an integrated Information Systems
        Department of 14 individuals based on needs of company to meet short, mid and long terms goals
     Initiated a Department for User Support and coordinated the training of the support staff
     Transformed the General Computer Management through the Organization at an administrative,
        functional and personal level
     Managed the migration from a Novell Netware LAN to a Windows NT LAN
     Implemented Private Class B TCP/IP network with Virtual LANs and Public Class C TCP/IP network for
        the Internet Firewall DMZ
     Planned and Implemented Corporate Internet presence
     Built Network security with proactive hacking and provided access to Internet for Intranet LAN users via
        Proxy server
     Supervised the implementation of the electronic mail: Novell GroupWise
     Created Visio Diagrams and documentation for all the projects based on company standard methodology
Aug 1995 – Jan 1997                     On-Board Engineering Corporation
Senior Systems Engineer
     Coordinated and implemented all technical projects, developed training programs to bring new
        individuals up-to-speed
     Developed compliance and control mechanisms and procedures
     Analyzed equipment needs and recommended purchasing decisions for hardware and software
     Implemented a bar-code system to control inventories
     Supervised the installation Novell Netware
Apr 1994 – Aug 1995                     MFI
Systems Engineer
     Analyze the feasibility of a project, design, draft, optimize and implement for successful completion
     Maintain and Customize the systems to the individual clients needs
     Design and draw intricate sketches in AutoCAD r12 on Network & IT infrastructure
     Develop application packages for interfacing GIS with other Windows Engineering Applications
     Develop macros in SQL for interfacing GIS, AutoCAD to perform queries
     Develop and design routines in BASIC language to create graphic sketches in GIS and AutoCAD
Apr 1992 – Apr 1994                     Amex Computers Inc.
Systems Analyst
       Worked with a team of System Engineers to produce various Engineering applications for various clients
        including State of NY, NY transit
       Coordinated the upgrade and modernization of the computer center
       Migrated server from Novell Netware v2.12 to v3.11
       Implemented a client contact database in dBase
       Built a computer network with IP and IPX
Confidential                                                                           Page 5 of 7
                                                                                         Nagaraj S. Kedda
      Developed a training program to teach computer and application modeling and other computer
       applications to staff

Activities / Interests
        Tennis, Golf, Sports, Music, Theatre, Travel, Participated in Walk for Education, LPGA Volunteer
        Services, MS Walk, Big Brother & Big Sisters, Meals on Wheels, Community Relations and Activities

       Available upon request

Confidential                                                                     Page 6 of 7
                                                                                          Nagaraj S. Kedda
Qualification Highlights
    Growth Oriented Information Technology professional with more than 10 years of technology and
     project management experience. Dynamic leader with expertise in competitive environments.
     Extensive background solving business problems, Information Decision Support Systems (i.e. Data
     Warehousing), networking provisioning systems for public/private telecommunications networks,
     and automating/engineering processes.
    Experienced in market plan executing, network planning/provisioning, customer and vendor
     relations, cost containment, account maintenance, capital asset management, budgeting/finance, staff
     training and supervision, human resource/team development.
    Expertise in full life cycle development, end-to-end systems engineering, data warehousing, new
     platform development, systems integration, strategic IT planning, workflow streamlining, and
     concurrent project oversight. Refined skills in capacity planning, modeling and spearheading pilot
    Quick learner with an ability to rapidly achieve organizational integration, assimilate job
     requirements and employ new methods and technologies. Energetic and self-motivated team
     player/builder. Expert in expediting projects with very tight timelines, high risk and facilitating
     exhaustive meeting schedules. Willing to travel.
    Strong communication, interpersonal, intuitive, business analysis, IT/IS leadership and leadership
     skills. Proven ability to work efficiently in both independent and team environments. Adaptable and
     efficient in work situations with changing responsibilities.

                                        Technical Qualifications
   Windows 9x                Visio                     CASE Tools                TCP/IP
   Windows NT/2k/XP          MS Project                3Com Transcender          AppScan
   UNIX                      MS Office Suite           HP OpenView               HTTP (S)/FTP/NNTP
   Linux                     Oracle                    IP Ultrascan 2000         SMTP/POP/IMAP
   Novell Netware            MS Proxy Server           Network Node              Plus Standard Internet
                                                          Manager                    Protocols
   VAX                       PL/SQL                    GroupWise/Sendmail/       3Com Switches /
                                                          Lotus Notes Servers        CISCO Routers
 Netscape Enterprise         ASP                       Network Security /        CSU/DSU, DS1/DS3
  Web Server                                              Management
 Internet Information        Visual Basic              LAN / WAN/VLAN          Ethernet / CAT5 /
  Server (Microsoft)                                                               FDDI / ATM
 Check Point Firewall      PIX Firewall                IPSec/3DES/OPSec        SNMP/RMON/NTP
 Active Directory          Novell Directory            PBX / Intuity Audix     Internet Security
  Services (ADS)             Services (NDS)                                        Scanner

Confidential                                                                    Page 7 of 7

Shared By:
xiaohuicaicai xiaohuicaicai