Neil H.

Gebaide
102-30 67th Avenue. Apt. 2W
Forest Hills, New York 11375

IT Audit/Security Consultant
 Performed Cybersecurity review revealing data loss protection (DLP) control issues, and identifying
regulatory violations thus averting further fines.
 Conducted security audit of subsidiary identifying major issues which led to the sale of this entity.
 Performed recent audits which revealed and resolved numerous high risk/high impact deficiencies.
 Identified and recovered over $23 million in cost savings and/or reductions.
 Adept at discovering IT security control issues previously overlooked by past audits/investigations.

CORE COMPETENCIES
Regulatory Compliance ● Sarbanes Oxley ● Cybersecurity ● IT Audit/Risk ● IT security ● FFIEC ● Infrastructure

PROFESSIONAL EXPERIENCE
AMICUS BUSINESS SOLUTIONS- FOREST HILLS, NY 2008 – PRESENT
Managing Director
Consulting services for top tier banking/brokerage clients. Principal security findings from recent engagements include:
 Discovered major security issues in Windows, iSeries, VMware, Mainframe, NAS, and Active Directory (AD) areas,
including administrator password repository for web application, its databases and interfaces accessible to any user.
 Demonstrated several ways to bypass DLP/web controls and send confidential documents/data to home computer.
 While a third party product monitoring privileged administrator activities was considered bulletproof, revealed three
procedures allowing users to circumvent these controls.
 Identified provisioning errors allowing any network user to access and/or modify Fixed Income compensation,
bonuses, severance payments and appraisals, and confidential high level executive documents/passwords.
 Revealed misconfigurations in AD which allowed all network users access to client statements/information.
 Pinpointed limitations in permissions scanning process which failed to identify exposure of daily positions and
statements for over 200,000 customers, and authentication credentials.
 Detected weaknesses in firewall configuration control process exposing firewalls and Internet-facing servers to
unauthorized changes which could go undetected.
 Discovered flaw allowing any user access to over 600,000 customers’ statements/taxpayer ids/Swift information.
 Though application users are captive within menus and have limited authorities, demonstrated how users can
bypass these restrictions and access/change financial information without leaving any trail.
 Identified system errors that allowed users to bypass regulatory requirements, and assisted in remediation.
 Uncovered concealed programming code which had allowed developers/users to bypass security.
 Performed mainframe security (RACF, ACF2, Top Secret) and SOX/PCI/ISO/FFIEC reviews identifying major issues.

BEAR STEARNS – NEW YORK, NY 1996 – 2008

Managing Director (2000 – 2008)
Established IT Infrastructure audit function; created first risk-based IT audit assessment system, promoted twice.
 Recovered $2.7 million by identifying errors in contract billings.
 Identified error that allowed terminated employees to restore their entitlements and access internal networks.
Associate Director (1996 – 2000)
 Identified major control issues in UNIX, Linux, Windows, AIX, iSeries, Mainframe, Sybase, Oracle, SQL Server, VAX,
Middleware, SAN, VPN, Active Directory, LDAP, NIS, NFS, AUDIX and Internet areas.
 Prevented major losses by identifying disabled position limits on specific securities.

Neil Gebaide Page Two

EDUCATION

Brooklyn College - City University of New York

Bachelor of Science
New York State Regents Scholarship

CAREER DEVELOPMENT
 Certified Information Systems Auditor (CISA)
 Certified in Risk and Information Systems Control (CRISC)
 Certified CheckPoint Security Administrator (CCSA)
 Certified Computing Professional (CCP)
 Presentation to SIFMA: Assessing Windows NT Security
 Journal Article, SIFMA: Firewall Audits
  Published, SIFMA: Data Security Guidelines for UNIX and Mainframes, Electronic Communications guidelines
 Chairperson, Advanced Technology Committee, IIA (Outstanding Recognition Award)

TECHNICAL QUALIFICATIONS

Penetration Tests & Vulnerability assessments

Nessus, Nexpose, Nmap, Qualys, LANGuard, Retina, Metasploit, WebInspect, ISS Internet Scanner (Wireless, Database
and System). SolarWinds, AppDetective, Snort, NBTscan, NetStumbler, Kismet, PhoneSweep.
Operating Systems/Database/Software/Languages:
z/OS, MVS/ESA, HP-UX, SunOS, Solaris, Linux, VMware ESXi, i5/OS, OS/400, AIX, VOS, VMS, Windows 2012,
EMC Symmetrix DMX, Data ONTAP 7, 8 & 9 (c-mode & 7-mode), Enginuity, DART.
Sybase, SQL Server, Oracle, DB2, DB2/UDB, DB2/Connect, ADABAS, RDB.
CICS, TSO/ISPF, JES2, JCL, NDM, UNIX System Services, CA-1, CA-7, CA-11, Control-M, VCC, BRMS, Omegamon, Reveal.
ACL, Foxpro, IDEA, COBOL, PL/1, SQL, Access, Excel, Natural, PL/SQL, QMF, Query/400.
Hardware:
IBM mainframes, iSeries (AS/400), Sun, HP, Amdahl, Stratus, RS/6000, Cray, SAN, NAS, Cisco PIX, PBX, SGI, DEC VAX,
EMC Symmetrix, Celerra, VMAX and VNX, Netapp FAS and vFiler.
Security/Audit/Control Packages:
Top Secret, ACF2, RACF, CA-Examine, RACFRW, RA/2, Varonis DatAdvantage, Cyberark, Symantec DLP & Endpoint,
ADDM, HPNA, Lumension, Centrify, ObserveIT, Arcsight, Splunk, Trend Micro ServerProtect, McAfee ePO, McAfee
Vulnerability Manager, SecureTrack, Sailpoint, Keepass, Cisco NAC, TACACS, Pentasafe, Kane Security Analyst, SeOS,
eTrust, Aura, Teammate, Risk Navigator, Artemis, AtTask, Hyena, Lexmark Management Console, PGP, NetBackup,
ARCserve, SSH, SRDF, Formulator, NetCool, Marimba, C-Cure, SecurID, Johnson Controls, Vercuity, TEM, Tibco Hawk,
Autosys, HP OpenView, CA Spectrum, Tivoli, Mercury Quality Center, Archer, LDRPS .
Change control Packages:
Tripwire, Change Auditor, Tufin SecureChange, ChangeMan, Endevor, LIBRARIAN, Aldon LM, CVS, Clearcase, PDX,
PVCS, RCS, SMP-E, eventACTION, Panvalet.
Internet/Networking/Middleware:
Apache, Weblogic, Aventail, Squid, Smartfilter, RADIUS, Check Point, Juniper, Websphere MQ, IronPort, Timbuktu.
Application Packages:
Peoplesoft, Ariba, Calypso, Midas, TradeBoss, Fidessa, GLOSS, Summit, OLMI, GMI, ICI, Connexis, Wall Street Office,
Merva, Centura, Max Recovery, Microsoft Dynamics GP, Scrittura, Actimize, Mantas, iManage, DOCS Open, Longview,
ADP Brokerage Suite, CAM, Extensity, Sharepoint, Intralinks.
Tools:
Enterprise Vault, Orchestria, RightFax, Cognos, LDRPS, X/PTR, IM Manager, Clarity, Remedy, Exceed, PuTTY, CA-Deliver.