Professional Documents
Culture Documents
Gebaide
102-30 67th Avenue. Apt. 2W
Forest Hills, New York 11375
IT Audit/Security Consultant
Performed Cybersecurity review revealing data loss protection (DLP) control issues, and identifying
regulatory violations thus averting further fines.
Conducted security audit of subsidiary identifying major issues which led to the sale of this entity.
Performed recent audits which revealed and resolved numerous high risk/high impact deficiencies.
Identified and recovered over $23 million in cost savings and/or reductions.
Adept at discovering IT security control issues previously overlooked by past audits/investigations.
CORE COMPETENCIES
Regulatory Compliance ● Sarbanes Oxley ● Cybersecurity ● IT Audit/Risk ● IT security ● FFIEC ● Infrastructure
PROFESSIONAL EXPERIENCE
AMICUS BUSINESS SOLUTIONS- FOREST HILLS, NY 2008 – PRESENT
Managing Director
Consulting services for top tier banking/brokerage clients. Principal security findings from recent engagements include:
Discovered major security issues in Windows, iSeries, VMware, Mainframe, NAS, and Active Directory (AD) areas,
including administrator password repository for web application, its databases and interfaces accessible to any user.
Demonstrated several ways to bypass DLP/web controls and send confidential documents/data to home computer.
While a third party product monitoring privileged administrator activities was considered bulletproof, revealed three
procedures allowing users to circumvent these controls.
Identified provisioning errors allowing any network user to access and/or modify Fixed Income compensation,
bonuses, severance payments and appraisals, and confidential high level executive documents/passwords.
Revealed misconfigurations in AD which allowed all network users access to client statements/information.
Pinpointed limitations in permissions scanning process which failed to identify exposure of daily positions and
statements for over 200,000 customers, and authentication credentials.
Detected weaknesses in firewall configuration control process exposing firewalls and Internet-facing servers to
unauthorized changes which could go undetected.
Discovered flaw allowing any user access to over 600,000 customers’ statements/taxpayer ids/Swift information.
Though application users are captive within menus and have limited authorities, demonstrated how users can
bypass these restrictions and access/change financial information without leaving any trail.
Identified system errors that allowed users to bypass regulatory requirements, and assisted in remediation.
Uncovered concealed programming code which had allowed developers/users to bypass security.
Performed mainframe security (RACF, ACF2, Top Secret) and SOX/PCI/ISO/FFIEC reviews identifying major issues.
EDUCATION
CAREER DEVELOPMENT
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified CheckPoint Security Administrator (CCSA)
Certified Computing Professional (CCP)
Presentation to SIFMA: Assessing Windows NT Security
Journal Article, SIFMA: Firewall Audits
Published, SIFMA: Data Security Guidelines for UNIX and Mainframes, Electronic Communications guidelines
Chairperson, Advanced Technology Committee, IIA (Outstanding Recognition Award)
TECHNICAL QUALIFICATIONS