Mario Kogler

1. Project: IT-Riskanalysis and Penetrationtest | Customer: CTBTO UN | role: Lead Auditor | Delivermodell: Offshore (Croatia) ||| 2. Project: Security Incident Management Framework, security training and awareness, AD audit, Risk Assessment | Customer: Givaudan (Geneva) ||| 3. project: web application security control framework | Customer: TILAK ||| 4. project: IT-policy architecture, Security enhanced SDLC | Customer: ÖBB ||| 5.project: ISO27001 certification | Customer: KACST (Saudi Arabia)

1. Project: Requirementsanalysis | Customer: IAEA | role: alternate PM, Business Analyst | Deliverymodell: Offshore | Duration: 1 year ||| 2. Project: Requirementsanalysis, data migration, test planning, user training | Customer: IAEA | role: alternate PM, team lead | Deliverymodell: Offshore in India | Duration: 7 months ||| 3. Project: IT-Targetarchitecture and roadmap till 2012 | Customer: Raiffeisen International (Kiev) | role: Enterprise Architect | Duration: 3 months

Responsible for the evaluation of several web gateway security solutions (Bluecoat Proxy SG, Ironport S350, McAfee SWG, Aladdin eSafe GW, Secure Computing Webwasher, Websense Enterprise) and comparison with the existent internet perimeter infrastructure regarding security controls and implementation costs. Focus areas: network security, identity and access management (incl. SSO, centralized access management), high availability (Cache Load Balancing), URL screening, content filtering

Responsible for designing and supporting the implementation of a MPLS VPN network including Provider Edge and Customer Edge routers (Cisco 7600, 6500, 2800) considering confidentiality, integrity and availability services (QoS), verification of QoS parameters with IxChariot Software from IXIA (Quality assurance), recommending security controls based on best practices (NIST), Role: IT Security expert

Development of a detailed technical guideline to perform a web application security test according to OWASP and ÖNORM 17700 including recommendations on mitigating critical security issues, Role: team member security team

Planning and enforcement of a penetration test on the basis of the guideline “A penetration testing model” published by the german Federal Office for Information Security. Conduction of technical (sniffing, mail spoofing, trojan horses, vulnerability assessment etc.) and social engineering attacks, Role: Tiger Team Member

Evaluation of several endpoint security solutions (e.g. Cisco Security Agent, McAfee Entercept) and development of a deployment strategy for the installation of approximately 3000 Cisco Security Agents, Role: IT-Security expert

Responsible for the implementation (Managed C++, .NET, MySQL) of an integrated, centralized firewall documentation tool (Cisco PIX, Checkpoint FW-1) in order to meet regulatory requirements, Role: Software Developer

Execution of performance tests on network infrastructure components (Checkpoint NGX, Cisco PIX, Phion Netfence) with regards to encryption and VoIP (SIP, SCCP, H.323) followed by a recommendation of performance enhancements

Establishment of a site-to-site VPN with products like Checkpoint FW-1 NG, Checkpoint Edge, Cisco PIX 501 and Sonicwall SOHO-3 and giving recommendations on security controls regarding VPNs

Informationsecurity and IT-Riskmanagement

IT Security, Software Engineering, Computer networks