Security Research Engineer at FireEye, Inc.
- Milpitas, California (San Francisco Bay Area)
- Information Technology and Services
Naveed Alam's Overview
- Security Research Engineer at FireEye, Inc.
- Risk Consulting Associate at KPMG Advisory
- Research Assistant at Indiana University School of Informatics and Computing
- Technical Support Representative at Indiana Geological Survey
- Network Distribution Intern at University Information Technology Services, IUPUI
- Math Tutor at Academic Support Center, Indiana University Bloomington
- Indiana University, School of Informatics and Computing
- Osmania University
Naveed Alam's Experience
Security Research Engineer
Public Company; 1001-5000 employees; Computer & Network Security industry
August 2013 – Present (1 year 2 months)
Risk Consulting Associate
Partnership; 10,001+ employees; Accounting industry
September 2011 – July 2013 (1 year 11 months) Santa Clara, CA
Part of the Information Protection practice at KPMG Advisory. Past projects include:
o Engineered and implemented a comprehensive Vendor Risk Management program to identify and assess risks from third party IT vendors at a Fortune 300 retail giant. Developed a vendor on-boarding/off-boarding process flow, risk analysis framework and a database for centralized storage of vendor information.
o Conducted, assessed and managed PCI DSS host vulnerability & compliance scans using the Qualys & Nessus scan tools. Reviewed vulnerabilities, rated risks, researched and planned mitigation solutions with different IT teams. In addition, worked with the compliance team to perform PCI DSS control validations.
o Assisted a Fortune 500 Global Technology client to assess the security and usability of current privileged user access methods to production environment. Responsibilities also included supporting user access and management for eDMZ and Oracle Thin Client environments.
o Utilized Cloud Security Alliance Cloud Controls Matrix (CSA CCM) to conduct a cloud security assessment for a Computer Storage Industry client. Also conducted ISO 27001 and 27002 certification reviews for multiple technology industry clients.
o Developed an Incident Response Framework for a Retail Industry client providing procedures and guidelines for security incidents. Also, developed detailed playbooks for Malware Outbreak, DLP Policy Violation, Social Engineering and Unauthorized Device Detection events.
Educational Institution; 51-200 employees; Higher Education industry
June 2010 – May 2011 (1 year) Bloomington, Indiana Area
• Worked with Professor Apu Kapadia at the School Of Informatics and Computing on different research projects. Some research projects include:
o Developed an HTTPS proxy as part of a video-authentication project for mobile devices. Adapted the JSSE library by modifying the SSL client authentication operation. Developed an android application to complete SSL handshake using the key pair on the phone.
o Developed and implemented a privacy preserving algorithm for a peer-to-peer question-and-answer social network along with two other doctoral students. Utilized concepts of system and network security to provide individual privacy. Developed a simulator in java to test the algorithm.
o Worked on an inter-disciplinary project on password authentication mechanisms with a post-doctoral student in Psychology. Sought to determine whether using personal goals as passwords improved the strength of passwords and whether using such passwords made an impact in the daily life of the individual. Designed and developed a website using HTML and Java Servlets for conducting the user study.
o Worked partly on a location privacy project involving designing a system that alerts users regarding exposure of their location information.
Technical Support Representative
Indiana Geological Survey
June 2010 – August 2010 (3 months) Bloomington, Indiana Area
- Worked directly under the Head Administrator and served as a local administrator for Windows users.
- Assisted employees with computer related hardware and software troubleshooting, installation of software and new hardware on employee workstations, scheduling and managing backups of workstations, managing the IT query ticketing system and updating the system inventory.
- Upgraded workstations from Windows Vista to Windows 7.
Network Distribution Intern
University Information Technology Services, IUPUI
March 2010 – May 2010 (3 months) Indianapolis, Indiana Area
- Installed cable and wiring for data and voice connections. Installed and setup network equipment such as switches, wireless access points and patch cords in distributed frame racks.
- Worked with Level I, Level II and Level III Network Engineers to troubleshoot physical network problems, program switches and setup virtual subnets, update router configuration, set up firewall rules and monitor network activity for security.
Educational Institution; 5001-10,000 employees; Higher Education industry
September 2009 – May 2010 (9 months) Bloomington, Indiana Area
Helped undergraduate students with their Math coursework.
Naveed Alam's Projects
Naveed Alam's Certifications
Certified Information Privacy Professional (CIPP/US)
- International Association of Privacy Professionals
- January 2012
Associate of (ISC)2
- International Information Systems Security Certification Consortium
- May 2012
Naveed Alam's Skills & Expertise
- Network Security
- ISO 27001
- Risk Management
- IT Audit
- Visual Basic
- Microsoft Office
- Vendor Risk Management
- Risk Assessment
- Data Loss Prevention
- Security Incident Response
- Threat & Vulnerability Management
- Risk and Compliance
Naveed Alam's Publications
Authors: Naveed Alam, Shirin Nilizadeh, , Apu Kapadia
- In Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society (WPES '11)
- October 17, 2011
Naveed Alam's Education
Indiana University, School of Informatics and Computing
MS, Security Informatics
2009 – 2011
Bachelor's, Computer Science
2005 – 2009
Naveed Alam's Additional Information
Contact Naveed for:
- career opportunities
- consulting offers
- new ventures
- job inquiries
- expertise requests
- business deals
- reference requests
- getting back in touch