Abimbola, IT security, PCI DSS  
Abiola Abimbola, Ph.D.
MPhil, Msc, PCI & PA QSA
 
 

Summary:

 

A highly educated, seasoned and professional person, with over 11 years extensive experience in security auditing within the information security and Payment Cards industry. He has worked with over 20 International Banks globally and published over 13 articles. He has been awarded a “who is who owing to his contribution to science and technology and also given and Excellence award by the Mayor of London. He is a Payment Card Industry and Payment Application Qualified Security Assessor ( PCI& PA QSA ) and also a member of the a ATM Industry Association. 


Key Achievements:  
  • Co-organised and chaired the BCS Symposium on Intelligent in Security and Forensic Computing at Napier University
  • Nominated to be PhD student representative in Napier University
  • Nominated to be Centre for Mobile Computing and Security group seminar organiser
  • Nominated to be a Member of program committee to European Conference on Information Warfare and Security (ECIW)
  • Nominated to be a Member of program committee to The First International Conference on Availability, Reliability and Security (ARES)
  • Nominated to be a Member of program committee to the International Conference on Mobile Ad-hoc and Sensor Network (MSN)
  • Nominated to be Liverpool John Moores University’s School of Computing and Mathematical Science research group seminar organiser
  • Published over 13 information security research papers including IEEE and Journal publications

Education:
 
  • PhD Network/Information Security, Napier University, Edinburgh, UK
    Thesis: Enhancing a Network via a Target Host Sensor
    Brief:- Determining novel methodologies to audit applications, network traffic in order to detect intrusions.
  • MPhil Intrusion Detection System, Liverpool John Moores University, UK
    Dissertation: Network and Host Security
  • MSc Interactive Multimedia Systems, Liverpool John Moores University, UK
    Final Project: SubSeven Honey Pot, Detecting Malicious Software
  • BEng Electrical/Electronics Engineering (2.1), City University London, UK
    Subjects Included: - Maths, Advanced Maths, Physics, Electronics Final Project: Simulation of Computer Pipeline Architecture


Certification:
 
  • ISO27001 Compliance Lead Auditor
  • Sarbanes Oxley Compliance for ITSEC
  • Basel II Compliance for ITSEC
  • PCI and PA QSA
  • ATM Best Practice

Areas of Expertise:

 
  • Intrusion Detection System ( Network and Host )
  • Proficient in writing security policies and guidelines
  • Proficient at implementing Physical/ Logical access controls
  • Writing technical/security documents
  • Vulnerability assessment and testing using off the shell tools
  • Business continuity planning
  • Data protection act
  • Computer misuse act
  • Risk assessment and management
  • Cobit, COSO
  • Software design code security assessment
  • NT/XP/2003, Unix/Linux, & TCP/IP networking
  • AS/4000

Professional Activities:
 
  • Oct 2006- Present 

o  Provided yearly PCI and ATM Security Training to over 60 bank globally – Romania, Turkey, Nigeria, Ghana, Mauritius , United Kingdom, and other countries

o    Design anti fraud audit framework for ATM and Payment System for central banks

o    Perform yearly ATM and Payment System audits for banks, and national switches

o    Provided PCI DSS Certification to Banks and other payment system companies

  • Oct 2003-Sep 2006 

o    Oversee the internal audit process including: risk assessment/risk management, testing/evaluation of records, designing /conducting the internal audit process, business process operations, re-engineering, project management of ATM and Payment Applications.

o    Providing Payment Application and ATM Best Practice Training

o    Play substantive/lead role in client relationship and communication.

o  Play substantive/lead role in attaining quality internal and external communication deliverables including technical content of reports, proposals

o   Development of ISMS (Information Security Management Systems) and gap analysis of information security practices against 27001, development of security policies, procedures and technical controls to remediate risks identified

o    Provide security related consultation to staff, associate and contractors

o    Auditing business process software design code for security flaws

  • Jan 2002-Sep 2003 

o    Conducting security compliance audits for BS7799

o   Writing BS7799 security policies and guidelines for email systems, mobile computers and daily operations

o    Providing risk assessment and management strategy for enterprise wide networks, such as:-

o    Identifying critical resources

o    Identifying threats to critical resources

o    Assigning threat levels to critical resources

o    Managing and deploying risk management controls

o    Penetration testing

o    Documentation of risk management frame-work

o    Security policies and standards to maintain risk managements controls

o    Performed planned and unscheduled auditing of policies and guidelines

o    Network security architecture design

  • Feb 2001-Dec 2002 Lecturing on:

o    Best Practice on Information Security and Sarbanes Oxley

o    Security auditing, Policies and Procedure

o    Risk analysis methodology

o    ATM Security

o    Payment Systems

o    Usage of Host and Network Security Tools for data protection .e.g. Firewalls, Tripewire etc

o    Encryption, Kerboros, IPSec, VPN, SSL, TSL and physical and logical security

o    Networking, Cisco routing protocols, TCP/IP, switches, bridges, ISDN, DHCP and DNS

  • Jan 1998-Dec 1999 Provided consultancy:

o    Implementing security and operational standards in IT including the following:-

o    Issue reports that address: level of business risks, effectiveness of controls, and consultative business solutions.

o    Contribute to a strong client relationship through interactions with client personnel.

o    Contribute to engagement planning and ensuring that products/deliverables meet contract/workplan.

o    Contribute to a positive team attitude.

o    Documentation of security policies, procedures and standards

o    Identify, manage and escalate key security risk

o    Participate in proposal development efforts

o   Review of scope and implementation of information security policies and procedures for internal and external audit

o    Network Server administrator