Paul F. Odong

difficultmangledΚινητά – Ασύρματες Τεχνολογίες

12 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

80 εμφανίσεις

1

1


2009
-

Led
a multi
-
national team from Nigeria, Kenya, Uganda & South Africa in a co
-
sourcing Network Security assessment
for MTN Nigeria. Reviewed the core GSM switching network (MSC, SMSC) and the Charging System nodes comprising
SDP, VS, AIR, MINSAT, HLR, mediation and billing systems. Performed Internal Attack & Penetration testing of the core
network and switches


2010
-

Team
lead for an information systems audit and forensic investigation into computer fraud for a leading mortgage
finance bank in Uganda


2009
-

Team
lead for a business process analysis and requirements definition for an Electronic Content Management System
for the Finance Ministry


2007
-

Security
assessment of the
Safaricom

Ltd core network systems involving attack & penetration testing,
ISO 17799
(27001) review , implementation, and certification


2008


project managed a co
-
sourced
black box attack & Penetration testing and vulnerability assessment for Bank of
Uganda.


2010


Team lead for an IT Security Audit for the National Social Security Fund (NSSF) Uganda, involving penetration
testing and vulnerability assessment


2007
-

Assisted
in a pre
-
live assessment of the Equity Bank internet banking application and perimeter network related to e
-
Banking infrastructure


2010
-

Team
lead for Fuel Debit (Advantage) Card security assessment for a Standard Chartered bank in Uganda, involving
penetration testing of POS links and internal vulnerability assessment.


2009
-

Assisted
in an Oracle ERP implementation project security review and application controls testing for the Kenya
Airways


2009
-

Team
lead for an information systems audit and revenue assurance for the Rwanda Revenue Authority


2006
-

Team
lead for comprehensive data analytics (Claims and premiums) performed for INVESCO Insurance Company in
Kenya


2006
-

Cyber Process Certification (
WebTrust
) of the commercial Bank of Africa’s e
-
Banking product


2009
-

Facilitated
a training workshop in E
-
Banking strategies, payment systems, and PCI DSS compliance for a leading bank
in Uganda


2007
-

Team
lead for SOX (404) Compliance and data analysis review for a Del Monte Kenya.





Manager in Advisory Practice focussing on IT Risk & Assurance Services. Joined Ernst & Young in
2005 and is based in Uganda


BSc. (
Hons
) Agriculture (Economics Option)


2005


Certified Information Systems Auditor (CISA)


2008


Certified Information Security Manager (CISM)


2009


Certified Computer Hacking Forensic Investigator (CHFI)
-

2010


ACCA (Part 1)


Ernst & Young
eXtreme

Hacking Class


Member of ISACA


Proficient in English Language


2012


External and internal attack and penetration testing and vulnerability assessment for mobile banking and internet banking fo
r
DFCU Bank


2012


Special audit of the national backbone infrastructure and E
-
government Infrastructure for government of Uganda.


2012


IT security assessment and capability building involving penetration testing and vulnerability assessment for internet ba
nking for
Bank of Kigali Rwanda


2012
-
Barti

Airtel

Uganda
-

Information systems audit and financial audit integration


2012


Orange Uganda Ltd
-

Information systems audit and financial audit integration


2012
-
Business Process Review for National Medical Stores.


2012
-
URANET
managed telecom service contract
review for Uganda Revenue Authority


2011
-
Value for money audit for Post Bank’s SLA with Map Switch the service provider for ATMs, Point of Sale and Mobile phone
Banking services.


2011
-
Development of requirements for implementing a financial management system for National Curriculum Development Centre


2011


East African Community customs Interconnectivity study for customs network integration across involving customs process an
alysis


2011


National Information Technology Authority Uganda e
-
Government readiness assessment and survey tool development


2011
-

BCP development for Centenary Rural Development Bank Ltd, Uganda.


2011
-

Team lead for British American Tobacco (Africa)


Attack and penetration testing, wireless testing and vulnerability ass
essment.


2011


IT security assessment for
Opportunity Bank Ltd.


2011


IT security audit
of Uganda Finance Trust Ltd involving process analysis, controls
testing, and attack and penetration testing of
the network


2011


Application controls and security assessment for the ASYCUDA++ customs application for Tanzania Revenue Authority


2010
-

Corporate security assessment of MTN Uganda infrastructure including offices, warehouses, BTS sites & residences


2010


Team leader for post implementation review of core banking application at Bank of Africa which included business process
analysis


2010
-

Team
lead for MTN Uganda network traffic data analysis to ensure that information relevant for billing is flowing through from
the switching/ network elements to the IN and the billing system.

Place image

here.

Refer to

guidelines

Paul F. Odong

Manager IT Risk & Assurance Services

Tel

+256 414 343520

Mobile

+256 752 222598

Fax

+256 414 251736

Email

paul.f.odong@ug.ey.com


Paul F. Odong

Background

Professional experience

Skills


Attack & Penetration testing, Internal vulnerability assessment, web application security
review, IT governance, Enterprise Risk Assessment and BCP/DRP


Lead trainer at the ISMS Academy, Nairobi, 2007


Lead trainer at the FAIT Academy, Nairobi, 2007


E
-
banking Payment Systems and PCI DSS compliance


Member of the team that developed and delivered Ernst & Young Extreme Hacking
course, Nairobi, 2007


Proficiency in Data quality assessment and Data analytics (ACL), business process
analysis and IT General Controls (ITGC) review


Proficiency in ISO 27001/27002, COBIT, ITIL, SOX, PCI DSS compliance


Revenue Assurance (CDMA, GSM, PSTN and Data Networks)


Computer Forensic Investigation


E
-
banking/EFT systems, e.g. SWIFT, Mobile Money, RTGS

Your advisory team