Jan 2024 – Present · 2 yrs 2 mos

• I’m a member of a collective of technology and business leaders working to advance AI innovation and education.

Jan 2024 – Present · 2 yrs 2 mos

• I'm an executive member of a volunteer-run professional networking community supporting expat cyber professionals worldwide.

Jan 2023 – Present · 3 yrs 2 mos

Jan 2023 – Present · 3 yrs 2 mos

Dec 2022 – Present · 3 yrs 3 mos · San Diego County, California, United States · Remote

• AppSec Tech Lead

Dec 2021 – Dec 2022 · 1 yr · San Diego County, California, United States

• I bootstrapped the Product Security program from 0 -> 1.
• I blogged about my experiences and learnings here - https://www.anshumanbhartiya.com/

Jun 2019 – Dec 2021 · 2 yrs 6 mos · Greater San Diego Area

• I worked in the Ecosystem Security team and our mission was to improve the application security posture of the Atlassian Marketplace Ecosystem and help build trust in our customers. This includes (but not limited to):
• Establishing security principles / requirements for third party apps running on top of Atlassian products such as Jira, Confluence, Bitbucket, Trello, etc.
• Running & supporting multiple bug bounty programs covering our entire ecosystem platform and the third party apps running on different Atlassian products
• Scanning thousands of third party apps at scale for multiple security vulnerabilities on a daily basis and managing the vulnerability lifecycle end to end including the SLA enforcement and remediation
• Manually reviewing third party apps for security vulnerabilities and identifying entire classes of security issues that can be further remediated at the platform level
• Establishing trust signals for our customers to highlight the risk posture / trustworthiness of third party apps for them to make informed decisions
• Cross functional embedding acting as security partners supporting our Ecosystem engineering organization

Apr 2018 – Jun 2019 · 1 yr 2 mos · Greater San Diego Area

• CorpSec, InfraSec, AppSec, SecOps, DevSecOps - All things Security!
• Some projects are listed below:
• Built a security service that automatically renews all expiring SSL certs (external and internal) used by our entire fleet in the company using APIs provided by HashiCorp Vault and Digicert
• Worked in a team on stabilizing security services by implementing CICD pipelines and blue/green deployments
• Leading the Pentest program coordinating efforts involving development teams and security researchers
• Implemented a RASP solution to improve the application security posture of our external facing applications
• Collaborated with the infrastructure engineering team in upgrading our cloud infrastructure across the fleet to be more stable and secure following immutable infrastructure principles (Infrastructure as code)
• Improved our Security Operations and Security Monitoring using a combination of AWS APIs, Komand, Splunk and Slack to stay ahead of the bad actors
• Worked in a team to implement Duo Beyond following Google's BeyondCorp model to make it easier for our employees to access certain applications without a VPN
• Evangelizing security across the company by actively participating in developer scrum meetings and promoting good security practices and due diligence
• Researching security measures and controls for new and emerging technologies
• Working in a team to implement an automated vulnerability management solution for the entire company
• Collaborate with the Compliance team in performing risk assessments for third party vendor tools and open source software
• Public Speaking:
• Spoke at Recon Village at Defcon 2018 - https://www.youtube.com/watch?v=7WYjSDZxFYc
• Spoke at ToorCon 20 - https://www.youtube.com/watch?v=d9F1QR2VvMg&t=1147s
• Spoke at RootCon 12 - https://www.youtube.com/watch?v=PGWp1RlYjTg&t=269s

Aug 2017 – Apr 2018 · 8 mos

• Laid out initial architectural designs and patterns and built a prototype for a nextgen hyper-scale security testing automation platform using Containers and Microservices. This also involved training and educating colleagues on technologies such as Docker and Kubernetes.
• Worked with cross functional teams on Adversary Management, Continuous Firedrills and Threat Intel.
• Wrote security tools to get rid of the mundane work as much as possible that helped focus more on things that actually needed manual intervention.
• Researched secrets management solutions - HashiCorp Vault and CyberArk Conjur
• Deployed Infrastructure as Code using HashiCorp Terraform
• Researched Security of Docker Containers and how to secure Kubernetes Deployments
• Researched CICD pipelines in a containerized world by using workflow management tools like Argo (https://github.com/argoproj/argo)
• Public Speaking:
• Spoke at Black Hat USA 2017 Arsenal
• Presented a workshop at Defcon 2017
• Spoke at BSides San Diego 2017
• Personal Project:
• git-all-secrets (github.com/anshumanbh/git-all-secrets) - A tool to capture all the git secrets by leveraging multiple open source git searching tools

Oct 2016 – Jul 2017 · 9 mos

• Security Automation.
• Exploring Kubernetes and Google Cloud offerings to be able to scale out security.
• Red Teaming
• Project: A Scaleable and Asynchronous Testing Framework built on Kubernetes
• https://github.com/anshumanbh/hodor
• Personal Project: A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform
• https://github.com/anshumanbh/kubebot

Feb 2015 – Oct 2016 · 1 yr 8 mos · Greater San Diego Area

• All things security for EMC Cloud Services. Some responsibilities include:
• Security Consulting
• Penetration Testing Lead
• Building Service Offerings
• Threat Modeling
• Integrating Security into DevOps
• Security Automation

Nov 2013 – Feb 2015 · 1 yr 3 mos · Hopkinton, Massachusetts

• I work in the Product Security Response Center (PSRC) managed by the Product Security Office (PSO).
• Link:
• http://www.emc.com/contact-us/contact/product-security-response-center.htm
• Some of the responsibilities include:
• Monitoring/Triaging security vulnerabilities impacting EMC products.
• Coordinating internal activities.
• Managing security communications.
• Keeping up-to-date with latest security discoveries/alerts.
• Writing Security Advisories for vulnerabilities in third-party components.
• Conducting RCAs (Root Cause Analysis) for vulnerabilities.
• Conducting Product Security assessments.
• Evangelize/Spread security awareness to the product teams by training/promoting use of secure standards.

Apr 2013 – Nov 2013 · 7 mos

• Overseeing and Training others to perform Web Application Penetration Testing.
• Helping build processes in the Cigital Assessment Center to support current offerings.
• Helping in the process of On-boarding new clients and new Service offerings.
• Performing Manual Code Review.
• Performing Static Analysis using AppScan Source Edition.

Apr 2012 – Mar 2013 · 11 mos

• Web Applications Penetration Testing:
• Manual Ethical Hacking.
• Automated Ethical Hacking using AppScan Standard Edition.
• Threat Modeling.
• Providing Remediation Advice / Countermeasures to secure their web apps.

May 2010 – Apr 2012 · 1 yr 11 mos · Phoenix, Arizona Area

• 1) Developed an infrastructure monitoring solution of the Cloud Services team using Sentinel/Splunk/Nagios.
• 2) Deployment of multiple Axway software products on the Amazon EC2 cloud:
• Connecticut Health Information Exchange (HIE) - Worked in a team of 5 to deploy Axway products. Followed HIPAA standards and policies.
• One Health Port (OHP) - Worked in a team of 3 to develop a fully automated DR solution using AWS APIs and shell scripting.
• Worked in a team of 2 to develop a fully automated solution to deploy Axway's File Transfer Direct 2.0 using Amazon EC2, RDS, S3, ELB and CloudWatch for auto scaling and monitoring the instances.
• 3) Research:
• Automating infrastructure configurations for the SaaS team using Chef.
• A Disaster Recovery (DR) solution using backup and restore/recovery of databases by the RMAN utility in Oracle and the OSB Cloud Module on Amazon EC2.
• 4) Installation, Configuration and Maintenance of B2B/MFT Axway products - Integrator, B2Bi, Gateway Interchange, Sentinel, File Transfer Direct, Mapping Designer, Secure Messenger, Email Firewall.
• 5) Mapping X12 EDI documents for Pharmaceutical Associates/Beach Pharmaceuticals and On Boarding their customers.

Nov 2009 – May 2010 · 6 mos

• Developed secure web based applications which automated the functioning of the department, reduced the workload and kept the data available and safe.

Oct 2008 – Nov 2009 · 1 yr 1 mo

• Maintained and Modified websites of different departments at ASU as per customer requirement and satisfaction. Provided Web Support and Troubleshooting in a timely manner.