Jul 2019 – Feb 2025 · 5 yrs 7 mos · San Francisco Bay Area

• Led the development of a Application and Product Security function, focusing on recruitment, mentorship, and cultivating a strong security culture, significantly reducing vulnerabilities across production environments.
• Secured a large number of merchant e-commerce websites, managing integrations with numerous payment providers and thousands of marketplace themes in sandboxed environments.
• Led initiatives like the Bug Bounty Program, Security Champions, and automation for SAST, DAST, and SCA, collaborating with internal and external developers.

Mar 2017 – Mar 2023 · 6 yrs · Sydney, Australia

• Founder Author of the courses COMP 6443 and COMP 6843, aimed at teaching advanced web application security skills. These were the first courses to offer graduate and postgraduates practical training in penetration testing and application security. As an adjunct professor, I was responsible for creating content, teaching, grading, and tutoring students

Oct 2015 – Jun 2019 · 3 yrs 8 mos · Sydney, Australia

• Implemented several initiatives, including the Security Champion Program, Security Development Training, and Security Automation using Runtime Application Self-Protection (RAST).
• Built practices to bridge various cyber security teams like Risk, Product Security and Incident response.
• Executed multiple security reviews, successfully meeting stringent banking requirements.
• Worked on new initiatives with SAST, DAST, IAST, SCA, Secrets and whole security in CI/Cd pipeline
• Managed developer training, security awareness, and outreach initiatives for the bank. Developed tools for application security, such as fuzzers and automated scanners.
• Collaborated with Australia Cyber Award, Cyber Mentorship for Girls, Women in Cyber, UNSW SECSOC, and the Australian Parliament to mentor and conduct several outreach events.

Jul 2014 – Oct 2015 · 1 yr 3 mos · Bangalore

• Performing Penetration testing, analysing vulnerabilities, identifying threats, and recommending countermeasures
• Code and design reviews for the APIs, applications and core libraries
• Training various Engineers in Application Security Threats and Secure coding practices.
• Security Research on top trending web-attacks and finding ways to mitigate them across the organisation.
• Work with various development teams to embed security into SDLC.

Jun 2012 – Jun 2014 · 2 yrs · Hyderabad Area, India

• Coordinate with the client to identify suitable security assessment required for their web applications.
• Penetration Testing, Source Code review, Design review
• Hands on experience with OWASP top 10 and other security standards.
• Review the security standards of a service provided by a vendor,
• identify vulnerabilities in the service and categorise findings based on the risk involved and provide recommendations.
• Security evaluation of new solutions and technologies.

Sep 2011 – Feb 2015 · 3 yrs 5 mos · Hyderabad Area, India

• Co-founded the company with an aim of creating awareness among general internet users
• Conducted training sessions in the field of Information Security.
• Performed Security assessments in the fields of Web/Mobile Security.
• Worked with government organization work in cyber investigations and incident response.
• SourceNXT, one among first student-run startups recognized in India.

May 2011 – Jul 2011 · 2 mos · Hyderabad Area, India

• Trained on Basics of Network Architecture, Network Devices, Network Attacks, OSI, Wireless Networks, Network Security - Firewall Implementation, Intrusion Detection Systems, Honeypots, Vulnerability Assessment.
• Trained engineers in the field of Information security and modules required to get certified as Certified Information Security Professionals.

Aug 2009 – Sep 2011 · 2 yrs 1 mo · Home

• Provide Penetration Testing services as a freelancer to various organisations.
• Conduct training on Cyber Security Awareness across various Universities
• Work with professors of various universities to create content for Infosec course curriculum