Sep 2020 – May 2022 · 1 yr 8 mos

• Led security team at VMware, overseeing comprehensive security strategy across platforms and applications.
• Performed end-to-end security reviews including architecture assessments, design reviews, code reviews, penetration testing, and red/purple teaming for complex VMware products. Collaborated to mitigate identified threats and vulnerabilities.
• Led VMware's DevSecOps initiative, integrating SAST, DAST, OSS, and IaC security into the DevOps pipeline to efficiently identify and mitigate threats at scale.
• Designed and executed cloud and container security roadmap, securing millions of workloads on AWS, Azure, and Kubernetes through hardening, policy enforcement, drift detection, and control validation.
• Developed a centralized risk and vulnerability management platform with executive dashboards, automated prioritization, and self-service scanning.
• Trained hundreds of engineers on security best practices and fostered a culture of security awareness through internal events.

Apr 2018 – Sep 2020 · 2 yrs 5 mos

Jan 2017 – Apr 2018 · 1 yr 3 mos

• Advised clients on best practices for securing their products, providing tailored solutions to mitigate vulnerabilities and enhance overall security posture.
• Conducted comprehensive security assessments, including secure architecture and design reviews, threat modeling, and penetration testing, to identify and address risks in critical applications and platforms.
• Performed security reviews for IoT systems in industrial automation and transportation, ensuring the security of smart, connected devices and infrastructure.
• Managed the security hiring process, from defining staffing needs and crafting job descriptions to screening resumes, conducting interviews, and evaluating technical skills.
• Championed security awareness by developing and delivering comprehensive training programs for development and operations teams on critical security topics, fostering a culture of security-minded practices.

Apr 2015 – Jan 2017 · 1 yr 9 mos

• Performed threat modeling, penetration testing, and code reviews for various banking applications to identify and mitigate security vulnerabilities.
• Conducted security assessments for Android and iOS mobile applications to uncover potential risks and weaknesses.
• Built a vulnerable web application as a learning tool to help developers enhance their application security skills.
• Delivered security workshops and training sessions to developers, covering advanced topics such as cross-site scripting (XSS), remote code execution (RCE), and threat modeling.
• Interviewed candidates with security expertise and provided feedback to management to support effective hiring decisions.

Mar 2014 – Apr 2015 · 1 yr 1 mo

• Perform Threat Modelling, Penetration Testing and Code Review for financial applications.
• Integrate SAST and DAST into build pipeline.
• Management and Monitoring of Web Application Firewall(F5 BGP-IP LTM). Involved in virtual patching zero days, firewall rule configuration, attack monitoring and incidence response.
• Deliver security workshops and training sessions to developers.

Nov 2010 – Mar 2014 · 3 yrs 4 mos

• Perform Vulnerability Assessment and Penetration Testing on hundreds of Banking applications and platforms for wide range of customers.
• Perform automated and manual Secure Code Review.
• Exploit writing for identified vulnerabilities.
• Develop in-house risk & vulnerability management platform.