Karthik B.S

CEO

Orlando, Florida, United States13 yrs 1 mo experience

Most Likely To SwitchHighly Stable

Key Highlights

Over a decade of experience in information security.
Expert in secure software development life cycles and DevSecOps.
Proven track record in vulnerability assessments and penetration testing.

Stackforce AI infers this person is a Fintech security expert with a strong focus on application security and secure development practices.

Contact

Skills

Core Skills

Application SecurityDevsecopsPenetration TestingCyber SecurityInformation Security

Other Skills

Azure DevOpsBurp SuiteCEHCloud SecurityComputer SecurityConsultingCryptographyCyber Insurance AdviceCyber Maturity AssessmentsDASTDevSecOps TransformationGuidelinesISO 27001Information Security ManagementInternet Security

About

With over a decade of experience in information security, I specialize in driving secure software development life cycles (SDLC) and implementing cutting-edge security practices. At Finastra, I lead the Product Security team, focusing on strategic initiatives such as DevSecOps transformation, vulnerability assessments, and penetration testing. My role involves collaborating with cross-functional teams to streamline secure development processes and ensuring robust security measures for complex banking software. Empowering teams to achieve secure product development, I design security policies, methodologies, and training programs while acting as a liaison for customer security discussions. Leveraging certifications like CSSLP,CEH and ISO 27001 LA, I enable product teams to embed security into their workflows. My mission is to build scalable security frameworks and foster a culture of continuous improvement in application security.

Experience

Finastra

4 roles

Director of Product Security

Promoted

Dec 2023 – Present · 2 yrs 3 mos

Principal Security Engineer

Promoted

May 2022 – Dec 2023 · 1 yr 7 mos

In my current specialist role as an Application security engineer at Finastra (formerly Misys), I mainly tackle application security hurdles in complex Banking software. I enable Security Champions of product teams to achieve maturity w.r.t Secure SDLC. Pro actively involved in SAST, DAST, Manual penetration testing (MPT), SCA and DevSecOps transformation. Leading a team of engineers, I am actively helping them to reach their full potential by continuous training and collectively tackling complex problems. In the strategic side, I develop security policies, methodologies, trainings and guidelines; serve as a liaison for Security centric dialogues with our customers; manage third party vendor relationships and also identify and improve key challenges in the entire application security lifecycle.

Application SecuritySASTDASTManual Penetration TestingSCADevSecOps Transformation+5

Expert Security Engineer

Sep 2019 – May 2022 · 2 yrs 8 mos

Senior Security Engineer

Feb 2017 – Aug 2019 · 2 yrs 6 mos

Kpmg global services (kgs)

2 roles

Senior Consultant

Oct 2016 – Feb 2017 · 4 mos · Bengaluru Area, India

Part of the Cyber Defence Services team (offshore) of KPMG UK
Web Application Penetration Testing
Network Penetration Testing
Mobile App Penetration Testing
Open Source Threat Intelligence
Training
Cyber Maturity Assements

Web Application Penetration TestingNetwork Penetration TestingMobile App Penetration TestingOpen Source Threat IntelligenceTrainingCyber Maturity Assessments+2

Executive - Cyber security services

Mar 2015 – Sep 2016 · 1 yr 6 mos · Bengaluru Area, India

Part of the Cyber Defence Services team (offshore) of KPMG UK
Web Application Penetration Testing
Network Penetration Testing
Mobile App Penetration Testing
Cyber Maturity Assements
Cyber Insurance Advice

Web Application Penetration TestingNetwork Penetration TestingMobile App Penetration TestingCyber Maturity AssessmentsCyber Insurance AdvicePenetration Testing+1

Secureyes

Associate Information Security Consultant

Jun 2011 – Aug 2013 · 2 yrs 2 mos

Banking Sector: Web and Infra Security assessments of major Indian and Middle Eastern banks; Security Awareness training using custom developed modules.
Government Sector: Web Application Security assessments
Internal Training: Trained graduate recruits on penetration testing

Web Security AssessmentsSecurity Awareness TrainingInformation Security